Decree No.211/2025/NĐ-CP Eases Requirements for the Import of Civil Cryptography Products
- Tron Chan
- 5 days ago
- 7 min read
The Government of Vietnam issued Decree No. 211/2025/NĐ-CP, detailing civil cryptography (CC) activities and amending and supplementing several articles of Decree No. 15/2020/NĐ-CP (as amended and supplemented by Decree No. 14/2022/NĐ-CP) on administrative penalties in the fields of post, telecommunications, radio frequency, information technology, and electronic transactions. This Decree introduces several significant changes that help improve the legal framework on cybersecurity and civil cryptography in Vietnam.
What's new?
Reducing the number of civil cryptography product groups from 8 to 7.
Reduction in HS Codes Requiring Management – from 120 Codes to 34 Codes
Increase in the Number of Product Groups Exempt from Civil Cryptography License from 9 to 12
Acceptance of Civil Cryptography Conformity Assessments from International Organizations
Additional State Management Provisions on the Business of Civil Cryptography Products
Reducing the number of civil cryptography product groups from 8 to 7.
The new Decree removes the groups “channel security products” and “cryptography components in PKI systems” as they are no longer relevant in practice.
The 7 product groups subject to management are:
1 - Products for cryptographic key generation, management, or storage (4 HS Codes)
Products within PKI systems using cryptography, including:
Hardware Security Modules (HSMs): Used for generating, storing, and managing cryptographic keys, digital certificates, signing, and verifying digital signatures.
PKI Tokens (PKI USBToken, PKI Smartcard, SimPKI): Used for generating, storing, and managing cryptographic keys, digital certificates, signing, and verifying digital signatures.
Products with functions for generating, managing, or storing cryptographic keys that are not part of a PKI system.
2 - Products for securing stored data (5 HS Codes)
Products using cryptographic algorithms and techniques to protect data stored on devices.
3 - Products for securing data exchanged over networks (14 HS Codes)
Products using cryptographic algorithms and techniques to protect data transmitted over networks.
4 - Products for securing IP streams (14 HS Codes)
Products using secure VPN technologies (IPSec VPN, TLS VPN) to ensure the safety and security of data transmitted over IP networks, employing symmetric encryption algorithms, asymmetric encryption algorithms, digital signature algorithms, and cryptographic hash functions for protecting and authenticating transmitted information.
5 - Products for securing analog and digital voice (4 HS Codes)
Products using security protocols (ZRTP, SRTP, WebRTC, SIPS) or VPN channels (IPSec, SSL/TLS, L2TP) to secure audio, images, and video, employing symmetric encryption algorithms, asymmetric encryption algorithms, digital signature algorithms, and cryptographic hash functions.
6 - Products for securing wireless information (5 HS Codes)
Products using cryptographic algorithms and techniques to secure wireless information data.
7- Products for securing fax and telegraph communications (5 HS Codes)
Products using cryptographic algorithms and techniques to secure fax data and telegraph data, whether locally stored or transmitted.
Reduction in HS Codes Requiring Management – from 120 Codes to 34 Codes
Some HS Codes, such as 8517.62.42, 8517.62.43, etc., appear in multiple product groups. Products that fall into more than one group require a license if they have at least one managed encryption function.
Full detail list of new HS codes is below:
Group | HS Code(s) | Product Description |
1 | 8471.30.90 8471.41.90 8471.49.90 8471.80.90 | Automatic data processing machines and their units; magnetic or optical readers, machines for transferring data to data media in encoded form and machines for processing such data, not elsewhere specified or included, including: - Other portable automatic data processing machines, weighing ≤ 10 kg, consisting of at least a central processing unit, a keyboard, and a display; - Other, comprising in the same housing at least a central processing unit and an input and output unit, whether or not combined; - Other, in the form of systems; - Other machines of automatic data processing machines. |
2 | 8523.51.11 8523.51.21 8523.51.99 | Solid-state non-volatile storage devices, including disks, tapes, “smart cards” and other media for recording sound or other phenomena, recorded or unrecorded, including masters and original media for producing such recordings, excluding photographic or cinematographic products, including: - Of a kind used for computers, unrecorded; - Of a kind used for computers, for reproducing phenomena other than sound or image; - Other than those under 8523.51.11 or 8523.51.21. |
8523.52.00 | “Smart cards.” | |
8542.32.00 | Memory of integrated electronic circuits. | |
3 | 8471.30.90 8471.41.90 8471.49.90 | Automatic data processing machines and their units; machines for transferring data to data media in encoded form and machines for processing such data, not elsewhere specified or included, including: - Other portable ADP machines, ≤ 10 kg, with CPU, keyboard, and display; - Other, comprising in the same housing at least a CPU, input, and output unit; - Other, in the form of systems. |
8517.62.42 8517.62.43 8517.62.49 | Apparatus for carrier-current line systems or for digital line systems: - Concentrators or multiplexers; - Control and adaptor units, including connectors, bridges, routers, designed solely for connection to ADP machines of heading 84.71; - Other. | |
8517.62.51 8517.62.53 8517.62.59 | Other transmission apparatus incorporating reception apparatus: - Wireless local area network devices; - Other transmitters for telegraphy or telephony by radio waves; - Other. | |
8517.62.61 8517.62.69 8517.62.91 8517.62.92 8517.62.99 | Other transmission apparatus: - For telegraphy or telephony by radio waves; - Other than for telegraphy or telephony by radio waves; - Other portable receivers for calling, signalling, paging, or message alerting, including pagers; - Other for telegraphy or telephony by radio waves; - Other than those under 8517.62.61, 8517.62.69, 8517.62.91, 8517.62.92. | |
4 | Same HS codes & descriptions as Group 3 | |
5 | 8517.11.00 8517.13.00 8517.14.00 8517.18.00 | Telephone sets, including smartphones and other telephones for cellular networks or other wireless networks; other apparatus for the transmission or reception of voice, images, or other data, including apparatus for communication in a wired or wireless network (such as LAN or WAN), excluding transmission or reception apparatus of headings 84.43, 85.25, 85.27, or 85.28, including: - Corded telephones with cordless handsets; - Smartphones; - Telephones for cellular or other wireless networks; - Other. |
6 | 8525.50.00 8525.60.00 | Transmission apparatus for radio broadcasting or television, whether or not incorporating reception apparatus or sound recording or reproducing apparatus; television cameras, digital cameras, and video camera recorders, including: - Transmitters; - Transmitters with receivers. |
8526.91.10 8526.91.90 8526.92.00 | Radar apparatus, radio navigational aid apparatus, and radio remote control apparatus, including: - Radio navigational aid apparatus for use in civil aircraft or exclusively for seagoing vessels; - Other radio navigational aid apparatus; - Radio remote control apparatus. | |
7 | 8443.31.31 8443.31.39 8443.31.91 8443.31.99 | Machines performing two or more functions of printing, copying, or faxing, capable of connecting to an ADP machine or network, including: - Colour print-copy-fax machines; - Other print-copy-fax machines; - Other print-copy-scan-fax machines; - Other than those under 8443.31.31, 8443.31.39, 8443.31.91. |
8443.32.40 | Other fax machines are capable of connecting to an ADP machine or network. |
Increase in the Number of Product Groups Exempt from Civil Cryptography Permission from 9 to 12
The new Decree merges two previous exemption groups:
Wireless devices that encrypt information with a maximum range (without amplification or relaying) of less than 400 meters, according to the manufacturer’s technical specifications.
Wireless network devices for Personal Area Networks (PAN) that implement cryptographic standards, have a coverage range not exceeding 100 meters, and cannot connect to more than 7 other devices as specified by the manufacturer.
These are now consolidated into a new group:
Products using cryptographic techniques to protect wireless access.
Three new exemption groups have been added:
Products using cryptographic techniques for remote access and device administration.
Products using cryptographic techniques for monitoring, preventing, and detecting cyberattacks.
Integrated circuits using Trusted Platform Module (TPM) technology for device identification, information authentication, and password protection.
Full Updated Exemption List:
Operating systems, internet browsers, and software with built-in cryptographic components (where cryptography is not the primary function), widely used, and installable by users without vendor support.
Widely used IT products where cryptography is not the primary function, pre-installed without vendor support, including tablets, DVD players, digital cameras, and similar consumer electronics.
Mobile phones without end-to-end encryption capability.
Smart cards and dedicated read/write devices used solely for general access, specifically designed to protect personal information.
Copyright and intellectual property protection products designed for one of the following:a) Preventing software copyright infringement.b) Preventing access to protected read-only media.c) Preventing access to encrypted information stored on publicly sold media.d) Preventing access to stored information for one-time copyright protection of audio/video data.
Products solely for identity authentication without encryption functions.
Products using cryptographic techniques to protect wireless access.
Self-Encrypting Drives (SEDs) widely used for data storage.
Products using cryptographic techniques for remote access and device administration.
Products using cryptographic techniques for monitoring, preventing, and detecting cyberattacks.
Integrated circuits using TPM technology for device identification, authentication, and password protection.
Products designed exclusively for end-use in the medical sector.
Acceptance of Civil Cryptography Conformity Assessments from International Organizations
Clause 2, Article 10 states:
“The Government Cipher Committee assists the Minister of National Defense in considering and unilaterally recognizing the results of civil cryptography product conformity assessments conducted by international conformity assessment organizations or foreign conformity assessment organizations, to serve state management of civil cryptography.”
This is a new provision based on the amended Law on Standards and Technical Regulations (issued on June 14, 2025), which states:
“Ministries, ministerial-level agencies, and the Minister of National Defense may consider and unilaterally recognize conformity assessment results from international or foreign conformity assessment organizations to serve state management” (amending Clause 2, Article 57 of the 2006 Law on Standards and Technical Regulations).
Currently, there is no specific regulation on officially accepted standards, but products with FIPS certification from the U.S. NIST are expected to receive licenses more easily.
Additional State Management Provisions on the Business of Civil Cryptography Products
“r) Required to report on the business situation of civil cryptography products and services, and compile customer information; report on the export and import of civil cryptography products.
s) Required to establish, store, and protect customer information, the type, quantity, and intended use of civil cryptography products and services.
t) Required to declare the use of civil cryptography products that are not supplied by licensed enterprises engaged in the business of civil cryptography products and services.
u) Required to provide encryption key-related information to competent state authorities.”
The new Decree’s requirements mean that importing products containing civil cryptography (MMDS) must now strictly comply with regulations on collecting and storing customer information, as well as documenting intended use.
Conclusion
The new Decree reduces administrative procedures, decreases the number of product groups requiring licenses, and increases the number of exempt product groups — making the import of MMDS-containing products easier.
Some product groups exempted under the new Decree include:
Video recording cameras.
Console servers for network management.
Circuits used for software development.
Servers and personal computers using hard drives with Self-Encrypting Drive (SED) technology.
Storage devices that use SED.
Information security products such as IPS/IDS, which will no longer be imported under an MMDS license but under a cybersecurity license instead.
In addition to simplifying administrative procedures, the Decree also tightens requirements for storing customer data, tracking import volumes, and declaring the use of MMDS products within Vietnam. If you wish to import MMDS products or have any questions regarding Decree 211, our company will be pleased to assist you at info@tronchan.com.
Comments