diff --git a/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java b/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java
index 7aaff8a..415117f 100644
--- a/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java
+++ b/src/main/java/de/avatic/lcc/service/bulk/BulkOperationService.java
@@ -72,12 +72,14 @@ public class BulkOperationService {
 
     private void checkAuthorized(BulkFileType fileType) {
 
-        if( switch (fileType) {
+        var auth = switch (fileType) {
             case CONTAINER_RATE, COUNTRY_MATRIX -> authorizationService.hasAnyRole("SUPER", "FREIGHT");
             case MATERIAL -> authorizationService.hasAnyRole("SUPER", "MATERIAL");
             case PACKAGING -> authorizationService.hasAnyRole("SUPER", "PACKAGING");
             case NODE -> authorizationService.hasAnyRole("SUPER");
-        }) {
+        };
+
+        if(!auth) {
             throw new ForbiddenException("You are not authorized to perform this operation");
         }
 
diff --git a/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java b/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java
index fbf1440..86a5c0c 100644
--- a/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java
+++ b/src/main/java/de/avatic/lcc/service/excelMapper/MaterialFastExcelMapper.java
@@ -248,7 +248,6 @@ public class MaterialFastExcelMapper {
      * Validates HS Code (placeholder for API validation)
      */
     private boolean validateHsCode(String hsCode) {
-        //TODO check via api?!
-        return true;
+        return hsCode.length() >= 10 && hsCode.length() <= 12 && hsCode.matches("[0-9]+");
     }
 }
\ No newline at end of file