Understanding Encryption Export Controls

Exporters are often surprised to learn that their products with common, standards-based, or even open source encryption components are subject to export controls; learn how to understand and apply EAR controls on encryption, and the critical steps of classification and license determination.

In everyday business and leisure, the use of encryption is nearly ubiquitous. From smartphones to smart refrigerators, enterprise software to network switches, cryptography enables much of the security behind the modern economy. When producers of telecom, information security, and other products with encryption functionality look to sell their products abroad, they need to understand how US export controls may apply.

The Export Administration Regulations have long controlled many forms of commercial encryption, yet the details of the rules have hardly remained static. Seemingly every few years, the Bureau of Industry and Security amends the regulations. The trend over time has been to relax and simplify the controls, but encryption remains a unique aspect of the EAR, full of unusual requirements and exceptions to normal rules. Exporters are often surprised to learn that their products with common, standards-based, or even open source encryption components are subject to export controls.

In this program, we will walk you through how to understand and apply EAR controls on encryption, with a focus on the critical steps of classification and license determination. The training will include a discussion and examples of these issues:

• Considerations for overseas development and testing
• Open source and other published encryption software not subject to the EAR
• Identifying what is and is not controlled as encryption in Commerce Control List Category 5, Part 2
• Classification of hardware, software, and technology in CCL Category 5, Part 2
• Determining if a product qualifies for mass market treatment, and what that means
• All about the primary encryption export authorization — License Exception ENC
• Unique reporting requirements related to the classification and export of encryption
• Export license applications for encryption
• Latest developments and updates to the rules