Encryption tools are critical to maintaining the secrecy of information, and therefore may be used to target national security, foreign policy, and law enforcement interests; such items are controlled for export by the United States. In an effort to reduce the regulatory burden for exporters while still fulfilling U.S. national security and foreign policy objectives, the Bureau of Industry and Security of the U.S. Department of Commerce (BIS) has published a final rule in the Federal Register that modifies the Export Administration Regulations (EAR). Specifically, the final notice revises certain Export Control Classification Numbers (ECCNs) controlled for national security reasons in each category of the Commerce Control List (CCL), makes associated changes and corrections in the EAR, and implements other modifications to various provisions related to Category 5—Part 2 of the CCL. The final rule is effective as of March 29, 2021.
The final rule follows another rule published in October 2020 implementing certain new controls on emerging technologies. These pronouncements harmonize the CCL with the decisions reached at the 2019 Plenary Meeting of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (Wassenaar Arrangement). With the objective of improving regional and international security and stability, the Wassenaar Arrangement advocates for the implementation of effective export controls on strategic items.
In the United States, those are implemented through the CCL. For these latest changes, the BIS final rule, among other things, revises:
- The CCL related to the following 22 ECCNs: 0A502, 0A503, 0A606, 1A002, 1A005, 1A006, 1A613, 1B002, 1C001, 1C002, 1C006, 1C010, 2A001, 3B001, 3E002, 5A002, 6A004, 6A005, 6A008, 9A011, 9D515, 9E003;
- Supplement No. 6 to Part 774 (the Sensitive List) to align the EAR Sensitive List with the Wassenaar Arrangement Sensitive List; and
- Various provisions in the EAR related to items in Category 5—Part 2, including by eliminating certain reporting requirements.
While there is no change to the classification or self-classification reporting requirements for non-"mass market" encryption items controlled under ECCNs 5A002, 5B002, or 5D002, the final notice eliminates the self-classification reporting requirement for certain "mass market" encryption products under § 740.17(b)(1). This means that not all items described in paragraph (b)(1) that are self-classified require a self-classification report. It is estimated that this change to the reporting requirements will reduce encryption self-classification requests by 60%. Also, a new note is added for this paragraph that defines "executable software" and clarifies that "executable software" does not include complete binary images of the "software" running on an end item.
* * * * * * * * * *
As is the case with many regulatory actions, Venable will continue to monitor the development of this issue and its impact on business. Please let us know if you have any questions.