On Friday, June 25, 2010, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) published amendments to the Export Administration Regulations (EAR) that ease certain restrictions and requirements governing the export of encryption commodities, technology, and software, including the use of License Exception ENC. The amendments are effective immediately.
• One-time company registration. The amendments implement a one-time company encryption registration for most exporters of encryption items and also eliminate, in most instances, the need for a company to submit each encryption item for a classification request (formerly known as an encryption review).
• Elimination of 30-day waiting period. The amendments authorize immediate export and reexport of many encryption items, including most “mass market items” and “lesser national security controlled encryption items” without a 30-day waiting period.
• Relaxation of the reporting requirements under License Exception ENC. The amendments require companies to submit to BIS an annual report of encryption items that they have selfclassified. In many cases, this annual report replaces the requirement to file semiannual reports of exports made under License Exception ENC.
Products that continue to require submission of a classification request, a 30-day waiting period, and semiannual reporting include, but are not limited to: (1) network infrastructure items; (2) source code; (3) products designed for the government; (4) customized, modifiable, or quantum crypto; (5) penetration-testing items; (6) publicsafety radios; (7) cryptanalytic items; (8) items with OCI; and (9) some encryption technology. Additionally, encryption components (chips, electronic assemblies, crypto libraries, tool kits, and development kits), non-standard crypto items, and digital forensics items also require submission of a classification request and a 30-day waiting period.
• Loosening of requirements on exports of certain encryption technology. Encryption technology now may be exported under License Exception ENC to nongovernment end-users in most countries. Licenses still will be required for exports of encryption technology for cryptanalytic items, non-standard encryption, and open cryptographic interfaces.
Please see full alert below for more information.