Important Changes to Export Administration Regulations Affecting Software Industry

Goodwin
Contact

Goodwin

These updates include:

  • Companies are no longer required to file a company Encryption Registration prior to exporting 5D992 mass-market software or 5D002 software items eligible for self-classification.  
  • Exporters are now excused from the annual reporting requirements for 5D992 mass-market software and 5D002 software by filing a one-time product-specific Classification Request with BIS.
  • Publicly available encryption source code and corresponding object code is no longer “subject to the EAR” after compliance with the notification requirement. 
  • The threshold parameters for “network infrastructure” have changed and the software is now eligible for export to “less sensitive government end users” in certain countries, subject to semi-annual reporting requirements. 
  • New ECCNs cover items that perform specified “information security” functions but do not themselves include or use encryption, including for systems, equipment and components “for communications cable systems designed . . . to detect surreptitious intrusion,” and “for defeating, weakening or bypassing information security.” 
  • Software performing authentication-only encryption is now classified as EAR99. 
  • Short range wireless encryption items are now classified as EAR99.
  • A new License Exception authorizes exports, reexports, and transfers (in-country) among related parties for internal use when the parent company is headquartered in a list of “friendly” countries that was expanded to include Croatia.

Written by:

Goodwin
Contact
more
less

Goodwin on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide