International Trade Law News /title <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" ""> <html xmlns="" xml:lang="en" lang="en"> <meta name="verify-v1" content="6kFGcaEvnPNJ6heBYemQKQasNtyHRZrl1qGh38P0b6M=" /> <head> <title>International Trade Law News

« Home | Exports of Defense Article and Services to Eritrea... » | Next NCITD Meeting to Feature Speakers from OFAC, ... » | OFAC Authorizes American Iranian Council to Open O... » | Congress Extends GSP and ATPA Programs Until Decem... » | Aerospace Industries Association Criticizes Senate... » | Summary and Overview of the Five Important Final a... » | News From Day 3 of Update 2008 » | Census Makes Changes to AESDirect Online System » | DDTC Posts FAQs on Registration Fee Changes » | Enforcement of Mandatory and Advanced AES Filing R... » 

October 06, 2008 

New BIS Encryption Regulation Contains Good and Bad News for U.S. Exporters

Today's guest post on BIS's recently issued encryption regulation was written by Felice Laird, a consultant on encryption and other export control issues and founder of Export Strategies, LLC.

New BIS Encryption Regulation Contains Good and Bad News for U.S. Exporters

By Felice Laird, Export Strategies, LLC

In response to industry pressure and a Presidential Directive issued earlier this year, the Bureau of Industry and Security (BIS) published an interim final rule on October 3, 2008 modifying the Export Administration Regulations (EAR) governing the export of hardware, software and technical data using encryption technology. The rule makes some marginal changes to the regulations but falls short of any significant restructuring of the regulatory regime which as been in place for almost a decade. Despite the limited nature of the changes, many U.S. companies will need to tweak their compliance practices immediately in order to comply with the new rules –– there is no “grace period” for implementation.

The new rule, ironically entitled “Encryption Simplification” takes up eighteen pages in the Federal Register. BIS plans on developing additional guidance to be posted on its website as questions will inevitably be raised regarding the correct interpretation of certain provisions contained in the final rule.

Good News for Some

Companies in the business of making products for the consumer market will benefit from the regulatory changes. For example, companies that make mass-market products using weak cryptography (now defined as using key lengths not exceeding 80 bits; for asymmetric algorithms with key lengths not exceeding 1024 bits; and for elliptic curve algorithms with key lengths not exceeding 160 bits) no longer have to submit a notification of self-classification prior to export. These products can be classified as 5X992 and exported under “NLR”.

The new regulation introduces a category of products performing “ancillary cryptography” and exempt them from review and reporting requirements. Examples provided by BIS in its definition of ancillary cryptography in section 772.1 of the EAR include “business process modeling and automation (e.g., supply chain management, inventory, scheduling and delivery); industrial, manufacturing or mechanical systems (including robotics, other factory or heavy equipment, facilities systems controllers including fire alarms and HVAC); automotive, aviation and other transportation systems. Relief from the review and reporting requirements is also given to companies making products using short-range wireless technology.

BIS has also raised the thresholds that allow some network infrastructure equipment to be exported under the unrestricted provisions of ENC. As a consequence, low-end virtual private network (VPN) hardware and other wide area networking products can now potentially qualify for license-free shipment to both commercial government end-users worldwide.

All exporters will benefit by the inclusion of Bulgaria, Canada, Iceland, Romania and Turkey to the “License Free Zone” (also known as the “Supplement 3 countries”). Both government and commercial entities in these countries may receive product under ENC once a review request is submitted.

Bad News for Others

BIS has made a change affecting the classification of mass-market products that could present a compliance challenge for companies who may conduct a limited international release of product coincident with the submission of a technical review. Companies had previously been allowed to self-classify mass-market products as 5x992 and export under NLR (no license required) pending a 30 day BIS review. The new rules require that future products be temporarily classified as 5x002 pending a final BIS determination and export be made according to the provisions of ENC. This change is viewed as a roll-back of an existing liberalization and will undoubtedly be cited in comment letters to BIS. Companies will likely claim that expensive system change requirements in their order processing, export documentation and ERP systems will be required to comply with the new rule.

BIS is actively working on a long range plan to further modify the encryption regulations. However, given the fact that this is an election year and that fundamental changes to U.S. encryption export rules will require Wassenaar Arrangement approval there will likely be no further changes for at least a year to eighteen months.

Labels: ,



Subscribe to our confidential mailing list

Mobile Version

Search Trade Law News

International Trade and Compliance Jobs

Jobs from Indeed




  • This Site is presented for general informational purposes only and does not constitute legal advice. No attorney-client relationship is formed when you use this Site. Do not consider the Site to be a substitute for obtaining legal advice from a qualified attorney. The information on this Site may be changed without notice and is not guaranteed to be complete, correct or up-to-date. While we try to revise this Site on a regular basis, it may not reflect the most current legal developments. The opinions expressed on this Site are the opinions of the individual author.
  • The content on this Site may be reproduced and/or distributed in whole or in part, provided that its source is indicated as "International Trade Law News,".
  • ©2003-2015. All rights reserved.

Translate This Site

Powered by Blogger