Insights

  • Home
  • Insights
  • Commerce Reduces Requirements Relating to Mass-Market Encryption Items and Publicly Available Software

Share

Commerce_Reduces_Requirements_SOCIAL

Commerce Reduces Requirements Relating to Mass-Market Encryption Items and Publicly Available Software

The U.S. Department of Commerce’s Bureau of Industry and Security ("BIS") recently revised the Export Administration Regulations ("EAR") to, among other things, modify reporting and self-classification requirements for certain encryption commodities, software, and technologies.

April 2021 Alert

On March 29, 2021, BIS issued a final rule modifying the EAR. In addition to implementing changes to several Export Control Classification Numbers ("ECCNs"), the final rule made three modifications that are noteworthy for companies working with commodities, software, or technology that utilize or implement encryption. Importantly, none of these changes affect any items that use non-standard cryptography.

First, the final rule eliminates the requirement to either submit classification requests to BIS or file annual self-classification reports in accordance with the EAR for most mass-market encryption items. Classification requests and/or reports will still be required for certain mass-market items, including encryption chips, chipsets, electronic assemblies and field programmable logic devices, and their qualifying executable software. 

Second, the final rule now allows companies to self-classify most mass-market "components" and "executable software" as eligible for License Exception ENC (b)(1), so long as they are not described under section (b)(2) of that exception. Companies will need to file an annual self-classification report to be eligible to use the license exception.

Third, the final rule eliminates the requirement to submit email notifications to BIS and the ENC Encryption Coordinator before publicly available encryption source code will be considered no longer subject to the EAR. Before this change, an email notification was required that provided the Internet location of this source code.

Companies that work with encryption commodities, software, or technology will likely welcome these changes. While analysis of export controls applicable to encryption remains a complex endeavor, these modifications should provide welcome relief in certain areas. 

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
Contributors
You May Also Be Interested In

April 2024 Newsletters

EU Emergency Response Update – Key Policy & Regulatory Developments No. 113

MAY 2024 Alert

Delegation Dilemma: CFTC Rule Allows Staff to Circumvent Notice and Comment Rulemaking

May 2024 Alert

Final Clean Vehicle Credit Regulations Clarify Diligence and Tracing Rules

MAY 2024 Commentary

EPA Finalizes Rules to Regulate Pollution from Fossil Fuel-Fired Power Plants

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.