May 10, 2021

On March 9, 2021, the Bureau of Industry and Security (BIS) published a final rule implementing changes to the Export Administration Regulations (EAR) that relax various requirements related to encryption items in an effort to reduce regulatory burden on exporters.

Notably, BIS eliminated the requirement that subjects “mass market” components, executable software, toolsets, and toolkits to pre-export review. Instead, companies are now permitted to self-classify the following items: (1) ECCN 5A992.c components and 5D992.c executable software of “mass market” products (with annual post-export reporting still required); and (2) stand-alone “mass market” toolsets and toolkits (with no post-export reporting required). These items will be eligible for License Exception ENC. License Exception ENC requirements have not changed for non-“mass market” encryption items or any encryption items that implement “non-standard cryptography.”

The new rule also removed the requirement for exporters to notify BIS via email prior to the modification or first export of “mass market” encryption items and items that use “publicly available” standard encryption source code and beta test encryption software classified under 5D002.  This change significantly simplifies the export process and reduces notifications to BIS regarding publicly available encryption software. This change does not apply to exports of software that utilize “non-standard cryptography.”

Finally, BIS modified the scope of encryption-related controls under Category 5, Part 2 of the EAR by clarifying controls on “cryptographic activation,” expanding the scope of personal area network functionality, and reducing controls on network gateways under ECCN 5A002.a.

For more information on how these could impact your business, contact:

Jump to Page

By using this site, you agree to our updated Privacy Policy and our Terms of Use.