The Bureau of Industry and Security has issued a rule finalizing changes to its regulations concerning export controls on cybersecurity items. For more information on this rule and how it may affect your business, please contact attorney Kristine Pirnia via email.
BIS issued an interim final rule in October 2021 establishing a new control on such items for national security and anti-terrorism reasons and adding a new license exception ACE (authorized cybersecurity exports) that authorizes exports of these items to most destinations except in certain circumstances. These changes took effect March 7, 2022. BIS explained that these items warrant control because they could be used for surveillance, espionage, or other actions that disrupt, deny, or degrade networks or devices on them.
In response to comments on the interim final rule, BIS is making the following clarifications or changes.
- providing additional information and guidance through an FAQ on the new 5A001.j entry, noting that it does not expect this ECCN to control a large number of products
- revising the definition of “government end-user” to be more specific
- taking steps to prevent evasion of the license exception ACE end-use restriction by adding cryptographic or cryptanalytic functionality to a cybersecurity item and exporting, reexporting, or transferring (in-country) the resulting “encryption item” subject the EAR under license exception ENC
Copyright © 2022 Sandler, Travis & Rosenberg, P.A.; WorldTrade Interactive, Inc. All rights reserved.