Global Trade Alert

On June 3, 2016, the Department of Commerce's Bureau of Industry and Security (BIS) published a final rule affecting the application of the Export Administration Regulation (EAR) to certain uses of cloud computing for the storage of controlled technology and software. Effective September 1, 2016, cross-border transfers of encrypted technical data are carved out of the EAR licensing requirement. This rule thus tends to liberalize the regulatory environment for a large and growing area of data management. BIS had traditionally advised that the transmission and storage outside of the United States of technology or software controlled under the EAR constituted an export or reexport, and thus could trigger a licensing requirement. That interpretation of the rules meant that companies with controlled technology and software could only use domestic-hosted cloud solutions if they wanted to avoid the licensing process. The final rule provides that technology or software that is encrypted in accordance with certain specified criteria is not exported or reexported even when the technology or software leaves one country for another. According to Forbes magazine, the top providers of cloud computing (outside the United States) are Australia, Canada, France, Germany, Italy, Japan, Korea, Singapore, and the United Kingdom.