ANNOUNCEMENT 20 May 2015In May 2015, the government of the United States of America announced a rule change relating to export registration.
NUMBER OF INTERVENTIONS
In a proposed rule published on May 20, 2015 by the Bureau of Industry and Security (BIS) that agency proposes a license requirement for the export, reexport, or transfer (in-country) of certain cybersecurity items to all destinations except Canada.
The proposed rule would affect exports of software specially designed or modified for the development or production of such systems, equipment or components; software specially designed for the generation, operation or delivery of, or communication with, intrusion software; technology required for the development of intrusion software; Internet Protocol (IP) network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor.
These rules are intended to implement the agreements reached by the members of the Wassenaar Arrangement (WA) at their plenary meeting in December, 2013 with regard to systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software.
BIS states that the cybersecurity capabilities in question were not previously designated for export control, but many of these items have been controlled for their 'information security' functionality (e.g., encryption and cryptanalysis). In BIS's view, the rule thus continues applicable Encryption Items (EI) registration and review requirements, while setting forth proposed license review policies and special submission requirements to address the new cybersecurity controls, including submission of a letter of explanation with regard to the technical capabilities of the cybersecurity items. The comment period for the proposed rule ended on July 20, 2015.