On September 20, 2016, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a final rule revising the Commerce Control List (CCL), as well as corresponding parts of the Export Administration Regulations (EAR), to implement changes made to the Wassenaar Arrangement's (WA) List of Dual-Use Goods and Technologies at the December 2015 WA Plenary Meeting. BIS’s final rule also made changes that were not agreed to at the WA Plenary Meeting, such as updates to the license requirements and policies associated with Category 5 – Part 2 of the CCL (including revisions to ECCNs 5A992, 5D992, and 5E992), the removal of the Foreign National Review requirement associated with deemed exports under License Exceptions Civil End-Users (CIV) and Computers (APP), and the addition of encryption-related definitions to the EAR. Below is a brief (non-exhaustive) synopsis of BIS’s Wassenaar changes and non-Wassenaar changes.
Revisions to Existing ECCNs
BIS revised 58 ECCNs: 0A617, 1A001, 1A002, 1A004, 1A613, 1C001, 1C002, 1C006, 1C008, 1C009, 1C608, 1E001, 1E002, 2B001, 2B006, 3A001, 3A002, 3A101, 3A292, 3B001, 3D001, 3E002, 4A001, 4A003, 4D001, 4E001, 5A001, 5B001, 5D001, 5E001, 5A002, 5B002, 5D002, 5E002, 6A001, 6A002, 6A003, 6A004, 6A005, 6A007, 6A008, 6B004, 6B007, 6C005, 6E003, 7A003, 7A004, 7A008, 7B001, 7B002, 7E004, 8A001, 8A002, 9A001, 9A004, 9A012, 9B001, and 9E003.
BIS added ECCNs 5A003
(“Systems,” “equipment,” and “components,” for non-cryptographic “information security”) and 5A004
(“Systems,” “equipment,” and “components” for Defeating, Weakening or Bypassing “information security”) to the CCL. These ECCNs control certain items formerly controlled under ECCN 5A002. The same licensing requirements and license exceptions that applied to these items under the former ECCN 5A002 still apply.
BIS raised the Adjusted Peak Performance (APP) for high-performance computers.
BIS added certain License Exception eligibility to the following ECCNs:
- 3A002.h (LVS (not to exceed the $5,000 value limit), GBS, CIV),
- 5A003 (GOV), and
- 5E002 (TMP).
BIS also removed certain License Exception eligibility from the following ECCNs:
- 3B001.c (CIV),
- 4A003.e (GBS, APP, CIV),
- 5A004 (formerly 5A002.a.2) (GOV), and
- 8A002.e.2 (GBS, CIV).
Category 5 – Part 2
BIS updated licensing requirements and policies associated with Category 5, Part 2 of the CCL.
- Category 5 – Part 2 is now divided into three subsections:
- Cryptographic Information Security,
- Non-cryptographic Information Security (5A003), and
- Defeating, Weakening, or Bypassing Information Security (5A004).
- The following ECCNs have been revised:
- 5A992 (Equipment Not Controlled by 5A002)
- The only items still described in 5A992 are mass market encryption items.
- Information security, Telecommunication, and Information Security equipment and components are now controlled either in the higher level Category 5 – Part 2 ECCNs or not at all (i.e., designated as EAR99).
- 5D992 (“Information security” “software” Not Controlled by 5D002)
- The only items still described in 5D992 are mass market encryption items.
- 5E992 (“Information Security” “technology”)
- BIS removed items from ECCN 5E992 in response to changes in 5A992 and 5D992.
- Encryption-Related Changes
- Certain publicly available encryption source code (classified under 5D002) is no longer subject to the EAR once the exporter sends an email notifying BIS of the Internet location of the source code or provides BIS with a copy of the source code.
- Certain encryption technology is now eligible for tools of trade provisions under License Exception TMP.
- Mass market encryption items are now released from Encryption Items (EI) and National Security (NS) controls.
- Definitions for “more sensitive government end-users” and “less sensitive government end-users” as applied to encryption items have been added to the EAR.
- The encryption registration requirement described in License Exception ENC has been deleted.
- License Exception ENC now authorizes exports, reexports, and transfers among related parties for internal use when the parent company is headquartered in a country listed in Supplement No. 3 to part 740 of the EAR.
- License Exception ENC also now authorizes reexports and transfers of foreign-made products developed with or incorporating U.S. encryption source code, components, or toolkits, provided that the items have previously been classified or reported and authorized by BIS and the cryptographic functionality has not been changed.
- The Foreign National Review requirement associated with deemed exports under License Exceptions CIV and APP has been removed.
This final rule became effective September 20, 2016. It is important for organizations to regularly update their trade compliance programs to incorporate, among other things, changes to U.S. government regulations that relate to international trade compliance. Joiner Trade Solutions®, a service offering of Joiner Law Firm PLLC, monitors changes to these U.S. government regulations and is prepared to assist your organization with updates to its trade compliance program.
For specific questions regarding these changes, please contact us.
WA is a multinational export control regime that advocates for effective export controls on items to improve regional and international security and stability. Participating governments agree to modify their export control policies in accordance with the WA list of dual-use goods and technologies.
APP is a metric used by BIS to more accurately determine computer performance for export control purposes.
License Exception Shipments of Limited Value (LVS).
License Exception Shipments to Country Group B Countries (GBS).
License Exception Governments, International Organizations, International Inspections under the Chemical Weapons Convention, and the International Space Station (GOV).
License Exception Temporary Imports, Exports, Reexports, and Transfers (In-Country) (TMP).
ECCN 3B001.c has been removed.