Export Control Reminder: Encryption Reporting Deadline 2/1/18

Cooley Alert
January 19, 2018

The new year brings with it the reporting deadlines for exports of encryption items under the US Export Administration Regulations. February 1, 2018, is the deadline for submitting annual self-classification reports for encryption items exported or re-exported during calendar year 2017 (January 1 through December 31, 2017), as well as semi-annual reports for specified encryption items exported or re-exported between July 1 and December 31, 2017.

A few notes and reminders:

  • The format of the annual self-classification report changed last year. We can provide a template that can be used to prepare the report.
  • Companies that have obtained a formal commodity classification or CCATS for certain encryption products are no longer required to submit annual self-classification reports. Please contact us to learn more about how to obtain a CCATS from the Commerce Department and eliminate your annual self-classification reporting burden going forward.
  • Encryption software that is made available to the general public either as open source code (e.g., via GitHub) or via free download (e.g., via iOS, Android or Google Play app stores) become no longer subject to the EAR upon the filing of a one-time notification or report. If your products are offered in the form of open source code or free apps, we can assist in the preparation and submission of the one-time notification or report.

The new year is also a good time to conduct an export compliance check-up, including an assessment of any new product offerings or changes to the encryption functionality of existing products.

If you would like assistance determining whether the encryption export controls and reporting deadlines apply to your products and associated technology, please contact a member of our team.