August 1, 2020, is the deadline for submitting semi-annual reports for certain encryption items exported or re-exported between January 1 and June 30, 2020, pursuant to paragraphs (b)(2) and (b)(3)(iii) of License Exception ENC (15 CFR 740.17). The encryption items subject to the semi-annual reporting requirement include:
- certain network infrastructure items
- certain encryption source code that is not publicly available
- items that have been specifically designed, modified, adapted or customized for “government end-users”
- commodities and software for quantum cryptography
- cryptanalytic items and items with an open cryptographic interface
- commodities and software that provide penetration capabilities that are capable of attacking, denying, disrupting or otherwise impairing the use of cyber infrastructure or networks
- items that perform advanced network vulnerability or digital forensics analysis
- encryption technology classified under Export Control Classification Number (ECCN) 5E002
Note that the semi-annual reporting requirement does not apply to encryption items authorized for export under paragraph (b)(1) of License Exception ENC, including mass market products classified under ECCN 5A992 or 5D992.
If you need assistance determining whether the EAR’s encryption controls or semi-annual reporting requirement apply to your products, please contact a member of our team.