Export Control Reminder: Encryption Reporting Deadline Is February 1, 2022

The deadline for submitting reports regarding certain exports of encryption items under the US Export Administration Regulations (EAR) is February 1, 2022. Two types of reports are subject to the deadline:

• Annual self-classification reports for certain encryption items exported or re-exported under paragraph (b)(1) of License Exception ENC during calendar year 2021 (January 1 through December 31, 2021).
• Semiannual reports for specified encryption items exported or re-exported under paragraphs (b)(2) and (b)(3)(iii) of License Exception ENC between July 1 and December 31, 2021.

In addition, the Bureau of Industry and Security (BIS) of the US Commerce Department amended the encryption controls and License Exception ENC, effective March 29, 2021, resulting in the following changes to the above reporting requirements:

• Mass market chips, chipsets, electronic assemblies and field-programmable logic devices classified under export control classification numbers (ECCNs) 5A992.c or 5D992.c (except for such items implementing “non-standard cryptography”) now fall under paragraph (b)(1) of License Exception ENC and are subject to the annual self-classification reporting requirement, unless a formal commodity classification (i.e., CCATS) has been obtained from BIS. Such items previously fell under paragraph (b)(3) of License Exception ENC and required a CCATS.
• Mass market cryptographic libraries, modules, development kits and toolkits classified under ECCNs 5A992.c or 5D992.c (except for such items implementing “non-standard cryptography”) now fall under paragraph (b)(1) of License Exception ENC, but are no longer subject to the annual self-classification reporting or mandatory classification requirements. Such items previously fell under paragraph (b)(3) of License Exception ENC and required submission of a CCATS request.
• Other mass market items classified under ECCNs 5A992.c or 5D992.c remain under paragraph (b)(1) of License Exception ENC, but are no longer subject to the annual self-classification reporting requirement.
• “Publicly available” encryption source code and beta test encryption softwareclassified under ECCN 5D002 (except for such items implementing “non-standard cryptography”) are no longer subject to an email notification requirement.

A few notes regarding the reporting requirements:

• We can provide templates and instructions that you can use to prepare and submit the reports.
• Most mass market encryption products classified under ECCNs 5A992 and 5D992 are no longer subject to an annual reporting requirement.
• Companies that have obtained a CCATS for certain encryption products aren’t required to submit annual self-classification reports. Please contact us to learn more about how to obtain a CCATS from BIS and eliminate your annual self-classification reporting burden going forward.

The new year is also a good time to conduct an export compliance checkup, including an assessment of any new product offerings or changes to the encryption functionality of existing products.

If you would like assistance determining whether the encryption export controls and reporting deadlines apply to your products and associated technology, please contact a member of our team.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.