The U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) has adjusted U.S. export controls in ways that dramatically limit unlicensed supply to Russia or Belarus of many types of software with encryption functionality.
Exporters rely heavily on the Export Administration Regulations’ License Exception Encryption (“ENC”) to authorize supply of software with encryption functionality if the software falls into a licensable category (ECCN 5D002). In general, License Exception ENC no longer authorizes exports, reexports or in-country transfers of encryption software to parties in Russia or Belarus, even if the parties are private sector companies with no connection to military activity.
As BIS has amended the regulations, License Exception ENC now applies to exports, reexports and in-country transfers of encryption software to or within Russia or Belarus only if the export, reexport or in-country transfer is to a non-restricted civil end user in Russia or Belarus that is one of the following:
In addition, while exports, reexports and in-country transfers of encryption software that qualifies as a “mass market” product (ECCN 5D992) are not eligible for License Exception ENC, new licensing requirements do not apply to exports, reexports or transfers of such “mass market” encryption software to or within Russia or Belarus if the software is being sent to a non-restricted civil end user that meets one of the descriptions above.
In addition, exports, reexports and in-country transfers of mass market encryption software may be eligible for License Exception CCD if the exports, reexports or transfers are to independent non-governmental organizations or individuals who are not Russian or Belarusian government officials.
Although the new regulations were published on March 8, BIS has taken the position that they came into effect on March 3 (when the regulatory notice became publicly available online).