Expanded Controls on Encryption Software Exports to Russia and Belarus

March.09.2022

The U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) has adjusted U.S. export controls in ways that dramatically limit unlicensed supply to Russia or Belarus of many types of software with encryption functionality.

Exporters rely heavily on the Export Administration Regulations’ License Exception Encryption (“ENC”) to authorize supply of software with encryption functionality if the software falls into a licensable category (ECCN 5D002). In general, License Exception ENC no longer authorizes exports, reexports or in-country transfers of encryption software to parties in Russia or Belarus, even if the parties are private sector companies with no connection to military activity.

As BIS has amended the regulations, License Exception ENC now applies to exports, reexports and in-country transfers of encryption software to or within Russia or Belarus only if the export, reexport or in-country transfer is to a non-restricted civil end user in Russia or Belarus that is one of the following:

  • a wholly owned subsidiary of a U.S. company;
  • a wholly owned subsidiary of a company headquartered in an allied country appearing in Country Groups A:5 or Country Group A:6 of the Export Administration Regulations (which includes the United Kingdom, all members of the European Union, Australia, New Zealand, Japan, South Korea, Argentina, Israel and India);
  • a foreign subsidiary of a U.S. company that is a joint venture (“JV”) with one or more other U.S. companies;
  • a JV between one or more U.S. companies and one or more companies headquartered in one or more allied Country Group A:5 or A:6 countries; or
  • a JV between companies headquartered in one or more allied Country Group A:5 or A:6 countries.

In addition, while exports, reexports and in-country transfers of encryption software that qualifies as a “mass market” product (ECCN 5D992) are not eligible for License Exception ENC, new licensing requirements do not apply to exports, reexports or transfers of such “mass market” encryption software to or within Russia or Belarus if the software is being sent to a non-restricted civil end user that meets one of the descriptions above.

In addition, exports, reexports and in-country transfers of mass market encryption software may be eligible for License Exception CCD if the exports, reexports or transfers are to independent non-governmental organizations or individuals who are not Russian or Belarusian government officials.

Although the new regulations were published on March 8, BIS has taken the position that they came into effect on March 3 (when the regulatory notice became publicly available online).