Skip to Content
Rule

Publicly Available Mass Market Encryption Software and Other Specified Publicly Available Encryption Software in Object Code

Action

Final Rule.

Summary

The Bureau of Industry and Security (BIS) is removing from the scope of items subject to the Export Administration Regulations (EAR) “publicly available” mass market encryption object code software with a symmetric key length greater than 64-bits, and “publicly available” encryption object code classified under Export Control Classification Number (ECCN) 5D002 on the Commerce Control List when the corresponding source code meets the criteria specified under License Exception TSU. This change is being made pursuant to a determination by BIS that, because there are no regulatory restrictions on making such software “publicly available,” and because, once it is “publicly available,” by definition it is available for download by any end user without restriction, removing it from the jurisdiction of the EAR will have no effect on export control policy. This action will not result in the decontrol of source code classified under ECCN 5D002, but it will result in a simplification of the regulatory provisions for publicly available mass market software and specified encryption software in object code.

Unified Agenda

 

Table of Contents Back to Top

DATES: Back to Top

This rule is effective: January 7, 2011.

FOR FURTHER INFORMATION CONTACT: Back to Top

For questions of a technical nature, contact: the Information Technology Division, Office of National Security and Technology Transfer Controls at (202) 482-0707 or by e-mail cpratt@bis.doc.gov.

For questions of a general nature, contact: Sharron Cook, Office of Exporter Services, Bureau of Industry and Security, U.S. Department of Commerce at (202) 482-2440 or by e-mail to scook@bis.doc.gov.

SUPPLEMENTARY INFORMATION: Back to Top

Background Back to Top

This rule removes from the jurisdiction of the EAR mass market encryption software and specified encryption object code that is publicly available. Publicly available software, other than encryption software, is not subject to the EAR. Certain publicly available encryption software has remained subject to the jurisdiction of the EAR since the mid-1990s, when commercial items incorporating encryption functionality were transferred to the jurisdiction of the EAR (see§ 734.3(b)(3) of the EAR). At that time, much less mass market software was “publicly available” than is the case today. Because of the much wider array of “publicly available” mass market and other encryption software in object code, BIS recently reviewed the provisions of the EAR that retained jurisdiction over such software. Pursuant to this review, BIS determined that there are no regulatory restrictions on making such software “publicly available.” Moreover, because, once it is “publicly available,” it is, by definition, available for download by any end user without restriction, removing it from the jurisdiction of the EAR will have no effect on export control policy. Removing these items from EAR jurisdiction will also result in a simplification of the regulatory provisions. Accordingly, BIS believes that its regulatory discretion should no longer be exercised in a manner that such encryption software remains subject to the EAR.

During its review, BIS noted that the EAR currently provide that making certain encryption software “publicly available” by posting it on the Internet where it may be downloaded by anyone does not establish “knowledge” of a prohibited export or reexport. Additionally, such activity also does not trigger any “red flags” that impose an affirmative duty to inquire under the “Know Your Customer” guidance provided in the EAR (see 67 FR 38855, 38857, June 6, 2002). Therefore, a person or company does not violate the EAR if it posts “mass market” encryption software on the Internet for free and anonymous download (i.e., makes it “publicly available”), and the software is downloaded by an anonymous person from anywhere in the world. In addition, if the person or company “publishes” mass market encryption software by another means, the person or company does not violate the EAR.

Through this rule, BIS removes two kinds of encryption software from the jurisdiction of the EAR: (1) Publicly available encryption software in object code with a symmetric key length greater than 64-bits that has been determined to be mass market software under section 742.15(b) of the EAR and has been reclassified under ECCN 5D992; and (2) publicly available encryption software in object code classified under ECCN 5D002 when the corresponding source code meets the criteria specified in section 740.13(e) of the EAR.

Publicly available mass market encryption object code software: Encryption software in object code that has been reviewed by BIS and determined to be mass market software under the section 742.15(b)(3) procedure, or software that does not require review but has been self-classified by the exporter as mass market software under section 742.15(b)(1), is reclassified from Export Control Classification Number (ECCN) 5D002 to ECCN 5D992 on the Commerce Control List (CCL) (Supplement No. 1 to Part 774 of the EAR). ECCN 5D992 software is controlled for anti-terrorism reasons, and requires a license for export to Iran, Cuba, Syria, Sudan and North Korea (Country Group E:1 countries; see Supplement No. 1 to Part 740). The procedure to self-classify qualifying mass market software under ECCN 5D992 requires both the submission of an encryption registration to BIS in accordance with section 742.15(b)(7), and the submission of an annual self-classification report in accordance with section 742.15(c). Meanwhile, for specified software described in section 742.15(b)(3), the procedure to obtain “mass market” classification under ECCN 5D992 requires both the submission of an encryption registration and a classification request to BIS, in accordance with section 742.15(b)(7).

This rule amends the EAR to provide that, once the registration is submitted and the encryption software is properly classified as “mass market” under the relevant requirements of section 742.15(b), if the software is then made “publicly available,” it is not subject to the EAR. Software authorized for export and reexport under section 742.15(b)(1) pursuant to registration and self-classification must still be included in the exporter's annual self-classification report for the calendar year during which it was self-classified as “mass market” software.

Publicly available encryption object code corresponding to source code made eligible for License Exception TSU. Section 740.13(e)(1) of the EAR authorizes the export and reexport of encryption object code if both the object code and the source code from which it is compiled would be considered publicly available under section 734.3(b)(3) of the EAR, were they not classified under ECCN 5D002. Section 740.13(e)(3) requires that the source code or the location of the source code be notified to the BIS and to the ENC Encryption Request Coordinator before becoming eligible for License Exception TSU. As with the publicly available mass market encryption software, such object code may be exported to any destination, via anonymous download, without violating the EAR. For the reasons discussed above, BIS's regulatory discretion under the EAR should no longer be exercised in a manner that renders such software subject to the EAR.

Pursuant to section 734.2(b)(9)(ii) of the EAR, publicly available encryption source code that is classified under ECCN 5D002 must be notified to BIS and the ENC Encryption Request Coordinator under the provisions of License Exception TSU (section 740.13(e)). This rule amends this provision to state that the publicly available encryption object code corresponding to publicly available source code eligible for export under section 740.13(e) is no longer subject to the EAR.

In addition, the requirements for encryption registration and classification as described in section 742.15(b) pertain only to “publicly available” mass market encryption software with symmetric key length exceeding 64 bits. “Publicly available” mass market encryption software that does not meet the criterion of “symmetric key length exceeding 64 bits” is not subject to the EAR; neither is any “publicly available” encryption software that is classified under ECCN 5D992 for reasons other than a “mass market” determination. Moreover, several types of mass market encryption software that remain under the jurisdiction of the EAR—even when they are “publicly available”—are no longer subject to encryption registration and classification requirements under section 742.15(b), including, since October 2008, software performing “ancillary cryptography.” The removal of the previous classification review requirement demonstrates that there is no regulatory interest in maintaining EAR jurisdiction over these products when they are “publicly available.”

The following specific revisions are made to the EAR:

Section 732.2 “Steps Regarding Scope of the EAR” Back to Top

This rule revises paragraph (b) in section 732.2 and: (1) Replaces the phrase “controlled for EI reasons under ECCN 5D002” with “classified under ECCN 5D002;” (2) replaces the phrase “shall be subject to the EAR” with the phrase “is subject to the EAR;” (3) removes the phrase “and mass market encryption software with symmetric key length exceeding 64-bits classified under ECCN 5D992;” and (4) adds the phrase, “except for publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR.” This revision narrows the scope of publicly available software subject to the EAR to include only encryption source code classified under ECCN 5D002. The sixth sentence of section 732.2 is removed by this rule, as it is redundant.

Part 734 “Scope of the EAR” Back to Top

This rule removes the phrase “and object code” in the last sentence in paragraph (b)(9)(ii) and adds a new sentence at the end as follows: “Publicly available encryption software in object code that corresponds to encryption source code made eligible for License Exception TSU under section 740.13(e) is not subject to the EAR.” In section 734.3, this rule revises paragraph (b)(3) by replacing the phrase “controlled for `EI' reasons” with “classified” and removing the phrase “and mass market encryption software with symmetric key length exceeding 64-bits controlled under ECCN 5D992.” In addition, this rule adds the following sentence to the Note to paragraphs (b)(2) and (b)(3): “Publicly available encryption object code software classified under ECCN 5D002 is not subject to the EAR when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR.”

In section 734.7, “Published Information and Software,” this rule revises paragraph (c) by adding the modifier “published” before “encryption software,” replacing the word “controlled” with “classified,” and adding a reference to “Supplement No. 1 to part 774 of the EAR” for the Commerce Control List to add clarity to the first sentence. This rule also adds the phrase “except publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR,” and removes the phrase “and mass market encryption software with symmetric key length exceeding 64-bits controlled under ECCN 5D992” to remove such software from being subject to the EAR for reasons stated in the preamble to this rule. This rule also replaces the word “remain” with the word “remains” in the first sentence of section 734.7 to maintain accurate grammar in the revised sentence. This rule also makes consistent changes to sections 734.8 (“Information resulting from fundamental research”) and 734.9 (“Educational information”).

This rule amends Supplement No. 1 to part 734 “Questions and Answers—Technology and Software Subject to the EAR” by removing the question and answer to G(3). The question and answer indicated an exception to the published criteria in section 734.7. The exception allowed software to become not subject to the EAR based on being considered published, even if the cost of the software was higher than the cost of reproduction and distribution. The exception required the exporter to request this treatment via a classification request to BIS. As the supplement is guidance, conflicts with regulatory text and no known requests have come in for this treatment, BIS has decided to delete it.

Section 740.13 “Technology and Software—Unrestricted (TSU)” Back to Top

Section 740.13 is amended by removing the parenthetical phrase “(and corresponding object code)” from the title of paragraph (e), because publicly available corresponding object code is not subject to the EAR if the source code meets the criteria of 740.13(e) and is publicly available. This rule also adds a phrase to the first sentence of paragraph (e)(1) that reads “subject to the notification requirements of paragraph (e)(3) of this section” to link the notification requirement with the authorization. This rule removes the phrase “without review” in the first sentence of (e)(1), because it is not necessary and may be confusing to state what actions are not required to be eligible for this license exception. The first sentence of (e)(1) is further amended by adding the descriptor “publicly available” in front of “encryption source code,” to be more specific about what type of source code is eligible for this license exception. In addition, this rule replaces the phrase “if not controlled by ECCN 5D002, would be considered publicly available under § 734.3(b)(3)” with “is subject to the EAR pursuant to § 734.3(b)(3)” to simplify the first sentence in paragraph (e)(1). For consistency with the change making specified object code not subject to the EAR, this rule removes the last sentence in paragraph (e)(1), which stated “This paragraph also authorizes the export and reexport of the corresponding object code (i.e., that which is compiled from source code that is authorized for export and reexport under this paragraph) if both the object code and the source code from which it is compiled would be considered publicly available under § 734.3(b)(3) of the EAR, if they were not controlled under ECCN 5D002.”

Section 772.1 “Definitions of Terms as Used in the EAR” Back to Top

In section 772.1, the definition of the term “commodity” is amended by removing the last two sentences, because they do not contribute to defining the term “commodity,” and the concepts concerning publicly available encryption software can be found in more appropriate parts of the EAR, e.g., Part 734.

ECCN 5D002 “Information Security—Software” Back to Top

In Supplement No. 1 to Part 774 (the Commerce Control List), Category 5 Telecommunications and “Information Security,” Part 2 Information Security, ECCN 5D002 is amended by revising the last note in the License Requirement section by replacing the word “software” with the words “source code,” and removing the parenthetical phrase “(and corresponding object code).” This amendment is made to conform the text of the Note to the revisions made by this rule.

Since August 21, 2001, the Export Administration Act has been in lapse. However, the President, through Executive Order 13222 of August 17, 2001 (3 CFR, 2001 Comp. 783 (2002)), which has been extended by successive Presidential Notices, the most recent being that of August 12, 2010, 75 FR 50681 (August 16, 2010), has continued the Regulations in effect under the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.).

Rulemaking Requirements Back to Top

1. This final rule has been determined to be significant for purposes of Executive Order 12866.

2. Notwithstanding any other provision of law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply with a collection of information subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (PRA), unless that collection of information displays a currently valid Office of Management and Budget (OMB) Control Number. This rule involves two collections of information subject to the PRA. One of the collections has been approved by OMB under control number 0694-0088, “Multi Purpose Application,” and carries a burden hour estimate of 58 minutes for a manual or electronic submission. The other collection has been approved by OMB under control number 0694-0106, “Reporting and Recordkeeping Requirements under the Wassenaar Arrangement,” and carries a burden hour estimate of 21 minutes for a manual or electronic submission. Send comments regarding these burden estimates or any other aspect of these collections of information, including suggestions for reducing the burden, to OMB Desk Officer, New Executive Office Building, Washington, DC 20503; and to Jasmeet Seehra, OMB Desk Officer, by e-mail at Jasmeet_K._Seehra@omb.eop.gov or by fax to (202) 395-7285; and to the Office of Administration, Bureau of Industry and Security, Department of Commerce, 14th and Pennsylvania Avenue, NW, Room 6622, Washington, DC 20230.

3. This rule does not contain policies with Federalism implications as that term is defined under Executive Order 13132.

4. The Department has determined that there is good cause under 5 U.S.C. 553(b)(B) to waive the provisions of the Administrative Procedure Act requiring notice and the opportunity for public comment when such notice and comment is contrary to the public interest. This rule simplifies the regulatory provisions for publicly available mass market software and specified encryption software in object code by removing them from the jurisdiction of the EAR. BIS recognized that there are no regulatory restrictions in making such software “publicly available,” and once “publicly available,” such software is available for download by any end user without restriction. Thus, removing such “publicly available” items from the jurisdiction of the EAR has no effect on export control policy and clarifies the scope of existing BIS controls. The greater clarity that this rule provides will encourage the exchange of publicly available mass market encryption object code software and certain publicly available encryption object code by the exporting community. In effect, this rule removes any remaining uncertainty in the minds of exporters as to whether their actions constitute violations of U.S. export control law. Thus, delaying the effectiveness of this rule is contrary to the public interest.

For the reasons listed above, good cause exists to waive the 30-day delay in effectiveness otherwise required by the APA. Further, no other law requires that a notice of proposed rulemaking and an opportunity for public comment be given for this direct final rule. Accordingly, no regulatory flexibility analysis is required and none has been prepared. Although notice and opportunity for comment are not required, BIS is issuing this rule in interim final form and is seeking public comments on these revisions.

Further, no other law requires that a notice of proposed rulemaking and an opportunity for public comment be given for this final rule. Because a notice of proposed rulemaking and an opportunity for public comment are not required to be given for this rule under the Administrative Procedure Act or by any other law, the analytical requirements of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) are not applicable. Therefore, this regulation is issued in final form. Although there is no formal comment period, public comments on this regulation are welcome on a continuing basis. Comments should be submitted to Sharron Cook, Office of Exporter Services, Bureau of Industry and Security, Department of Commerce, 14th and Pennsylvania Ave., NW., Room 2705, Washington, DC 20230.

List of Subjects Back to Top

Accordingly, Parts 732, 734, 740, 772, and 774 of the Export Administration Regulations (15 CFR Parts 730 through 774) are amended as follows:

begin regulatory text

PART 732—[AMENDED] Back to Top

1.The authority citations for Part 732 continue to read as follows:

Authority:

50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 12, 2010, 75 FR 50681 (August 16, 2010).

2.Section 732.2 is amended by revising paragraph (b) to read as follows:

§ 732.2 Steps Regarding Scope of the EAR.

* * * * *

(b) Step 2: Publicly available technology and software. This step is relevant for both exports and reexports. Determine if your technology or software is publicly available as defined and explained at part 734 of the EAR. Supplement No. 1 to part 734 of the EAR contains several practical examples describing publicly available technology and software that are outside the scope of the EAR. The examples are illustrative, not comprehensive. Note that encryption software classified under ECCN 5D002 on the Commerce Control List (refer to Supplement No.1 to Part 774 of the EAR) is subject to the EAR even if publicly available, except for publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR.

* * * * *

PART 734—[AMENDED] Back to Top

3.The authority citations for Part 734 continue to read as follows:

Authority:

50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; E.O. 12938, 59 FR 59099, 3 CFR, 1994 Comp., p. 950; E.O. 13020, 61 FR 54079, 3 CFR, 1996 Comp., p. 219; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 12, 2010, 75 FR 50681 (August 16, 2010); Notice of November 4, 2010, 75 FR 68673 (November 8, 2010).

4.Section 734.2 is amended in the last sentence of paragraph (b)(9)(ii) by removing the phrase “and object code” and adding a new sentence at the end to read as follows:

§ 734.2 Important EAR terms and principles.

* * * * *

(b) * * *

(9) * * *

(ii) * * * Publicly available encryption software in object code that corresponds to encryption source code made eligible for License Exception TSU under section 740.13(e) is not subject to the EAR.

5.Section 734.3 is amended by:

a. Revising paragraph (b)(3) introductory text;

b. Adding a new sentence to the end of the Note to paragraphs (b)(2) and (b)(3) to read as follows:

§ 734.3 Items Subject to the EAR.

* * * * *

(b) * * *

(3) Publicly available technology and software, except software classified under ECCN 5D002 on the Commerce Control List, that:

* * * * *

Note to paragraphs (b)(2) and (b)(3) of this section: * * * Publicly available encryption object code software classified under ECCN 5D002 is not subject to the EAR when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR.

* * * * *

6.Section 734.7 is amended by revising paragraph (c) to read as follows:

§ 734.7 Published information and software.

* * * * *

(c) Notwithstanding paragraphs (a) and (b) of this section, note that published encryption software classified under ECCN 5D002 on the Commerce Control List (Supplement No. 1 to part 774 of the EAR) remains subject to the EAR, except publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR. See§ 740.13(e) of the EAR for eligibility requirements for exports and reexports of publicly available encryption source code under License Exception TSU.

7.Section 734.8 is amended by revising the last two sentences in paragraph (a) to read as follows:

§ 734.8 Information resulting from fundamental research.

(a) * * * Note that the provisions of this section do not apply to encryption software classified under ECCN 5D002 on the Commerce Control List (Supplement No. 1 to part 774 of the EAR), except publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR. See§ 740.13(e) of the EAR for eligibility requirements for exports and reexports of publicly available encryption source code under License Exception TSU.

* * * * *

8.Section 734.9 is amended by revising the last two sentences to read as follows:

§ 734.9 Educational information.

* * * Note that the provisions of this section do not apply to encryption software classified under ECCN 5D002 on the Commerce Control List, except publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR. See§ 740.13(e) of the EAR for eligibility requirements for exports and reexports of publicly available encryption source code under License Exception TSU.

Supplement No. 1 to Part 734 [Amended] Back to Top

8.Supplement No. 1 to part 734 is amended by removing Question G(3) and the answer to G(3).

PART 740—[AMENDED] Back to Top

9.The authority citation for part 740 continues to read as follows:

Authority:

50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 22 U.S.C. 7201 et seq.; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 12, 2010, 75 FR 50681 (August 16, 2010).

10.Section 740.13 is amended by revising paragraph (e) to read as follows:

§ 740.13 Technology and software—unrestricted (TSU).

* * * * *

(e) Publicly available encryption source code. (1) Scope and eligibility. Subject to the notification requirements of paragraph (e)(3) of this section, this paragraph (e) authorizes exports and reexports of publicly available encryption source code classified under ECCN 5D002 that is subject to the EAR (see§ 734.3(b)(3) of the EAR). Such source code is eligible for License Exception TSU under this paragraph (e) even if it is subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code.

(2) Restrictions. This paragraph (e) does not authorize:

(i) Export or reexport of any encryption software classified under ECCN 5D002 that does not meet the requirements of paragraph (e)(1), even if the software incorporates or is specially designed to use other encryption software that meets the requirements of paragraph (e)(1) of this section; or

(ii) Any knowing export or reexport to a country listed in Country Group E:1 in Supplement No. 1 to part 740 of the EAR.

(3) Notification requirement. You must notify BIS and the ENC Encryption Request Coordinator via e-mail of the Internet location (e.g., URL or Internet address) of the publicly available encryption source code or provide each of them a copy of the publicly available encryption source code. If you update or modify the source code, you must also provide additional copies to each of them each time the cryptographic functionality of the source code is updated or modified. In addition, if you posted the source code on the Internet, you must notify BIS and the ENC Encryption Request Coordinator each time the Internet location is changed, but you are not required to notify them of updates or modifications made to the encryption source code at the previously notified location. In all instances, submit the notification or copy to crypt@bis.doc.gov and to enc@nsa.gov.

Note to paragraph (e): Posting encryption source code on the Internet (e.g., FTP or World Wide Web site) where it may be downloaded by anyone neither establishes “knowledge” of a prohibited export or reexport for purposes of this paragraph, nor triggers any “red flags” imposing a duty to inquire under the “Know Your Customer” guidance provided in Supplement No. 3 to part 732 of the EAR. Publicly available encryption object code software classified under ECCN 5D002 is not subject to the EAR when the corresponding source code meets the criteria specified in this paragraph (e), see§ 734.3(b)(3) of the EAR.

* * * * *

PART 742—[AMENDED] Back to Top

11.The authority citation for part 742 continues to read as follows:

Authority:

50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 22 U.S.C. 3201 et seq.; 42 U.S.C. 2139a; 22 U.S.C. 7201 et seq.; 22 U.S.C. 7210; Sec 1503, Pub. L. 108-11, 117 Stat. 559; E.O. 12058, 43 FR 20947, 3 CFR, 1978 Comp., p. 179; E.O. 12851, 58 FR 33181, 3 CFR, 1993 Comp., p. 608; E.O. 12938, 59 FR 59099, 3 CFR, 1994 Comp., p. 950; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Presidential Determination 2003-23 of May 7, 2003, 68 FR 26459, May 16, 2003; Notice of August 12, 2010, 75 FR 50681 (August 16, 2010); Notice of November 4, 2010, 75 FR 68673 (November 8, 2010).

11.Section 742.15 is amended:

a. By revising the fourth sentence of paragraph (b) introductory text; and

b. By adding a note to paragraph (b) introductory text to read as follows:

* * * * *

(b) * * * Exports and reexports authorized under paragraphs (b)(1) and (b)(3) of this section (including of mass market encryption software that would be considered publicly available under § 734.3(b)(3) of the EAR) must be supported by an encryption registration in accordance with paragraph (b)(7) of this section and the specific instructions of paragraph (r)(1) of Supplement No. 2 to part 748 of the EAR. * * *

Note to introductory text of paragraph (b):

Mass market encryption software that would be considered publicly available under § 734.3(b)(3) of the EAR, and is authorized for export and reexport under this paragraph (b), remains subject to the EAR until the encryption registration and all applicable classification or self-classification requirements set forth in this section are fulfilled.

* * * * *

PART 772—[AMENDED] Back to Top

11.The authority citation for part 772 continue to read as follows:

Authority:

50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 12, 2010, 75 FR 50681 (August 16, 2010).

§ 772.1 [Amended]

12.In § 772.1, the definition of the term “commodity” is amended by removing the last two sentences of the definition.

PART 774—[AMENDED] Back to Top

13.The authority citation for part 774 continues to read as follows:

Authority:

50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 10 U.S.C. 7420; 10 U.S.C. 7430(e); 22 U.S.C. 287c, 22 U.S.C. 3201 et seq., 22 U.S.C. 6004; 30 U.S.C. 185(s), 185(u); 42 U.S.C. 2139a; 42 U.S.C. 6212; 43 U.S.C. 1354; 15 U.S.C. 1824a; 50 U.S.C. app. 5; 22 U.S.C. 7201 et seq.; 22 U.S.C. 7210; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 12, 2010, 75 FR 50681 (August 16, 2010).

14.In Supplement No. 1 to part 774 (the Commerce Control List), Category 5, Part 2, Export Control Classification Number (ECCN) 5D002 is amended by adding the heading “License Requirements” after the ECCN heading and revising the last note in the License Requirements section to read as follows:

Supplement No. 1 to Part 774 Back to Top

* * * * *

5D002Information Security—“Software as follows (see List of Items Controlled).” Back to Top

License Requirements Back to Top

* * * * *

Note:

Encryption source code classified under this entry remains subject to the EAR even when made publicly available in accordance with part 734 of the EAR. However, publicly available encryption object code software classified under ECCN 5D002 is not subject to the EAR when the corresponding source code meets the criteria specified in § 740.13(e), see also§ 734.3(b)(3) of the EAR.

* * * * *

end regulatory text

Dated: December 20, 2010.

Kevin J. Wolf,

Assistant Secretary for Export Administration.

[FR Doc. 2010-32803 Filed 1-6-11; 8:45 am]

BILLING CODE 3510-33-P

Site Feedback