<-- Back to previous page


Draft Matrix for June 6, 2002 Update to the Encryption Regulations

© 2002 by Roszel C. Thomsen II and Antoinette D. Paytas

THOMSEN AND BURKE LLP  

1.  Mass Market, Retail and Non-Retail Strong Encryption Products

2. US Subs and EU & Partners

3. 64/1024 Retail and BetaTest

4. Mass Market, Weak Encryption Products

5. Open (and Community) Source Code

6. Object Code Complied From Open and Community Source Code

7. Proprietary Source Code

8. Terms and Other Information

  

1. Mass Market, Retail and Non-Retail Strong Encryption Products

Product

Encryption Bit Length

ECCN / Type

License Exception

End Use / Restrictions

License Requirement

Reporting / De Minimis

Mass Market Strong Encryption

Commodities or Software   

Note: no open cryptographic interfaces   

742.15(b)

 

Any key length

5A992

 /

5D992

Mass Market

 

NLR

 

 

 

Any end user

Any end use

 

30 day review requirement

 

Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria

No reporting requirements.

Eligible for De Minimis.

Strong Encryption

Retail” Commodities, Software, or Components (chips, ICs, some toolkits, some SDKs, some software modules)   

Note: no open cryptographic interfaces  

740.17(b)(3)

 

Any key length

5A002

 /

5D002

Retail

ENC

 

 

 

Any end user

Any end use

 

Cuba, Iran, Iraq, Libya, North Korea,  Sudan, and Syria

Yes, if greater than 64-bits unless one of the exemptions applies. 

Encryption toolkits – include non-proprietary technical description of the products for which the toolkit is being used.

Must request De Minimis eligibility.

Strong Encryption

Non-Retail

Commodities, Test and Production Equipment, Software, General Purpose Encryption Toolkits, or Components

Note: no open cryptographic interfaces

740.17(b)(2)

Any key length

5A002

/

5B002

/

5D002

Non-Retail

ENC

Any end user except foreign governments

 

Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria, and foreign governments

Yes, if greater than 64-bits unless one of the exemptions applies. 

Encryption toolkits – include non-proprietary technical description of the products for which the toolkit is being used.

Must request De Minimis eligibility.

2.  US Subs and EU & Partners

Product

Encryption Bit Length

ECCN / Type

License Exception

End Use / Restrictions

License Requirement

Reporting

Strong Encryption

Commodities, Test and Production Equipment, Software (including source code), or Technology

 

Open cryptographic interfaces are permitted in this entry

 

740.17(b)(1)

Any key length

5A002

/

5B002

/

5D002

/

5E002

Internal use

ENC

Exports to U.S. Subsidiaries for Internal use, and

 

Deemed exports to foreign nationals in the U.S. for internal use.

 

All items developed are subject to the EAR.

 

May be exported without review by BIS.

 

Cuba, Iran, Iraq, Libya, North Korea,  Sudan, and Syria, and foreign governments

No reporting for US subs for internal company use or if 64-bits or less

Strong Encryption

Commodities, Test and Production Equipment, Software, Technology, or Technical Assistance

Open cryptographic interfaces are permitted in this entry

740.17(a)

Any key length

5A002

/

5B002

/

5D002

/

5E002

EU and Partners

ENC

Any end user

Any end use

Eligible destinations include the EU member countries and strategic trading partners

All other countries

Yes, if greater than 64-bits unless one of the exemptions applies. 

Encryption toolkits – include non-proprietary technical description of the products for which the toolkit is being used.

3.  64/1024 Retail and Beta Test

Product

Encryption Bit Length

ECCN / Type

License Exception

End Use / Restrictions

License Requirement

Reporting

Weak Encryption

Non Mass-Market

64-bit Encryption with > 512-bit key exchange

Commodities, Software, or Components

Note:  no open cryptographic interfaces

740.17(b)(3)(ii)

£ 64-bits encryption and > 512-bits but £ 1024-bits for key exchange; 160 bits for elliptic curve algorithms

5A002

/

5D002

64-bit Retail

ENC

Any end user

Any end use

No self-classification

Cuba, Iran, Iraq, Libya, North Korea,  Sudan, and Syria

No

Strong Encryption

Beta Test

Software for Beta Testing

Note: no open cryptographic interfaces

740.9(c)(3)

Any key length

5D002

Beta Test SW

ENC

Any end user

Beta Testing

Must intend to market as mass-market software after Beta testing

Submit technical information prior to export

Final product must be reviewed and classified by BIS.

Cuba, Iran, Iraq, Libya, North Korea,  Sudan, and Syria

Yes, report names and addresses.

Exception: individual consumers

4. Mass Market, Weak Encryption Products

Product

Encryption Bit Length

ECCN / Type

License Exception

End Use / Restrictions

License Requirement

Reporting

Mass-Market Weak Encryption  

Commodities, Software, or Components

Note:  no open cryptographic interfaces

742.15(b)(1)

64 bits or less encryption

5A992

/

5D992

Mass-Market

 

Decontrolled

NLR

Any end user

Any end use

Exporters may self-classify upon submission of technical information to BIS.

Cuba, Iran, Iraq, Libya, North Korea,  Sudan, and Syria

No

Weak Encryption

56-bits encryption with 512-bits key exchange

Commodities, Software,  Components, and Technology

742.15(b)(1)

56-bits or less encryption and 512-bits or less for key exchange

5A992

/

5D992

/

5E992

Decontrolled

NLR

Any end user

Any end use

Exporters may self-classify upon submission of technical information to BIS.

Cuba, Iran, Iraq, Libya, North Korea,  Sudan, and Syria

No

Weak Encryption

Commodities / Software – key management products

742.15(b)(1)

No encryption with 512-bit or less key exchange

5A992

/

5D992

Decontrolled

NLR

Any end user

Any end use

Exporters may self-classify upon submission of technical information to BIS.