May I self-classify my encryption item and export it WITHOUT encryption registration?
Flow Chart 2 provides an overview of how to determine whether your product can be self-classified and exported without an encryption registration.
If you have a product that is controlled under Category 5, Part 2, certain products and transactions do not require any encryption registration, classification, or post-export reporting. This includes:
- Products classified under 5x992, including:
- Products with key lengths not exceeding 56 bits symmetric, 512 bits asymmetric and/or 112 bit elliptic curve.
- Mass market products with key lengths not exceeding 64 bits symmetric, or if no symmetric algorithms, not exceeding 768 bits asymmetric and/or 128 bits elliptic curve.
- Certain mass market products listed under 742.15(b)(4)
- Products with limited cryptographic functionality as described in the Note to 5A002.
- Products that use encryption for authentication only.
- Certain 5x002 products/transactions, including:
- Certain products/transactions are eligible for license exception ENC without any registration, classification, or reporting, including:
- Exports and reexports to ‘private sector end-users’ as described in 740.17(a)(1);
- Exports and reexports to a “U.S. Subisidary” as described in 740.17(a)(2).
- Certain products listed under 740.17(b)(4):
- Certain products that require only a notification before export:
- “Publicly available” encryption software and source code under license exception TSU (740.13);
- Beta Test software under license exception TMP (740.9).
In addition, if you are relying on the producer’s self-classification (pursuant to the producer’s encryption registration) or CCATS for an encryption item eligible for export or reexport under License Exception ENC or mass market, you are not required to submit an encryption registration, classification request or self-classification report. You are still required to comply with semi-annual sales reporting requirements under paragraph 740.17(e).
| | | | | | |
