U. S. Bureau of Industry and Security - Encryption - May I self-classify my encryption items WITH an encryption registration?

Home >Policies and Regulations >Encryption > May I self-classify my encryption items WITH an encryption registration?

May I self-classify my encryption items WITH an encryption registration?

License Exception ENC – 740.17(b)(1) and Mass Market provision - 742.15(b)(1) allow self-classification of an item and export after submission of a required encryption registration.

Self-Classify as 5A002, 5B002 or 5D002
Many less sensitive encryption items may be self-classified and exported or reexported as 5A002, 5B002, or 5D002 after submission of an encryption registration (or confirming that the manufacturer has submitted an encryption registration).* These items may be exported under License Exception ENC - 740.17(b)(1). Encryption items that may be self-classified under 740.17(b)(1) as 5A002, 5B002, or 5D002 with an encryption registration should not be items described in 740.17(b)(2) and (b)(3).

Items described in 740.17(b)(2) include:

Network infrastructure items as disclosed in 740.17(b)(2)(i)(B)
Encryption source code that would not be eligible for export or reexport under License Exception TSU because it is not publicly available as that term is used in §740.13(e)(1) of the EAR
Been designed, modified, adapted or customized for “government end-user(s)”
Cryptographic functionality that has been modified or customized to customer specification
Cryptographic functionality or “encryption component” that is user-accessible and can be easily changed by the user
Quantum crypto
Items that have been modified or customized for computers classified under ECCN 4A003
Items that provide penetration capabilities that are capable of attacking, denying, disrupting or otherwise impairing the use of cyber infrastructure or networks;
Public safety / first responder radio (P25 or TETRA)
cryptanalytic items
“Open Cryptographic Interface”
Encryption technology classified under ECCN 5E002

Items described in 740.17 (b)(3) include:

Chips, chipsets, electronic assemblies and field programmable logic devices;
Cryptographic libraries, modules, development kits and toolkits, including for operating systems and cryptographic service providers (CSPs);
Application-specific hardware or software development kits implementing cryptography.
Items that provide or perform “non-standard cryptography”
Items that provide or perform vulnerability analysis, network forensics, or computer forensics

Item that are self-classified with an encryption registration per 740.17(b)(1) ALSO require an annual self-classification report.

Self-Classify as 5A992 or 5D992 for Mass Market items
To be considered Mass Market, the item should first meet the criteria listed in Note 3 to Category 5, Part 2. Many mass market encryption hardware and software may be self classified and exported or reexported as 5A992 or 5D992 after submission of an encryption registration (or confirming that the manufacturer has submitted and encryption registration).* These items may be exported under the Mass Market provision of 742.15(b)(1). Mass Market encryption items that may be self classified per 742.15(b)(1) as 5A992 and 5D992 with an encryption registration should not be items described in 742.15 (b)(3).

Items described in 742.15 (b)(3) include:

Meet Note 3, and are:
Chips, chipsets, electronic assemblies and field programmable logic devices;
Cryptographic libraries, modules, development kits and toolkits, including for operating systems and cryptographic service providers (CSPs);
Application-specific hardware or software development kits implementing cryptography.
Mass market encryption commodities, software and components that provide or perform “non-standard cryptography” as defined in Part 772 of the EAR.

Item that are self-classified with an encryption registration per 742.15(b)(1) ALSO require an annual self-classification.

*Reminder: There are also several items that may be self-classified without an encryption registration.