FAQs

Exports of Shotguns to Canada

I'm a U.S. citizen taking a shotgun and shells into Canada for recreation. Do I need a license?

License Exception BAG authorizes a U.S. citizen or a permanent resident alien leaving the U.S. to export or reexport shotguns with a barrel length 18 inches or over and shotgun shells provided no more than three shotguns are taken on any one trip; the shotguns and shotgun shells must be with the person's baggage (may not be mailed) and they must be for the person's exclusive legitimate use. See section 740.14(e) of the EAR for specific requirements in the use of BAG.

If I’m a non-U.S. citizen returning from the U.S. to Canada with my shotguns and shotgun shells, do I need an export license?

License Exception BAG allows a nonresident alien leaving the U.S. to export or reexport shotguns and shotgun shells he or she has brought into the United States under the provisions of the Department of Justice Regulations. See section 740.14(e) of the EAR for specific requirements in the use of BAG.

Do I need a license if I’m taking a shotgun and shotgun shells I purchased in the United States back to Canada?

Yes, a license is required to export to Canada shotguns and related firearms purchased in the United States.

Can I apply for an export license if I’m not a U.S. citizen?

Yes, however any applicant, whether a U.S. citizen or not, must be in the United States at the time a license application is submitted to BIS.

How do I get the International Import Certificate from Canada to support an export license application of shotguns?

Contact the following:

Export and Import Controls Bureau

Department of Foreign Affairs and International Trade

125 Sussex Drive

Ottawa, Ontario K1A0 G2

ATTN: EICS Help Desk

at 1-877-808-8838

E-Mail: eics.scei@international.gc.ca

http://www.international.gc.ca/controls-controles/about-a_propos/impor/permits-licences.aspx?lang=eng

Are there any other requirements for importing shotguns and related firearms under Commerce jurisdiction from Canada to the United States?

Please consult with the proper authorities when exporting such items from Canada and importing them into the United States to determine requirements. For example, prior to importing firearms into the United States, you should contact the U.S. Department of Justice's Bureau of Alcohol, Tobacco and Firearms regarding import permits at http://www.atf.gov/ . You should also contact Canada's Export and Import Permits Bureau regarding export permits at 613-996-2387 or go to http://www.international.gc.ca.

Embassy FAQs

When exporting or reexporting to a non-U.S. Embassy located outside the United States, which country is used in the determination of the licensing requirements?

Like shipments to U.S. embassies overseas, shipments to non-U.S. Embassies outside the United States are exports or reexports to the host country. For example, an export from the United States to the French Embassy in Germany is an export to Germany. License requirements are those that are applicable to the host country. There may also be relevant license exception availability (see below).

Note, however, that BIS does not treat the shipment of items via official diplomatic pouch to an embassy or consulate in a third country (host country) as a transaction covered by the destination-based licensing requirements set forth in the EAR. So long as the items remain within the ownership and control of the embassy or consulate in the host country, no license is required under the EAR. The items may also be returned to the home country via diplomatic pouch or shipped to other foreign embassies and consulates via diplomatic pouch without authorization from BIS. However, if the embassy or consulate resells or disposes of the items locally in the host country, licensing requirements set forth in the EAR for exports to the host country would be implicated. Similarly, reselling or disposing the items to end users outside of the host country would implicate reexport licensing requirements set forth in the EAR, to the extent the items are not shipped via diplomatic pouch.

 

What licensing requirements and/or license exceptions may apply to commercial shipments of items subject to the Export Administration Regulations (EAR) to U.S. Embassies located outside of the United States?

For purposes of the EAR, a commercial shipment to a U.S. Embassy located outside the United States is an export or reexport to the country in which the U.S. Embassy is located (the host country). For example, a shipment from the United States to the U.S. Embassy in Germany is an export to Germany. BIS may require a license under the EAR for such an export, based on the classification of the items involved and the license requirements applicable to the particular host country.

What if the host country of a non-U.S. embassy is subject to multilateral or unilateral economic sanctions, such as Cuba or Sudan?

Most transactions involving the export or reexport of items subject to the EAR to host countries that are subject to multilateral or unilateral economic sanctions require a license, as described in the specific regulatory provisions relevant to each such destination, generally found in Parts 742 and/or 746 of the EAR. However, if a host country is subject to economic sanctions implemented by the Department of the Treasury’s Office of Foreign Assets Controls (OFAC), regulations maintained by OFAC may also restrict the transaction. Exporters are advised to contact OFAC for further clarification. OFAC may be contacted at 1-800-540-6322.

What if the embassy of a country subject to multilateral or unilateral economic sanctions is located in a country subject to less stringent export controls, for example the Cuban Embassy in France?

For purposes of the EAR, shipments to embassies abroad are considered exports or reexports to the host country, even in the case of an embassy of a country subject to multilateral or unilateral economic sanctions. However, regulations maintained by OFAC may also restrict a transaction of this nature. Exporters are advised to contact OFAC for further clarification. OFAC may be contacted at 1-800-540-6322.

Is License Exception GOV available for exports to non-U.S. Embassies outside the United States?

Yes, exports to non-U.S. embassies outside the United States may be eligible for License Exception GOV as described in Section 740.11 of the EAR.

GOV also authorizes the export of certain items to a “diplomatic or consular mission” of a cooperating government for official use within the territory of a country in Country Group B (Supplement No. 1 to Part 740 of the EAR). Cooperating governments are those listed in Country Group A:1 (Supplement No. 1 to part 740 of the EAR) as well as the governments of Argentina, Austria, Finland, Hong Kong, Ireland, the Republic of Korea, New Zealand, Singapore, Sweden, Switzerland, Singapore, and Taiwan. For example, GOV would authorize certain exports to the French Embassy in India because France is a cooperating government and India is a Country Group B country.

GOV does not authorize, however, the export of items to cooperating government embassies located outside of cooperating government or Country Group B destinations. For example, an export to the French Embassy in Belarus would not be authorized under GOV because while France is a cooperating government, Belarus is not listed in Country Group B. Such exports may, however, be eligible for other License Exceptions, including License Exception CIV (Section 740.5 of the EAR) which authorizes certain exports for civilian use in Country Group D countries.

Items eligible to be exported or reexported pursuant to these provisions of License Exception GOV are described in Supplement No. 1 to Section 740.11 of the EAR.

 

Is a shipment to an Army Post Office (APO) or Fleet Post Office (FPO) considered an export?

Yes. These shipments are exports because they are being shipped to destinations outside the United States. License requirements are those that are applicable to the destination. Certain license exceptions may also be available.

 

 

Does it matter if a shipment to an embassy would require a license if it were instead being shipped to the home country of such embassy?

For purposes of the EAR, shipments to embassies abroad are considered exports or reexports to the host country. License requirements for exports or reexports to the home country of the embassy are not directly applicable. However, exporters are reminded to pay particular attention to the presence of “red flags” as described in Supplement No. 3 to part 732 of the EAR. Information about a proposed transaction may suggest that the embassy is not the true ultimate destination of the shipment. For purposes of the EAR, the export or reexport of items subject to the EAR that will be transshipped in a country or countries to a new country or are intended for reexport to the new country are deemed to be exports to the new country.

What is a "deemed re-export"?

The term “deemed re-export” is often used to indicate the transfer of controlled U.S. technology to a third-country national overseas. As an example, a U.S. exporter transfers its controlled proprietary technology to a firm in country A. The firm in country A, in turn, employs an individual from country B who is not a permanent employee of the firm in country A and who will need the controlled proprietary technology to perform his or her assigned duties. Before transferring this controlled technology to the country B employee, the firm in country A is responsible for obtaining any required deemed re-export licenses as if it were transferring the technology to country B. Please see Section 734.2(b)(4) of the Export Administration Regulations (EAR).

Deemed Export FAQs

How do I enter the foreign national name and address information on the BIS-748P license application?

When submitting a deemed export license application, BIS recommends for every foreign national contained on the license application, the applicant or third party submitter include the US state name abbreviation immediately following the city name in either the ultimate consignee and/or end-user address blocks of the BIS-748P. The state name abbreviation should denote the locale that the foreign national will be visiting and the country name should denote the foreign country domicile where the foreign national claims citizenship. BIS recommends this data entry method because by placing the state code together with the city name results in the proper display of the foreign national address information on the final validated license.

What is the "deemed export" rule?

An export of technology or source code (except encryption source code) is "deemed" to take place when it is released to a foreign national within the United States. See §734.2(b)(2)(ii) of the Export Administration Regulations (EAR). For brevity, these questions and answers refer only to "technology" but apply equally to source code.

What is a "release" of technology?

Technology is "released" for export when it is available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.); when technology is exchanged orally; or when technology is made available by practice or application under the guidance of persons with knowledge of the technology. See §734.2(b)(3) of the Export Administration Regulations (EAR).

What is "technology"?

Per Part 772 of the Export Administration Regulations (EAR), "technology" is specific information necessary for the "development," "production," or "use" of a product. The General Technology Note states that the "export of technology" is controlled according to the provisions of each Category." It further states that "technology required for the development, production, or use of a controlled product remains controlled even when applicable to a product controlled at a lower level." Please note that the terms "required," "development," "production," "use," and "technology" are all defined in Part 772 of the EAR. Controlled technology is that which is listed on the Commerce Control List.

When do I need to apply for an export license for technology under the "deemed export" rule?

Assuming that a license is required because the technology does not qualify for treatment under EAR99 and no license exception is available, U.S. entities must apply for an export license under the "deemed export" rule when both of the following conditions are met: (1) they intend to transfer controlled technologies to foreign nationals in the United States; and (2) transfer of the same technology to the foreign national's home country would require an export license.

How do I know if a foreign national would be subject to the "deemed export" rule?

Any foreign national is subject to the "deemed export" rule except a foreign national who (1) is granted permanent residence, as demonstrated by the issuance of a permanent resident visa (i.e., "Green Card"); or (2) is granted U.S. citizenship; or (3) is granted status as a "protected person" under 8 U.S.C. 1324b(a)(3). This includes all persons in the U.S. as tourists, students, businesspeople, scholars, researchers, technical experts, sailors, airline personnel, salespeople, military personnel, diplomats, etc. As noted, one exception to this general statement is a "protected person." "Protected persons" include political refugees and political asylum holders. Be aware that individuals seeking "protected person" status must satisfy all of the terms and conditions that are fully set forth in 8 U.S.C. 1324b(a)(3). It should be emphasized that although the deemed export rule may be triggered, this does not necessarily mean that a license is required. For example, the technology may be EAR99 or license exception eligible.

How are individuals handled who are permanent residents or citizens of countries other than those of their nationality?

As noted above in Question 5, if the individual is a naturalized citizen or permanent resident of the United States, the "deemed export" rule does not apply. In other words, he or she is not subject to the provisions of the "deemed export" regulation. For individuals who are citizens of more than one foreign country, or have citizenship in one foreign country and permanent residence in another, as a general policy, the last permanent resident status or citizenship obtained governs. Questions 7 through 11 provide examples of situations involving individuals who are citizens of more than one foreign country, or have citizenship in one foreign country and permanent residence in another. If, for some reason, the status of a foreign national is not certain, then you should ask the Bureau of Industry and Security (BIS), to determine where the stronger ties lie, based on the facts of the specific case. For instance, the status of a foreign national could be uncertain in situations where information may indicate involvement with prohibited entities or activities, for example, missile or nuclear-related end-uses or end-users as identified in Part 744 of the EAR. In response to a request for the status of a foreign national, BIS will look at the foreign national's family, professional, financial, and employment ties.

What if the individual is a foreign national of one country, say India, but has obtained permanent residency in another, say the U.K.?

Release of controlled technology to that individual in the U.K. would be treated as if the shipment were being made to the U.K. and licensing requirements, if any, would be the same as for a British national in the U.K.

If this same Indian foreign national traveled to visit facilities in a third country, say Germany, do the licensing requirements change, or is the release still treated as a transfer to the U.K. for licensing purposes?

The Indian national's U.K. permanent residency status still drives the licensing requirements and releases of technology to him or her would be considered as transfers to the U.K.

What if that same Indian foreign national comes to the United States?

As long as the Indian foreign national maintains his or her permanent residency status in the U.K., transfers of technology to that individual would be deemed as transfers to the U.K.

Now, what about changes in nationality? If a person was a citizen of India but subsequently became a citizen of the U.K., how is that person treated for export control purposes?

If the former Indian national becomes a British citizen, transfers of technology would be viewed as transfers to the U.K.

What if the Indian foreign national becomes a citizen of the U.K. but retains his or her Indian citizenship, as well? This is the situation of people who have dual-citizenship.

As a general principle, the last citizenship obtained governs. As is clear in response to Question 10 above, the individual's most recent citizenship is with the U.K. and releases of technology would be viewed as releases to the U.K.

I have read elsewhere on your web page the requirements for information that the Bureau of Industry and Security (BIS) wants in order to process a "deemed export" license application. I see that you require a lot of personal data, including citizenship an

The information we normally request derives from a curriculum vitae/resume or from company background checks. The information that BIS may request as part of the license application process is requested in order to determine whether BIS should authorize the release of such controlled sensitive technology. The hiring of foreign nationals is not prohibited or regulated by the Export Administration Regulations (EAR). The EAR does not regulate employment matters. The justification for the "deemed export" rule is that there is no more effective way of disclosing sensitive technical information (e.g., design know-how) than to work side-by-side in a laboratory or on the production floor of a company. Our web page guidance is designed to assist you in pointing out the types of relevant information that BIS examines in connection with the license application review.

What technologies are subject to the Commerce Department controls?

Generally, technologies subject to the Export Administration Regulations (EAR) are those which are in the United States or of U.S. origin, in whole or in part. Most are proprietary. Technologies which tend to require licensing for transfer to foreign nationals are also dual-use (i.e., have both civil and military applications) and are subject to one or more control regimes, such as National Security, Nuclear Proliferation, Missile Technology, or Chemical and Biological Warfare.

Foreign technology with U.S.-origin technology commingled to a degree above a de minimis level is considered to be subject to the EAR. Technologies which may require an export license are those which are subject to the EAR and which are listed in the Commerce Control List, see Parts 734, 738, and 774 of the EAR.

Some technologies are under the exclusive jurisdiction of another agency of the U.S. government and are not subject to the EAR. These include defense services which are under the jurisdiction of the State Department and technology related to the production of special nuclear materials which is under the jurisdiction of the Energy Department.

Still other technologies do not require any authorization because they are already "publicly available." These include patent applications; publicly available technology and software (other than software and technology controlled as encryption items) that are already published or will be published; technology which arises during or as a result of fundamental research; or technology which is educational. See Part 734 of the EAR for details.

Is software considered "technology" and is it similarly controlled?

The Export Administration Regulations (EAR) definitions distinguish between software and technology. Software is one of the groups within each of the categories of items listed on the Commerce Control List (CCL). Software which is delineated on the CCL is controlled.

What technologies are considered "fundamental research"?

"Fundamental research" is basic and applied research in science and engineering where the resulting information is ordinarily published and shared broadly within the scientific community. It is distinguished from proprietary research and from industrial development, design, production, and product utilizations, the results of which ordinarily are restricted for proprietary and/or specific national security reasons. Normally, the results of "fundamental research" are published in scientific literature, thus making it publicly available. Research which is intended for publication, whether it is ever accepted by scientific journals or not, is considered to be "fundamental research." A large segment of academic research is considered "fundamental research." Because any information, technological or otherwise, that is publicly available is not subject to the Export Administration Regulations (EAR) (except for encryption object code and source code in electronic form or media) and thus does not require a license, "fundamental research" is not subject to the EAR and does not require a license. Please see §734.8 for a full discussion.

Are exports and "deemed exports" of encryption items handled the same way as other technology items?

Exports of encryption technology and software source code are subject to the same regulatory requirements as other exports of technology and software source code.  However, many “deemed exports” of encryption technology and software source code are authorized under License Exception ENC (EAR Part 740.17).

License Exception ENC authorizes foreign employees (other than from Country Group E:1) of U.S. companies coming to the United States to work. However, ENC would not cover employees of a Romanian firm, for example, working at a U.S. company.  These foreign nationals are not "employees" of the U.S. company. As far as encryption source and object code are concerned, while in the United States, foreign nationals may use any type of encryption source code and object code. The only deemed export authorization required for encryption relates to encryption technology and when a U.S. person intends to provide technical assistance to foreign nationals using source code. (Please note that Export Administration Regulations (EAR) licensing requirements may apply for transfers of encryption software in the United States to an embassy or affiliate of a foreign country.) See our related encryption FAQ, question #17 for more guidance.

We have several foreign national employees in our firm, which has several divisions and an administrative area. Two of the divisions, the Research and Development (R&D) division and the Advanced Manufacturing/Processing (ADMP) division, work with technica

Probably not. Your firm would likely need a license for those foreign national engineers and technical people who work in the R&D and ADMP divisions with the controlled technologies. Your firm would probably not need licenses for those individuals who do not normally come into contact with the controlled technologies, such as those in the administrative area. However, you should review the job descriptions of all your foreign national employees. For example, technical managers and technical training personnel who are NOT at the sensitive divisions may need access to the controlled technologies in order to do their jobs, and so you may need to have deemed export licenses for technology transfer to them.

My company wants to employ an Indian foreign national who spent three years working for an Indian organization that is on the Entity List. May I do so? Do I require a license?

If he or she is properly documented for work in the United States, you may employ him or her. You must apply for an export license if you intend to release technology listed on the Commerce Control List which would require a license for export to India.

An Indian foreign national who is on sabbatical from an Indian organization that is on the Entity List wants to work with our firm in our executive training program where we will discuss proprietary technology which is not controlled to India. We have had

Yes, you are required to apply for a deemed export license. Under the sanctions imposed by the U.S. Government, any export which includes transfers of technology to foreign nationals requires a license to organizations on the Entity List. Because the Indian foreign national is still employed by the organization that is on the Entity List, a technology transfer to him or her is considered a technology transfer to the employer organization. Note that the sanctions apply to any technology subject to the Export Administration Regulations (EAR).

Intrusion and Surveillance Items

Does the rule BIS is proposing control “intrusion software”, malware, exploits, etc.?

No, the proposed rule would not control any "intrusion software," which may also be referred to as malware or exploits. The Category 4 control entries would control the command and delivery platforms for generating, operating, delivering, and communicating with "intrusion software". It would also control the technology for developing "intrusion software," but it does not control the "intrusion software" itself.

Thus, transferring or exporting exploit samples, exploit proof of concepts, or other forms of malware would not be included in the new control list entries and would not require a license under the proposed rule.

Doesn’t the rule potentially criminalize hacking?

No. The rule would control the export of hardware and software delivery tools, as well as the export of technical data for developing exploits ("intrusion software"). The rule as proposed would not control the export of exploits to a target system since "intrusion software" would not be controlled. Also, the Export Administration Regulations (EAR) do not control services, only the export of commodities, software and technology. Thus, "hacking", as that term is generally understood, does not fall under the jurisdiction of the EAR, except to the extent there is an associated export of hardware, software, or technical data.

Does the rule inadvertently capture defensive products as well as offensive products?

The proposed rule would control the command and delivery platforms "specially designed" or modified for generating, operating, delivering, or communicating with "intrusion software" as defined in the EAR. As noted in the preamble to the proposed rule, some penetration testing products marketed as defensive products meet the technical description of such command and delivery platforms in the new control list entries. BIS is not aware of other defensive products that would be caught by the proposed rule, but would welcome comments on this. If penetration testing products are determined to be described in the Category 4 control list entries, they will be deleted from the list of products eligible for export under License Exception ENC (section 740.17(b)(2)(i)(F)).

Will the rule control vulnerability research as well as research on exploits?

The rule would control the export of technology for the "development" of "intrusion software", as well as the technology for the "development" or "production" of the command and delivery platforms themselves. A license would not be required simply to conduct research or analyze code, unless there was an associated transfer or deemed export of controlled technology, executable software, or source code.

As a clarification, the proposed rule would control the following, among other things:

    1. Information "required for" developing, testing, refining, and evaluating "intrusion software", in order, for example, technical data to create a controllable exploit that can reliably and predictably defeat protective countermeasures and extract information.
    2. Information on how to prepare the exploit for delivery or integrate it into a command and delivery platform.
    3. The development or production of the command and delivery platform itself.

The proposed rule would not control the following:

    1. Information on how to search for, discover or identify a vulnerability in a system, including vulnerability scanning;
    2. Information about the vulnerability, including causes of the vulnerability; and
    3. Information on testing the vulnerability, including ‘fuzzing’ or otherwise trying different inputs to determine what happens; and
    4. Information on analyzing the execution or functionality of programs and processes running on a computer, including decompiling or disassembling code and dumping memory.

In addition, there are two further limitations to controls on technology:

First, not all malware and exploits meet the definition of "intrusion software". The definition specifies only intrusion software that is capable of extracting or modifying data or modifying the standard execution path of software in order to allow the execution of externally provided instructions. Thus, technology for the development of malware that is designed to do other things, such as damage or destroy systems or infrastructure, would not be controlled under the proposed rule.

Second, the only technology controlled is the technology that is "required for" and peculiarly responsible for achieving or exceeding the control level. See BIS’s 3/25/14 advisory opinion at http://www.bis.doc.gov/index.php/policy-guidance/advisory-opinions.

Third, export controls do not apply to any technology or software that is "published" or otherwise made publicly available.

Thus, only that part of the technology that is peculiarly responsible for meeting the definition of "intrusion software" , and is not publicly available, would be controlled.

As part of the request for comments, BIS is seeking comments from the public on further clarifications that may be needed on this subject.

Doesn’t the rule expose researchers to criminal prosecution if they carry information on exploits to a public conference, unless they publish it before the conference?

Under Section 734.7 of the EAR, information that is published, or released at an open conference, is not subject to the EAR. That section also specifies that it would not be an export to transfer the technical data to conference organizers with the intent that it will be published at the conference.

BIS welcomes comments on whether further clarification is needed on when information potentially subject to these rules would be considered "publicly available" and not subject to the EAR.

Doesn’t the rule make it easier for researchers to provide exploitable bugs to their government then to publish an exploit in order to fix and alert the world of the problem?

Under Section 734.7, there are no restraints on publishing information otherwise subject to control, and no prior authorization from BIS is required. Once the information is published it is not subject to the EAR. Thus any information that is published is completely outside the scope of the EAR and the provisions of the proposed rule.

Will companies be required to share their zero-day exploits with the government in order to get a license?

The rule states that when an export license application is filed, BIS can request a copy of the part of the software or source code that implements the controlled cybersecurity functionality. Exploits that meet the definition of "intrusion software" are not controlled. Therefore, BIS would not request a company to share a zero-day exploit. Please see FAQ #15.

Does the rule capture auto-updaters and anti-virus software?

No. Software that permits automatic updates and anti-virus tools are not described in proposed ECCN 4D004. ECCN 4D004 software must be specially designed or modified for the generation, operation or delivery of, of communication with, "intrusion software," which is separately defined. Anti-virus software is a ‘monitoring tool’ that is explicitly excluded from the definition of "intrusion software. Further, software that automatically updates itself may need to interact with installed ‘monitoring tools" and protective countermeasures in order to properly execute, but they are not defeating (or otherwise subverting) the system or generating, operating, delivering, or communicating with "intrusion software".

Would ECCN 4E001.c be covered by the General Technology Note?

Yes. Per the advisory opinion issued by BIS on 3/25/14, the GTN applies to all ECCNs controlling ''technology," regardless of whether the ECCN specifically refers to the GTN or uses the term "required."

If an IT security researcher had done an analysis on a software application to find a vulnerability in the code, had written up code to then take advantage of the vulnerability and then sent that code to an anti-virus company.....

If an IT security researcher had done an analysis on a software application to find a vulnerability in the code, had written up code to then take advantage of the vulnerability and then sent that code to an anti-virus company or the software manufacturer, would that code require an export license? 

 

No, what is described is the creation of an "exploit." Exploits are not described in the text of the proposed control list entries. The code that takes advantage of the vulnerability would not require a license. As stated above, "intrusion software" itself would not be controlled by the proposed rule.

For any associated technology for the "development" of "intrusion software", under section 734.7 of the EAR, any technical data sent to an anti-virus company or software manufacturer with the understanding that the information will be made publicly available, would not be subject to the EAR. However, "technology" that is not intended to be published would be subject to the control – see question #4.

 

The first FAQ basically equates “intrusion software” with malware and exploits. Is this the intent?

The definition of "intrusion software" is meant to include a subset of all the malware (exploits, viruses, etc.) that are out there. The definition describes only "intrusion software" that is specially designed to extract or modify data or modify the standard execution path of software in order to allow the execution of externally provided instructions. Other types of malware, including software that only leaves evidence of a successful security breach without further compromising or controlled the system, or is designed to destroy data or systems would not be included in the definition of "intrusion software."

There is a reference to penetration testing products in another FAQ. Is that to say that all penetration testing products would fit the definition of “intrusion software”?

Some penetration testing products meet the description of systems, equipment or software "specially designed" or modified for the generation, operation or delivery of, or communication with, "intrusion software" set forth in proposed ECCNs 4A005 and 4D004. The tools that meet the entry are ones that are "specially designed" or modified to launch exploits or other malware that meet the definition of "intrusion software" – including extracting or modifying data on the system.

However, there are some tools that are used in penetration testing that are not caught by the entries because they do not do the things described in the definition. For example, tools such as port scanners, packet sniffers and protocol analyzers would not be controlled. A penetration testing tool not designed to avoid detection by ‘monitoring tools’ would not be controlled. Also, a vulnerability scanner, which just finds vulnerabilities in a system without actually exploiting them and extracting data, would not be captured by the proposed rule.

There are defensive products on the market that would probe a network for vulnerabilities (while avoiding the monitoring tools) and would then extract some sample data from the target system to prove that the vulnerability is real. However......

There are defensive products on the market that would probe a network for vulnerabilities (while avoiding the monitoring tools) and would then extract some sample data from the target system to prove that the vulnerability is real. However, that data extraction is benign and merely done as a proof of the vulnerability. The entire process - from the product's capabilities on what it extracts to the act of using it - is done as a defensive act. Would this be considered meet the definition of "intrusion software?"

 

Such products would meet the technical description of systems, equipment or software "specially designed" or modified for the generation, operation or delivery of, or communication with, "intrusion software" set forth in proposed ECCNs 4A005 and 4D004. It is BIS’s understanding that there is no technical basis to distinguish defensive products from offensive products (i.e., a defensive product may be used offensively).

Is there a definition of “carrier class IP network” (for ECCN 5A001.j)?

The term "carrier class IP network" is meant to specify systems that sit at a national level (or large regional) IP backbone and handle data from an entire city or country. In terms of IP network surveillance systems, this is meant to exclude systems that can only handle smaller data streams or networks, such as those for a campus or a neighborhood. This control does not capture systems that can only analyze data from one person or a small group of people at a time. The term "carrier class IP network" was not defined because it was difficult to put precise technical parameters around this concept.

The answer to FAQ #1 says "exploit samples, exploit proof of concepts, or other forms of malware would not be included" yet the answer to FAQ #7 appears to keep the door open for "zero-day exploits". Can you please clarify......

The answer to FAQ #1 says "exploit samples, exploit proof of concepts, or other forms of malware would not be included" yet the answer to FAQ #7 appears to keep the door open for "zero-day exploits". Can you please clarify your definition of "zero-day exploit" and provide discriminating characteristics to differentiate it from the "exploit samples, exploit proof of concepts" that are explicitly excluded by question 1?

This is a two-part answer. First, the answer to FAQ #1 states that the proposed rule does not control the export of exploits and other forms of malware. Zero-day exploits are included in this answer. The export of zero-day exploits, however the term "zero-day" is defined, is not subject to any requirements under the proposed rule.

Second, FAQ #7 asks whether companies will be required to share their zero-day exploits with the government in order to get a license. The answer to FAQ #7 states that when an export license application is filed, BIS can request a copy of the part of the software or source code that implements the controlled functionality. To expand this answer, the export license requirement applies to the system, equipment, component or software that would generate, operate, deliver or communicate with an exploit. The only regulatory distinction involving zero- day exploits in the proposed rule regards the possibility that a delivery tool could either have (e.g., incorporate) or support (e.g., be ‘specially designed" or modified to operate, deliver or communicate with) zero-day exploits. If the system, equipment component or software at issue has or supports zero-day or rootkit capabilities, then BIS could request the part of the software or source code that implements that capability. BIS does not anticipate receiving many, or any, export license applications for products having or supporting zero-day capabilities.

 

The answer to FAQ #1 says "exploit samples, exploit proof of concepts, or other forms of malware would not be included" yet the answer to FAQ #7 appears to keep the door open for "zero-day exploits". Can you please clarify your definition of "zero-day exploit" and provide discriminating characteristics to differentiate it from the "exploit samples, exploit proof of concepts" that are explicitly excluded by question 1?

Is the United States legally bound to implement the December 2013 Wassenaar Arrangement changes to its control list, or does BIS have discretion?

The United States, as a Participating State in the Wassenaar Arrangement, has agreed to maintain national export controls on items included in the Wassenaar Arrangement’s control lists, implemented via national legislation and/or regulation. The U.S. implementation process includes determining reason(s) for control, which carry with them license requirements by destination, licensing policy, and license exceptions.

How would the proposed rule affect software used by multinational companies that monitor their overseas networks?

Under the proposed rule, all exports of specified systems, equipment, components or software that would generate, operate, deliver or communicate with "intrusion software" would require an export license. There is no license exception for intra-company transfers or internal use by a company headquartered in the United States under the proposed rule.

Security professionals use exploit toolkits (e.g. Neosploit, Blackhole, Phoenix, Crimepack &c.) to test patches and harden systems employing the same tools as a potential criminal adversary. Distribution and licensing of such toolkits......

Security professionals use exploit toolkits (e.g. Neosploit, Blackhole, Phoenix, Crimepack &c.) to test patches and harden systems employing the same tools as a potential criminal adversary. Distribution and licensing of such toolkits is tightly controlled in order to preserve their offensive edge. When security professionals succeed in accessing or acquiring these toolkits, they often share with one another across corporate and international boundaries; would such sharing of exploit toolkits be subject to control? 

 

Exploit toolkits would be described in proposed ECCN 4D004 if they are "specially designed" or modified for the generation of "intrusion software." There are no end user or end use license exceptions in the proposed rule.

Security research is intellectually demanding, skilled work. Corporate entities recognize this both by compensating their contracted security professionals accordingly, and by compensating independent researchers who find and report vulnerabilities......

 Security research is intellectually demanding, skilled work. Corporate entities recognize this both by compensating their contracted security professionals accordingly, and by compensating independent researchers who find and report vulnerabilities in their digital infrastructure. These 'bug bounties' are not generally awarded in the absence of a fully-elaborated proof of concept, which is functionally identical to an ‘exploit’; the vulnerability must be shown to be exploitable and its severity level should be made known to the vendor. What, if any, implications does the proposed rule hold for: i. ‘Silent’ disclosures, in which the researcher may be compensated, but neither the vendor nor the researcher publicly disclose (‘publish’) the vulnerability? (Most often a vendor choice.); ii. Disclosures in which a vulnerability is made public, but its proof of concept is not; iii. Disclosure of any stripe made through an intermediary (i.e. to HackerOne or via a legal representative)? 

 

First, the proposed rule would only apply to exports and reexports of software described in the new control list entries. Domestic commerce in exploits is not subject to the requirements of the Export Administration Regulations.

Second, in none of the scenarios above would the exploit or proof of concept be considered to be software described in the new control list entries. See questions 4 and 10.

Finally, if an export is at issue, it is possible that certain technology associated with the exploit would be "technology required for the development or production of intrusion software" under proposed ECCN 4E001.c. As stated in the answer to FAQ #10, any technical data that is transferred with the intent that it be published would not be controlled. However, as the question recognizes, not all technical data is intended to be made public, and some of it may be controlled.

 

When vulnerabilities are found and proofs of concept developed from flaws in proprietary systems, does this have bearing on the classification of security research as ‘fundamental’? What about when access to that proprietary system......

When vulnerabilities are found and proofs of concept developed from flaws in proprietary systems, does this have bearing on the classification of security research as ‘fundamental’? What about when access to that proprietary system is neither specifically authorized, nor unauthorized by the vendor?

 

No, whether the system is proprietary or open source, and whether the access to the system is authorized by the vendor, does not affect whether the security research is "fundamental research." If the research is ordinarily published and shared broadly within the scientific community, it is "fundamental research." If the results of the research ordinarily are restricted for proprietary reasons, it is not. The answer to question 19 above describes a situation when such research would not be "fundamental research."

Could BIS explain the regulatory difference between an open-source security tools (e.g. Metasploit, Kali Linux), and a proprietary surveillance platform (e.g. FinFisher) which may come packaged with open-source tools?

Open source security tools such as those referenced that can be downloaded by anyone are not subject to the Export Administration Regulations . Proprietary tools that package and control such open source tools are subject to the regulations and may be described in the new control list entries.

BIS has adopted the definition of ‘intrusion software’ from the Wassenaar Arrangement language, but has elsewhere indicated a policy of ‘presumptive denial’ for cybersecurity items ‘that incorporate or otherwise support rootkit or......

BIS has adopted the definition of ‘intrusion software’ from the Wassenaar Arrangement language, but has elsewhere indicated a policy of ‘presumptive denial’ for cybersecurity items ‘that incorporate or otherwise support rootkit or zero-day exploit functionality’. Could BIS explain what threshold of severity is meant to be indicated by ‘rootkit or zero-day exploit functionality’, and could BIS make clear their understanding of those terms? 

 

Rootkit and zero-day exploit functionality are features more likely to be found in offensive systems or products. A zero-day exploit is not itself controlled. However, when a rootkit or a zero-day exploit is incorporated into a product or system that is described in the new Category 4 control list entries, or if an exploit delivery tool is specially programmed to deliver or command this specialized malware, that product or system is presumed to be offensive by design.

In FAQ #9, BIS stated that the Wassenaar General Technology Note was incorporated into the BIS proposal. Does the Wassenaar General Software Note also apply?

The "public domain" provisions (paragraph 2) of the Wassenaar General Software Note (GSN) apply, but the "mass market’ provisions (paragraph 1), do not.

Paragraph 1 of the General Software Note is implemented in the Export Administration Regulations in License Exception TSU (section 740.13(d)). The proposed rule excludes software described in the new control list entries from eligibility under this provision. This exclusion was added to the proposed rule because a similar exclusion applies to encryption software classified under ECCN 5D002, and software described in the new control list entries may incorporate encryption functionality. Software classified under ECCN 5D002 is separately eligible for decontrol to ECCN 5D992 pursuant to the provisions of section 742.15(b) for mass market encryption items. The proposed rule does not provide for any license exception eligibility for products under the new control list entries, except under License Exception GOV.

Would prior BIS authorization be required for a researcher to privately disclose an exploit to a vendor outside the US with the understanding that the information would NOT be published?

No. The exploit itself is not described in the new control list entries. Please see the answer to question #1. For this question, a vulnerability is a weakness in a vendor’s software or hardware. Exploit code could be written to take advantage of the vulnerability or to prove that the vulnerability can be exploited. The exploit code itself may be considered "intrusion software." Neither the disclosure of the vulnerability nor the disclosure of the exploit code would be controlled under the proposed rule. However, information for the development of "intrusion software" that may accompany the disclosure of the exploit may be described in proposed new ECCN 4E001.c.

In FAQ #10, BIS states that the new implementation would not control “code that takes advantage of [a] vulnerability.” However, FAQ 4 states that “information on how to prepare the exploit for delivery” is controlled. We’re confused as to how a researcher

In FAQ #10, BIS states that the new implementation would not control “code that takes advantage of [a] vulnerability.” However, FAQ 4 states that “information on how to prepare the exploit for delivery” is controlled. We’re confused as to how a researcher could submit to a vendor a functional proof of concept and accompanying explanatory material that according to FAQ 10 would not be controlled without violating the restriction from FAQ 4. This assumes that the disclosure to the vendor is not intended for publication.

 

The functional proof of concept may be "intrusion software." The intrusion software itself is not described in the new control list entries (per FAQ #10). However, if technology "required for the development of intrusion software" (as described in the proposed control list entry ECCN 4E001.c.) exported with the functional proof of concept/"intrusion software" would be described in new control list entry ECCN 4E001.c and would, under the proposed rule, require a license to all destinations except Canada. This is what is addressed in the answer to Question #4.

Mobile phone jailbreaking tools include platforms for delivering intrusion software to the phone. These generally include fully operational exploits including the delivery code. Are such tools subject to control?

This response divides the question into two parts:

i) Does this regulation make it illegal to jailbreak a phone?

No. The Commerce regulation controls exports of certain software, and downloading jailbreaking software to a computer within the United States and using it to jailbreak a phone does not involve an export of software. The proposed rule does not limit the ability of owners to modify their devices.

ii) What if the jailbreak software includes a platform for delivering intrusion software to the phone--is the jailbreak software subject to control?

If particular jailbreak software did meet all the requirements for classification under ECCN 4D004 (such as a commercially sold delivery tool "specially designed" to deliver jailbreaking exploits) then it would be subject to control and a license would be required to export it from the United States. Note that if such software were "publicly available," it would not be subject to the Export Administration Regulations.

In FAQ 7, BIS states companies are already required to share source code for exploits that include encryption or cryptanalysis. What about software tools that implement exploits that aren't already subject to encryption controls?

The provision referred to is specific to requests to make encryption source code eligible for export under License Exception ENC. Supplement No. 6 to part 742, a questionnaire required to be submitted with requests for License Exception ENC authorization, provides that a copy of the sections of the source code that contain the encryption algorithm, key management routines and their related calls is to be included upon request. (Supp. No 6, paragraph (d)(3)). The proposed rule includes a similar provision for license applications for products that are described in the new control list entries in Supplement No. 2 to part 748, paragraph (z)(2): "Upon request, include a copy of the sections of source code and other software (e.g., libraries and header files) that implement or invoke the controlled cybersecurity functionality."

Does "publicly available" as understood by BIS include a posting on the Internet?

Yes, technology or software that is generally accessible to the interested public in any form, including by Internet post, is "publicly available."

Most intrusion software is designed, written, and generated in general purpose programming environments (such as IDEs [integrated design environments]). We presume that BIS has no desire to control those types of tools. However, under......

Most intrusion software is designed, written, and generated in general purpose programming environments (such as IDEs [integrated design environments]). We presume that BIS has no desire to control those types of tools. However, under the proposed rules, such environments are at least potentially within the controls. What does BIS mean when it says that "the development or production of the command and delivery platform itself" (FAQ 1) is controlled? 

 

General purpose tools, such as IDEs, are not described under proposed ECCN 4D004 because they are not "specially designed" for the generation of "intrusion software." Some penetration testing tools (FAQ #12) and exploit toolkits (FAQ #18) are described in proposed ECCN 4D004, as they are command and delivery platforms for "intrusion software."

What does BIS mean by "modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions"?

This language is part of the definition of "intrusion software" and refers to a variety of techniques to hijack, or otherwise corrupt, a legitimate (or otherwise trusted) application or process running on the computer, mobile phone or other device. This can be done to create persistence or for other purposes. Through these modifications, a remote operator (or remote command and control software) can execute commands or perform other tasks that further compromise or exploit the hacked (penetrated) device.

When the 2013 Wassenaar update added controls 4.A.5, 4.D.4, 4.E.1.c, and 5.A.1.j, it subjected all these categories to the exemptions available under the "General Software Note", ensuring that software and systems "generally available to the public"......

When the 2013 Wassenaar update added controls 4.A.5, 4.D.4, 4.E.1.c, and 5.A.1.j, it subjected all these categories to the exemptions available under the "General Software Note", ensuring that software and systems "generally available to the public" were not included in the new controlled classes. Yet the proposed BIS implementation of these controls excludes "cybersecurity software" from the BIS "General Software Note" (740.13.d) by adding paragraph 740.13.d.2.ii. Why has BIS chosen to depart from the 2013 Wassenaar language and exclude software covered by the new controls from the "General Software Note"? 

 

Please refer to the answer to FAQ #23. The exclusion of software described in the new control list entries from License Exception TSU (the implementation of paragraph 1 of the General Software Note in the Export Administration Regulations) was added for consistency with the treatment of encryption software classified under ECCN 5D002, as it is anticipated that many items that will be classified under the new control list entries have encryption functionality and are currently classified under ECCN 5D002. However, under the proposed rule, items classified under the new control list entries will not be eligible for decontrol in the same way that ECCN 5D002 products are if they are mass marketed (pursuant to Note 3 to Category 5 part 2 of the Commerce Control List and section 742.15(b) of the Export Administration Regulations).

Will technology and source code classified under the new control list entries be subject to deemed export requirements?

Yes, the proposed rule does not provide for any exceptions to deemed export license requirements for release of technology and source code that will be classified under ECCNs 4D004, 4E001.a or .c, 5D001 or 5E001.

Russia Sanctions

What activities do the Treasury and Commerce sanctions cover?

The Treasury sanctions cover a range of financing in the financial, defense and energy sectors as well as services in the energy sector. The Commerce sanctions cover certain exports, reexports and in-country transfers in the energy and defense sectors as well as such transactions with specified foreign persons.

What license requirements do the industry sector sanctions implemented in §746.5 of the Export Administration Regulations (EAR) in the Commerce August 6, 2014 rule, “Russian Oil Industry Sanctions and Addition of Person to the Entity List”.....

What license requirements do the industry sector sanctions implemented in §746.5 of the Export Administration Regulations (EAR) in the Commerce August 6, 2014 rule, “Russian Oil Industry Sanctions and Addition of Person to the Entity List” (79 FR 45675), impose?

 

The August 6 rule added new §746.5 of the EAR, imposing licensing requirements on eight export control classification numbers (ECCN) (two of which were newly added in the August 6 rule) and fifty three Schedule B numbers if a person knows (or is informed by BIS) that the item will be used directly or indirectly in exploration for, or production of, oil or gas in:

a. Russian deepwater (greater than 500 feet);

b. Arctic offshore locations;

c. Shale formations in Russia; or

d. Is unable to determine whether the item will be used in the aforementioned projects.

A licensing policy of presumption of denial applies for exports, reexports, or transfer (in-country) for the aforementioned projects that have the potential to produce oil. A licensing policy of case-by-case review applies for such projects that have the potential to produce gas.

 

What additional requirements in the energy sector did the September 17, 2014 Commerce rule impose?

The September 17 Commerce rule placed five (5) Russian energy companies (Gazprom, Gazpromneft, Lukoil, Rosneft, and Surgutneftegas) on the Entity List (EL). The rule imposed a license requirement for the export, reexport and in-country transfer of all items subject to the EAR when used in projects specified in §746.5 of the EAR.

Do my items, which are not going to be used in an oil or gas project, require a license under the new sanctions implemented in the August 6 rule, 79 FR 45675, “Russian Oil Industry Sanctions and Addition of Person to the Entity List”?

If the item is not listed in EAR §746.5 by ECCN or in new Supplement No. 2 to Part 746 –"Russian Industry Sector Sanctions List" - by Schedule B number, then the sanctions published on August 6 do not impose any additional license requirements or exclusions on the use of EAR license exceptions. However, in making any license determination, the full scope of EAR license requirements needs to be taken into account before making a No License Required (NLR) determination, including just recently implemented license requirements in part 744 of the EAR. See also Q29 and Q30 below, which are specific to the military end-use and military end user restrictions imposed on Russia in BIS’s September 17, 2014 final rule (79 FR 55608).

How did the August 6 rule affect other items on the Commerce Control List (CCL), (i.e., ECCNs not specifically mentioned in §746.5 of the EAR) that are used for oil and gas exploration applications in Russia?

BIS will apply the licensing policy set forth in §746.5, "Russian Industry Sector Sanctions," to the review of all license applications for controlled items going to Russia. If the commodity, software, or technology on the license application requires a license to Russia, and if the item will be used in an activity described in §746.5(b), the license will be reviewed consistent with licensing policy in §746.5. The licensing policy in §746.5 will also be applied to license applications for items requiring a license for export, reexport or transfer to Russia that are other than those controlled under the eight ECCNs or listed in the fifty three Schedule B numbers and that are destined for any of the four prohibited end-use categories listed above.

What if the Schedule B number of the item I want to ship to Russia is similar to one included in Supplement No. 2 to part 746 of the EAR?

Items with similar Schedule B numbers are not subject to license requirements in §746.5.However, see A3 for additional license requirements for all items subject to the EAR for the deepwater, Arctic offshore and shale projects by the five (5) Russian energy companies listed on the EL.

If a part, component, accessory, or attachment for a commodity identified in one of the Schedule B numbers included in Supplement No. 2 to part 746 of the EAR is to be exported, reexported or transferred (in-country) as a stand-alone commodity, is......

If a part, component, accessory, or attachment for a commodity identified in one of the Schedule B numbers included in Supplement No. 2 to part 746 of the EAR is to be exported, reexported or transferred (in-country) as a stand-alone commodity, is it also considered to be identified in the supplement?

 

Yes. The Schedule B numbers identified in Supplement No. 2 to part 746 extend to parts, components, accessories and attachments for use in or with the commodities identified in the Schedule B numbers.

Are valves that are not included in Schedule B subheading 8413 captured by the sector sanctions?

Valves covered by the Schedule B numbers identified in Supplement No. 2 to Part 746 of the EAR are captured by the sector sanctions in §746.5. Any of these valves that will be used directly or indirectly in exploration for, or production of, oil or gas in Russian deepwater (greater than 500 feet) or Arctic offshore locations or shale formations in Russia or that will be used in an unknown end use. Keep in mind that any valve that is listed under a Schedule B number in Supplement No. 2 to part 746 and any valve classified under an ECCN that requires a license to Russia is also subject to the license review policy in §746.5.See also A3 for additional license requirements for all items subject to the EAR for the deepwater, Arctic offshore and shale projects by the five (5) Russian energy companies listed on the EL.

What areas are considered Russia for purposes of these sanctions?

Russia includes the territory of Russia and any other territory or marine area, including the exclusive economic zone and continental shelf, over which the Government of Russia claims sovereignty, sovereign rights, or jurisdiction, provided that the Government of Russia exercises partial or total de facto control over the area or derives a benefit from economic activity in the area pursuant to international arrangements.

Would an intra-company transfer of any of the items listed by ECCN in §746.5 or by Schedule B number in Supplement No. 2 to part 746 of the EAR be prohibited if the listed item was being moved within Russia as a transfer (in-country), for.......

Would an intra-company transfer of any of the items listed by ECCN in §746.5 or by Schedule B number in Supplement No. 2 to part 746 of the EAR be prohibited if the listed item was being moved within Russia as a transfer (in-country), for one of the restricted uses? Many oilfield services companies have inventory positioned at in-country hubs, and will use the items in inventory for providing services in Russia.

 

The controls set forth in §746.5 cover in-country transfers. If the transaction in Russia also involved a transfer (in-country) as defined in §772.1 of the EAR, then the EAR license requirements and restrictions on the use of license exceptions in §746.5(c) would also apply. In addition, as noted above in the introductory text to these FAQs, OFAC has also implemented sanctions specific to energy production activities, including those related to providing services for such activities. Here is a link to the September 12, 2014 OFAC announcement on the imposition of new services control in Russia for such end uses: http://www.treasury.gov/ofac/downloads/ssi/ssi.pdf. Any questions regarding OFAC’s sanctions should be directed to OFAC.

When the August 6 rule refers to shale and uses the terms exploration or production in shale, do the restricted end uses apply only to situations, such as fracking, where the hydrocarbon is located in shale formations, or do they also apply......

When the August 6 rule refers to shale and uses the terms exploration or production in shale, do the restricted end uses apply only to situations, such as fracking, where the hydrocarbon is located in shale formations, or do they also apply to projects involving penetrating a layer of shale to reach a reservoir located below the shale formation? What about projects that involve unconventional methods of extracting oil from shale (e.g., from shale reservoirs or oil shale processing)? 

 

The license requirements of §746.5 of the EAR apply to the specified items when you know that the item will be used directly or indirectly in exploration for, or production of, oil or gas in Russian deepwater (greater than 500 feet) or Arctic offshore locations or shale formations in Russia, or are unable to determine whether the item will be used in such projects. Thus, the license requirement applies to exploration for, or production of, oil or gas from a shale formation. The license requirement does not apply to exploration or production through shale to locate or extract crude oil or gas in reservoirs.

Where can I find more information about license requirements for EAR99 items not specifically listed on the CCL?

You can begin by reviewing the material in EAR parts 732 and 734, and screening the parties to your transaction using the consolidated screening list at:

http://export.gov/%5C/ecr/eg_main_023148.asp

and also review sanctions specific to Russia, such as those specified in §746.5, which include the Schedule B numbers identified in Supplement No. 2 to part 746.

Why are Schedule B numbers in the EAR now?

The Schedule B numbers included in the August 6 rule were added to capture items normally classified in the EAR as EAR99, and therefore not included on the CCL.

May an exporter use HTS codes instead of the Schedule B number to determine if a license is required?

Exporters, reexporters and transferors may not use the HTS code to determine if an item requires a license. Exporters remain free to use either Schedule B or HTS codes in their Automated Export System (AES) filing. Persons submitting license applications for the export or reexport of the items listed by Schedule B number in Supplement No. 2 to part 746 of the EAR need to determine the classification of their item on the Commerce Control List in Supplement No. 1 to part 774 of the EAR prior to submission. The classification of the item is a key variable when reviewing the other license requirements of the EAR and for determining other EAR responsibilities. BIS has a video on how to classify your item here (http://www.bis.doc.gov/index.php/compliance-a-training/export-administration-regulations-training/online-training-room?id=285).

Where on the BIS website is the list of Schedule B numbers categorizing items requiring a license under the Russian sanctions?

The Schedule B numbers affected are in the EAR’s new Supplement No. 2 to Part 746: "Russian Industry Sector Sanction List", which can be found here:http://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear. The source for the Schedule B numbers and descriptions in BIS’s list comes from the Department of Commerce, Bureau of the Census’s Schedule B concordance of exports 2014. Census’s Schedule B List 2014 can be found here: http://www.census.gov/foreign-trade/schedules/b/2014/index.html. The Introduction Chapter of the Schedule B provides important information about classifying products and interpretations of the Schedule B (e.g., NESOI means Not Elsewhere Specified or Included). In addition, important information about products within a particular chapter may be found at the beginning of each chapter.

In new ECCN 0A998 is the scope of seismic data, equipment and software limited to deepwater, Arctic and shale exploration projects in Russia?

No, that is not correct. The scope of the ECCN is limited by the control parameters included in the ECCN. The scope of the license requirements for ECCN 0A998 is limited to the license requirements in §746.5 of the EAR, which specifies the license requirements and license review policy that apply to the items identified in that section, including new ECCN 0A998. Note however, that if you propose to export, reexport or transfer (in-country) seismic data, equipment or software to Russia but do not know what type of project the items will be used in, a license is required. Also note that in making a license determination under the EAR, the full scope of the EAR license requirements need to be considered, including those in part 744 that in certain cases impose a license requirement for all items subject to the EAR when the items are for certain prohibited end uses or end users as defined in part 744.

Is the only software intended to be covered in ECCN 0A998 that which is specified in subparagraph b.1 (“hydraulic fracking design and analysis software and data”)?

Yes, software for the design and analysis of hydraulic fracturing is the only software controlled in ECCN 0A998. Note that BIS is making an exception to its general policy of not including software in "A" product group ECCNs and is including this software in ECCN 0A998.

The oil and gas exploration data controlled in new ECCN 0A998.a does not fall within the EAR’s definition of “technology” and is not treated as “software”. If a U.S. geologist was analyzing such data in Europe or Russia, would the one-time reporting requi

For purposes of the August 6, 2014 rule, oil and gas exploration data is treated as a commodity, not software or technology. Therefore, the scenario described would not trigger the one-time reporting requirement, as specified in §734.4. In addition, the de minimis procedures for commodities would apply (see §734.4 and Supplement No. 2 to part 734 for information on the EAR’s de minimis provisions and the procedures for making de minimis calculations). However, regardless of whether the data being processed was subject to the EAR, providing such a service by a U.S. person for such end uses in Russia would in most cases likely be prohibited by OFAC, as a result of the new requirements implemented by OFAC on September 12, 2014 that imposes restrictions on U.S. persons providing such services in Russia. As noted above, questions specific to the OFAC restrictions, should be directed to OFAC.

Does the August 6 rule impose any new controls on “technology” to Russia?

The license policy set forth in §746.5 of the EAR applies to all items on the CCL, including technology, that require a license for export, reexport or transfer (in-country) to Russia. Note that new ECCN 0A998, which was created in the August 6 rule, controls oil and gas exploration data, including seismic analysis data, under the ECCN’s subparagraph 0A998.a, and hydraulic fracturing design and analysis data in subparagraph 0A998.b.1

Why is deepwater defined as 500 feet, when industry generally considers deepwater to be depths of more than 1500 feet?

The U.S. Government is aware that there are different depths for what is considered deep water. The "greater than 500 feet" standard is a bright line standard that is used by the U.S. Department of the Interior, Bureau of Ocean Management for what constitutes deep water, and helped to inform BIS’s decision to use "greater than 500 feet" as part of the criteria in §746.5 of the EAR. For reference, the U.S. Department of the Interior’s, Bureau of Ocean Management outlines the criteria for what constitutes deep water here http://www.boem.gov/Status-of-Gulf-of-Mexico-Plans/

The term “high pressure pumps” is not defined in ECCN 0A998.b.3. Does that ECCN control only high pressure pumps for fracking operations or all high pressure pumps used in the restricted end uses in Russia?

The high pressure pumps controlled under ECCN 0A998.b.3 are not limited to fracking operations, but include all those that will be used directly or indirectly in exploration for, or production of, oil or gas in Russian deepwater (greater than 500 feet) or Arctic offshore locations or shale formations in Russia or that will be used in an unknown end use. Keep in mind that any pump that is listed under a Schedule B number in Supplement No. 2 to part 746 and any pump classified under an ECCN that requires a license to Russia is also subject to §746.5.

Does the August 6 rule prohibit the transshipment of items through Russia to another destination if the items are not items identified in the rule and will not be used in oil and gas activities?

The rule does not apply to or prohibit items to be transshipped through Russia to another destination if those items are not identified in §746.5 and Supplement No. 2 to Part 746 of the EAR and are not intended to be used in the oil and gas activities in Russia before moving to the final foreign destination.

Can I transship the items identified in §746.5 of the EAR through Russia for use in oil and gas activities in third countries?

The rule does not apply to or prohibit the transshipment through Russia items identified in §746.5 of the EAR if the items are intended for use in oil and gas activities in third countries. Parties to the transaction should be diligent to be aware of any red flags in the transaction that indicate the items may be intended for any prohibitions under §746.5 or intended for other prohibited purposes under the EAR.

Are any license exceptions available to ship the items identified in §746.5 of the EAR?

The only license exception available to ship the items identified in §746.5 of the EAR is §740.11(b), the portion of license exception "Government, international organizations, international inspections under the Chemical Weapons Convention, and the International Space Station" (GOV) that authorizes exports, reexports and transfers (in-country) to personnel and agencies of the U.S. government and certain exports by the Department of Defense.

Do the sector sanction prohibitions apply to items already licensed by BIS for export, reexport or transfer (in-country) to Russia and to items listed in §746.5 or by Schedule B number in EAR Supplement No. 2 to Part 746 if they were......

Do the sector sanction prohibitions apply to items already licensed by BIS for export, reexport or transfer (in-country) to Russia and to items listed in §746.5 or by Schedule B number in EAR Supplement No. 2 to Part 746 if they were exported, reexported or transferred (in-country) to Russia prior to the effective date of the rules and are being used in existing oil and gas projects in Russia?

 

The new sanctions apply to exports, reexports and transfers (in-country) of the items listed in §746.5 or in Supplement No. 2 to part 746 of the EAR that were authorized by BIS prior to the effective date of the sanctions (August 6, 2014) but did not reach the final destination by the effective date, August 6, 2014. License applications that were pending with BIS on August 6 will be reviewed consistent with the licensing policy in §746.5. For items already in Russia, the new sanctions would apply if the items will be transferred (in-country) for use directly or indirectly in exploration for or production of oil or gas in a deepwater (greater than 500 feet), Arctic offshore location or a shale formation project in Russia or if the reexporter or transferor is unable to determine whether the item will be used in the aforementioned projects. The September 17 rule added five persons to the Entity List in Russia and imposed a license requirement for all items subject to the EAR when the item is for an end use specified in §746.5.

Did the September 17 rule (79 FR 55608) include a savings clause?

No. The September 17 rule did not include a savings clause.

Does de minimis still apply for reexports to Russia when the incorporated items proposed for reexport or export from abroad are subject to license requirements under §746.5 of the EAR?

The applicability of de minimis is not end-user/use based. It is destination based. Therefore, the items that are subject to license requirements under §746.5 of the EAR should not be included as controlled content in calculating the de minimis percentage of an item proposed for reexport to Russia.

Is the de minimis level for non-600 series items for Russia still 25?

The August 6 rule did not change the de minimis provisions under the EAR. Therefore, for foreign made items located outside of the United States that incorporate items that are subject to the EAR, an analysis of the de minimis provisions under §734.4 of the EAR and the direct product rule under §736.2(b)(3) should be conducted to determine if that foreign made item is subject to the EAR. If the foreign made item located outside the United States is subject to the EAR, then an analysis should be made by the reexporter or transferor to determine whether the item is subject to a license requirement.

What license requirements were implemented on Russia in §744.21 of the EAR in the September 17, 2014 rule, “Addition of Persons to the Entity List and Restrictions on Certain Military End Uses and Military End Users” (79 FR 55608)?

The September 17 rule amended §744.21 of the EAR to implement "military end use" and "military end user" license requirements on Russia. These license requirements are in addition to those requirements for Russia in the August 6 rule. The September 17 rule amendments require a license for the export, reexport and transfer (in-country) of the items subject to the EAR that are listed in Supplement No. 2 to part 744 of the EAR if the exporter, reexporter or transferor knows or has been informed by BIS that the item is intended for a "military end use" or "military end user" in Russia. Further, the existing prohibition on exports, reexports or transfers (in-country) of any ECCN 9x515 or "600 series" item, including items described in .y paragraphs of a 9x515 or "600 series’ ECCN without a license from BIS, also applies to Russia. Prior to the September 17 rule, .y items in the "600 series" were not subject to license requirements for export or reexport to Russia, but with the addition of Russia to §744.21, exports, reexports and transfers (in-country) of all .y items on the CCL will require a license to Russia because they are presumptively for a military end use. 

BIS will review license applications for such items on a case-by-case basis to determine whether the export, reexport, or transfer (in-country) would make a material contribution to the military capabilities of Russia, and would result in advancing the country's military activities contrary to the national security interests of the United States. When it is determined that an export, reexport, or transfer (in-country) would make such a contribution, the license will be denied.

How did the September 17 rule affect other items on the Commerce Control List (CCL), (i.e., ECCNs not specifically mentioned in Supplement No. 2 to part 744 of the EAR) that are used for military end use applications or by military end users in Russia?

BIS will apply the licensing policy set forth in the applicable licensing policy sections of §742 to the review of all license applications for items controlled under ECCNs not specifically mentioned in Supplement No. 2 to part 744 - generally, items that would contribute to Russia’s military capabilities.

Regulations FAQs

What’s the new language?

The following language will be included on every license issued by the Bureau of Industry and Security (BIS): "Unless limited by a condition set forth below, the export, reexport or transfer (in-country) authorized by this license is for the item(s), end-use(s), and parties described in the license application and any letters of explanation. The applicant is responsible for informing the other parties identified on the license, such as ultimate consignees and end-users, of the license's scope and of the specific conditions applicable to them. BIS has granted this license in reliance on representations the applicant made in the license application, letters of explanation, and other documents submitted."

 

What is the purpose of the new standard language on BIS’s licenses?

The Bureau of Industry and Security (BIS), in coordination with our interagency partners, made the change as part of our ongoing efforts to rationalize and make more consistent the use of conditions on BIS licenses. The purpose of the change is to eliminate, to the greatest extent possible, the inclusion of requirements and prohibitions included in the Export Administration Regulations (EAR) as conditions on validated licenses. BIS is eliminating conditions specifying requirements and prohibitions included in the EAR from licenses because the EAR's conditions and requirements are applicable to all exports, reexports and transfers (in-country) of items subject to the EAR as a matter of law; inclusion of such conditions on licenses is redundant.

When did BIS start putting this new language on its licenses?

BIS began issuing license with the language on December 8, 2014.

What will be the biggest change on licenses as a result of the new language?

As the new language will eliminate the need to include license conditions specifying requirements and prohibitions included in the EAR, BIS expects that licenses issued after December 8, 2014 will generally have a smaller number of conditions as compared to licenses issued before December 8, 2014.

What is the impact of the new language on license applicants?

The new language will allow BIS and its interagency partners to process license applications more efficiently, thereby facilitating business activities. License applicants should note that the new language clarifies that BIS's licenses authorize the transaction(s) described in the license application and any letters of explanation. Therefore, license applications submitted with specific and detailed information will be processed more efficiently than those sibmitting general or incomplete information.

Additionally, the new language specifies that license applicants are required to inform the other parties to the license of the license's scope and of any license condition(s) applicable to the individual party. License applicants who have not routinely informed other parties to the license of such information should implement procedures to ensure that such notifications occur for all licenses.

FAQ #5 says that BIS will process license applications submitted with “specific and detailed information” more efficiently. What does “specific and detailed” information mean?

Generally speaking, the use of imprecise language on a license application causes processing delays and/or the inclusion of additional conditions. Imprecise language (e.g., phrases such as "including but not limited to") creates the impression that the license applicant is unsure or undecided about the details of the proposed transaction, therefore creating a requirement for BIS and its interagency partners to impose restrictions (in the form of conditions) on the license in order to protect the United States' national security and foreign policy interests.

The inclusion of specific information on license applications for transactions involving especially sensitive items or proposed for shipment to sensitive locations is helpful in facilitating BIS's processing. For example, before processing license applications for the export of satellites, BIS and its interagency partners need to know the name and address of the organization or company facilitating the satellite's launch. Exporters who are unsure about what specific information should be included to facilitate a license application for a specified item or to a specified location should contact BIS .

If I include precise information on my license application, will my application be processed in less than forty days?

Not necessarily. Including precise information increases the chance that your license will be issued more quickly and with fewer conditions than it otherwise would be.

Can you provide some examples of conditions that were included on licenses before but won’t be after November 10?

Selected examples are as follows:

Conditions no longer in general use after December 8, 2014:

Why isn’t BIS using these conditions anymore?

No reexport without   prior authorization from the U.S. Government, unless elsewhere authorized   under the EAR.

This condition is an existing   prohibition under the EAR: See: §   736.2(b)(1) of the EAR – General Prohibition One and therefor does not   generally need to be included on licenses.   The condition will be included under certain circumstances, including   if a license applicant requests reexport authorization and the request is   denied.  

Stated end use and end   user(s) only

This limitation in   scope is included in the EAR; it is redundant to include it as a license   condition (See: § 750.7(a) of the   EAR).

No military end use

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, if you did not include a   military end use in your license application or license application support   documents, such an end use is not authorized under the license. The condition may be used if the license   applicant does not specify the scope of the intended end-use within the   license application (and the end-use could be either civil or military).

Civil end use only

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, a condition requiring “civil end   use only” is not required unless a military end use is requested in the   license application or license application support documents but is not   authorized by BIS.

Access/use is not   granted to [embargoed destination(s)] nationals

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, if you did not specifically   request access or use by persons who are nationals of an embargoed   destination in your license application or license application support   documents, access or use by such nationals is not authorized under the   license.

No resale or transfer   without prior authorization from the U.S. Government.

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, if you did not specifically   request authorization to resell or transfer the items authorized for shipment   in your license application or license application support documents, resale   or transfer is not authorized under the license.

Applicant must inform   consignee of all license conditions.

The requirement for the   applicant to inform other parties to the license of the license conditions is   stated in §750.7(d) of the EAR as well as in the new boilerplate language   (which also requires applicants to inform the appropriate parties to the   transaction of the license’s scope).

I received a license authorizing me to export equipment. There aren’t any conditions on the license that prohibit me from shipping technology. Can I send the technology necessary to maintain the equipment?

No, not if the technology is subject to the EAR, requires a license for export to the planned destination, and is not eligible for shipment under a license exception. Licenses issued by BIS authorize the export, reexport or transfer (in-country) of only the items specifically listed on the license.

I received a license to ship equipment to three end users. There aren’t any conditions on my license that prohibit me from shipping it to other end users. Can I ship the equipment to end users not specified on my license?

If the equipment is not eligible for shipment without a license (i.e., "no license required" or NLR) or under a license exception to end users not specified on your license, you may not ship to the additional end users without additional authorization from BIS.

Since December 8, 2014, BIS seems to be using riders on its licenses more often. What’s the difference between a condition and a rider?

A license condition is a requirement on the parties to the transaction named on the license. Violation of a license condition is a violation of the EAR and may be subject to administrative or criminal penalties.

A license rider consists of clarifying or explanatory language added to a license by BIS. Although license riders are not requirements, BIS sometimes uses riders to remind license parties of requirements under the EAR. Exporters should note that BIS's inclusion of a rider on a license puts the exporter on notice regarding the specific knowledge, including requirements under the EAR, provided in the rider.

I want to make sure I understand exactly what is authorized by my BIS license. Who can help me?

Please call BIS's Export Counseling Division at (202) 482-4811, BIS's Western Regional Office at (949) 660-0144 or BIS's Northern California branch office at (408) 998-8806. You may also send an e-mail to ECDOEXS@bis.doc.gov. Please include a telephone number for call-back purposes within your e-mail.

Frequently Asked Questions on BIS's New Boilerplate License Language

What’s the new language?

The following language will be included on every license issued by the Bureau of Industry and Security (BIS): "Unless limited by a condition set forth below, the export, reexport or transfer (in-country) authorized by this license is for the item(s), end-use(s), and parties described in the license application and any letters of explanation. The applicant is responsible for informing the other parties identified on the license, such as ultimate consignees and end-users, of the license's scope and of the specific conditions applicable to them. BIS has granted this license in reliance on representations the applicant made in the license application, letters of explanation, and other documents submitted."

What is the purpose of the new standard language on BIS’s licenses?

The Bureau of Industry and Security (BIS), in coordination with our interagency partners, made the change as part of our ongoing efforts to rationalize and make more consistent the use of conditions on BIS licenses. The purpose of the change is to eliminate, to the greatest extent possible, the inclusion of requirements and prohibitions included in the Export Administration Regulations (EAR) as conditions on validated licenses. BIS is eliminating conditions specifying requirements and prohibitions included in the EAR from licenses because the EAR's conditions and requirements are applicable to all exports, reexports and transfers (in-country) of items subject to the EAR as a matter of law; inclusion of such conditions on licenses is redundant.

When did BIS start putting this new language on its licenses?

BIS began issuing license with the language on December 8, 2014.

What will be the biggest change on licenses as a result of the new language?

As the new language will eliminate the need to include license conditions specifying requirements and prohibitions included in the EAR, BIS expects that licenses issued after December 8, 2014 will generally have a smaller number of conditions as compared to licenses issued before December 8, 2014.

What is the impact of the new language on license applicants?

The new language will allow BIS and its interagency partners to process license applications more efficiently, thereby facilitating business activities. License applicants should note that the new language clarifies that BIS's licenses authorize the transaction(s) described in the license application and any letters of explanation. Therefore, license applications submitted with specific and detailed information will be processed more efficiently than those sibmitting general or incomplete information.

Additionally, the new language specifies that license applicants are required to inform the other parties to the license of the license's scope and of any license condition(s) applicable to the individual party. License applicants who have not routinely informed other parties to the license of such information should implement procedures to ensure that such notifications occur for all licenses.

FAQ #5 says that BIS will process license applications submitted with “specific and detailed information” more efficiently. What does “specific and detailed” information mean?

Generally speaking, the use of imprecise language on a license application causes processing delays and/or the inclusion of additional conditions. Imprecise language (e.g., phrases such as "including but not limited to") creates the impression that the license applicant is unsure or undecided about the details of the proposed transaction, therefore creating a requirement for BIS and its interagency partners to impose restrictions (in the form of conditions) on the license in order to protect the United States' national security and foreign policy interests.

The inclusion of specific information on license applications for transactions involving especially sensitive items or proposed for shipment to sensitive locations is helpful in facilitating BIS's processing. For example, before processing license applications for the export of satellites, BIS and its interagency partners need to know the name and address of the organization or company facilitating the satellite's launch. Exporters who are unsure about what specific information should be included to facilitate a license application for a specified item or to a specified location should contact BIS.

If I include precise information on my license application, will my application be processed in less than forty days?

Not necessarily. Including precise information increases the chance that your license will be issued more quickly and with fewer conditions than it otherwise would be.

Can you provide some examples of conditions that were included on licenses before but won’t be after November 10?

Selected examples are as follows:

 

Conditions no longer in general use after December 8, 2014:

Why isn’t BIS using these conditions anymore?

No reexport without   prior authorization from the U.S. Government, unless elsewhere authorized   under the EAR.

This condition is an existing   prohibition under the EAR: See: §   736.2(b)(1) of the EAR – General Prohibition One and therefor does not   generally need to be included on licenses.   The condition will be included under certain circumstances, including   if a license applicant requests reexport authorization and the request is   denied.  

Stated end use and end   user(s) only

This limitation in   scope is included in the EAR; it is redundant to include it as a license   condition (See: § 750.7(a) of the   EAR).

No military end use

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, if you did not include a   military end use in your license application or license application support   documents, such an end use is not authorized under the license. The condition may be used if the license   applicant does not specify the scope of the intended end-use within the   license application (and the end-use could be either civil or military).

Civil end use only

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, a condition requiring “civil end   use only” is not required unless a military end use is requested in the   license application or license application support documents but is not   authorized by BIS.

Access/use is not   granted to [embargoed destination(s)] nationals

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, if you did not specifically   request access or use by persons who are nationals of an embargoed   destination in your license application or license application support   documents, access or use by such nationals is not authorized under the   license.

No resale or transfer   without prior authorization from the U.S. Government.

As stated in §750.7(a)   of the EAR, licenses authorize only the transaction(s) described in the   license application and the license application support documents. Therefore, if you did not specifically   request authorization to resell or transfer the items authorized for shipment   in your license application or license application support documents, resale   or transfer is not authorized under the license.

Applicant must inform   consignee of all license conditions.

The requirement for the   applicant to inform other parties to the license of the license conditions is   stated in §750.7(d) of the EAR as well as in the new boilerplate language   (which also requires applicants to inform the appropriate parties to the   transaction of the license’s scope).

I received a license authorizing me to export equipment. There aren’t any conditions on the license that prohibit me from shipping technology. Can I send the technology necessary to maintain the equipment?

No, not if the technology is subject to the EAR, requires a license for export to the planned destination, and is not eligible for shipment under a license exception. Licenses issued by BIS authorize the export, reexport or transfer (in-country) of only the items specifically listed on the license.

I received a license to ship equipment to three end users. There aren’t any conditions on my license that prohibit me from shipping it to other end users. Can I ship the equipment to end users not specified on my license?

If the equipment is not eligible for shipment without a license (i.e., "no license required" or NLR) or under a license exception to end users not specified on your license, you may not ship to the additional end users without additional authorization from BIS.

Since December 8, 2014, BIS seems to be using riders on its licenses more often. What’s the difference between a condition and a rider?

A license condition is a requirement on the parties to the transaction named on the license. Violation of a license condition is a violation of the EAR and may be subject to administrative or criminal penalties.

A license rider consists of clarifying or explanatory language added to a license by BIS. Although license riders are not requirements, BIS sometimes uses riders to remind license parties of requirements under the EAR. Exporters should note that BIS's inclusion of a rider on a license puts the exporter on notice regarding the specific knowledge, including requirements under the EAR, provided in the rider.

I want to make sure I understand exactly what is authorized by my BIS license. Who can help me?

Please call BIS's Export Counseling Division at (202) 482-4811, BIS's Western Regional Office at (949) 660-0144 or BIS's Northern California branch office at (408) 998-8806. You may also send an e-mail to ECDOEXS@bis.doc.gov. Please include a telephone number for call-back purposes within your e-mail.

Missile Technology FAQs

What kind of documentation or information is required in support of a license application for an item subject to missile technology export controls or when the item to be exported will be used in a missile project or program?

The information provided with your application should include technical specifications or brochures on the items you wish to export. Information that substantiates the legitimate activities of the end-user should be supplied as well. You should also include import or end-user certificates if the item is also subject to national security controls. For items to be used in a missile project or program, at a minimum, always specify the maximum capable range and payload of the delivery system or launch vehicle. Any information regarding the specific project or program should be provided; note if there is any U.S. government funding or oversight involved. You can also include open source information from Web sites, marketing brochures, etc. All of this information will assist licensing officers in their evaluation, determination, and licensing recommendation for the case. Including this information could prevent potential delays in the processing of the case and avoid a return of the application without action. The documentation requirements for export license applications are explained in detail in Part 748 of the EAR.

I am a manufacturer of inertial navigation systems (INS) that are MTCR-controlled. We often get calls from airlines for replacement of broken bench stock spares or INS units in permanent service. Are there any license exceptions that I can use?

Yes, depending upon the situation, License Exceptions TMP, RPL, TSU, and AVS may be applicable for these types of items related to safety of flight. See Part 740 of the EAR for an explanation of when these license exceptions may apply.

Do special rules apply for exporting missile technology to China?

Yes. Section 1512 of the Strom Thurmond National Defense Authorization Act (NDAA) requires a Presidential certification to Congress prior to the export to China of missile technology controlled items, except for certain items used in manned aircraft. Authority for this certification has been delegated to the Secretary of Commerce, however, they can still take several months, and you should allow for substantial processing time for these applications. The Secretary must certify that the export will not be detrimental to the U.S. space launch industry and will not measurably improve the missile or space launch capabilities of China.

When is a license required for export of non-MT controlled items for use in missile activities?

Items not specifically controlled for MT reasons can also be controlled under section 744.3 of the EAR ("catch-all", or EPCI, controls). Items require a license if they will be used in the design, development, production, or use of:

• Rocket systems (including ballistic missile systems, space launch vehicles, and sounding rockets) or unmanned aerial vehicles (including cruise missile systems, target drones, and reconnaissance drones) capable of a range of at least 300 km for use in or by a country listed in group D:4 (see section 738, supplement 1 of the EAR)

• Any rocket system or unmanned aerial vehicles in a D:4 country where system characteristics or use are unknown

• Any rocket systems or unmanned aerial vehicles for the delivery of chemical, biological, or nuclear weapons to anywhere in the world, except by governmental programs for nuclear weapons delivery of NPT Nuclear Weapons States that are also members of NATO

What is the “no undercut” policy in the MTCR?

In the MTCR, as well as the Nuclear Suppliers Group and the Australia Group, there is a "no undercut" policy. This means that if your license is denied because the United States determined it was detrimental to national security or foreign policy, the United States will notify the other members of the regime, who have agreed to consult with the United States before approving an export of the same or similar items to the same end-user. This does not apply to "catch all" denials of items not on the MTCR annex, but in practice many countries take into consideration denials by regime partners when reviewing other license applications.

How does EPCI affect exports of items for missile-related activities?

The term "Enhanced Proliferation Control Initiative" is not defined or generally used in the Export Administration Regulations. Under its original meaning, it included both the list-based controls on missile related items (as well as chemical, biological, and nuclear items) and controls on normally uncontrolled items that need a license because of the end-use or end-user. The term "EPCI" has come to be used informally to refer to the latter "catch all" controls, and refers to the controls set out in section 744 of the EAR.

We recently received an offer to supply a gear making machine (ECCN 2B993) to a tank and cannon factory in China. My boss told me to apply for a license because of EPCI. Is this an EPCI activity?

No, there are no EPCI (catch-all) controls on the manufacture of conventional arms. Conventional arms production is not an activity set out in Part 744 of the EAR. However, you need to determine if there are any activities that are described in Part 744 (i.e. missile/nuclear/chemical-biological weapons) at this facility.

I am a distributor of college textbooks. I often get requests from foreign customers for engineering textbooks containing information on missile technology. Should I be worried about EPCI/“catch-all” controls?

Written materials that are publicly available, such as college textbooks, are not subject to the Export Administration Regulations. However, a "U.S. person," as that term is defined in the EAR, may not support certain missile activities in any of a number of ways, including the provision of goods, the performance of a contract, and employment. See Part 744.6. While the textbooks would not, in themselves require an export license, they could be part of the impermissible support that a U.S. person is providing to a missile project and amount to a violation of the EAR.

My firm recently had an export license for a machine tool denied. The reason for denial was missile-related. This item isn't even controlled for missile reasons. What's going on?

Your license was denied under the EPCI "crossover" provisions. Any license application can be reviewed for all proliferation concerns (not only those stated in the reasons for control.) In this instance, the item was denied because the transaction would make a material contribution to the proliferation of missiles.

What factors are used to evaluate “catch-all” items?

When reviewing licenses for items caught under section 744.3 of the EAR, the following factors will be taken into consideration:

(i) The specific nature of the end use

(ii) The significance of the export in terms of its contribution to the design, development, production, or use of missiles

(iii) The capabilities and objective of the missile and space programs of the recipient country

(iv) The nonproliferation credentials of the importing country

(v) The types of assurances or guarantees against design, development, production, or use of missiles that are given in a particular case

(vi) The existence of a pre-existing contract

What license exceptions are available for MT items?

Items other than some radar, accelerometers, gyros and corresponding test equipment, software, and technology may be exported as part of a manned aircraft, land vehicle, or marine vehicle or as replacement parts for such under license exceptions TMP, RPL, TSU, and AVS. Anti-friction bearing and bearing systems (2A001) may be exported under TMP or RPL as one-for-one replacement for equipment previously exported.

What is meant by Category I, Category II, and MTCR-controlled missiles and unmanned aerial vehicles?

The MTCR considers missile systems or unmanned aerial vehicles that have a range of 300 km and the ability to carry a payload of 500 kg as Category I, and there is a strong presumption of denial for the export of such items. Category II missile systems and unmanned aerial vehicles are those that have a range of 300 km, but do not have the payload capability of Category I. Export of Category II systems are evaluated on a case-by-case basis. Both Category I and Category II items are MTCR-controlled. Missile systems or unmanned aerial vehicles that do not meet the range and payload capabilities of Category I and Category II are not MTCR-controlled. While most Category I and II complete systems fall under the jurisdiction of the Department of State, these categorizations can impact the licensing decisions on dual-use (Commerce controlled) commodities when evaluating the intended end use of the items, the capabilities of the destination country, and the risk of diversion of items.

Exports of Firearms and Related Items FAQs

How do I contact DDTC?

Contact DDTC at 202-663-2980 or go to www.pmddtc.state.gov.

What types of firearms does the Department of Commerce have jurisdiction over?

The Department of Commerce's Bureau of Industry and Security (BIS) has jurisdiction over shotguns with a barrel length of 18 inches or more and related components. BIS also has jurisdiction over muzzle loading rifles and handguns, air guns, replica firearms, shotgun shells and components, and most optical sighting devices for firearms.

How do I contact DDTC?

Contact DDTC at 202-663-2980 or go to www.pmddtc.state.gov.

How do I get a license from BIS?

The first step in determining whether an export license is required is knowing whether the item you are intending to export has a specific Export Control Classification Number (ECCN). The ECCN is an alpha-numeric code, e.g., 0A984, that describes a particular item or type of item, and shows the controls placed on that item.

Where do I find the list of ECCNs?

All ECCNs are listed in the Commerce Control List (CCL) which is in Supplement No. 1 to Part 774 of the Export Administration Regulations (EAR). The CCL is divided into ten broad categories. Category 0 contains ECCNs for shotguns and related items.

What is the Export Control Classification Number (ECCN) for shotguns and components?

ECCN 0A984 controls shotguns with barrels of 18 inches or longer and certain essential components: shotgun barrels 18 inches or longer but not longer than 24 inches, receivers, breech mechanisms, complete trigger mechanisms, and magazines or magazine extension tubes. Other parts of a shotgun not listed under 0A984 or in other ECCN entries are EAR99.

What about rifle stocks?

A rifle stock would be under the jurisdiction of the Department of State.

What is the ECCN for muzzle loading firearms?

Muzzle loading (black powder) firearms with a caliber less than 20 mm that were manufactured later than 1937 and are not reproductions of firearms manufactured earlier than 1890 are controlled under ECCN 0A018.c.

What is the ECCN for pellet guns?

Air guns including pellet guns, BB guns, air rifles and paintball guns are classified as EAR99.

What is the ECCN for shotgun shells and components?

Shotgun shells and components fall under ECCN 0A986. This includes primers and shot. 12 gauge shotgun blanks and 12 gauge shotgun slugs (loaded) are also under this classification. Gunpowder falls under ECCN 1C992.

What is the ECCN for buckshot shells?

Buckshot shotgun shells are classified as 0A984.

What is the ECCN for riflescopes or hunting scopes?

ECCN 0A987 controls specific sighting devices, their associated optical elements, and adjustment mechanisms. Please see the entry for a detailed description of what is controlled. Sighting devices that are not specified in this ECCN or elsewhere on the Commerce Control List, and that are not subject to the jurisdiction of the Department of State, are EAR99.

What Types of Optical Sighting Devices would be under State jurisdiction?

Those that contain night vision capabilities may be under State jurisdiction. You should first contact the State Department. Any optical sighting device mounted on a rifle is under State Department jurisdiction.

What is the ECCN for replica firearms?

Non-functioning replica firearms, whether a rifle or shotgun, are under the jurisdiction of the Department of Commerce and are classified as EAR99. Functioning replica firearms are classified in the same manner as shotguns and rifles as noted above in terms of State/Commerce jurisdiction and ECCNs, as appropriate.

What is the ECCN for stun guns?

Discharge type arms such as stun guns, shock batons, immobilization guns, and projectiles are classified under ECCN 0A985.

What is the ECCN for signal flare discharge arms?

Arms designed solely for signal, flare, or saluting use are classified as EAR99.

What does EAR99 mean?

If your item falls under U.S. Department of Commerce jurisdiction and is not listed on the CCL, it is designated as EAR99. EAR99 items generally consist of low-technology consumer goods and do not require a license in most situations. However, if your proposed export of an EAR99 item is to an embargoed country, to an end-user of concern, or in support of a prohibited end-use, you may be required to obtain a license.

Once I know the ECCN of my item, what is the next step?

Once you have determined that your item is classified under a specific ECCN, you must use the information contained in the "Reason(s) for Control" section of that ECCN in combination with the "Commerce Country Chart" (see Supplement 1 to Part 738 of the EAR) to decide whether a license is required. If there is an "X" in the box for the Reason for Control and destination country, a license is required from BIS, unless a license exception is available. If there is no "X" in the box, a license is not required unless your proposed export is to an embargoed country, to an end-user of concern, or in support of a prohibited end-use, in which case you may be required to obtain a license.

How do I submit a license application?

License applications must be submitted through SNAP-R, the on-line license application system. In order to access the SNAP-R system, you must first obtain a Company Identification Number (CIN). Obtaining a CIN is the first step toward completing your license application and must be completed in order to access the actual SNAP-R application. Instructions to complete this process can be found at the following hyperlink: http://www.bis.doc.gov/snap/pinsnapr.htm.

What support documents are required?

BIS requires an Import Certificate or equivalent official document for ECCNs 0A984, 0A986, or 0A987 for export to Canada, Mexico, and Central and South America per section 748.14 of the EAR. Applicants must request that their importer obtain the Import Certificate or an equivalent official document from the government of the importing country. Otherwise, a Statement by Ultimate Consignee and Purchaser (form BIS 711) is required per section 748.11 of the EAR.

 What support documents are required?

If I’m a U.S. citizen taking a shotgun to another country for recreation, do I need a license?

License Exception BAG authorizes a U.S. citizen or a permanent resident alien leaving the U.S. to export or reexport shotguns with a barrel length 18 inches or over and shotgun shells provided that not more than three shotguns may be taken on any one trip; the shotguns and shotgun shells must be with the person's baggage (may not be mailed) and they must be for the person's exclusive use for legitimate use. See section 740.14(e) of the EAR for specific requirements in the use of BAG.

Are Hunting Bows and Knives on the Commerce Control List?

Hunting bows and knives are classified as EAR99.

Sudan: Change of Licensing Policy for Exports of Civil Telecommunications-related Infrastructure Items to Sudan and Addition of Sudan as an Eligible Destination for Exports of Consumer Communications Devices under License Exception CCD

What major changes did this rule make?

This rule amended Section 742.10 (15 CFR 742.10) of the Export Administration Regulations (15 CFR Parts 730-774) to revise the general licensing policy of denial to one of case-by-case review for exports and reexports to Sudan of certain telecommunications equipment and associated computers, software, and technology, including items that are useful for the development of civil telecommunications network infrastructure. It also revised License Exception Consumer Communications Devices (CCD), Section 740.19 of the EAR (15 CFR 740.19), which previously applied only to Cuba, to authorize exports and reexports of such devices to Sudan, either for sale or donation. This rule also made conforming changes to License Exception Temporary Imports, Export, Reexports and Transfers (in-country) (TMP) (Section 740.9 of the EAR (15 CFR 740.9). Finally, it removed a license requirement for reexports to Sudan of certain telecommunications software.

Why did BIS make these changes?

BIS made these changes to reflect the U.S. Government's commitment to the advancement of the free flow of information to, from, and within Sudan.

Do these changes affect the sanctions against Sudan?

No. Due to Sudan's designation as a "State Sponsor of Terrorism" by the Secretary of State, the Department of Commerce's Bureau of Industry and Security (BIS) maintains license requirements with a general policy of denial for exports and reexports of most items on the Commerce Control List to most end users in Sudan. Revised License Exception CCD permits exports and reexports of certain eligible commodities and software on the CCL to Sudan that previously required a license. Items designated as "EAR99" (subject to the EAR but not described on the Commerce Control List) continue to be eligible for export and reexport to Sudan without a license in the absence of end-use or end-user concerns set forth in Part 744 of the EAR. The changes made pursuant to the rule implement the U.S. Government's policy objective of facilitating communication and the free flow of information among the Sudanese people.

Due to the sanctions, do export/reexport transactions of items covered under License Exception CCD also require separate authorization from the Department of the Treasury’s Office of Foreign Assets Control (OFAC)?

Because OFAC and BIS share jurisdiction over certain exports and reexports to Sudan, these changes have been made in coordination with OFAC, which simultaneously has issued parallel amendments to the Sudanese Sanctions Regulations, 31 CFR part 538. Please see OFAC FAQs for further information pertaining to the Department of Treasury changes. [Most items that qualify for export or reexport to Sudan under revised License Exception CCD also qualify for export and reexport to Sudan under OFAC's new general license, as set forth in 31 CFR 538.533, published contemporaneously with the new BIS rule. Therefore, in most cases, you do not need a specific license from OFAC for the export or reexport of items described in License Exception CCD.] Exporters should review both 31 CFR 538.533 and License Exception CCD to ensure compliance with applicable export license requirements.

How do license exceptions relate to license requirements for Sudan in the Export Administration Regulations?

Most items described on the Commerce Control List require authorization in the form of a license from BIS for export or reexport to Sudan under Section 742.10 of the EAR, the provision that establishes license requirements and related license review policies for exports and reexports to Sudan. License Exception CCD is an example of an authorization that allows persons to export or reexport certain enumerated consumer communications devices subject to the EAR to Sudan that would otherwise require a license from BIS. If a license exception is available for a contemplated export or reexport to Sudan, the licensing requirements specified in Section 742.10 do not apply. The availability of License Exception CCD, however, is restricted to exports and reexports under certain defined circumstances. Please review Section 740.2 of the EAR, which contains restrictions on the availability of all license exceptions, including License Exception CCD. You should also review the General Prohibitions set forth in Part 736 and the license requirements and policies set forth in Part 744 (end-use and end-user concerns). Persons who are unfamiliar with the structure of the EAR or the relationship of license exceptions to license requirements generally may wish to consult the BIS online training room

http://www.bis.doc.gov/index.php/compliance-a-training/export-administration-regulations-training/online-training-room?id=284.

How do you define “consumer” as it relates to items that qualify for export and reexport to Sudan under License Exception CCD?

For the purposes of License Exception Consumer Communications Devices (CCD), a "consumer" item is an item that is: (1) generally available to the public by being sold, without restriction, from stock at retail selling points by means of any of the following: (a) over-the counter transactions; (b) mail order transactions; (c) electronic transactions; or (d) telephone call transactions; and (2) designed for installation by the user without further substantial support by the supplier. In Section 740.19 (b) of the EAR, the term "consumer" describes the types of computers ((b) (1)), disk drives and storage equipment ((b)(2)), information security equipment, software, and peripherals ((b)(12)), and software ((b)(17)) that may be exported under License Exception CCD. The definition of "consumer" applies regardless of whether the item being exported or reexported is sold or donated.

Does this license exception cover the export or reexport of instruction manuals or other information on how to assemble and use authorized tools and equipment?

Instruction manuals or other information on how to assemble and use tools and equipment authorized for export or reexport under License Exception CCD likely fall into one of three categories. They may be eligible for License Exception Technology and Software Unrestricted (TSU) (Section 740.13(a) of the EAR) or constitute published information and software that is not subject to the EAR (Section 734.7 of the EAR), or they may not be subject to the EAR because they do not constitute "use" technology or other categories of technology (see Part 772 of the EAR). However, if such information is subject to the EAR, it may require a BIS license for export or reexport to Sudan.

Does License Exception CCD cover the export or reexport of upgrades, fixes, and patches for software?

Yes, if the software upgrades, fixes, or patches meet all the criteria described in License Exception CCD. Specifically, the items must be: 1) consumer communication devices as defined in License Exception CCD and 2) classified on the Commerce Control List under an ECCN that is expressly authorized for export or reexport under the license exception.

May I use License Exception CCD to sell communications devices to Sudan government owned, operated or controlled companies and corporations for resale to the Sudanese people?

License Exception CCD Section (c) (1) (iii) does not authorize the export or reexport of communications devices to the Government of Sudan, including entities owned, operated or controlled by the Government of Sudan, apart from certain consumer software listed in paragraph (b)(12) or (b)(17) that is distributed free of charge. Consequently, the Government of Sudan is an ineligible recipient of items such as telecommunications infrastructure equipment, computers, technology, and software (apart from the carve-out described), under the license exception. A license is therefore required for the export or reexport of such items to Sudan government owned, operated, or controlled companies. All items that require a license for export or reexport to the Government of Sudan will be reviewed on a case-by-case basis.

What changes does this rule make to the existing license exception for consumer communication devices?

As part of a January 16, 2015 rule that amended the EAR to reflect changes in the U.S. Government's Cuba policy, License Exception Consumer Communications Devices (CCD) was amended to authorize commercial sales, in addition to donations, of eligible items. Additionally, technical revisions were made in that rule to more precisely track the current technical specifications for some of the specified items. The Sudan rule provides that certain items, namely, Global Positioning System receivers and similar satellite receivers, are available under CCD for export and reexport to Sudan.

The item I would like to export is a consumer communications device listed on the Commerce Control List but its Export Control Classification Number is not among those specifically listed in License Exception CCD. May I use License Exception CCD to export

No. Your item must meet all the criteria of License Exception CCD to qualify for export or reexport under License Exception CCD. The item must be: 1) a consumer communications device as defined in License Exception CCD, and 2) classified on the Commerce Control List under an ECCN that is expressly authorized for export under the license exception.

If you are not sure whether your item is on the CCL or what ECCN applies to it, you may seek an official Commodity Classification (CCAT) from BIS in accordance with Section 748.3 of the EAR. You may submit a request for an official commodity classification through BIS's online SNAP-R System.

Please note that a CCAT will determine the ECCN that applies to your item or, alternatively, designate your item as EAR99. However, a CCAT will not state whether your item is a "consumer" communications device that may be exported or reexported under License Exception CCD. If you have questions about whether an item would qualify for export or reexport under License Exception CCD, including questions as to whether the item would constitute a consumer communications device for purposes of License Exception CCD, you may consult BIS's Foreign Policy Division at 202-482-4252 or submit an advisory opinion request in accordance with the procedures outlined in Section 748.3 of the EAR. You may also submit a license application as explained in the FAQ below.

The item I’d like to export is listed under an ECCN in License Exception CCD, but I have determined that it is not a “consumer” communications device within the meaning of License Exception CCD. May I export it under License Exception CCD?

No. Your item must meet all the criteria of License Exception CCD to qualify for export or reexport under License Exception CCD including meeting the definition of a "consumer" communications device that is set forth in the CCD license exception. If your item is listed on the CCL but you are unsure whether it is a consumer communications device, you may submit an application for license using BIS's SNAP-R system. If BIS determines that a license is required, BIS will process the application and apply the licensing policy outlined in Section 742.10 of the EAR. You may also seek an advisory opinion from BIS.

May I apply for a license to export or reexport telecommunications equipment to Sudan that does not qualify for export or reexport to Sudan under License Exception CCD?

Yes. BIS may authorize your export or reexport under a license when the export or reexport does not qualify for License Exception CCD. BIS will consider, on a case-by-case basis, applications to export or reexport telecommunications equipment and associated computers, software and technology for civil end use. In particular, BIS recognizes the significance of telecommunications items that are useful for the development of civil telecommunications network infrastructure.The facilitation of the free flow of information in Sudan can only occur effectively if there is adequate telecommunications infrastructure to support the consumer communications devices authorized by License Exception CCD. Consequently, BIS will review applications to export and reexport telecommunications-related items, including items useful for the development of civil telecommunications network infrastructure, on a case-by-case basis. License applicants should describe the specific civil end use of the items and their function in the development of civil telecom network infrastructure (see note to Section 742.10(b) (3)) in their license applications or in letters of explanation attached to the applications.

May I export consumer communications hardware and software under License Exception Consumer Communication Devices (CCD) to independent non-governmental organizations in Sudan?

Yes. Independent non-governmental organizations are eligible end-users of items exported to Sudan pursuant to License Exception Consumer Communications Devices (15 CFR § 740.19). Please note that organizations owned, operated, or controlled by the Sudanese Government are not eligible end-users.

May I use License Exception CCD to export consumer communications devices and software to Sudan for commercial resale within Sudan?

Yes. The terms of License Exception CCD do not require that items be exported or reexported directly to the end user. Consequently, exports and reexports to Sudan to commercial entities for resale to eligible end users would qualify for License Exception CCD. Eligible end users include individuals and independent non-governmental organizations operating in Sudan. Apart from certain specified consumer software that is distributed free of charge, the Government of Sudan may not be the end-user. An independent non-governmental organization that is owned, operated, or controlled by the Government of Sudan is not eligible to receive items under License Exception CCD. Persons wishing to use License Exception CCD are responsible for determining that the criteria of the license exception will be met. Please be advised nothing in License Exception CCD excuses a U.S. person from the need to comply with the Sudanese Sanctions Regulations.

What steps can Sudanese academic and training organizations (training institutes, test preparation centers, secondary schools, and universities) take to acquire and use hardware, software, web-based applications and teaching products?

Exporters and reexporters of items subject to the Export Administration Regulations may export or reexport hardware and software to Sudanese academic and training organizations without a BIS license if the transaction meets all the requirements of License Exception CCD. If such items also meet the requirements of the OFAC general license pertaining to certain software, hardware, and services incident to personal communications (31 CFR Section 538.533), an OFAC specific license would not be required for their export or reexport. (For definitive guidance on OFAC requirements, please consult with that agency.) Please note that not all Sudanese academic and training organizations would be authorized to receive these items under the license exception. Apart from certain specified consumer software that is distributed free of charge, License Exception CCD only applies to items destined for organizations or entities that are not part of the Sudanese Government (including owned, operated, or controlled by the government). Also, not all of the hardware and software described in this question will meet the requirements of License Exception CCD. In those cases, persons must apply for a BIS license and OFAC license to engage in the transaction. Sudanese academic and training organizations should contact the manufacturers and providers of these items directly to seek the classification number of the item they wish to import to Sudan and to learn whether they may receive the items and, if so, under what circumstances.

Sudan: Amendment to allow temporary export and reexport of items described in license exception Consumer Communication Devices (CCD) as “tools of the trade” under license exception Temporary Import, Exports, Reexports, and Transfers (in-country) (TMP)

May I use License Exception Temporary Imports, Exports, Reexports, and Transfers (in-country) (TMP) to temporarily export certain consumer communication devices and related software to Sudan?

Yes. You may use License Exception TMP (section 740.9 of the Export Administration Regulations (EAR)) to temporarily export (as well as reexport to Sudan, or transfer (in-country)) employer-owned consumer communications devices and related software described in License Exception Consumer Communications Devices (CCD) (section 740.19(b) of the EAR) as “Tools of Trade” under EAR section 740.9(a)(2). You must comply with all of the requirements and limitations set forth in section 740.9(a)(2), including with respect to permissible users and authorized purposes.  This revision to License Exception TMP took effect on September 2, 2015.

Technology and Software FAQSs

Section A (for FAQs on technology and software): PUBLICATION

I plan to publish in a foreign journal a scientific paper describing the results of my research, which is in an area listed in the EAR as requiring a license to all countries except Canada. Do I need a license to send a copy to my publisher abroad?

No.  This export transaction is not subject to the EAR.  The EAR do not cover technology that is already publicly available, as well as technology that is made public by the transaction in question (§§734.3 and 734.7).  Your research results would be made public by the planned publication. 

Would the answer differ depending on where I work or where I performed the research?

No. Of course, the result would be different if your employer or another sponsor of your research imposed restrictions on its publication (§734.8).

Would I need a license to send the paper to the editors of a foreign journal for review to determine whether it will be accepted for publication?

No.  This export transaction is not subject to the EAR because you are submitting the paper to the editors with the intention that the paper will be published if favorably received (§734.7(a)(4)(iii)).

The research on which I will be reporting in my paper is supported by a grant from the Department of Energy (DOE). The grant requires prepublication clearance by DOE. Does that make any difference under the Export Administration Regulations?

No, the transaction is not subject to the EAR.  But if you published in violation of any Department of Energy controls you have accepted in the grant, you may be subject to appropriate administrative, civil, or criminal sanctions under other laws.

We provide consulting services on the design, layout, and construction of integrated circuit plants and production lines. A major part of our business is the publication for sale to clients of detailed handbooks and reference manuals on key aspects on the

Yes.  The price is above the cost of reproduction and distribution (§734.7(a)(1)).  Thus, you would need to obtain a license or qualify for a License Exception before you could export or reexport any of these handbooks or manuals.

My Ph.D. thesis is on technology, listed in the EAR as requiring a license to all destinations except Canada, which has never been published for general distribution. However, the thesis is available at the institution from which I took the degree. Do I n

That may depend on where in the institution it is available.  If it is not readily available in the university library (e.g., by filing in open stacks with a reference in the catalog), it is not “publicly available” and the export or reexport would be subject to the EAR on that ground.  The export or reexport would not be subject to the EAR if your Ph.D. research qualified as “fundamental research” under §734.8.  If not, however, you will need to obtain a license or qualify for a License Exception before you can send a copy out of the country.

We sell electronically recorded information, including software and databases, at wholesale and retail. Our products are available by mail order to any member of the public, though intended for specialists in various fields. They are priced to maximize sa

You would not need a license for otherwise controlled technology or software if the technology and software are made publicly available at a price that does not exceed the cost of production and distribution to the technical community.  Even if priced at a higher level, the export or reexport of the technology or software source code in a library accessible to the public is not subject to the EAR (§734.7(a)).

Section B (for FAQs on technology and software): CONFERENCES

I have been invited to give a paper at a prestigious international scientific conference on a subject listed as requiring a license under the EAR to all countries, except Canada. Scientists in the field are given an opportunity to submit applications to a

No.  Release of information at an open conference and information that has been released at an open conference is not subject to the EAR.  The conference you describe fits the definition of an open conference (§734.7(a)).

Would it make any difference if there were a prohibition on making any notes or other personal record of what transpires at the conference?

Yes.  To qualify as an “open” conference, attendees must be permitted to take notes or otherwise make a personal record (although not necessarily a recording).  If note taking or the making of personal records is altogether prohibited, the conference would not be considered “open.”

Would it make any difference if there were also a registration fee?

That would depend on whether the fee is reasonably related to costs and reflects an intention that all interested and technically qualified persons should be able to attend (§734.7(a)(4)(ii)).

Must I have a license to send the paper I propose to present at such a foreign conference to the conference organizer for review?

No.  A license is not required under the EAR to submit papers to foreign organizers of open conferences or other open gatherings with the intention that the papers will be delivered at the conference, and so made publicly available, if favorably received.  The submission of the papers is not subject to the EAR (§734.7(a)(4)(iii)).

Would the answers to any of the foregoing questions be different if my work were supported by the Federal Government?

No. You may export and reexport the papers, even if the release of the paper violates any agreements you have made with your government sponsor.  However, nothing in the EAR relieves you of responsibility for conforming to any controls you have agreed to in your Federal grant or contract.

Section C (for FAQs on technology and software): EDUCATIONAL INSTRUCTION

I teach a university graduate course on design and manufacture of very high-speed integrated circuitry. Many of the students are foreigners. Do I need a license to teach this course?

No.  Release of information by instruction in catalog courses and associated teaching laboratories of academic institutions is not subject to the EAR (§734.9).

Even if that research is funded by the Government?

Even then, but you would not be released from any separate obligations you have accepted in your grant or contract.

We teach proprietary courses on design and manufacture of high-performance machine tools. Is the instruction in our classes subject to the EAR?

Yes.  That instruction would not qualify as “release of educational information” under §734.9 because your proprietary business does not qualify as an “academic institution” within the meaning of §734.9.  Conceivably, however, the instruction might qualify as “release at an open seminar, or other open gathering” under §734.7(a).  The conditions for qualification of such a seminar or gathering as “open”, including a fee “reasonably related to costs [of the conference, not of producing the data] and reflecting an intention that all interested and technically qualified persons be able to attend,” would have to be satisfied.

Section D (for FAQs on technology and software): RESEARCH, CORRESPONDENCE, AND INFORMAL SCIENTIFIC EXCHANGES

Do I need a license in order for a foreign graduate student to work in my laboratory?

Not if the research on which the foreign student is working qualifies as “fundamental research” under §734.8.  In that case, the research is not subject to the EAR. 

Our company has entered into a cooperative research arrangement with a research group at a university. One of the researchers in that group is a PRC national. We would like to share some of our proprietary information with the university research group. W

No.  The EAR do not cover the disclosure of information to any scientists, engineers, or students at a U.S. university in the course of industry-university research collaboration under specific arrangements between the firm and the university, provided these arrangements do not permit the sponsor to withhold from publication any of the information that he provides to the researchers.  However, if your company and the researchers have agreed to a prohibition on publication, then you must obtain a license or qualify for a License Exception before transferring the information to the university.  It is important that you as the corporate sponsor and the university get together to discuss whether foreign nationals will have access to the information, so that you may obtain any necessary authorization prior to transferring the information to the research team.

My university will host a prominent scientist from the PRC who is an expert on research in engineered ceramics and composite materials. Do I require a license before telling our visitor about my latest, as yet unpublished, research results in those fields

Probably not.  If you performed your research at the university, and you were subject to no contract controls on release of the research, your research would qualify as “fundamental research” (§734.8(a)).  Information arising during or resulting from such research is not subject to the EAR (§734.3(b)(3)).  You should probably assume, however, that your visitor will be debriefed later about anything of potential military value he learns from you.  If you are concerned that giving such information to him, even though permitted, could jeopardize U.S. security interests, the Commerce Department can put you in touch with appropriate Government scientists who can advise you.  Send written communications, via courier, to: Department of Commerce; Bureau of Industry and Security; Room 2099B; 14th Street and Pennsylvania Ave., NW.  Washington, DC 20230.

Would it make any difference if I were proposing to talk with a PRC expert in China?

No, if the information in question arose during or resulted from the same “fundamental research.”

Could I properly do some work with him in his research laboratory inside China?

Application abroad of personal knowledge or technical experience acquired in the United States constitutes an export of that knowledge and experience, and such an export may be subject to the EAR.  If any of the knowledge or experience you export in this way requires a license under the EAR, you must obtain such a license or qualify for a License Exception.

I would like to correspond and share research results with an Iranian expert in my field, which deals with technology that requires a license to all destinations except Canada. Do I need a license to do so?

Not as long as we are still talking about information that arose during or resulted from research that qualifies as “fundamental” under the rules spelled out in §734.8(a).

Suppose the research in question were funded by a corporate sponsor and I had agreed to prepublication review of any paper arising from the research?

Whether your research would still qualify as “fundamental” would depend on the nature and purpose of the prepublication review.  If the review is intended solely to ensure that your publications will neither compromise patent rights nor inadvertently divulge proprietary information that the sponsor has furnished to you, the research could still qualify as “fundamental.”  But if the sponsor will consider as part of its prepublication review whether it wants to hold your new research results as trade secrets or otherwise proprietary information (even if your voluntary cooperation would be needed for it to do so), your research would no longer qualify as “fundamental.”  As used in these regulations it is the actual and intended openness of research results that primarily determines whether the research counts as “fundamental” and so is not subject to the EAR. 

In determining whether research is thus open and therefore counts as “fundamental,” does it matter where or in what sort of institution the research is performed?

In principle, no.  “Fundamental research” is performed in industry, Federal laboratories, or other types of institutions, as well as in universities.  The regulations introduce some operational presumptions and procedures that can be used both by those subject to the regulations and by those who administer them to determine with some precision whether a particular research activity is covered.  Recognizing that common and predictable norms operate in different types of institutions, the regulations use the institutional locus of the research as a starting point for these presumptions and procedures.  Nonetheless, it remains the type of research, and particularly the intent and freedom to publish, that identifies “fundamental research,” not the institutional locus (§734.8(a)).

I am doing research on high-powered lasers in the central basic-research laboratory of an industrial corporation. I am required to submit the results of my research for prepublication review before I can publish them or otherwise make them public. I would

You probably do need a license (§734.8(d)).  However, if the only restriction on your publishing any of that information is a prepublication review solely to ensure that publication would compromise no patent rights or proprietary information provided by the company to the researcher your research may be considered “fundamental research,” in which case you may be able to share information because it is not subject to the EAR.  Note that the information will be subject to the EAR if the prepublication review is intended to withhold the results of the research from publication.

Suppose I have already cleared my company's review process and am free to publish all the information I intend to share with my colleague, though I have not yet published?

If the clearance from your company means that you are free to make all the infor¬mation publicly available without restriction or delay, the information is not subject to the EAR. (§734.8(d))

I work as a researcher at a Government-owned, contractor-operated research center. May I share the results of my unpublished research with foreign nationals without concern for export controls under the EAR?

That is up to the sponsoring agency and the center's management.  If your research is designated “fundamental research” within any appropriate system devised by them to control release of information by scientists and engineers at the center, it will be treated as such by the Commerce Department, and the research will not be subject to the EAR.  Otherwise, you would need to obtain a license or qualify for a License Exception, except to publish or otherwise make the information public (§734.8(c)).

Section E (for FAQs on technology and software): FEDERAL CONTRACT CONTROLS

In a contract for performance of research entered into with the Department of Defense (DOD), we have agreed to certain national security controls. DOD is to have ninety days to review any papers we proposed before they are published and must approve assig

Under §734.11, any export or reexport of information resulting from government-sponsored research that is inconsistent with contract controls you have agreed to will not qualify as “fundamental research” and any such export or reexport would be subject to the EAR.  Any such export or reexport that is consistent with the controls will continue to be eligible for export and reexport under the “fundamental research” rule set forth in §734.8(a).  Thus, if you abide by the specific controls you have agreed to, you need not be concerned about violating the EAR. If you violate those controls and export or reexport information as “fundamental research” under §734.8(a), you may subject yourself to the sanctions provided for under the EAR, including criminal sanctions, in addition to administrative and civil penalties for breach of contract under other law.

Do the Export Administration Regulations restrict my ability to publish the results of my research?

The Export Administration Regulations are not the means for enforcing the national security controls you have agreed to.  If such a publication violates the contract, you would be subject to administrative, civil, and possible criminal penalties under other law.

Section F (for FAQs on technology and software): COMMERCIAL CONSULTING

I am a professor at a U.S. university, with expertise in design and creation of submicron devices. I have been asked to be a consultant for a “third-world” company that wishes to manufacture such devices. Do I need a license to do so?

Quite possibly you do.  Application abroad of personal knowledge or technical experience acquired in the United States constitutes an export of that knowledge and experience that is subject to the Export Administration Regulations.  If any part of the knowledge or experience your export or reexport deals with technology that requires a license under the EAR, you will need to obtain a license or qualify for a License Exception.

Section G (for FAQs on technology and software): SOFTWARE

Is the export or reexport of software in machine readable code subject to the EAR when the source code for such software is publicly available?

If the source code of a software program is publicly available, then the machine readable code compiled from the source code is software that is publicly available and therefore not subject to the EAR.

Is the export or reexport of software sold at a price that does not exceed the cost of reproduction and distribution subject to the EAR? A.2: Software in machine readable code is publicly available if it is available to a community at a price that does

Software in machine readable code is publicly available if it is available to a community at a price that does not exceed the cost of reproduction and distribution.  Such reproduction and distribution costs may include variable and fixed allocations of overhead and normal profit for the reproduction and distribution functions either in your company or in a third party distribution system.  In your company, such costs may not include recovery for development, design, or acquisition.  In this case, the provider of the software does not receive a fee for the inherent value of the software.

Section H (for FAQs on technology and software): AVAILABLE IN A PUBLIC LIBRARY

Is the export or reexport of information subject to the EAR if it is available in a library and sold through an electronic or print service?

Electronic and print services for the distribution of information may be relatively expensive in the marketplace because of the value vendors add in retrieving and organizing information in a useful way.  If such information is also available in a library -- itself accessible to the public -- or has been published in any way, that information is “publicly available” for those reasons, and the information itself continues not to be subject to the EAR even though you access the information through an electronic or print service for which you or your employer pay a substantial fee.

Is the export or reexport of information subject to the EAR if the information is available in an electronic form in a library at no charge to the library patron?

Information available in an electronic form at no charge to the library patron in a library accessible to the public is information publicly available even though the library pays a substantial subscription fee for the electronic retrieval service.

Is the export or reexport of information subject to the EAR if the information is available in a library and sold for more than the cost of reproduction and distribution?

Information from books, magazines, dissertations, papers, electronic data bases, and other information available in a library that is accessible to the public is not subject to the EAR.  This is true even if you purchase such a book at more than the cost of reproduction and distribution.  In other words, such information is “publicly available” even though the author makes a profit on your particular purchase for the inherent value of the information.

Section I (for FAQs on technology and software): MISCELLANEOUS

The manufacturing plant that I work at is planning to begin admitting groups of the general public to tour the plant facilities. We are concerned that a license might be required if the tour groups include foreign nationals. Would such a tour constitute a

The EAR define exports and reexports of technology to include release through visual inspection by foreign nationals of U.S.-origin equipment and facilities.  Such an export or reexport qualifies under the “publicly available” provision and would not be subject to the EAR so long as the tour is truly open to all members of the public, including your competitors, and you do not charge a fee that is not reasonably related to the cost of conducting the tours. Otherwise, you will have to obtain a license, or qualify for a License Exception, prior to permitting foreign nationals to tour your facilities (§734.7).

Is the export or reexport of information subject to the EAR if the information is not in a library or published, but sold at a price that does not exceed the cost of reproduction and distribution?

Information that is not in a library accessible to the public and that has not been published in any way, may nonetheless become “publicly available” if you make it both available to a community of persons and if you sell it at no more than the cost of reproduction and distribution.  Such reproduction and distribution costs may include variable and fixed cost allocations of overhead and normal profit for the reproduction and distribution functions either in your company or in a third party distribution system.  In your company, such costs may not include recovery for development, design, or acquisition costs of the technology or software.  The reason for this conclusion is that the provider of the information receives nothing for the inherent value of the information.

Is the export or reexport of information contributed to an electronic bulletin board subject to the EAR?

Assume each of the following: (1) Information is uploaded to an electronic bulletin board by a person that is the owner or originator of the information; (2) That person does not charge a fee to the bulletin board administrator or the subscribers of the bulletin board; and (3) The bulletin board is available for subscription to any subscriber in a given community regardless of the cost of subscription.  Such information is “publicly available” and therefore not subject to the EAR even if it is not elsewhere published and is not in a library.  The reason for this conclusion is that the bulletin board subscription charges or line charges are for distribution exclusively, and the provider of the information receives nothing for the inherent value of the information.

Is the export or reexport of patented information fully disclosed on the public record subject to the EAR?

Information to the extent it is disclosed on the patent record open to the public is not subject to the EAR even though you may use such information only after paying a fee in excess of the costs of reproduction and distribution.  In this case the seller does receive a fee for the inherent value of the technical data; however, the export or reexport of the information is nonetheless not subject to the EAR because any person can obtain the technology from the public record and further disclose or publish the information.  For that reason, it is impossible to impose export controls that deny access to the information.

Entity List FAQs

What is the Entity List?

The Bureau of Industry and Security (BIS) publishes the names of certain foreign persons – including businesses, research institutions, government and private organizations, individuals, and other types of legal persons - that are subject to specific license requirements for the export, reexport and/or transfer (in-country) of specified items.  These persons comprise the Entity List, which is found at Supplement No. 4 to Part 744 of the Export Administration Regulations (EAR).  The persons on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

What is the background and purpose of the Entity List?

BIS first published the Entity List in February 1997 as part of its efforts to inform the public of entities that have engaged in activities that could result in an increased risk of the diversion of exported, reexported or transferred (in-country) items to weapons of mass destruction (WMD) programs.  Since its initial publication, grounds for inclusion on the Entity List have expanded to activities sanctioned by the State Department and activities contrary to U.S. national security and/or foreign policy interests.

Where can I find the Entity List?

The Entity List is found in Supplement No. 4 to Part 744 of the Export Administration Regulations (EAR) (15 C.F.R. Part 744, Supp. No. 4). The most recent version of the EAR can be found here and the Entity List can be accessed here. If you would like to subscribe to BIS’s e-mail notification service that will alert you when BIS publishes rules in the Federal Register, including rules implementing changes to the Entity List, please click here.

Why should I check the Entity List?

You should check the Entity List because exports, reexports, and/or transfers (in-country) to those persons named on the Entity List are subject to licensing requirements and policies in addition to those elsewhere in the EAR.  Failure to adhere to EAR licensing requirements is a violation of the EAR and could result in criminal and/or civil penalties.  BIS recommends that exporters screen the parties to transactions against the Entity List as a standard part of pre-transaction due diligence activities.

Can a U.S. company have any dealings with a listed entity?

Yes. However, BIS considers that transactions of any nature with listed entities carry a "red flag" and recommends that U.S. companies proceed with caution with respect to such transactions.  Note that the Entity List describes license requirements and policies for the export, reexport, and/or transfer (in-country) of items subject to the EAR only.  Additionally, although many of the persons included on the Entity List are subject to policies of denial for the export, reexport, and/or transfer (in-country) of all items subject to the EAR, some are subject to policies and requirements that are narrower in scope (i.e., not all persons included on the Entity List are subject to license requirements for all items subject to the EAR, while others are subject to license requirements for all or some items listed on the Commerce Control List (CCL)).  Be sure to review the licensing policy and requirements carefully.

Are U.S. companies prohibited under the EAR from doing business with specific entities that are not included on the Entity List?

As set forth in the answer to question 28, both BIS and other agencies in the U.S. Government maintain other lists of entities for which there are restrictions on doing business.  In addition, the provisions of part 744 of the EAR, including § 744.6 of the EAR, apply to transactions regardless of whether the entity in question is listed on the Entity List or not.

Additionally, BIS recommends that exporters, reexporters, or persons transferring (in-country) items subject to the EAR review the U.S. Government’s list of proscribed persons to ensure that a proposed transaction does not violate other U. S. Government requirements.

What are the different types of license requirements for listed entities?

Each entity on the Entity List is assigned a specific licensing requirement on the basis of the national security and/or foreign policy considerations associated with the entity’s designation on the Entity List.  Within the Entity List, the information for each listed entity includes the license requirement, license review policy, and Federal Register citation(s). License requirements vary from “all items subject to the EAR,” which includes items on the CCL as well as EAR99 items, to all items on the CCL, or to all items on the CCL except for specified items.

What is BIS’s policy for reviewing license applications that include listed entities as parties to the transaction?

BIS reviews license applications that include listed entities according to the entity’s role in the proposed transaction and the specific license review policy(ies) set forth for the entity(ies) on the Entity List.  Note that while transactions outside of the scope of the license review policy for a listed entity are not prohibited, BIS considers that such transactions carry a "red flag."

Are there any license exceptions available for listed entities?

Section 744.1(c) of the EAR generally prohibits the use of license exceptions for almost all exports and reexports to listed entities.  However, if one or more license exceptions are available to a listed entity, the availability will be noted in the licensing requirements information specific to that entity.

How often is the Entity List updated?

The Entity List is subject to ongoing review and revision.  All changes to the Entity List are published in the Federal Register.  You can subscribe to a BIS e-mail notification service that will alert you when EAR rules are published in the Federal Register, including rules implementing changes to the Entity List, by clicking here.

A company that used to be on the Entity List is no longer listed. Can I ship to them now?

The removal of an entity from the Entity List removes only the additional license requirements imposed by its listing on the Entity List, and does not modify the other license requirements that may be applicable under the EAR (i.e., as a result of an item’s classification on the CCL or the proposed country of destination for the export, reexport, or transfer (in-country)). Additionally, if you know or have been informed that the item proposed for export, reexport, or transfer (in-country) will be used in nuclear, missile, and/or chemical and biological weapons programs, you must seek a license pursuant to the requirements found in Part 744 of the EAR. You should also consult the other export screening lists maintained by BIS and other U.S. Government agencies to determine whether other license requirements or sanctions apply. In summary, you should conduct the same due diligence as you would for any other export, reexport, or transfer (in-country) of items subject to the EAR.

What if a company I want to export to is at the same address as (e.g., co-located with) a listed entity?

This is a "red flag" and the exporter must undertake sufficient due diligence to verify that the company co-located with the listed entity is not, in fact, the listed entity and does not intend to transfer (in-country) the requested items to the listed entity.

What if the name or address of the company I want to export to is a near match to a name or address on the Entity List?

As this is a "red flag", BIS recommends that detailed due diligence be undertaken.  You should conduct due diligence by examining other factors to determine if the company you want to export to is the same as the listed entity.  Such factors may include, but are not limited to, the company’s name, address, corporate officers, business activities, contact information, etc.  You may be able to locate this information via the company’s website or through internet search results.

Can I export to a person on the Entity List if he/she is not located at the same address as listed in the EAR?

Persons on the Entity List are subject to the licensing policy and requirements defined in their specific entries on the Entity List regardless of their location. BIS works to revise and correct the entries on the Entity List on a regular basis, in order to ensure that each entry reflects the most accurate and recent information for the person named in that entry. However, if your due diligence indicates that the person to whom you wish to export, reexport, or transfer (in-country) is designated on the Entity List, then, regardless of the address listed in the Entity List entry, you should follow the licensing requirements set forth in the Entity List for that person.

Are all of the persons on the Entity List included because they violated the Export Administration Regulations (EAR) by exporting, reexporting and/or transferring items subject to the EAR?

No, not all sections of Part 744 of the EAR (which defines the criteria for possible inclusion on the Entity List) require that a person’s alleged activity involve items subject to the EAR.  Section 744.11, for example, requires that the person’s activities be contrary to U.S. national security and/or foreign policy interests but does not require that the activities involve items subject to the EAR.

Is there an appeals process for listed entities? If so, how does it work?

Yes; this process was articulated in BIS’s August 2008 revision of the EAR titled “Authorization to Impose License Requirements for Exports or Reexports to Entities Acting Contrary to the National Security or Foreign Policy Interests of the United States.”

As a result of the August 2008 rule, §744.16 of the EAR defines the procedures that allow a person listed on the Entity List to submit a written request to the End-User Review Committee (ERC) that its entry be removed or modified.  The request must be made in English and the party must provide a basis for the removal or modification.  After the ERC has reviewed the request and reached a decision, BIS’s Deputy Assistant Secretary for Export Administration will provide the decision in a written response to the requesting party.  The decision communicated to the party by the Deputy Assistant Secretary is final.  BIS will publish any modifications to, or removals from, the Entity List resulting from such appeals in the Federal Register.  The timeframe for appeals is 30 calendar days after the ERC’s receipt of the appeal (note that BIS conducts an internal review of all appeals prior to referral to the ERC that may add to this timeframe).

Please note that if a party on the Entity List submits an appeal, it remains subject to the Entity List's licensing requirements while the appeal is being processed.  In order for a party to be released from the additional licensing requirements imposed by being on the Entity List, two actions must occur: 1) the appeal must be approved by the ERC, and 2) a formal notice of the party’s removal from the Entity List must be published in the Federal Register.

Do other U.S. Government export screening lists include U.S. persons?

Yes. See a consolidated version of all U.S. Government proscribed parties lists here.

Does BIS work with other U.S. Government agencies to administer the Entity List?

Yes. As set forth in Supplement No. 5 to Part 744 of the EAR, proposed changes to the Entity List are reviewed and approved by the interagency End-User Review Committee (ERC). Comprised of representatives from the Departments of State, Defense, and Energy, the ERC is chaired by a Commerce employee. In addition to the review of appeals, the ERC reviews the Entity List on an annual basis. Any ERC member agency may also recommend changes to the Entity List on an ad-hoc basis.

Who should I contact if I have more questions about the Entity List?

 

You should call the Office of Exporter Services at 202-482-4811, or e-mail them a question via the website. Pursuant to the guidance in §748.3 of the EAR, you may also submit an advisory opinion request to the End-User Review Committee Chair at ERC@bis.doc.gov, or call the Committee Chair directly at 202-482-5991.

 

Do the license requirements and policies of the Entity List apply to separately incorporated subsidiaries, partially owned subsidiaries, or sister companies of a listed entity?

 

Subsidiaries, parent companies, and sister companies are legally distinct from listed entities. Therefore, the licensing and other obligations imposed on a listed entity by virtue of its being listed do not per se apply to its subsidiaries, parent companies, sister companies, or other legally distinct affiliates that are not listed on the Entity List. If, however, such a company, or even an unaffiliated company, acts as an agent, a front, or a shell company for the listed entity in order to facilitate transactions that would not otherwise be permissible with the listed entity, then the company is likely violating, inter alia, General Prohibition 10, EAR section 764.2(b) (causing, aiding, or abetting a violation) and possibly other subsections of 764.2 as well.

Those who export, reexport, or transfer items subject to the EAR with knowledge that the items are destined to a subsidiary, sister, parent, or other affiliate of a listed entity are encouraged to take extra due diligence steps to ensure that (i) the items are not ultimately destined for the listed entity and (ii) the affiliate is a separate legal entity (as opposed to a branch or operating division of the listed entity). If one is uncertain whether a planned transaction involving an actor with some relationship to a listed entity would be affected by the obligations pertaining to the listed entity, one may seek an advisory opinion from BIS pursuant to section 748.3.

 

Do the license requirements and policies of the Entity List apply to the branch offices and operating divisions of a company, organization, or other entity that is a listed entity?

Branches and operating divisions of a listed entity are, by definition, part of the listed entity. They are not legally distinct entities. Therefore, with one exception pertaining to hospitals and medical centers of the Department of Atomic Energy entities in India (see FAQ #39), the licensing and other obligations imposed on a listed entity also apply to its branches and operating divisions.

Do the license requirements and policies in the Entity List also apply to the parent company if a subsidiary is a listed entity?

The Entity List license requirements do not extend to parent companies unless the applicable listing for the company so states. Exporters, reexporters, and transferors are reminded that the EAR imposes licensing requirements, such as end-user and end-use based restrictions in Part 744 of the EAR, that could apply to such companies even if they are legally separate from the listed entity.

Do the restrictions for a listed alias differ from the main entry?

No. All persons named in Entity List entries are subject to the main entry's licensing requirements and policy.

Can I use a company that is a listed entity as a freight forwarder? Can I use a listed entity as the freight carrier transporting my shipment?

The licensing policies and requirements cited on the Entity List extend to the export, reexport, or transfer (in-country) of items subject to the EAR to the persons included on the Entity List. Therefore, a transaction that involves a listed entity in which that entity is not the consignee of the goods is not a transaction subject to a license under the entity’s listing on the Entity List.  However, BIS considers that a transaction involving the use of a listed entity as a freight forwarder or carrier carries a "red flag" and suggests that you exercise caution and strong oversight if you opt to engage a listed entity for these services. Although the freight forwarder or carrier may not be the end-user of the item(s) you are exporting, reexporting, or transferring (in-country), the freight forwarder/carrier will likely have access to the item(s) being exported, reexported, and/or transferred (in-country), thereby increasing the chance that the item(s) you are shipping will be diverted. Further, BIS recommends consulting the other export screening lists maintained by the U.S. Government to ensure that your use of the listed entity as a freight forwarder/carrier does not violate sanctions or restrictions administered by other U.S. Government agencies.

If a person on the Entity List enters the United States, can I do business with that person?

BIS does not prohibit the sale or transfer of commodities subject to the EAR to persons on the Entity List if those persons are in the United States.  However, the release of software source code or technology in the United States to a person on the Entity List or a person employed by or representing an organization on the Entity List may require a license as a “deemed export.”  Should such a person depart the United States, a license will be required for the export of commodities and software (other than software source code) consistent with the entity’s listing on the Entity List.  In addition, if at the time of the domestic sale or transfer in the United States, the transferor or seller had “knowledge” that the person on the Entity List or the person employed by or representing the organization on the Entity List intended to export the item(s) out of the United States without obtaining BIS authorization, a violation of the EAR under §736.2(b)(10) (General Prohibition Ten) and §764.2(e) may occur.  BIS recommends that exporters exercise a high level of due diligence prior to entering into a transaction with any person on the Entity List, regardless of where that person is located.  Note also that the release outside of the United States of software source code or technology subject to the EAR to a person on the Entity List or a person employed by or representing an organization on the Entity List may require a license or other EAR authorization prior to the “deemed reexport” of that software source code or technology.

Can a U.S. company import items from listed entities?

BIS does not have jurisdiction over the import of items into the United States.  However, you should consult other lists maintained by the U.S. Government, as sanctions or other restrictions may apply to import transactions with the particular listed entity or from that particular country of import.  BIS publishes a consolidated version of all of the U.S. Government lists that may be relevant to your transaction.

Can a listed entity act as my company’s sales agent?

Yes, if you can ensure that the entity acting as your agent does not have access to the item(s) prohibited by the Entity List’s licensing requirements and policies.  Note that BIS recommends that, as a "red flag" is associated with such transactions, you exercise caution and strong oversight if you opt to engage a sales agent that is, or is owned by, a listed entity. Note that the licensing requirements specified on the Entity List will apply if the sales agent has access to the restricted item being exported, reexported or transferred (in-country), including items that the sales agent would, in the normal course of business, use for product demonstrations. Further, you should check other lists maintained by the U.S. Government as sanctions or other restrictions may apply to transactions with the particular listed entity.

Can I purchase items from a company that is listed on the Entity List?

The Bureau of Industry & Security’s jurisdiction is limited to the export, reexport and transfer (in-country) of items subject to the Export Administration Regulations (EAR) and the placement of a person on the Entity List imposes supplemental license requirements and license application review policies on the shipment of items subject to the EAR to that person. Although a person’s inclusion on the Entity List does not create a prohibition on purchases from that person, companies contemplating such purchases should note that BIS suggests that there are red flags on the purchase of U.S.-origin items and other items subject to the EAR from Entity List persons. Companies need to exercise additional due diligence to ensure that the items desired for purchase, should they be U.S. origin or otherwise subject to the EAR, were sent to the company listed on the Entity List with the appropriate authorization. Anyone seeking to purchase items from a company listed on the Entity List should note that the Entity List is made up of entities about whom the United States Government found there to be reasonable cause to believe that the entity has been involved, is involved, or poses a significant risk of being or becoming involved in activities that are contrary to the national security or foreign policy interests of the U.S. government, and those acting on behalf of such entities.

Can a student at a university listed on the Entity List intern at my company?

A student’s enrollment at a university included on the Entity List is a “red flag” which requires exporters undertake an additional level of due diligence before proceeding with any such transaction.  However, a student is not an integral part of the university (e.g., does not have fiduciary duty to from the university in the same manner that as an employee, officer, trustee, or person in a similar position in the university would) in which he/she is enrolled and therefore BIS does not include them in the licensing requirements and policy specific to the university.  With the caveat of the red flag mentioned above, BIS advises exporters to treat exports, reexports, and transfers (in country) to students as shipments to the country of which the student is a citizen.

Can my company enter into collaborative research projects with universities on the Entity List?

Pursuant to §734.8 of the EAR, information resulting from fundamental research is not subject to the EAR.  Therefore, given that the collaboration remains limited to fundamental research, it cannot be subject to the Entity List’s licensing requirements and policies. Any research undertaken that involves the export, reexport, or transfer of an item subject to the EAR and that does not conform to the requirements of § 734.8 of the EAR may, depending on the licensing requirements and policies specified in the Entity List entry, require a license from BIS.

Can my company hire an individual employed by a university on the Entity List while he/she continues to work at the university?

Employees of persons on the Entity List are subject to the licensing requirements and policies specific to their employer.  Therefore, in the case of universities on the Entity List, employees of the universities are subject to the same licensing policy and requirements that the universities are.  This also applies to officers, trustees, and other persons in a similar position with the university.

Can my company hire an individual who used to be employed by a university on the Entity List?

Yes. However, previous employment at any organization on the Entity List carries a “red flag” which requires an additional level of due diligence before proceeding with the hiring process.

Can my company donate items subject to the EAR to a university on the Entity List?

It depends on what your company wants to donate, whether BIS requires a license for the export, reexport, or transfer of that item to the university (as specified in the Entity List entry for the university), and, given that a license is required, whether BIS approves your license application.

What is the relationship of the Entity List to other lists maintained by the U.S. Government?

The Departments of Commerce, State, and the Treasury maintain separate lists for the programs each agency administers because these programs have different purposes and are regulated under different authorities.

BIS maintains three lists:  the Denied Persons List (DPL); the Unverified List; and the Entity List.  The Entity List is described in detail in these FAQs and can be found here

The DPL lists persons that have been denied export privileges; any dealings with persons listed on the DPL that violate the terms of their denial order would be a violation of the EAR.  The DPL can be found here.

The Unverified List is a list of parties that have not cooperated with BIS during post-shipment verification checks.  The presence of a party on the Unverified List in a transaction is a “red flag” that must be resolved before proceeding with the transaction.  The Unverified List can be found here.

The Departments of the Treasury and State maintain other lists that should be consulted before exporting, reexporting, or transferring item(s).  These lists include the Specially Designated Nationals and Blocked Persons (SDN) List, the Debarred List, and the lists of persons subject to Nonproliferation Sanctions.  You can find links to these lists here.

A consolidated version of all of the U.S. Government proscribed parties lists is available here.

What does it mean when BIS incorporates entities into the Entity List by reference?

The Entity List includes restrictions on exports, reexports, or transfers (in-country) to certain persons by reference, meaning that the EAR defines the licensing policy and requirements specific to such persons but does not necessarily include them as individual entries on the Entity List. These persons are designated in or pursuant to Executive Orders or other legal mechanisms. Examples of such persons include but are not limited to Specially Designated Global Terrorists (SDGTs), as referenced in §744.12 of the EAR, and Specially Designated Terrorists (SDTs), as referenced in §744.13 of the EAR.

In incorporating the lists maintained by other U.S. Government (USG) agencies by reference, BIS is clarifying the EAR licensing requirements and policies applicable to the entities on the other USG lists. BIS recommends that exporters, reexporters, or transferors in-country consult the other lists maintained by the USG when exporting, reexporting, and/or transferring (in-country) items since, in many cases, they will not be required to also seek separate authorization from BIS. Note, however, that in some cases an EAR authorization may still be required. See §§ 744.8, 744.12, 744.13, 744.14, 744.18, and 744.22 of the EAR for additional details. In other words, EAR license requirements supplement those of the other USG agencies.

Is the Entity list the same as the Specially Designated Nationals and Blocked Persons (SDN) List?

No. The SDN List is published by the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC). The SDN List has different foreign policy objectives and legal requirements than the Entity List.

Is the Entity List the same as the Denied Persons List?

No. Although both the Denied Persons List (DPL) and the Entity List are administered by the Department of Commerce, they are separate and distinct lists. The DPL includes parties that have been denied export and reexport privileges. In contrast, the Entity List imposes specific license requirements for the export, reexport, or transfer (in-country) of specified items to the persons named on it.

Are hospitals and medical centers of Indian Department of Atomic Energy entities that are on the Entity List included in the entries for those entities?

No. Hospitals and medical centers of Indian Department of Atomic Energy (DAE) entities are not—and were never intended to be--captured by the Entity List. Consequently, hospitals and medical centers of DAE entities are not subject to the Entity List’s licensing requirements. Note that the licensing requirements found elsewhere in the EAR may be applicable to such hospitals and medical centers. Such hospitals and medical centers would also be generally subject to destination-based licensing requirements that apply to India.

Where can I locate the list of Indian nuclear reactors (including power plants) and other nuclear facilities under International Atomic Energy Agency (IAEA) safeguards?

This list is published in the IAEA’s Information Circular titled "Agreement between the Government of India and the International Atomic Energy Agency for the Application of Safeguards to Civilian Nuclear Facilities" (INFCIRC/754), which is available at the IAEA’s website (www.iaea.org). In this document there is an annex (the "List of Facilities Subject to Safeguards Under the Agreement Between the Government of India and The International Atomic Energy Agency for the Application of Safeguards to Civilian Nuclear Facilities") that contains the list of nuclear reactors (including power plants) and fuel fabrication facilities under IAEA safeguards. Please note that this list is updated regularly with the publication of documents titled "Agreement between the Government of India and the International Atomic Energy Agency for the Application of Safeguards to Civilian Nuclear Facilities: Addition to the List of Facilities Subject to Safeguards Under the Agreement" and that these updates are numbered as follows: INFCIRC/754/Add.1, INFCIRC/754/Add.2, INFCIRC/754/Add.3, etc. BIS recommends that exporters check the most recent version of the list on a regular basis by searching the IAEA’s website for "INFCIRC/754". As of November 18, 2013, the most recent version of this document is INFCIRC/754/Add.4.

Validated End User Program FAQs

What is the VEU Program?

The Validated End-User (VEU) program is an innovative trade-facilitating program that enhances high-technology civilian trade between the United States and VEU-eligible countries (currently, China and India).  Use of Authorization VEU reduces the licensing burden on industry by allowing U.S. exporters to ship designated items to pre-approved entities under a general authorization instead of individual export licenses.

 

What is the background and purpose of the VEU Program?

 

Established in 2007, the VEU Program uses a market-based approach to facilitate high-technology trade (see the 2007 rule introducing the VEU program here). The program permits entities in eligible destinations that pass a rigorous interagency review and agree to ongoing compliance obligations to receive, under Authorization VEU, the same items that they could previously receive under individual Commerce Department licenses.

 

Where can I find the list of qualified VEUs?

The list of qualified VEUs is in Supplement No. 7 to Part 748 of the Export Administration Regulations (EAR). The list of qualified VEUs can be accessed here. If you would like to subscribe to BIS’s email notification service that will alert you when BIS publishes rules in the Federal Register, including rules implementing changes to the VEU List, please click here.

Who may apply for the VEU program?

Currently, any entity in an eligible country may apply for the VEU program.  Exporters and reexporters may also apply on behalf of entities in eligible destinations.  Applicants must clearly demonstrate the end-user’s ability to comply with the requirements of the VEU program.  Such requirements include using the items shipped under Authorization VEU for civil end-uses only and the provision of the end-user’s written consent for the U.S. Government to conduct periodic on-site reviews at VEU facilities. 

Applicants can choose which and how many facilities to include in applications for VEU status. Note that a facility authorized to receive items under VEU may not transfer the items imported under its VEU authorization to another location that has not been specifically approved for VEU status, even if that other location is part of the same corporate entity.

 

Can anything be shipped under Authorization VEU?

 

No. Items controlled on the Commerce Control List (Part 774 of the EAR) for missile technology (MT) or crime control (CC) reasons are not eligible to be authorized for shipment under Authorization VEU.  Additionally, items exported under Authorization VEU may not be used for any activities described in Part 744 of the EAR.  Accordingly, asserting that an item is being exported pursuant to Authorization VEU when it is destined for use in any of the activities described in Part 744 would constitute a violation of the EAR.

Further, the items eligible for shipment to each individual VEU are specified in the individual entries found in Supplement No. 7 to Part 748 of the EAR.  These are the only items that may be shipped to the VEU under Authorization VEU.  Note that within any VEU listing, certain items may be authorized for shipment to some but not all of a VEU’s eligible facilities.

 

What items may not be shipped under Authorization VEU?

 

As noted above, only specifically listed, eligible items may be shipped to a VEU pursuant to Authorization VEU.  In accordance with relevant statutory requirements and pursuant to Section 748.15(c) of the EAR, BIS does not authorize items controlled for missile technology (MT) or crime control (CC) reasons under the VEU program.  Additionally, pursuant to Section 748.15(d) of the EAR, items obtained under Authorization VEU may be used only for civil end-uses, and specifically not for any activities described in Part 744 of the EAR. 

Finally, exports, reexports, and transfers (in-country) made under Authorization VEU are allowed only if the items’ end-user is a validated end-user.  VEUs may only: a) use the received items at their approved facility(ies) as listed in Supplement No. 7 to Part 748; b) consume the items during use; and c) transfer or reexport the items only as authorized by BIS.

 

What is the difference between a “Validated End-User” and an “Eligible Destination”?

A “validated end-user” (VEU) is an entity that has been qualified as a participant in the VEU program.  For each VEU, the EAR lists “eligible destinations,” which are the specific facilities of each VEU that are authorized to receive specified eligible items under Authorization VEU.  A VEU may be listed with one or many eligible facilities, but note that VEUs may own or operate facilities that are not eligible destinations.  Facilities owned or operated by VEUs that are not specifically listed as eligible destinations in Supplement No. 7 to Part 748 of the EAR are not eligible to receive items under Authorization VEU.

Is the VEU program right for my organization?

Entities that will benefit the most from participation in the VEU program typically are those that place orders for dual-use items classified on the Commerce Control List, such as chemicals and electronic components, on a regular basis with U.S. exporters.  Generally speaking, qualification as a VEU will be most easily obtained by entities that already maintain export compliance systems and are experienced in complying with U.S. export control laws and regulations.

Why are VEU eligible destinations restricted to China and India?

VEU-eligible destinations are currently limited to China and India while the Bureau of Industry and Security completes implementation of the VEU program.  Once the program is fully implemented, the U.S. Government may decide to make participation in the VEU program available in other countries.

How do organizations apply for VEU?

End-users in eligible destinations can apply directly to the Department of Commerce for VEU authorization status or exporters or reexporters may file applications on behalf of such end-users.  Prospective VEUs must provide detailed information on how they will ensure that they are in compliance the requirements of the VEU program.  Additional information may be requested by the U.S. Government while a VEU application is being reviewed.

Once an end-user applies to be a VEU, the End-User Review Committee, which is a committee composed of representatives from multiple U.S. Government agencies, reviews the application and determines:

  • If the prospective VEU is a reliable recipient of U.S. controlled items.
  • If the prospective VEU meets the VEU criteria.
  • If approved, which of the prospective VEU’s requested facilities would be able to receive which items under Authorization VEU.

BIS has prepared a VEU application template to assist entities requesting VEU authorization.  Additionally, Supplement No. 8 to Part 748 of the EAR outlines the information required in requests for VEU authorization.  Note that the U.S. Government may request additional information from a prospective VEU while a VEU application is being reviewed.

BIS encourages entities to submit draft VEU applications to ERC@bis.doc.gov.  BIS will review and provide comments on the draft application, and also will provide draft applications to the other members of the End-User Review Committee for review and comment, if requested by applicants.

What are the requirements of the VEU program?

Each application for VEU authorization must include an original statement on letterhead, signed and dated by a person who has legal authority to bind the applicant, certifying that the end-user will comply with all VEU requirements.  Furthermore, the letter must state that the end-user:

  • Has been informed of and understands that the item(s) it may receive under authorization VEU will be exported in compliance with the EAR and use or diversion of such items contrary to the EAR is prohibited.
  • Understands and will adhere to all authorization VEU restrictions, including the requirement that items shipped under authorization VEU will only be used for civil end-uses and will not be used for any activities described in Part 744 of the EAR.
  • Will comply with VEU recordkeeping requirements.
  • Agrees to allow on-site reviews by U.S. Government officials to verify the end-user’s compliance with the conditions of the VEU authorization.

What are the compliance requirements of the VEU program?

 

Prospective VEUs must provide written certification to the U.S. Government that the items proposed for receipt under Authorization VEU will be used in accordance with VEU program restrictions, and must provide detailed information to verify compliance with the overall requirements of the VEU program (e.g., an internal compliance plan).  Additionally, VEUs are often required to comply with conditions similar to those found in individual licenses, as well as to submit regular reports on their use of the items received under Authorization VEU to the U.S. Government. 

Entities applying for qualification as a VEU must also agree to allow the U.S. Government to conduct inspections of the facility or facilities in which the U.S. origin items received under Authorization VEU will be used. These inspections are known as “on-site reviews,” and are similar to the “end-use checks” that the U.S. Government routinely conducts at facilities that have imported U.S.-origin items under individual licenses.

 

To what address should VEU applications be submitted?

Requests for authorization will be accepted from exporters, reexporters, or end-users who submit to the following addresses:

The Office of Exporter Services
Bureau of Industry and Security
U.S. Department of Commerce
14th Street and Pennsylvania Avenue, NW
Room 2705
Washington, DC 20230

or

ERC@bis.doc.gov

How long does qualification under Authorization VEU last?

There is no time limit on VEU status.  However, the U.S. Government may amend or revoke a VEU’s status at any time, as circumstances warrant.  The U.S. Government will revoke qualification as a VEU if sufficient information exists to demonstrate that an organization is no longer capable of, or is not complying with, the requirements of the VEU program.  Changes made to the VEU program and published in the Federal Register, such as eligible destination changes or other program-based amendments, might also impact the VEU status of a particular entity.

Do qualified VEUs have to report material changes to BIS? What happens when they do?

Yes, they do, pursuant to §748.15(a)(4) of the EAR.  Once in receipt of information regarding a material change, BIS provides it to the interagency End-User Review Committee for review and discussion.  The End-User Review Committee may decide to revoke or amend VEU authorization based on such reports.

Can a qualified VEU request changes to its VEU authorization?

Yes. VEUs can request amendments to their authorizations at any time.  Such requests should be submitted to BIS and should include a complete explanation of the requested amendment and of the basis for it.

How often is the list of qualified VEUs updated?

The list of qualified VEUs (found in Supplement No. 8 to Part 748 of the EAR) is updated on an as-needed basis to accommodate the qualification of new entities in the VEU program as well as amendments to existing VEU authorizations.

How often does the U.S. Government interact with participants in the VEU program?

During the first three years of the program (2007-2010), the Bureau of Industry and Security interacted on a regular basis with participants in the VEU program.  In addition to e-mail and telephone contact, BIS and certain of its interagency colleagues held meetings with VEUs and visited VEU facilities.

Can Authorization VEU only be used to export items from the United States?

No. Authorization VEU can also be used for the reexport and transfer (in-country) of qualified items from a location outside of the United States to a VEU.

Can I use Authorization VEU to export to an entity whose name is on the VEU list if it is not located at the same address(es) as listed in the EAR?

No. Only the facilities at the addresses specifically listed in Supplement No. 8 to Part 748 of the EAR are eligible end-users for items shipped under Authorization VEU. 

If an item subject to the EAR has been legally shipped to a VEU-eligible country, can it be transferred under authorization VEU within that country to a different eligible destination?

Yes. Authorization VEU is available for export from the United States, reexport, and transfer (in-country) of the items specified for each VEU in the list of “Eligible Items (by ECCN)” found in Supplement No. 8 to Part 748 of the EAR. If the item was legally exported or reexported to an eligible destination and is an “eligible item” for another VEU, it may be transferred within the same country to the other VEU’s eligible facilities under Authorization VEU.

Can I ship items not listed under “Eligible Items” in Supplement No. 7 to Part 748 to a VEU?

No, not under Authorization VEU.  If the item is not an “eligible item,” Authorization VEU is not applicable.  If the item requires a license for export, reexport, or transfer (in-country) to the VEU, such a shipment will require a different kind of authorization (e.g., an individual license or a license exception, if available).  VEUs are only authorized to receive the items that are specifically listed by Export Control Classification Number (ECCN) in Supplement No. 8 to Part 748 of the EAR under Authorization VEU. All other items are subject to standard EAR licensing requirements.

What happens if the EAR requirements on an item that previously was authorized under Authorization VEU are lessened or eliminated?

The guidance in §750.7(i) of the EAR (“Terminating license conditions”) applies to items authorized for shipment under Authorization VEU.  If an item authorized for shipment under Authorization VEU as an “eligible item” no longer requires a license for export, reexport, or transfer (in-country) to VEU eligible destinations as the result of a change to the Commerce Control List (Part 774 of the EAR), then the conditions and limitations of the VEU program and of the VEU’s specific VEU authorization no longer apply to the shipment or to the ongoing use by the VEU of the affected item as of the date of the final publication of the rule implementing the lessening or elimination of export control requirements.

How is the VEU program administered?

The End-User Review Committee (ERC), composed of representatives of the Departments of State, Defense, Energy, and Commerce, and other agencies as appropriate, is responsible for determining whether to add to, to remove from, or otherwise amend the list of VEUs and associated eligible items. The Department of Commerce chairs the ERC.

Can an applicant ask the ERC to reconsider a decision with respect to the prospective VEU at issue? If so, how?

Yes, applicants can ask the ERC to reconsider decisions with respect to the disposition of their own applications, and VEUs may ask the ERC to reconsider decisions with respect to amendments of their own VEU authorizations.  The ERC asks that any such request be made in writing and include information additional to that already provided to the ERC and specific to the basis for the request for reconsideration.

Does the U.S. Government work with the governments of VEU-eligible countries (i.e., China and India) to ensure that those governments support the program?

Yes. The U.S. Government consults on a regular basis with the governments of both China and India.  Prospective VEU applicants should be aware that the governments of VEU-eligible countries may have their own requirements specific to the VEU program and application thereof.