In our global economy access to information and technology is becoming more and more common. There are so many benefits stemming from globalization however IT security could be a major concern. It is vital for companies to make sure information is accessed only by authorized individuals. The Bureau of Industry and Security (BIS) creates the encryption provisions of the Export Administration Regulations (EAR). EAR regulate the export of “dual-use” items. “Dual-use” items include goods and related technology, including technical data and technical assistance designed for commercial purposes, but which could also have military applications, such as computers, aircraft, and pathogens.
The BIS constantly updates many items from control as encryption items. They also reduce or eliminate the review and reporting requirements for many more items that remain controlled as encryption items.
The basis for any export control is how the product is classified.
Category 5, Part 2 of the Commerce Control List (CCL) in the EAR
If the product is classified under category ‘5’ and part ‘2’ then the goods in question belong under the encryption category. There are other rules like whether products subjected to medical end use, cryptography which controls whether we need an export license to ship the product. At the same time not every technology product related to encryption requires a license since companies can avail license exception ENC. According to BIS, the following two rules should be followed before license exception ENC can be applied:
1) Technology for “non-standard cryptography”. Encryption technology classified under ECCN 5E002 for “non-standard cryptography”, to any end-user located or headquartered in a country listed in Supplement No. 3 to this part;
2) Other technology. Encryption technology classified under ECCN 5E002 except technology for “cryptanalytic items”, “non-standard cryptography” or any “open cryptographic interface,” to any non-“government end-user” located in a country not listed in Country Group D:1 or E:1 of Supplement No. 1 to part 740 of the EAR.”
As we can see, there are numerous rules BIS mandates as well as revises periodically making it very difficult to keep track. With such rules, a system like SAP GTS is required in order to keep track of these rules by ensuring companies are compliant as well as able to automate the whole license screening process.