On October 20th, BIS released an interim rule which enhanced controls on certain Cyber Security items that can be used for malicious cyber activities.
While allowing certain exclusions, restricted end users targeted by this interim final rule would include a ‘government end user,’ as defined in § 740.22 of the EAR, of countries of concern for national security reasons or those subject to an arms embargo. Furthermore, the License Exception ACE would impose an end-use restriction in circumstances where the exporter, re-exporter, or transferor knows or has reason to know at the time of export, reexport, or transfer (in-country), including a deemed export or reexport, that the ‘cybersecurity item’ will be used to affect the confidentiality, integrity or availability of information or information systems, without authorization by the owner, operator or administrator of the information system (including the information and processes within such systems).
License Exception ACE would allow the export, reexport and transfer (in-country) of ‘cybersecurity items’ to most destinations, while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern. In addition, countries subject to a U.S. arms embargo will require a license.
For full interim rule, please see: https://www.federalregister.gov/documents/2021/10/21/2021-22945/30-day-notice-for-iaf-solicitation-related-to-consultation-with-iaf-indigenous-grantees-and-tribal
This Blog is made available by Wilmarth & Associates for educational purposes as well as to give you general information and a general understanding of export law and compliance, not to provide specific legal advice. This blog is not legal advice and should not be treated as such. You must not rely on this blog as an alternative to legal advice from your attorney or other professional legal services provider. The information provided on this website is presented “as is” without any representations or warranties, express or implied.
