Encryption Exports – Annual Self-Classification Reports Due February 1, 2021

International Trade Update

Date: January 05, 2021

Key Notes:

  • Many products and software that use encryption are eligible for export without a license under U.S. export controls if certain requirements are followed.
  • Mass market and other items described under License Exception ENC may be exported without a license if the exporter either: (1) confirms the product’s classification through BIS’s Commodity Classification Automated Tracking System (CCATS) or (2) if self-classified, submits an annual report on February 1 of each calendar year.
  • Apps and software available for download internationally or provided to non-U.S. parties are considered exported software.

Background on License Exception ENC

Category 5, Part 2 of the Commerce Control List describes several common “mass-market” items. This includes apps and other software that use standard encryption as well as IoT devices and a broad range of other commercial products. The Export Administration Regulations (“EAR”) release many of these mass-market and other less-sensitive items from export licensing requirements, which may require that some steps be taken by the exporter.

License Exception ENC describes the situations in which items otherwise controlled under Category 5, Part 2 may be exported without a license. See BIS Encryption and the EAR for general guidance. This briefing focused on items described under License Exception ENC (b)(1) (i.e., 15 C.F.R. § 740.17(b)(1)) which are considered less sensitive.  Depending on the level of encryption, this may include wireless local area network software and equipment (WLAN), certain disk/drive encryption devices, and many mass market consumer and mobile app items.

Exporters may export items described under License Exception ENC (b)(1) without a license but are required to take either of two additional steps:

  1. They may self-classify their items as eligible and submit an annual self-classification report. This annual report must be submitted to the Department of Commerce’s Bureau of Industry and Security (BIS) by February 1, 2021. It must provide details on encryption commodities, software and components exported or reexported during the 2020 calendar year (i.e., January 1, 2020 through December 31, 2020).

  2. They may choose to obtain a CCATS for their items and are then no longer required to submit the annual report.

Annual Self-Classification Reporting Requirements

An encryption self-classification report must include the information outlined in Supplement No. 8 to 15 C.F.R. Part 742

BIS requires that each identified product be reported as it is typically distinguished in inventory, catalogs, marketing brochures and other promotional materials. Volume and details of actual exports are not required to be included in the report.

If no information has changed since the previous annual report, exporters must still send an email stating that nothing has changed since the previous report; or submit a copy of the previous report. No self-classification report is required if no exports or reexports of covered encryption items occurred during the calendar year.

Where to Report

The annual self-classification reports must be sent to both BIS and the ENC Encryption Request Coordinator via email or regular mail.

  • Submission via Email: Submissions via email should be sent to BIS at crypt-supp8@bis.doc.gov and to the ENC Encryption Request Coordinator at enc@nsa.gov. The report should be submitted as an attachment with the subject line of the email stating: “Self-classification report for ERN R######”, using the exporter’s most recent ERN that corresponds to the encryption self-classification report.
  • Submission via Regular Mail: While email is preferred, parties may submit their annual reports on disks or CDs via regular mail to both BIS and the ENC Encryption Request Coordinator. The mailing address for BIS is:  Department of Commerce, Bureau of Industry and Security, Office of National Security and Technology Transfer Controls, 14th Street and Pennsylvania Ave., NW., Room 2099B, Washington, DC 20230, Attn: Encryption Reports. The mailing address for the ENC Coordinator is: ENC Encryption Request Coordinator, 9800 Savage Road, Suite 6940, Ft. Meade, MD 20755-6000. 

If you have questions as to whether you are subject to the self-classification reporting requirements or need assistance in preparing and filing your annual self-classification report, please contact a member of our team.

Francesca M.S. Guerrero
Partner, International Trade

Samir D. Varma
Partner, International Trade

Joyce Rodriguez
Associate, International Trade

Scott E. Diamond*
Senior Legislative & Regulatory Policy Advisor,
International Trade
*Not licensed to practice law

This advisory bulletin may be reproduced, in whole or in part, with the prior permission of Thompson Hine LLP and acknowledgment of its source and copyright. This publication is intended to inform clients about legal matters of current interest. It is not intended as legal advice. Readers should not act upon the information contained in it without professional counsel. This document may be considered attorney advertising in some jurisdictions.