Export Control Reform Strikes Again
The U.S. Bureau of Industry and Security revised almost every section of the U.S. Export Administration Regulations (EAR) on Sept. 20, 2016. The fairly significant changes impact most U.S. companies. Here's what you need to know.
Although you may not sell product that would be defined as hardware, software, or technology under the EAR, you likely use telecommunications and information security hardware, software, or technology to support your business.
These export shipments are often urgent to support a business activity. Whether the item is a server, router, switch, security appliance, test equipment, manufacturing equipment, or software, the item was, and is, controlled under the U.S. Export Administration Regulations. The challenge is understanding the new rules. Here's an overview of key changes:
- The Commerce Control List—Category 5 Part 2 Telecommunications and Information Security previously was only for items with encryption. Now there are three subsections:
- Cryptographic information security.
- Non-cryptographic information security—New Export Control Classification Number (ECCN) 5A003.
- Defeating, weakening, or bypassing information security—New ECCN 5A004.
- ECCNs 5A992/5D992 a and b, as well as 5E992.a, were removed.
- Keeps "mass market" ECCNs 5A992/5D992.c and 5E992.b.
- Changes to license exception ENC, TSU, TMP with increased use of license exception ENC, instead of licensing, for certain encryption products and end users.
- New definition of "more sensitive government end users" and "less-sensitive government end users."
Ensure your organization conducts a review of these changes. Include the hardware, software, and technology that you may export as part of that review, along with the end users/end use, and take appropriate related steps. You may have items currently pending fulfillment that are impacted.
There are several steps you can take to ensure compliance with these new regulations, including:
- Conduct an ECCN review.
- Update product classifications.
- Keep systems where the ECCN classifications are stored—so they are printed on export documents and used for reporting—up to date. Don't check only your ERP system, but also your customer relationship management system, transportation management system, global trade management system, and shipping systems (FedEx, UPS, DHL).
- Evaluate active export licenses and check them against pending shipments. Determine if a license exception now applies. Again, update all systems from order/request to shipment to reflect any changes. There are cases where licenses will need to be inactivated, and a license exception or EAR99, the basket designation, may apply.
- Make sure your company is prepared for annual reporting on Feb. 1, 2017 and semi-annual encryption reporting on Feb. 1, 2017 and Aug. 1, 2017 with the new information.
- U.S. exporters have an affirmative obligation to review the facts surrounding export transactions. Identify now who within your company has global trade compliance as their largest responsibility. Work with them to understand your role and responsibilities related to trade compliance.
- Seek out export compliance related training. Locate related policies and procedures on your intranet, and read the sections of your Export Management and Control Program Manual that relate to your function. Integrate yourself and your function into the process to ensure compliance with the EAR.