The US Department of Commerce’s Bureau of Industry and Security (BIS) released an interim
The US Department of Commerce’s Bureau of Industry and Security (BIS) released an interim final rule adding cybersecurity technologies to the Export Administration Regulations (EAR).
The EAR limits export and reexports of listed technology, products, and raw material, typically for national security reasons. In this case, the cybersecurity technologies in question are being added because of their use in surveillance and espionage.
The new rule released by the BIS establishes a general license for domestic transfers of cybersecurity technology, provided it is not listed for surreptitious listening. Moreover, the license excludes exports where the end-user is a foreign government. As a result, this regulation would restrict the ability of US companies to sell surveillance equipment to foreign governments.
The EAR restricts technology listed on the Commerce Control List (CCL) from being exported or reexported to certain countries. For example, nuclear material and chemical and biological weapons generally require a license for export regardless of the country of origin. Goods that are under the jurisdiction of BIS that do not have a specific classification only require a license if they are being exported to an embargoed country, such as Iran. The EAR is broadly applicable; it applies to any good in the United States, any foreign product that contains US products or materials, or any foreign product that is bundled with US products or materials.