The U.S. Department of Commerce’s Bureau of Industry & Security (BIS) has recently published an Interim Final Rule on October 21, 2021, dealing with export controls for cybersecurity items
The new Rule amends the Export Administration Regulations (EAR) and creates new licensing requirements for the export or transfer of cybersecurity items to non‑U.S. persons. The reason behind the strengthening of the controls is the fact that these cyber tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.
More specifically, the Rule: 1) establishes a new control on cyber items for National Security (NS) and Anti-terrorism (AT) reasons; 2) creates new Export Control Classification Numbers (ECCNs) on the Commerce Control List: ECCNs 4A005 and 4D004 are added, as well as a new paragraph 4E001.c.; and 3) introduces a new License Exception Authorized Cybersecurity Exports (ACE). The latter allows the export, reexport and transfer of `cybersecurity items' to most destinations, except to destinations listed in Country Groups E:1 and E:2 of supplement no. 1 to part 740 (Cuba, Iran, North Korea, and Syria). The Interim Final Rule will be effective from January 19, 2022.
Source: U.S. Federal Register