August 1, 2022 is the deadline for submitting semiannual reports for certain encryption items exported or re-exported between January 1 and June 30, 2022, pursuant to paragraphs (b)(2) and (b)(3)(iii) of License Exception ENC (15 CFR 740.17). The encryption items subject to the semiannual reporting requirement include:

  • Certain network infrastructure items.
  • Certain encryption source code that is not publicly available.
  • Items that have been specifically designed, modified, adapted or customized for “government end users.”
  • Commodities and software for quantum cryptography.
  • Cryptanalytic items and items with an open cryptographic interface.
  • Commodities and software that provide penetration capabilities capable of attacking, denying, disrupting, or otherwise impairing the use of cyber infrastructure or networks.
  • Items that perform advanced network vulnerability or digital forensics analysis.
  • Encryption technology classified under Export Control Classification Number (ECCN) 5E002.

The semiannual reporting requirement does not apply to encryption items authorized for export under paragraph (b)(1) of License Exception ENC, including mass market products classified under ECCN 5A992 or 5D992.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.