The Commerce Department’s Bureau of Industry and Security (BIS) has released an interim final rule, establishing controls on the export, reexport, o

U.S. Department of Commerce

submited by
Style Pass
2021-10-20 18:30:09

The Commerce Department’s Bureau of Industry and Security (BIS) has released an interim final rule, establishing controls on the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities.  The rule also creates a new License Exception Authorized Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on U.S. industry and the cybersecurity community. 

License Exception ACE would allow the export, reexport and transfer (in-country) of ‘cybersecurity items’ to most destinations, while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern.  In addition, countries subject to a U.S. arms embargo will require a license.

While allowing certain exclusions, restricted end users targeted by this interim final rule would include a ‘government end user,’ as defined in § 740.22 of the EAR, of countries of concern for national security reasons or those subject to an arms embargo. Furthermore, the License Exception ACE would impose an end-use restriction in circumstances where the exporter, re-exporter, or transferor knows or has reason to know at the time of export, reexport, or transfer (in-country), including a deemed export or reexport, that the ‘cybersecurity item’ will be used to affect the confidentiality, integrity or availability of information or information systems, without authorization by the owner, operator or administrator of the information system (including the information and processes within such systems).

Leave a Comment