Menu
My apps uses only HTTPS encryption (as I understand all of this correctly, manually I didn't use any encryption in my code)
So which ECCN code should I choose for "Annual Self Classification Report"?
(4) Export Control Classification Number (ECCN), selected from one of the following:
- (i) 5A002
- (ii) 5B002
- (iii) 5D002
- (iv) 5A992
- (v) 5D992
Also what about AUTHORIZATION TYPE - ENC or MMKT?
(5) Encryption authorization type identifier, selected from one of the following, which denote eligibility under License Exception ENC §740.17(b)(1):
- (i) ENC
- (ii) MMKT
711
Typically, the use of encryption that's built into the operating system—for example, when your app makes HTTPS connections using URLSession —is exempt from export documentation upload requirements, whereas the use of proprietary encryption is not.
App Uses Non-Exempt Encryption : No If you are making use of ATS or making a call to HTTPS, you are required to submit a year-end self classification report to the US government. Export laws require that products containing encryption must be properly authorized for export.
Each is designated with an Export Control Classification Number (ECCN): 5A002 -- systems, equipment, hardware components and assemblies. 5D002 -- software.
Contact the manufacturer, producer, or developer of the item you are exporting to see if they have classified their product and can provide you with the ECCN. If they have exported the item in the past, it is likely they have the ECCN.
Some research into the ECCN codes turns up the following link https://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classification-number-eccn
From that I gather that 5Dxxx should the categories (5: Telecommunications and Information security, D: Software).
As for the numbers, this https://www.bis.doc.gov/index.php/component/docman/?task=doc_download&gid=2337 seems to be a good place to look for further information.
Reading that I think 5D992 should be a good ECCN, but I can not say for sure in your specific case. Skim the document and notes through and see what applies best.
As of ENC or MMKT.
License Exception ENC authorizes certain exports, reexports, and transfers (in-country) of items described in paragraph (a) of this section for the internal “development” or “production” of new products by 'private sector end users,' wherever located, that are headquartered in a country listed in supplement no.
While MMKT is Mass MarKeT as far as I've concluded. https://www.federalregister.gov/documents/2010/06/25/2010-15072/encryption-export-controls-revision-of-license-exception-enc-and-mass-market-eligibility-submission
All in all, MMKT should probably be good if you're not yanking with the SSL modules or do anything out of the ordinary.
175
5D992 & MMKT should be fine as you are only using existing https modules.
(But that's just my best guess, no formal advise of any kind!)
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
