On October 21, 2021, in an interim final rule, the Department of Commerce’s Bureau of Industry and Security (BIS) announced new export controls related to cybersecurity. BIS is establishing a new control on cybersecurity items for National Security and Anti-terrorism reasons as well as a “new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in the circumstances described.”
New Export Control Classification Numbers (ECCNs) will also be added, including:
- 4A005: “Systems,” “equipment,” and “components” therefor, “specially designed” or modified for the generation, command and control, or delivery of “intrusion software”;
- 4D004: “Software” “specially designed” or modified for the generation, command and control, or delivery of “intrusion software”; and
- 4E001.c: “Technology” for the “development” of “intrusion software.”
BIS is seeking comments on the outlined changes through December 6, 2021. The interim final rule is effective January 19, 2022.
Details on comment submission can be found in the interim final rule here:
