Finalizing changes to License Exemption ACE, The Commerce Department’s Bureau of Industry and Security (BIS) has made corresponding changes in the definition section of the Export Administration Regulations (EAR) due to comments made by the public to an October 21, 2021 interim rule that will take effect May 26th of this year.
The final rule “establishes a new control on certain cybersecurity items for National Security (NS) and Anti-Terrorism (AT) reasons, as well as adding a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in certain circumstances.” Warranting controls of these items, the BIS is making these changes because these tools could be used for surveillance, espionage, or other actions that disrupt, deny, or degrade the network devices. It will also correct the Export Control Classification Number (ECCN) 5D001 in the Commerce Control List (CCL).
Public comments on the October 21 rule stated that the new 5A001.j entry was complex and because of that created compliance difficulties. One commenter asked whether it would control cybersecurity incident detection and monitoring software, while another commenter stated systems have numerous components, all of which will need examining under the new entry.
In response to all this, BIS is preparing additional information and guidance through Frequently Asked Questions (or FAQs) on 5A001.j to clarify any misinterpretations that may occur. Not expecting it to control a large number of products, BIS believes all of 5A001.j issues can be addressed in the FAQs.
Many comments from the public are what pushed this change in the rule through to clarify and modify it to better fit the needs of the public. While there were many comments from many voices, the main changes can be found here. For more clarification on what is going on with the final rule, please feel free to contact your Sobel representative today as we can help you navigate the changes and how they will affect you.
