A Post-Christmas Miracle – US Streamlines ITAR and EAR
In the midst of the holiday gift exchanges between you and your loved ones, you may have missed the U.S. government’s belated present in the form of a long-overdue reform of International Traffic in Arms Regulations (ITAR).
On December 26, the State Department published an interim final rule amending ITAR to define “activities that are not exports, reexports, re-transfers, or temporary imports,” specifically to clarify that the electronic transmission and storage of properly secured unclassified technical data via foreign communications infrastructure does not count as an export.
The rule – which takes effect March 25 and is open for comments until January 25 – streamlines definitions with the Export Administration Regulations (EAR). Specifically, it harmonizes the end-to-end encryption carve-out to redefine this information as an export while meeting certain conditions.
The ITAR interim final rule also creates a standard for encrypted transmissions using alternative security methods. Under EAR and ITAR, the onus remains on the sender to ensure the security means used are effective in which the company operates, otherwise the transmissions could be treated as exports.
Also, the use of end-to-end encryption would not necessarily trigger registration requirements. Sending or taking the technical data outside the U.S. in a manner that meets the requirements of the encryption carve-out would not be an export.
Even when the feds attempt to simplify one of their many regulations, it is a heavy burden for your organization to tackle on its own. To make sure you’re compliant with ITAR, partner with 2W Tech. We have a Cybersecurity Compliance Program that is designed to support our clients’ compliance obligations. Call us today to get started.