License Exception ENC
740.17(b)(2)
Items described in 740.17(b)(2) require a classification request to be eligible for license exception ENC, as well as semi-annual sales reporting. See here for the semi-annual sales reporting requirements.
Items described in 740.17(b)(2) include:
– 'Network infrastructure' items as described in 740.17(b)(2)(i)(A).
– Encryption source code that is not publicly available.
– Commodities, software, and components that have been designed, modified, adapted or customized for "government end-user(s)".
– Certain customized items, including:
•Items that are designed, modified, adapted, or customized for "government end-users"; or
•Items where the encryption functionality is designed or modified for a particular customer or can be easily changed by the user.
– Commodities and software for quantum cryptography.
– Commodities and software that provide penetration capabilities that are capable of attacking, denying, disrupting or otherwise impairing the use of cyber infrastructure or networks.
- Public safety/first responder radio (P25 or TETRA).
– Items described in 5A002.d and e., and related software.
– Cryptanalytic items under 5A004.
– "Open Cryptographic Interface" items.
– Encryption technology classified under ECCN 5E002.
After an encryption classification has been submitted, all items under 740.17(b)(2), except cryptanalytic items, may be immediately exported to countries listed in Supplement No. 3 to Part 740. Cryptanalytic items may be immediately exported only to non-"government end-users" in the Supplement 3 countries.
There is a 30-day wait while the encryption classification is pending before exports of (b)(2) items may be made outside of the countries listed in Supplement No. 3 to Part 740.
The authorization for items under 740.17(b)(2) at the end of the 30-day wait vary depending on the product. The table below summarizes the different authorizations available:
Item Description |
740.17 Subsection |
End-User Authorization |
Submission Requirements |
'Network Infrastructure' items |
(b)(2)(i)(A) |
All Supp. 3 end-users, "Less-sensitive government end-users", and non-gov end-users outside the Supp. 3 countries except E:1 and E:2
|
|
Encryption source code, customized items, quantum crypto, network penetration tools, public safety radios, ultra- wideband and spread- spectrum items |
(b)(2)(i)(B)-(H) |
All Supp. 3 end-users and non-gov end-users outside the Supp. 3 countries except E:1 and E:2 |
|
Cryptanalytic commodities and software |
(b)(2)(ii) |
All non-gov end-users except E:1 and E:2 |
|
"Open Cryptographic Interface (OCI) items (including OCI technology) |
(b)(2)(iii) |
All Supp. 3 end-users |
|
Cryptanalytic technology |
Note to paragraph (b)(2 introductory text) |
All non-gov end-users in the Supp. 3 countries |
|
Technology for "non- standard cryptography" |
(b)(2)(iv)(A) |
All Supp. 3 end-users |
|
'Other' technology |
(b)(2)(iv)(B) |
All Supp. 3 end-users and non-gov end-users outside of D:1, E:1, and E:2 |