14

My apps uses only HTTPS encryption (as I understand all of this correctly, manually I didn't use any encryption in my code)

So which ECCN code should I choose for "Annual Self Classification Report"?

(4) Export Control Classification Number (ECCN), selected from one of the following:

  • (i) 5A002
  • (ii) 5B002
  • (iii) 5D002
  • (iv) 5A992
  • (v) 5D992

Also what about AUTHORIZATION TYPE - ENC or MMKT?

(5) Encryption authorization type identifier, selected from one of the following, which denote eligibility under License Exception ENC §740.17(b)(1):

  • (i) ENC
  • (ii) MMKT
user924
  • 8,146
  • 7
  • 57
  • 139
  • 1
    I'm researching this as well. I believe the 'A' in those codes indicates hardware and the 'B' indicates test equipment. I am leaning towards 5D992 based on this post: https://www.altova.com/blog/ern-registration-for-ssl-use-in-mobile-apps/ And also the sample spreadsheet from BIS uses 5D992 for their sample app: https://www.bis.doc.gov/index.php/licensing/red-flag-indicators/223-new-encryption/1238-how-to-file-an-annual-self-classification-report – Andrew Garrison Jul 26 '19 at 21:13
  • see related post here https://stackoverflow.com/questions/2128927/using-ssl-in-an-iphone-app-export-compliance – Ossip May 21 '20 at 22:37

2 Answers2

6

Some research into the ECCN codes turns up the following link https://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classification-number-eccn

From that I gather that 5Dxxx should the categories (5: Telecommunications and Information security, D: Software).

As for the numbers, this https://www.bis.doc.gov/index.php/component/docman/?task=doc_download&gid=2337 seems to be a good place to look for further information.

Reading that I think 5D992 should be a good ECCN, but I can not say for sure in your specific case. Skim the document and notes through and see what applies best.

As of ENC or MMKT.

License Exception ENC authorizes certain exports, reexports, and transfers (in-country) of items described in paragraph (a) of this section for the internal “development” or “production” of new products by 'private sector end users,' wherever located, that are headquartered in a country listed in supplement no.

While MMKT is Mass MarKeT as far as I've concluded. https://www.federalregister.gov/documents/2010/06/25/2010-15072/encryption-export-controls-revision-of-license-exception-enc-and-mass-market-eligibility-submission

All in all, MMKT should probably be good if you're not yanking with the SSL modules or do anything out of the ordinary.

Mattias
  • 740
  • 10
  • 19
5

5D992 & MMKT should be fine as you are only using existing https modules.

(But that's just my best guess, no formal advise of any kind!)

Ossip
  • 1,046
  • 8
  • 20