Export Controls: ITAR and EAR Related Developments

Court Ordered Injunction Affecting January 2020 Revisions to USML Categories I, II, and III

On January 23, 2020, the Department of State published a final rule that amends the International Traffic in Arms Regulations ("ITAR") to revise Categories I, II, and III of the U.S. Munitions List ("USML") and removes items that no longer warrant control. Categories I, II, and III cover most firearms, ammunition, components, and accessories. Specifically, the final rules transfer certain firearms, including non-automatic and semi-automatic firearms up to .50 caliber inclusive, certain ammunition, parts, accessories and attachments from the USML to the Department of Commerce's Commerce Control List ("CCL") under the Export Administration Regulations ("EAR"). On the same day the Department of State published its final rule, the Department of Commerce published a companion final rule that makes changes to the EAR to control the items removed from the USML.

Following the rollout of the final rules, 21 states filed a lawsuit in the U.S. District Court for the Western District of Washington (Cause No. 2:20-cv-00111) seeking a court order to prohibit the Departments of State and Commerce from implementing or enforcing final rules. In their complaint, the states argued that the final rules "will remove technical data related to 3D-printed firearms, including software and technology for the production of a firearm and firearm parts from the [USML]" and "transfer them to the Commerce Department's jurisdiction, where they will be exempt from any meaningful regulation and no longer subject to direct Congressional oversight." The states also argued that the resulting effect would be to allow blueprints for the 3D-printed firearms to be posted to the internet leading to the production of unregistered and untraceable assault-style weapons.

On March 6, 2020, a federal district court granted a preliminary injunction enjoining the Department of State "from implementing or enforcing the regulation entitled International Traffic In Arms Regulations: US. Munitions List Categories I, II, and III 85 Fed. Reg. 3819 (Jan. 23, 2020) insofar as it alters the status quo restrictions on technical data and software directly related to the production of firearm and firearm parts using a 3D-printer or similar equipment." The effect of the order is that it maintains on the USML "technical data and software directly related to the production of firearm and firearm parts using a 3D-printer or similar equipment." All other aspects of the Department of State's final rule and Department of Commerce's companion final rule took effect on March 9, 2020. The Transition Guidance issued on January 23, 2020 pertaining to the revisions to USML Categories I, II, and III remains applicable to all items that are transferring to the Department of Commerce's jurisdiction pursuant to final rules.

New ITAR Encryption Rule Takes Effect

On March 25, 2020, the Department of State announced that an interim final rule regarding end-to-end encryption was taking effect. The Encryption Rule "clarifies and streamlines the [ITAR] and creates new efficiencies for the exporting and importing communities by supporting the secure storage and transmission of technical data via the Internet and cloud networks." Under the new rule, unclassified technical data secured using end-to-end encryption as prescribed by the ITAR is no longer considered an "export" when transmitted outside of the U.S., so long as it is not sent to a person in or stored in countries subject to restrictions under ITAR § 126.1 or the Russian Federation, and not sent from a § 126.1 country or the Russian Federation. See the DDTC's "Encryption Handout" made available on its March 25, 2020 alert for additional information.

Importantly, the new rule does not apply to classified technical data, no matter the type of encryption used. DDTC will not require senders of the unclassified technical data covered by the new rule to request a license in order to send access information to a foreign person so that they can access the technical data. The actual access of the technical data in an unencrypted from, however, will constitute a controlled event under the ITAR requiring an appropriate license, agreement or applicable exemption for the export of that technical data to a foreign person. Senders of the unclassified technical data must ensure that the data is "secured using FIPS 140-2 standard in accordance with National Institute and Technology guidance, or by other methods that are at least comparable to the minimum AES 128 bits security strength."

Whether a sender’s transmission complies with the Encryption Rule is a fact-intensive determination, and, among other things, the sender must carefully assess whether the encryption used satisfies the standard referenced in the rule.

Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their