EU Export Regulations for Dual Purpose Goods
Aug 31, 2011 QuickCounsel Download PDF
By John Menton, Arthur Cox, Ireland Maury Shenk and David Lorello, Steptoe & Johnson, London Joseph A. Vicario, Senior Counsel,Texas Instruments
The European Union, like most countries/jurisdictions, has a variety of regulations governing the export of certain products and technologies. Broadly speaking these regulations control:
EU dual-use controls apply to any transfer of a dual-use item from the EU to a destination outside the EU. Controls do not apply to shipments between EU member states (with limited exceptions for certain highly sensitive items – e.g. some explosives, sonar equipment, and "cryptanalytic" items used for breaking encryption). The method of transport outside of the EU does not matter in determining whether an "export" has taken place. For example, physical shipment, regular mail, delivery by hand, downloading software from an Internet site, and transmission of software or technology via e-mail can all constitute an export from the EU. Likewise, controls generally apply regardless of the purpose for export – temporary exports (i.e. of items that will return to the EU), gifts, contributions to research projects, shipments to a subsidiary outside the EU --all of these can constitute an export which may be subject to EU export controls. However, unlike under U.S. law, there is no general "deemed export" rule prohibiting transfer of technology within the EU to nationals of non-EU countries.
The Community General Export Authorization is an export authorization for dual-use goods that is included in the Dual-Use Regulation, and covers most exports to Australia, Canada, Japan, New Zealand, Norway, Switzerland and the U.S.In order to use the CGEA, an exporter usually must register with the national export regulator. In Ireland, for example, an exporter, once registered with the regulator, simply notifies the regulator in writing of his/her name and the address where the export records may be inspected and the notification must be made before, or within thirty days of, the first such export. Additional conditions for use of the CGEA are specified within the authorisation itself. Companies should check local member state requirements for the CGEA.
Mass Market/Retail Exemption
EU dual-use export controls apply to encryption products, but include an exemption for exports of "mass market" items under the Cryptography Note included in the Dual-Use Regulation. Under the Cryptography Note the export controls set out in 5A002 and 5D002 of the EU control list do not apply to exports of goods or software that meet all of the following:
For exports of dual-use items that are not within the CGEA, the Cryptography Note or another exception from controls, an appropriate export licence from the relevant EU regulator is generally required (any may not be available if an embargo applies). There are three types of licences:
In general, U.S. companies should expect that goods subject to U.S.dual-use export controls will be subject to similar EU dual-use controls when exported from the EU. But there are important exceptions. For example, EU exports of non-mass market encryption products (i.e. those not meeting the requirements of the Cryptography Note) having a USECCN of 5A002 and 5D002 generally require an export licence (unless the CGEA or a general licence applies). A common pitfall that we have encountered, particularly since the liberalisation of U.S. encryption controls in 2010, is that such products can often be exported from the U.S. under License Exception ENC of the U.S. Export Administration Regulations, with limited filing requirements. However, there is no comparable broad exception applicable under EU law, so that significant EU licensing requirements can sometimes apply to such encryption products that have largely been freed from U.S. controls. In many cases this has proven to be been a hidden "trap" for companies that have (wrongly) assumed that the fact that a U.S. export licence is not required for a particular category of export from the U.S.means that an EU export licence is not required either.
U.S. companies that discover violations of EU export controls frequently have questions about voluntary disclosure procedures like those under the US Export Administration Regulations. In fact, EU member states generally do not have explicit voluntary disclosure procedures, although some countries, such as the UK, do have judicial policies to mitigate penalties for companies that cooperate with investigations, including by a voluntary disclosure. Accordingly, when facing a compliance situation, it is advisable for the affected company to seek advice in the relevant EU member state on whether and how to approach national authorities.
U.S. companies that export goods from the EU should ensure that their export compliance procedures, policies, training, software and personnel are updated to take account of both U.S. and EU export controls. EU dual-use export rules are implemented on a country-by-country basis, and the practical procedures can differ slightly between the various regulators in the EU. In particular, U.S.-origin non-mass market 5A002 and 5D002 encryption products should be reviewed carefully in the EU context to determine if an EU-based subsidiary may require an export license in the EU.
Additional ACC Resources
ACC Resource Library - Article
Top Ten - EU Data Transfers: Comparing the Proposed Privacy Shield to the Standard Contractual Clauses
ACC Resource Library - Top Ten - Sponsored by Arent Fox LLP
Requirements to Sell, Manufacture or Commercialize Transgenics, Insecticides, Pesticides, Herbicides and Rodenticides Global Practice Guide
ACC Resource Library - Primer
ACC Resource Library - Article
Have an idea for a quickcounsel or interested in writing one?
This resource is sponsored by:
Table of Contents