navbar
provisos.gif - 6552 Bytes
guestbar

Export Compliance User Guide
FAQ


TABLE OF CONTENTS

  1. Overview of the regulations
  2. Encryption
  3. Frequently Asked Questions
  4. Urls of interest
  5. Definition of terms

1- OVERVIEW OF THE EXPORT REGULATIONS

Cisco has obtained the authority to deliver restricted encryption solutions to a wide variety of end-users and destinations without having to apply for individual export licenses. Cisco's restricted and non-restricted solutions have undergone a one time review by the U.S. government and qualify for license exception "ENC" (15 CFR Part 740.17). Cisco's mass market solutions have undergone a one time review by the U.S. government and qualify for license exception NLR.

CIVILIAN - RESTRICTED ENCRYPTION AND UNRESTRICTED
Cisco may deliver Cisco strong encryption solutions to civilian/commercial end-users located in all territories except the following without first obtaining a U.S. export license - Cuba, Iran, North Korea, Sudan and Syria.

GOVERNMENT - RESTRICTED ENCRYPTION
Government entities not located in the countries listed below would require US export license in order to obtain restricted encryption items. Please see Cisco's license application at http://www.cisco.com/wwl/export/forms/form_license.html .

Austria, Australia, Belgium, Canada, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.

Before completing a license application please ensure the end user does not qualify under one of the license exemption categories at the following URL -
http://www.cisco.com/wwl/export/crypto/tool/government.html

CIVILIAN or GOVERNMENT – (64 BIT OR LESS)
64 bit or less encryption may be delivered to government, civilian, military and commercial end users around the world except to entities or end users in the following countries - Cuba , Iran , North Korea , Sudan and Syria .

DELIVERY, IMPORT, AND USE
Delivery of Cisco cryptographic products does not imply third-party authority to import, distribute or use restricted and non-restricted encryption.

  • Importers, distributors, customers and users are responsible for compliance with U.S. and local country export laws and regulations.
  • Cisco strongly recommends that importers, distributors, and users investigate such regulations prior to encryption product deployment.
  • Cisco encourages customers to contact their local freight forwarder, consultant or an attorney with knowledge of international export requirements.
  • Cisco refrains from coaching customers regarding international requirements due to liability issues.

Export Control laws prohibit persons and corporations from pursuing transactions where there is knowledge or a reason to believe that a violation of such laws may occur.

All personnel involved in transaction screening have a duty to investigate further when it is known, evident or implied, that the product is destined for use by a government, military, military industrial complex or by any sanctioned entity or in a sanctioned territory.

Personnel and partners have a duty to resolve abnormal circumstances in a transaction that indicate that the export may be destined for an inappropriate end-use, end-user, or destination.

Personnel may seek counsel and report unresolved activities to Regulatory Affairs by sending email to reg_affairs@cisco.com.

Back to the top

2 - ENCRYPTION

What is “Restricted Encryption?

Restricted encryption is encryption with a symmetric key length greater than 64-bits such as AES or 3DES. Products implementing strong encryption for data security are required to have been reviewed by the U.S. Department of Commerce and the U.S. National Security Agency prior to initial export outside the U.S.

What about encryption that is 64-bits or less?

Products that use encryption with a symmetric key of 64 bits or less are not controlled by the U.S. government for encryption reasons and may be export ed to all but those countries that are subject to embargo by the U.S. government.

What are Mass Market products?

Mass Market is defined under US 15CFR774 Supplement No. 1 Cryptography Note (Note 3) to Part II of Category 5 of the Commerce Control List.

It categorizes products as Mass Market that are:

a. Generally available to the public by being sold, without restriction, from stock at retail selling points by means of any of the following:

1. Over-the-counter transactions;
2. Mail order transactions;
3. Electronic transactions; or
4. Telephone call transactions;

b. The cryptographic functionality cannot be easily changed by the user;

c. Designed for installation by the user without further substantial support by the supplier; and

d. When necessary, details of the items are accessible and will be provided, upon request, to the appropriate authority in the exporter's country in order to ascertain compliance with conditions described in paragraphs (a) through (c) of this note.

What ISR platforms fall under Mass Market?

No Integrated Services Routers are designated as Mass Market products. Mass Market products are those …… and include products such as Linksys. Please visit the Cisco Encryption Sales Tool Quick Reference Guide for updates on which products are in this category.

What is Unrestricted (Retail)?

Commodities, Software, or Components (chips, ICs, some toolkits, some SDKs, some software modules) which do not meet the criteria of Restricted and are also not eligible for Mass-Market classification under the US regulations. This frequently includes products that use encryption solely for securing network management data. It also includes products that encrypt network traffic but do not meet the speed, concurrent tunnel, or air-coverage thresholds for Restricted items.

A list of product families that have been classified as Unrestricted can be viewed at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Which ISR platforms fall under Unrestricted (Retail)?

Cisco 8xx, Cisco 18xx, and Cisco 28xx Routers are all currently in the Unrestricted category. Please visit the Cisco Encryption Sales Tool Quick Reference Guide for updates on which products are in this category.

What encryption is available under Unrestricted (Retail)?

The Integrated Services Routers support DES, 3DES and AES encryption. Most of the ISRs are listed in the unrestricted export category. It is not the level of encryption that categorizes products as Mass Market, Unrestricted and Restricted but whether or not the product meets the positive list of criteria for Restricted items as identified above.

Can Unrestricted (retail) versions of the ISR be stocked at the distribution?

Yes, as long as distributors don't fall under Sanctioned Entities, Embargoed Territories, Restricted End-Users or Enterprises Under their Control/Ownership . Licenses are required prior to fulfillment to restricted countries, uses, and users.

Most countries in Middle East and Africa (MEA) fall outside “Exempt government entities”; what are the implications for Cisco distribution; partners and customers?

Middle East and Africa (MEA) countries do not fall outside “Exempt Government entities”.

The restrictions applicable to restricted Strong encryption items for Government bodies do not apply for countries belonging to the license ENC groups.

These are:
Austria, Australia, Belgium, Canada, Czech Republic, Cyprus, Denmark, Estonia,Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.

How do I purchase an unrestricted (retail) ISR?

To purchase any unrestricted product, as long as you don't fall under Sanctioned Entities, Embargoed Territories, Restricted End-Users or Enterprises Under their Control/Ownership , simply follow normal ordering procedure. No export license is required on a per sales order basis for sales of unrestricted products. Please contact Cisco's Export Compliance & Regulatory Affairs for additional guidance. Please note: order screening does take place for all Cisco orders against the Denied Parties List. 

What info do I need for an Unrestricted (retail) ISR?

Usually no additional information is required to purchase products in the Mass Market or Unrestricted Product categories. Licenses are only required for Mass Market or Unrestricted encryption products going to restricted countries, uses, and users.

Can restricted non-retailversions of the ISR be stocked at the distribution?

No. Please see the encryption stocking policy below.

How do I purchase a restricted (non-retail) ISR and what info do I need for a restricted (restricted) ISR?

Follow the RESTRICTED (non-retail) product export eligibility guidelines. This includes no end-use by:
a. Government (See Exempt Government Entities )
b. Sanctioned Entities, Restricted End-Uses or Enterprises Under Their Control/Ownership .

c. Telco's/ISPs may not provide cryptographic services to governments (See Exempt Government Entities )

Written Assurance that acknowledges end-user's compliance with published restrictions is required for all Restricted products orders. Licenses are required for Restricted products going to restricted countries, uses, and users. Please visit the Cisco Encryption Sales Tool Quick Reference Guide for additional details on these guidelines or contact Cisco's Export Compliance & Regulatory Affairs with questions.

Back to the top

 

3 – FREQUENTLY ASKED QUESTIONS

Why is my order on export hold?

The order contains one or more of the following:

- Restricted encryption products

- End User is in Embargoed/restricted territory

- Party to the transaction is an entity on the U.S. government's Denied Parties List.

Restricted encryption products are systemically placed on export hold at order entry, regardless of destination including the U.S. and Canada . All orders are screened against the U.S. government's Denied Parties List. Each transaction is screened to ensure compliance with U.S and local export requirements.

All line items in orders destined for embargoed territories, sanctioned entities or end users that pose proliferation concern are placed on export hold.

What are the “export requirements” that my order must comply with before being released from export hold?

A)Complete end user details. This includes the actual end user name and complete address information. Avoid the use of acronyms whenever possible and do not use post office box numbers unless that is the only information available to reference. Reseller or distributor names are not considered actual end user names nor are Freight Forwarders.

B) Encryption Written Assurance

•  Export License (if deemed necessary)

•  EPCI Form (if deemed necessary)

•  Hong Kong End User Statement (export permits are required for any restricted and unrestricted product that ships from or transships Hong Kong )

•  Singapore End User Statement (export permits are required for any restricted product that ships from or transships Singapore )

•  All orders containing restricted encryption products require A) Complete end user details and B) Written Assurance.

The Pro-Export Team will contact the customer to inform them of any other export requirements (i.e. Items C through F.)

Once it is verified that an order complies with all export requirements, product will be released from export hold. There is no need to request that an order be released from export hold as orders are constantly reviewed and eligible orders are released throughout the day and night.

My order is destined for an end user in the U.S. or Canada , why is it on export hold?

End user information is required prior to release of any restricted encryption product. While orders that are being shipped to a U.S. or Canadian destination are not considered exports, they must still be screened against the U.S. government's Denied Parties List. The orders are screened and released automatically on a daily basis. There is no need to request that a domestic order be released from export hold. If it not destined to a Denied Party the order will be released by the end of the day.

My order is destined to an end user located in an embargoed/restricted country – What can I expect?

An export license is required to deliver any Cisco product to an end user located in an embargoed/restricted country ( Cuba , Iran , Myanmar , North Korea , Sudan , and Syria ) All license applications for embargoed/sanctioned territories are presumed denied. Work with your customer to complete a license questionnaire with detailed responses, include a network diagram and detailed project description. Prepare your customer for a protracted delay in license processing time, while the typical processing time of export licenses is 6 to 8 weeks, a license application for an embargoed/restricted destination, will be considerably longer. Do not accept conditions or penalties related to delivery time in any instance involving an embargoed country or sanctioned entity. Cisco cannot guarantee approval of the application. Many such applications are denied. Note that all applications for military, paramilitary or police organizations in embargoed territories will be denied. Do not pursue this business.

My order is destined to an end user that is on the U.S. government's Denied Parties List – Will an export license be submitted for this transaction?

No. Cisco will not engage in business with known denied parties. Cancel the order as it will never be shipped to the denied party.

What is a Written Assurance?

An encryption written assurance is the end user's acknowledgement and acceptance of license exception conditions. The assurance states that the end customer will not:

(i) Reexport or release the technology to a national of a country in Country Groups D:1 or E:2; or

(ii) Export or re-export Cisco controlled technology to Country Groups D:1 or E: without first obtaining the relevant authority from the U.S. and local authority.

The encryption written assurance must be completed by the end user. Distributors and resellers may not complete the assurance on behalf of their customer. Written assurances must be submitted by end users with valid email addresses and domains. Contact information must be accurate and verifiable.

Encryption written assurances are valid for a period of two years from submission. Cisco employees may check the status of submission by searching the Written Assurance Data base:

Written Assurance Search Tool is available at:

http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/wae.pl

Enhanced Proliferation Control Initiative Assurance (aka EPCI):

In any instance where Cisco determines that an entity may have the potential to be involved in weapons, weapons systems, distribution or production of chemical, biological agents or nuclear activity of any kind, Cisco requires such customer to complete an EPCI questionnaire. The end customer must submit the questionnaire which certifies the following:

The commodities and technical data that we are purchasing will not be used directly or

indirectly in the following activities:

I. Designing, developing or fabricating nuclear weapons or nuclear explosive devices; or

devising, carrying out, or evaluating nuclear tests or nuclear explosions;

II. Designing, assisting in the design of, constructing, fabricating or operating facilities for the chemical processing or irradiated special nuclear material, for the production of heavy water, for the separation of isotopes of any source and special nuclear material, or specially designed for the fabrication of nuclear reactor fuel containing plutonium;

III. Designing, assisting in the design of, constructing, fabricating, furnishing or modifying equipment for the fabrication of chemical or biological weapons, chemical precursors, viruses, viroids, bacteria, fungi or protozoa;

IV. Designing, assisting in the design of, constructing, fabricating or furnishing equipment for components specially designed, modified, or adapted for use in such facilities;

V. Training personnel in any of the above activities.

Submission of encryption written assurance and/or EPCI written assurance IS NOT sufficient to overcome any license requirement. Cisco will submit license applications or request for advisory opinion to BIS allowing export of any technology, product or software for any end user, when such end user poses a risk to Cisco or to national or regional security.

__________________________________________________________________

Written Assurance Formis available at: http://www.cisco.com/wwl/export/forms/form_wa_encryption.html

EPCI Assurance Form is available at:

http://www.cisco.com/wwl/export/forms/form_wa.html

Where/how is export license information entered?

Where can I find the forms?

All forms are available at:

http://wwwin.cisco.com/legal/regAffairs/forms.html

What are the country groups D1 and E?

D1 countries as of October 2006 subject to change are:

Albania, Armenia, Azebaïjan, Belarus, Cambodia, China (PRC), Georgia, Iraq, Kazahkstan, North Korea, Kyrgyzstan, Laos, Libya, Macau, Moldova, Mongolia, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam.

E countries as of October 2006 subject to change are:

Cuba , Iran , North Korea , Sudan , Syria .

Please contact the export team for regular updates on these lists: export@cisco.com

What is the difference between an export (local) hold and an export (pick release) hold?

Export (local) holds are automatically applied to products that contain restricted encryption. Export (local) holds prevent the product from being dispatched; Export (pick release) holds are applied by Regulatory Affairs when products an export license or other assurances are required prior to shipment. Export (pick release) holds allow the product to be scheduled and dispatched by Manufacturing, but do not allow the product to be shipped. Applying a pick release hold allows manufacturing to build the product, thus allowing lead time to elapse as the export license is being processed.

Order fulfillment holds are described in the following link:

http://wwwin.cisco.com/CustAdv/CustSrv/ORGANIZATIONS/Scheduling/holds_summary.htm

Can the Regulatory Affairs group or the Pro-Export Team release an export (mfg) hold?

No. Manufacturing holds are controlled by Master schedulers. Manufacturing holds are placed on product in short supply, new product release, homologation holds or other product specific holds. CS relationship managers contact schedulers to determine if manufacturing holds can be released. Regulatory Affairs has no authority or ability to release these holds.

What is an ECCN ?

An ECCN (Export Classification Control Number) is the numbering system which identifies individual categories of items on the Commerce Control List (CCL).

The ECCN determines the level of control applicable to the item.

It is a five digit, alpha/numeric character classification system used to determine U.S./EU export licensing requirements for hardware products software (D) and technology (E).

What is an HTS Number ?

An HTS (Harmonized Tariff Schedule) number is the classification of items according to the International Nomenclature of the Harmonized System. It consists in harmonizing the levels of the national customs duty rates on all imports from any third country. Duty rates and commodity classifications can be changed at any time.

HTS defines the customs duty rate applicable to the product.

Where do I find Country of Origin information ?

Contact the Customs team at:

Customs-emea@cisco.com , or customs-uscan@cisco.com

What is the “ENC Exemption Country Group ?”

The ENC Exemption Country Group consists in the following countries:

Austria, Australia, Belgium, Canada, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.

End users in countries listed above may take advantage of license exception ENC which allows the delivery of restricted encryption product to civilian and government end users in those countries without formal license authority.

What is needed if I want to export to a country outside of the “ENC Exemption Country Group?”

An encryption written assurance is required for all customers not in ENC exemption group.

An export license is required for all government customers not in ENC exemption group.

Do I have to comply with US export regulations for shipments originating outside of the US ?

All Cisco technology is of U.S. origin, regardless of where it is manufactured. As such, U.S. regulations dictate. Additionally, local regulations must be complied with in all instances of transfer, use and sale of Cisco technology, product and software.

Are Spare Parts also subject to export licensing restrictions?

The export regulations are also applicable to spare parts.

Most export licenses allow for the replacement of faulty parts. The license that allowed for the delivery of the original manufacturing order, must be cited in subsequent service shipments.

It is imperative that TS SSC order management personnel ensure that an export license was granted if required prior to shipping replacement parts.

What is Cisco Stocking Policy for encryption products?

Please view the following important links:

•  List of Affected Products:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html#nonretail

•  List of Authorized end-users - also known as Exempt Governments:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html#nonretail

•  Authorized Countries as of October 2006 subject to change see link above for current countries:

Austria, Australia, Belgium, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States

Orders for Restricted cryptography enabled SW and HW with a ship-to address outside of the authorized countries:

End-user information (name, contact information including email and phone number, physical address) is required for orders placed for restricted encryption product where the ship-to, end-user or install site is outside the authorized countries.

Stocking privileges will be considered for emergency spares (usually no more than 5 units) for a specific customer/end-user the end-user's name, contact information (phone number, email) and physical address must be supplied at the time of order entry.

Distributors and resellers desiring exception to the stocking guidelines must demonstrate a control program sufficient to ensure compliance with applicable regulations governing the sale and delivery of restricted strong encryption enabled items. To request an evaluation, please send email to export@cisco.com.

Orders for Restricted cryptography enabled SW and HW with a ship-to address inside of the countries:

End-user information (name, contact information including email and phone number, physical address) or stocking location (name, contact information including email and phone number, physical address) is required for orders placed for restricted strong encryption items where the ship-to, end-user or install site is inside the authorized countries.

Stocking is permissible for items intended for ultimate disposition within the authorized countries.

Stocking privileges may be revoked if:

a) Cisco is aware that transshipment to destinations outside the 32 countries is probable,

b) Cisco has noted a preponderance of red-flag indicators suggesting the lack of an internal control program sufficient to ensure compliance with applicable trade laws .

Who determines if a distributor has met the requirements on a transaction or exception basis?

Regulatory Affairs staff is qualified to assess ICPs and POS reports. Decisions on individual distributors will be made at the management level with the participation of the local account manager when possible.

Export License Issues

How can I determine whether an export license is required for my order?

Scenarios where an export license is required for an order:

•  The order contains restricted encryption products AND:

the end user is a government/military entity AND;

the end user is located in a country outside of the ENC Exemption Country Group. Export local or pick release holds appear at the line level.

•  Order is destined to any embargoed/restricted country ( Cuba , Iran , Myanmar , North Korea , Sudan or Syria ), all product, whether restricted or unrestricted is held at the order level until license authority is received.

•  End customer is listed on U.S. or other governmental authorities Denied Parties List.

•  End Customer poses a proliferation risk.

Are there exceptions to the export license requirements?

Yes. The U.S. government considers the following government enterprises civilian/commercial in nature and thus does not require an export license to authorize shipment of restricted encryption products:

•  Utilities (including telecommunications companies and Internet service providers);

•  Transportation,

•  Banks and financial institutions;

•  Broadcast or entertainment;

•  Educational organizations;

•  Civil heath and medical organizations;

•  Retail or wholesale firms; and

•  Manufacturing or industrial entities not engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List.

How do I determine whether products contain restricted encryption?

A. You can review the order for the presence of export holds. If an order is booked, there are only three reasons why an export hold is placed on a product:

  1. The product contains restricted encryption. Products containing restricted encryption are flagged internally and are systemically placed on export hold when ordered, regardless of end user and regardless of country destination.
  2. The order is destined to an embargoed/restricted country. The country codes for embargoed/restricted countries ( Cuba , Iran , Myanmar , North Korea , Sudan and Syria ) are flagged internally and all products in the order are placed on export hold..
  3. The order is destined to an entity that is on the U.S. government's Denied Parties List. During customer/order screening, the order would be placed on hard hold and all products in the order would be placed on export hold. Such orders will be cancelled.

B. You can use the Trade Tool to determine whether a product contains restricted encryption.

Search the Trade Tool for a product and review the results for the field titled “Encryption Note”. If the Encryption Note field states “Restricted” then the product contains restricted encryption.

The Trade Tool is located at: http://tools.cisco.com/FinAdm/GCTA/servlet/ControllerServlet?action=QueryForm

C. You can review the Cisco Encryption Sales Tool Quick Reference Guide. All of the products in the section titled “Restricted (Restricted) Cisco Products” contain restricted encryption.

The Cisco Encryption Sales Tool Quick Reference Guide is located at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Are the Restricted/ products, “run-rate” products?

With few exceptions, no.

What forms do I need to submit if my order requires a U.S. export license?

A License Data Submission Form (aka License Questionnaire) must be submitted. Information provided in the License Data Submission Form is used to prepare an export license application which is then submitted to the U.S. government. Note that license applications are legal representations made to the U.S. government. All information submitted in a license questionnaire must be accurate and verifiable.

The License Data Submission Form is located at:

http://www.cisco.com/wwl/export/forms/form_license.html

To assist our customers, instructions for filing the License Data Submission Form have been translated into several languages. Please note that the responses must, however, be in English.

Chinese
Mandarin

http://www.cisco.com/wwl/export/forms/form_license_china.html

Portuguese

http://www.cisco.com/wwl/export/forms/form_license_port.html

Spanish

http://www.cisco.com/wwl/export/forms/form_license_spa.html

Arabic

http://www.cisco.com/wwl/export/forms/form_license_ara.html

French

http://www.cisco.com/wwl/export/forms/License_Information_Questionnaire_fre.htm

Korean

http://www.cisco.com/wwl/export/forms/License_Information_Questionnaire_kor.htm

Are U.S. export licenses guaranteed to be approved?

No.

How long does the export license application process take?

Typically, it takes the U.S. government 6 to 8 weeks to complete their review process from the time the license application is submitted to the U.S. government. License applications that require additional interagency review may take longer to process. Cisco must verify the bonafides of all parties to the transaction, and all reorientation made by the customers. The 6 to 8 week average processing time does not begin when the sales order is booked or when the customer submits the License Data Submission Form – it begins when Cisco submits the export license application to the U.S. government.

Is there any way to expedite the export license application process once the export license application is submitted to the U.S. government?

No. The U.S. government does not provide any expedite procedure associated with the export license application process. Ensure that the customer responds to requests for License Data Submission Form. Ensure that your customer provides detailed, coherent responses, this will help reduce any need for follow ups. Should any follow up questions be asked, please ensure that the customer provides detailed responses in a timely manner.

How can I help speed up the overall export license application process?

Customer responsiveness . If the Pro-Export Team requests that the customer submit a License Data Submission Form, please ensure that the customer responds immediately. Analysis has shown that customer non-responsiveness to these requests is the major reason for excessive delay in license processing. It is sometimes necessary to contact the customer for clarification required by U.S. government agencies. In these instances, immediate response can make the difference in the export license application progressing or being placed on hold without action or even returned without action.

License Data Submission Form. Complete, detailed, and accurate responses are key in allowing us to prepare a valid export license application. Incoherent, vague and inaccurate responses lead to follow up questions and unnecessary delays. Inaccurate information can also invalidate an export license should one be granted.

The end user of my order requires a U.S. export license, however the end user has multiple addresses. How do I account for these multiple addresses on the License Data Submission Form?

The address fields in the “Parties to Transaction” section are text fields which allow for multiple lines of information to be entered. If multiple addresses are associated with an end user, all relevant address information must be provided.

Who is allowed to submit the License Data Submission Form?

The License Data Submission Form should be completed by the End-User, they are ultimately responsible for compliance with terms and conditions of the license. Any party listed in the license application must acknowledge the receipt and acceptance of license conditions. An authorized Cisco Partner, Integrators and Cisco employees may assist the End-User in completing the application but may not submit this form . Note that accurate contact information at the end user site must be included in the application.

Can I modify my order once an Export License Application has been submitted to the U.S. government?

No. Changes to an order will not be reflected in the Export License Application so additional products, quantities and/or pricing will not be authorized should the export license be granted. If the customer must add products to their order after an Export License Application has been submitted, it is advised that a new order be booked to avoid any confusion with the original sales order. Please note that the Pro-Export Team should be notified if a sales order that requires an export license is cancelled

How can I check the status of an Export License Application once it has been submitted to the U.S. government

To obtain information about your license application from STELA, the Bureau of Industry & Security's System for Tracking Export License Applications. It is an automated telephone voice response system that provides the status of license application. Dial (202) 482-2752 and enter the Application Control Number. Use "9" to replace "Z" when entering Application Control Number. Press "0" for instructions

STELA will inform you of the current status of the license application and the agency that is currently reviewing the license application.

What is an Application Control Number?

Unique reference number issued by BIS that identifies the Export License Application. It is a seven digit alphanumeric number that begins with a “Z”. You need this number to access STELA to get a status update of the progress of the Export License Application.

Can I apply for an export license for multiple partners?

No.

Can I apply for an export license for multiple orders/shipments ?

Yes. If multiple orders have the same parties to transaction (i.e. purchaser, intermediate consignee, “ship to” party, ultimate consignee, end user) and are for the same end use, we can consolidate multiple orders onto one Export License Application. Please alert the Regulatory Affairs Team by sending notice to export@cisco.com .

When do I need to submit a License Data Submission Form?

If the Pro-Export Team has contacted the customer to request that a License Data Submission Form be submitted, please do so immediately.

If the Pro-Export Team has not made a request to submit a License Data Submission Form and you know that your order requires an export license, you can submit a License Data Submission Form proactively without being asked.

What does “Hold Without Action” mean?

When the U.S. Department of Commerce discontinues processing an Export License Application due to their need for additional information, they place the application on “Hold Without Action.” This essentially stops the clock for the U.S. government's time limit so that additional information can be obtained from the applicant (i.e. Cisco) If the additional information is not provided to the U.S. government in a timely manner, the U.S. government can stop processing the license entirely – a process called “Returned Without Action.

What does “Returned Without Action” mean?

The Export License Application was returned to the applicant by the U.S. government without a decision being made. This can occur if the U.S. government has not received requested information within 10 calendar days. It can also occur if the applicant requests that the Export License Application be returned. For instance, if the customer cancelled their order, Cisco would request that the submitted Export License Application be Returned Without Action. In the cases where the application was Returned Without Action due to a failure to provide requested information, a new Export License Application must be submitted if the order is still needed.

What does it mean when my Export License Application is under “interagency review”?

Once the U.S. Department of Commerce has reviewed the Export License Application, they send the application out to various federal agencies for review and feedback. These federal agencies include but are not limited to the Department of State, Department of Defense, Department of Justice, Department of Treasury, Office of Export Enforcement, and the Federal Bureau of Investigation. Each agency has 30 calendar days to complete its review of the application from the day it was referred out by the Department of Commerce. If an agency determines that additional information is necessary to make a decision, it will provide an information request to BIS and the application will be Held Without Action for 10 days. If the applicant does not provide the additional information, an agency can request that the application be Returned Without Action or Denied.

Can I contact the Bureau of Industry and Security directly if I have questions about the status of my Export License Application?

No. Only the applicant (Cisco – more specifically, select members of Regulatory Affairs Team) can contact BIS directly to make inquiries about the Export License Application.

Obtaining a status update can be accomplished using STELA. Any email inquiries should be directed to export@cisco.com or djoe@cisco.com .

The shipment of my order will not originate from the US , do I still need an export license?

Yes.

How do I know my customer/end-user is/is not a sanctioned entity ?

Sanctioned entities can be viewed at the following links:

Denied Party List (DPL): http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/dpl.pl

Risk Report: http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/rr.pl

BIS lists to check: http://www.bis.doc.gov/ComplianceAndEnforcement/ListsToCheck.htm

What is a Government end-user?

A government end-user is any foreign central, regional or local government department, agency, or other entity performing governmental functions; including governmental research institutions, governmental corporations or their separate business units (as defined in part 772 of the EAR) which are engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List, and international governmental organizations.

An export license is required to deliver restricted encryption products to government and military end users outside ENC country exemption group. The licensing policy for exports of encryption products to entities that meet the "government end-user" definition is described in Section 742.15(b)(3) of the EAR.

Some foreign government agencies include:

•  Belarus : Army, Air and Air Defense Force

•  China : Ministries & Commissions of the State Council. Ministry of Foreign Affairs, Ministry of National Defense State Planning & Development Commission; Ministry of Commerce, Ministry of Education; Ministry of Science & Technology; Commission of Science, Technology & Industry for National Defense; State Ethnic Affairs Commission; Ministry of Public Security; Ministry of State Security; Ministry of Supervision; Ministry of Civil Affairs; Ministry of Justice; Ministry of Finance; Ministry of Personnel; Ministry of Labor & Social Security; Ministry of Land & Resources; Ministry of Construction; Ministry of Railways; Ministry of Transportation; Ministry of Information Industry; Ministry of Water Resources; Ministry of Agriculture; Ministry of Culture; Ministry of Health; State Population and Family Planning Commission, People's Bank of China; National Audit Office; State Development Planning Commission,

•  Congo : Army, Navy, Air Force

•  Cote d'Ivoire : Army, Navy, Air Force

•  Haiti : the regular Haitian Armed Forces (FAdH) - Army, Navy, and Air Force - have been demobilized but still exist on paper until or unless they are constitutionally abolished

•  Liberia : Armed Forces of Liberia (AFL): Army, Navy, Air Force

•  Myanmar : Myanmar Armed Forces (Tatmadaw): Army, Navy, Air Force (2005)

•  Rwanda : Rwandan Defense Forces: Army, Air Force

•  Sierra Leone : Republic of Sierra Leone Armed Forces (RSLAF): Army (includes Air Wing, Maritime Wing)

•  Somalia : A Somali National Army was attempted under the interim government; numerous factions and clans maintain independent militias, and the Somaliland and Puntland regional governments maintain their own security and police forces

•  Venezuela: National Armed Forces (Fuerzas Armadas Nacionales or FAN) includes Ground Forces or Army (Fuerzas Terrestres or Ejercito), Naval Forces (Fuerzas Navales or Armada - including marines and Coast Guard), Air Force (Fuerzas Aereas or Aviacion), Armed Forces of Cooperation or National Guard (Fuerzas Armadas de Cooperacion or Guardia Nacional) Note not included in Military catch all rule, however, license is required for all restricted encryption products. All sales to Venezuelan military should be reviewed by Regulatory Affairs

•  Vietnam : People's Army of Vietnam: Ground Forces, People's Navy Command (includes Naval Infantry), Air and Air Defense Force, Coast Guard

•  Zimbabwe : Zimbabwe Defense Forces (ZDF): Zimbabwe National Army, Air Force of Zimbabwe (AFZ), Zimbabwe Republic Police (2005)

What are the countries under U.S. embargo or sanction ?

Cuba, Iran, Myanmar, North Korea , Sudan and Syria are currently under U.S. embargo ed .

The status of these embargoes can change so it is advised that you refer to Bureau of Industry and Security's website for the most current status. Any application for license to an embargoed country is presumed denied.

What are the countries under EU embargo ?

The EU does not have any embargo destinations for dual-use items.

However, each EU Member States has its own restricted country. We recommend you contact your local export control body for advice.

What is applicable to shipments originating from Cisco BV ?

Cisco BV holds a Global export license from the Dutch authorities that authorizes shipments of all items classified as 5A002 (hardware) and 5D002 (software) to all territories except :

Iran , Iraq , Libya, North Korea and Syria .

This export license can be used for any shipment originating from an EU Member States. This authority does not replace the U.S. licensing requirements.

Can Cisco customers/partners use the Cisco BV export license?

No this export license is to be used only by Cisco BV when Cisco BV is the exporter of record.

The equipment is transiting via the Netherlands and a US export license has already been granted. Do I need an EU export license?

If the shipment is in transit mode in the Netherlands , no EU export license is required.

The shipment is covered by the US export license.

Shall the goods be cleared in the Netherlands (or in any other EU Member States) and then shipped onwards to the final destination, an EU export license (to be obtained by the EU Member States of export) will be required.

In case Cisco BV is the Exporter of Record, the Cisco BV export license will be used.

Can I ship items to an embargoed destination ?

No shipment to an embargoed destination is allowed without an export license. Export licenses are presumed denied.

If a US export license is obtained for my order, do I also need an EU one ?

Compliance with US export laws does not preclude the requirement of compliance with local laws. Shipment originating from The Netherlands will require an EU export license if the final destination is: Iran , Iraq , Libya , North Korea and Syria .

Do I have to comply with US export regulations if I am a foreign company ?

Yes because the re-export of a US controlled product to a third country has to follow the same level of control and the same procedures as the control applicable by the US for the direct export of this equipment to this third country.

This extraterritorial rule applies to shipment or transmission of US origin commodity or foreign-made commodity incorporating controlled US origin parts & components (subject to the EAR) from one foreign country to another foreign country.

If I want to export a Cisco item I have in stock, do I need to apply for an export and/or re-export license ?

If the transaction requires an export license, yes, as you will be the exporter of record.

How do I know if I need an export license ?

See chart

What is the validity period of an export license ?

Unless otherwise specified, export licenses are valid for two years from the date the license was validated. The expiration date is listed at the top of the export license directly under the validation date.

If I anticipate additional encryption products will be ordered that will require an export license, is there a way to allow for these “future” additional encryption products to be listed on the current Export License Application?

Possibly. Inform Regulatory Affairs of intended network build out. If there exists a bonafide reason to include future product in a current export license application, and the project is well defined, Cisco may at its sole discretion, include such future product in the license application. All products must be accounted for. Licenses are then decremented against future sales. This is a complex process and requires much work on the part of all parties. Cisco is regularly audited. Any discrepancies between the quantities of restricted encryption products delivered versus those listed on the export license, may result in violation of U.S. Export Regulations. If you anticipate multiple orders of restricted encryption products by the same government end user, request that Regulatory Affairs apply for an Encryption Licensing Arrangement as a possible solution. Please contact the Regulatory Affairs Team at export@cisco.com for additional details.

Can I add new restricted encryption products to the order once an export license is granted?

No. If additional restricted encryption products are added to an order AFTER the Export License Application is submitted, a new Export License Application must be submitted for the additional products. No exceptions can be made.

How do I submit a Written Assurance ?

The form is available online at http://www.cisco.com/wwl/export/forms/form_wa_encryption.html.

Can I submit a Written Assurance for my customer ?

No. The Written Assurance must be signed and submitted by an individual who is a verifiable representative of the End User .

How do I include recipients other than myself in any correspondence regarding my Export License Application?

There is a field directly beneath the email address field which allows you to enter the email addresses of people you wish to have copied in subsequent correspondence regarding the Export License Application. Since the Pro-Export Team relies on customer contact information that resides in Oracle, it is advisable that customers keep their contact information up to date in their customer profiles.

I was instructed to submit a License Data Submission Form but the end user of my order is not a government entity. What should I do?

Please submit the License Data Submission Form. There is a question in the “End-User Identity and Function” section which asked whether the end user is a government entity or if the Cisco products are intended for government end use. Answer honestly. If you don't believe that the end user is a government entity, we will keep that in mind when reviewing the form. The entire License Data Submission Form must be completed so that Regulatory Affairs personnel may determine whether an export license is required for the end user. If, upon further review, it is determined that an export license is not required due to an exception, exemption or other reason, the sender will be notified and no Export License Application will be submitted.

I am not sure whether the end user of my order is a government entity. Should I submit a License Data Submission Form?

Yes. We will make the determination of whether an export license is required for the transaction and the information that is provided on the License Data Submission Form assists us with making that determination.

Are there any government end users that qualify for license exemption?

Yes. The U.S. government considers the following government enterprises civilian/commercial in nature and thus does not require an export license to authorize shipment of restricted encryption products:

•  Utilities (including telecommunications companies and Internet service providers);

•  Transportation,

•  Banks and financial institutions;

•  Broadcast or entertainment;

•  Educational organizations;

•  Civil heath and medical organizations;

•  Retail or wholesale firms; and

•  Manufacturing or industrial entities not engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List.

The end user of my order qualifies for license exemption. Do I still need to submit a License Data Submission Form?

Yes. Cisco needs to make the actual determination. The information provided in the License Data Submission Form will help us confirm whether this license exemption status is accurate. If the Pro-Export Team requests the customer to submit a License Data Submission Form, please submit. The submitted form will also serve as records for our archives should the need to audit these records arise.

What is an “ELA”?

Export Licensing Arrangement. A license that allows the export of specified products to specified destinations in unlimited quantities. It can be limited to specified end-users for specified end-uses and may be subject to reporting requirements.

The end user of my order qualifies for an ELA. Do I still need to submit a License Data Submission Form?

Whenever requested, end user must submit a license questionnaire.

The end user of my order qualifies for an ELA. However, the order has not been released because of a “reporting requirement.” What does this mean?

License conditions of certain ELAs may require that the applicant (Cisco) report the use of the ELA prior to exporting the equipment. This reporting requirement may specify that the product cannot be shipped prior to a specified time post the date of reporting. In these instances, the order cannot be released from export hold until this time period elapsed. There is nothing that the customer needs to do. Orders that are subject to these reporting requirements are monitored on a daily basis and the dates which they are eligible for release are tracked.

The end user of my order qualifies for an ELA. However, the order has not been released because the encryption items on the order have not yet appeared in the “license screening tool.” What does this mean?

Before an order can be released from export hold, the license number must be recorded at the line level via Regulatory Affairs tracking tool called Trade Collaborator (TC) TC pulls the required order data from Oracle. However, if the equipment is not far enough along in Manufacturing and has not been built, it will appear in TC.. We must wait until the equipment is built and appears in TC so that the proper updates can be performed and consequently license information will be printed on commercial documents as required by international regulation.. If substantial delay is experienced, contact the CS Team is to request an expedite of the product build. Export pick release holds do not prevent manufacturing from scheduling or building product. Export pick release hold prevents shipment.

The end user of my order is a military entity or a defense contractor. Why must an EPCI form be submitted?

The Enhanced Proliferation Control Initiative requires that exporters do not participate in the proliferation of weapons, weapons systems or in the design or development of weapons of mass destruction. Export may not proceed

  • When the exporter knows that the export will be used in the design, development, production, or stockpiling of missiles or chemical or biological weapons; or
  • When the exporter is informed by the Department of Commerce that there is a serious risk of diversion.

An EPCI written assurance is required to ensure compliance with this regulation. An export license may also be required.

The License Data Submission Form asks for “Intermediate Consignee” information. My order does not have an intermediate consignee in the transaction. What should I do?

Enter “None” or “N/A” in the Intermediate Consignee field.

The encryption equipment on my order is being installed at a location that is different than the end user's address. How do I account for this in the License Data Submission Form?

Enter the installation address in the “Installation Address” field located directly beneath the “End-User” field.

What happens if I provide vague or unclear responses in the License Data Submission Form?

The Pro-Export Team will contact the sender with a request to provide specific, detailed responses to the questions. An Export License Application will not be prepared or submitted until detailed responses are provided.

What does this mean?

•  “Describe the intended end use of Cisco technology .” We know that our encryption products encrypt data –We need to know why encryption products are required for your project. Is enhanced security a company or government initiative? Has your network been operating without encryption features up this point in time?

•  “Describe the project, programs, functions and services that the encryption products will support.” What is the name of the project associated with the purchase and installation of these encryption products? Is the equipment being used to create a new network or upgrade an existing network? If the end user is a large government entity, is there a specific group or sub-group or division that is specifically using this equipment?

•  “Describe precisely the type of data that will be encrypted using Cisco technology.” “Data” is not an acceptable response. What kind of data is being encrypted? Examples of types of data include email, internet traffic, database application data, financial records, personnel information, Human Resources data, biometric data, citizenship records, FTP, video, and voice. We don't need to know the actual confidential content of the data – just the types of data that will be encrypted using Cisco equipment.

•  “List all government agencies/ministries/branches/departments that have access to the data transmitted over the network.” Including the end user itself, if there any other government entities that will have access – either passively or actively to the network provide the names of those entities.

•  “Describe any end user involvement with local, national or international law enforcement.” If the end user has any ties or connections with law enforcement of any kind, list those law enforcement agencies and how the end user is affiliated with them. This is designed to help us determine whether the end user is involved with the police or security bureaus. There are specific affiliations with law enforcement that will preclude a license grant (i.e. Chinese police and security bureaus).

How will I be notified when my Export License Application is approved or denied?

If you are listed as the individual who submitted the License Data Submission Form or are one of the recipients that was entered in the “copied in subsequent correspondence” field, the Pro-Export Team will send via email the approval notification containing the text of the actual export license including the riders and conditions of the license. If the Export License Application is being considered for denial, the U.S. government will notify the applicant (Cisco) of the impending denial. The U.S. government gives the applicant (Cisco) the opportunity to ask that the Export License Application be Returned Without Action before issuing a denial order. This is a more desirable outcome than an actual issuance of denial as the denial becomes part of the official public record. This outcome becomes precedent on which subsequent decisions may be based on. Also the customer may not want their denial to be part of public record or the stigma that may be associated with that.

What does happen when an Export License Application is approved?

The individual who submitted the License Data Submission Form along with the “copied in subsequent correspondence” recipients will be notified of the approval. The email approval notification will contain the text of the export license including the riders and conditions of the export license. If there are any license conditions that require action such as a pre-shipment inspection, they will need to be addressed before the order can be released from export hold. The U.S. government may require that the applicant (Cisco) report when the restricted encryption equipment is delivered and installed at the end user site. In such cases, complete customer cooperation is required. If any license condition is not fully complied with, the customer will be in violation of the export license, the export license can be revoked, the equipment must be returned, and responsible parties could be fined, placed on the Denied Parties List or even lose their exporting privileges. It is imperative that all license conditions are followed. If there are no license conditions that require immediate action, the order will be released from export hold.

What does happen when an Export License Application is denied?

If the Export License Application is being considered for denial, the U.S. government will notify the applicant (Cisco) of the impending denial. The U.S. government gives the applicant (Cisco) the opportunity to request that the Export License Application be Returned Without Action before issuing a denial order. This is a more desirable outcome than an actual issuance of denial as the denial becomes part of the official public record. This outcome becomes precedence which subsequent decisions may be based on. Also the customer may not want their denial to be part of public record or the stigma that may be associated with that. The customer would then be asked to cancel the order as it will never be allowed to ship.

My export license was approved with license conditions. What happens if I do not follow those conditions?

You will be in violation of the export license and U.S. Export Regulations. You may be subject to penalties including fines, imprisonment, and loss of exporting privileges.

What is a “Pre-Shipment Inspection”?

As a condition of an export license, the Office of Export Enforcement (“OEE”), or another Federal agency, may require that commodities authorized to export be inspected prior to shipment. The process involves moving the commodities to a pre-determined staging point where representatives of OEE inspect, record, and on occasion test the equipment and review shipping documents associated with the transaction. Once the inspection is complete, the equipment can be shipped to its final destination. There is a considerable amount of time and effort required to move and consolidate the equipment from multiple manufacturing sites and Logistics Centers. This, along with the challenges of scheduling an inspection date that is suitable with OEE, makes for considerable delays before an inspection can be conducted. Customers are notified of a pre-shipment inspection requirement when they are notified of the approval of the export license. No prior warnings are given that a pre-shipment inspection is required so be advised of this potential delay when discussing export compliance issues with your customer

What is a “Post-Shipment Verification”?

All export shipped under license exception or license authority may be subject to post shipment verification. Additionally, as an explicit condition of an export license, the Office of Export Enforcement (“OEE”) may require a post-shipment verification (i.e. inspection) of the commodities that were shipped under authority of an export license. OEE agents or other authorized government agents including embassy personnel may inspect the licensed equipment, record (i.e. photograph) the equipment and its surroundings, test the equipment, and review shipping documents associated with the transaction. Post-shipment verifications are conducted to ensure that licensed commodities are installed at the approved end user site and are used as described in the export license application. Ultimately, a post-shipment verification addresses the U.S.Government concern regarding risk of diversion of dual-use technology which includes encryption products.

All export license applications are screened electronically by the Office of Export Enforcement (“OEE”) to ensure items are not illegally exported. In addition OEE reviews specific individual license applications to assess diversion risks, identify potential violations, and determine the reliability of those receiving controlled U.S.-origin commodities or technical data.

If post shipment verification is a condition of your license, ensure that the condition can be met and that U.S. government agents will be allowed to make this verification by the end user.

My order is destined to an end user that is a Chinese police entity or a Chinese public security bureau. Can I obtain the products on this order with a U.S. export license?

No. Any Export License Application for a Chinese police entity or public security bureau will be denied by the U.S. under the Tian Amen Sanctions.

My order is destined for the Chinese Military. Can I obtain the products on this order with a US export license?

No Cisco product may be delivered to for military end use in China . Export licenses will be denied.

My order is destined to a country on the U.S. government's list of prohibited destinations. Can I obtain the products on this order with a U.S. export license?

Possibly, but Export License Applications for embargoed destinations are presumed denied. We will apply for an export license if the customer wishes to pursue this but the correct expectations (i.e. likely denial) should be set.

My order is destined to an entity on the U.S. government's Denied Parties List. Can I obtain the products on this order with a U.S. export license?

Unlikely to occur Sanctioned are levied against these parties due to criminal or negligent behavior.. Cancel the order as we will not entertain applying for an export license for this type of order.

The U.S. export license for my order was approved but my order remains on export hold. Who can I contact to get my order released from export hold?

Orders that comply with export requirements, including those that require an export license, are reviewed on a daily basis for their eligibility to be released. If an order complies with export requirements, it will be released. If a significant amount of time has passed after the license has been approved and the order has not been released from export hold, please send an email to pro-export@cisco.com.

What are the penalties for non-compliance ?

Under the EAR, criminal penalties for “knowing violations” include: (1) fines of five times the value of the exports involved or $50,000, whichever is greater; (2) imprisonment for up to five years, or (3) both. 

“Willful violations” are those violations that occur with the knowledge that the export s involved are intended for or will be used to benefit a controlled country or any country to which exports are controlled for non-U.S. policy or military intelligence gathering purposes.  The penalties for “willful violations” include fines of up to $1 million per violation for corporations; for individuals, the penalties include fines of up to $250,000 per violation and up to 10 years imprisonment, or both.   

On the administrative side, violations also may result in the revocation of export licenses, denial of export privileges and/or exclusion from practice before BIS.  

The denial of export privileges is the only penalty that the US can impose on foreign companies.

Who to contact ?

Export hold release issues: pro-export@cisco.com

Export license issues: export@cisco.com

Back to the top


4- URLs of INTEREST

FORMS

Written Assurance Form

English

http://www.cisco.com/wwl/export/forms/form_wa_encryption.html

Chinese Mandarin

http://www.cisco.com/wwl/export/forms/form_wa_encryption_china.html

Portuguese

http://www.cisco.com/wwl/export/forms/form_wa_encryption_port.html

Spanish

http://www.cisco.com/wwl/export/forms/form_wa_encryption_spa.html

Arabic

http://www.cisco.com/wwl/export/forms/form_wa_encryption_ara.html

French

http://www.cisco.com/wwl/export/forms/Encryption_Written_Assurance_fre.htm

Korean

http://www.cisco.com/wwl/export/forms/Encryption_Written_Assurance_kor.htm

Written Assurance Search Tool (Cisco Internal Only)

http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/wae.pl

Hong Kong End User Statement Form

http://www.cisco.com/wwl/export/crypto/images/pdf/hk_end_user_statement.pdf

Singapore End User Statement Form

http://www.cisco.com/wwl/export/crypto/images/pdf/SIN_EU_Bax.pdf

Enhanced Proliferation Control Initiative Form (aka EPCI)

http://www.cisco.com/wwl/export/forms/form_wa.html

License Data Submission Form (aka License Questionnaire)

English

http://www.cisco.com/wwl/export/forms/form_license.html

Chinese Mandarin :

http://www.cisco.com/wwl/export/forms/form_license_china.html

Portuguese

http://www.cisco.com/wwl/export/forms/form_license_port.html

Spanish

http://www.cisco.com/wwl/export/forms/form_license_spa.html

Arabic

http://www.cisco.com/wwl/export/forms/form_license_ara.html

French

http://www.cisco.com/wwl/export/forms/License_Information_Questionnaire_fre.htm

Korean

http://www.cisco.com/wwl/export/forms/License_Information_Questionnaire_kor.htm

 

TOOLS

Database Tools

http://wwwin.cisco.com/legal/regAffairs/dbtools.html

Written Assurance Search Tool

http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/wae.pl

Denied Parties List Search Tool

http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/dpl.pl

Risk Report Tool

http://wwwin.cisco.com/cgi-bin/cto/legal/export/tools/rr.pl

Trade Tool

http://tools.cisco.com/FinAdm/GCTA/servlet/ControllerServlet?action=QueryForm

Encryption Sales Support Tool

http://www.cisco.com/wwl/export/crypto/tool/index.html

Encryption Sales Tool Quick Reference Guide

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

GUIDANCE

Encryption Control Guidance

http://www.cisco.com/wwl/export/crypto/index.html

Government Exemption Categories

http://www.cisco.com/wwl/export/crypto/tool/government.html

Government Definitions

http://www.cisco.com/wwl/export/crypto/tool/definitions.html#government

Encryption FAQ

http://www.cisco.com/wwl/export/crypto/tool/faq.html

OFFICIAL WEBSITES

US sanctions

http://www.treas.gov./offices/enforcement/ofac/programs/index.shtml

US Bureau of Industry and Security

http://www.bis.doc.gov./

 

TRAININGS

RA Trainings url

http://wwwin.cisco.com/legal/regAffairs/training.html

Anti-Boycott training

Anti-Boycott Training

Export Compliance Overview

Export Compliance Overview

US Export Controls and the ITAR

US Export Controls and the ITAR

 

Back to the top

5- DEFINITION OF TERMS

BIS

Bureau of Industry and Security is part of the US Department of Commerce in charge of designing export controls and enforcing compliance with those controls.

CCATS

Commodity Classification Automated Tracking System number issued by BIS.

Denied Party List (formerly known as “Table of Denial Orders”)

A list of persons whose export privileges are currently denied, in whole or in part. Any dealings with a party on this list are not possible without first obtaining a valid export license.

Dual-use items

Items classified by the Commerce Control List (CCL) that have both commercial/civil and military or proliferation applications.

ECCN (Export Classification Control Number)

Numbering system which identifies individual categories of items on the Commerce Control List (CCL). The ECCN determines the level of control applicable to the item.

It is a five digit alpha/numeric character classification system used to determine U.S. export licensing requirements for hardware products software (D) and technology (E).

Embargo

The current countries under US embargo or US sanctions are: Cuba , Iran , Myanmar , North Korea , Sudan and Syria .

An individual export license is required before entering into any sort of business with a national from those countries or for any shipment to those countries.

Encryption items

These are items (hardware, software and/or technology) that contain encryption features.

Those items are used in order to provide capability of encryption (ciphering) functions or confidentiality of information.

ENC Country group

The following countries are part of the ENC Country group:

Austria, Australia, Belgium, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.

End-Use

Detailed description of how Cisco product will be used by the end customer. When completing an end use statement, describe in detail the customer's intent in using the product. For example, is the equipment intended to enhance or build out an existing network or to build a new network infrastructure? How is the network connected to existing infrastructure? Will Cisco equipment replace a competitor's equipment? What government agencies or other entities will have access to the equipment, or the network? What data will be passed over the network? Why is encryption required? How will the equipment be secured?

End-User

The person abroad that receives and ultimately uses the exported or reexported items.

The end-user is NOT a forwarding agent or intermediary, but may be the purchaser or ultimate consignee.

End-User Certificate

Document to be completed and signed by the end-user confirming that the equipment is well received and installed.

Export License

Authority issued by the Bureau of Industry and Security authorizing an export, reexport, or other regulated activity. The term “license” does not include authority represented by a “License Exception.”

ELA (Encryption Licensing Arrangement)

A license that allows the export of specified products to specified destinations in unlimited quantities. It can be limited to specified end-users for specified end-uses and may be subject to reporting requirements.

EPCI - Enhanced Proliferation Control Initiative.

The Presidential initiative announced in December 1990, upon which many Commerce non-proliferation controls are based, focusing specifically on missile technology and chemical, biological, and nuclear weapons. Although the 1990 EPCI announcement addressed both controls on items and end-use controls, the term is often used informally to specify the EPCI provision that requires an export license based upon what the exporter "knows" of the end-user or end-use, or upon what the exporter is "informed." See: EAR Part 744.

The form can be found at: http://www.cisco.com/wwl/export/forms/form_wa.html

Government end-user

Any foreign central, regional or local government department, agency, or other entity performing governmental functions; including governmental research institutions, governmental corporations or their separate business units which are engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List, and international governmental organizations.

Note that certain state owned enterprises qualify under license exception and as such are not subject to license requirements. Those enterprises are generally: utilities (including telecommunications companies and Internet service providers); banks and financial institutions; transportation; broadcast or entertainment; educational organizations; civil health and medical organizations; retail or wholesale firms; and manufacturing or industrial entities not engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List. All such end users may be required to submit a license application to verify the inclusion in the exception category. Written assurances should clearly indicate that the end user is a government controlled entity.

Intermediate consignee.

The person that acts as an agent for a principal party in interest for the purpose of effecting delivery of items to the ultimate consignee. The intermediate consignee may be a bank, forwarding agent, or other person who acts as an agent for the exporter of record.

License Exception

An authorization described in part 740 of the Export Administration Regulations (“EAR”) that allow an export or reexport, under stated conditions, items subject to the EAR that would otherwise require a license. Unless otherwise indicated, these License Exceptions are not applicable to exports under the licensing jurisdiction of agencies other than the Department of Commerce.

Mass-Market encryption

Commodities, Software, or Components (chips, ICs, some toolkits, some SDKs, some software modules) which are:

a. Generally available to the public by being sold, without restriction, from stock at retail selling points by means of any of the following:

1. Over-the-counter transactions;

2. Mail order transactions;

3. Electronic transactions; or

4. Telephone call transactions;

b. The cryptographic functionality cannot be easily changed by the user;

c. Designed for installation by the user without further substantial support by the

supplier; and

d. When necessary, details of the items are accessible and will be provided, upon request, to the appropriate authority in the exporter's country in order to ascertain compliance with conditions described in paragraphs (a) through (c) of this note.

List of MM product families can be viewed at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Pre-Shipment Inspection /Pre-license Affidavits

As a condition of an export license, the Office of Export Enforcement (“OEE”), or another Federal agency, may require that commodities authorized to export be inspected prior to shipment. The process involves moving the commodities to a pre-determined staging point where representatives of OEE inspect, record, and on occasion test the equipment and review shipping documents associated with the transaction. Once the inspection is complete, the equipment can be shipped to its final destination. There is a considerable amount of time and effort required to move and consolidate the equipment from multiple manufacturing sites and Logistics Centers. This, along with the challenges of scheduling an inspection date that is suitable with OEE, makes for considerable delays before an inspection can be conducted. Customers are notified of a pre-shipment inspection requirement when they are notified of the approval of the export license. No prior warnings are given that a pre-shipment inspection is required so be advised of this potential delay when discussing export compliance issues with your customer.

Post-Shipment Verification / All products shipped under license or license exception are subject to post shipment verification. The U.S. Department of Commerce has reached agreement with all recognized trading partners allowing agents of the U.S. government to confirm that goods shipped under license exception or license are in fact in use as specified by the exporter, and that all conditions attached to a license are being complied with by the end user. Customers must be made aware that all exports are subject to verification and that they have a duty to comply with requests for inspection.

U.S. Principal Party in Interest (Exporter of record).

The person in the United States at the time of export, who derives the principal monetary benefit of the transaction. Note that though a principal may be listed as USPPI, they may not in fact be the exporter of record in the transaction.

Generally, the principals in a transaction are the seller and the buyer.

In most cases, the forwarding or other agent is NOT a principal party in interest.

STELA (System for Tracking Export License Applications)

The Bureau of Industry and Security's automated telephone voice response system that provides the status of license applications. To obtain a status update, dial (202) 482-2752 and enter the Application Control Number (seven digit number beginning with the letter “Z”). STELA will provide the current status of the license application including a listing of agencies that are reviewing the license application. STELA is generally available during Eastern Standard Time.

Restricted Encryption Products

Commodities, Software, or Components (chips, ICs, some toolkits, some SDKs, some software modules) which meet one or more of the criteria listed in Section 740.17 (b )(2)(iii) of the U.S. Export Administration Regulations. This includes (but is not limited to):

•  Network infrastructure items providing secure Wide Area Network (WAN), Metropolitan Area Network (MAN), Virtual Private Network (VPN), satellite, cellular or trunked communications with key lengths exceeding 64-bits for symmetric algorithms, and meeting any one of the following:

( 1 ) Aggregate encrypted throughput greater than 44 Mbps.; or

( 2 ) Wire (line), cable or fiber-optic WAN, MAN or VPN single-channel input data rate exceeding 44 Mbps; or

( 3 ) Maximum number of concurrent encrypted data tunnels or channels exceeding 250; or

( 4 ) Air-interface coverage (e.g., through base stations, access points to mesh networks, bridges, etc.) exceeding 1,000 meters, where any of the following applies:

( i ) Maximum data rates exceeding 5 Mbps (at operating ranges beyond 1,000 meters); or

( ii ) Maximum number of concurrent full-duplex voice channels exceeding 30 ; or

( iii ) Substantial support is required for installation or use.

•  Encryption commodities or software that have:

( 1 ) Been modified or customized for government end-user(s) or government end-use ( e . g . to secure departmental, police, state security, or emergency response communications); or

( 2 ) Cryptographic functionality that has been modified or customized to customer

specification; or

( 3 ) Cryptographic functionality or “encryption component” that is user-accessible and can be easily changed by the user.

For more complete information please refer to the U.S. Export Administration Regulations: http://www.access.gpo.gov/bis/ear/ear_data.html

A list of product families that have been classified as Restricted can be viewed at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Unrestricted Encryption Products

Commodities, Software, or Components (chips, ICs, some toolkits, some SDKs, some software modules) which do not meet the criteria of Restricted and are also not eligible for Mass-Market classification. This frequently includes products that use encryption solely for securing network management data. It also includes products that encrypt network traffic but do not meet the speed, concurrent tunnel, or air-coverage thresholds for Restricted items.

A list of product families that have been classified as Unrestricted can be viewed at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Written Assurance

Written assurances must be completed by the end user of restricted commodities. Valid email and contact information is required. This form records a customer's acknowledgement of their responsibility and ability to comply with international laws pertaining to sanctioned uses, users, and territories. Regulatory Affairs retains the authority to require Written Assurances. The data submitted is reviewed for integrity, may be presented to the U.S. government, and archived for 10 years.

Back to the top


Toolbar
Updated November 10, 2006

All contents copyright © 1992--1999 Cisco Systems, Inc. Important Notices and Privacy Statement.