Guest

Export and Contract Compliance - Global Export Trade

Export and Contract Compliance

Cisco products are controlled under the U.S. Export Administration Regulations and Wassenaar Arrangement as telecommunications/networking equipment within the following classifications: 5A991, 5D991, 5E991 5A992, 5D992, 5E992, 5A002, 5D002, and 5E002.

Although most Cisco products are subject to anti-terrorism controls, some items contain cryptographic features designed to prevent unauthorized access to network management functions and user data. Products classified under 5A002, 5D002, and 5E002 are subject to additional distribution use and user restrictions.

To determine a given product's classification, please visit Cisco's Public Export Product Data Tool.

A Cisco.com guest account is not required. You may search by several fields, including product number, product description, ECCN and CCATS number (among others).

General Export Overview

Many Cisco products are subject to export restrictions under U.S., EU and local law because they include encryption. A branch of the U.S. Department of Commerce known as the Bureau of Industry and Security regulates exports through the Export Administration Regulations (“EAR”). These regulations spell out export and re-export restrictions on a wide variety of goods, software, and technologies.

In the case of Cisco products containing encryption, Cisco reviews all of its products prior to export and classifies them in accordance with the U.S. EAR, well in advance of a product's release date. Once a review has been completed, products may become eligible for a particular license exception, such as ENC and this exception may then be used by other exporters, as provided by the U.S. EAR.

Cisco solutions and products containing encryption less than 56 bits (80 bits in the U.S.) may be delivered to most end users worldwide, except to entities or end users in the following countries: Cuba, Iran, North Korea, Sudan, Syria and the Crimea Region.

Cisco's encryption solutions and products containing encryption greater than 56 bits (80 in the U.S.) may be delivered to a wide variety of end users and destinations without having to apply for an individual export license.
Cisco's restricted solutions and products have undergone a one-time review by the U.S. government and qualify for License Exception ENC (15 CFR Part 740.17(b)(2)) of the U.S. EAR. Cisco's unrestricted solutions qualify for License Exception ENC (15 CFR Part 740.17(b)(1) or 740.17(b)(3)) of the U.S. EAR.

Under EU export control laws, both restricted and unrestricted encryption solutions and products can be exported within the EU to EU member states, but exports from the EU outside of the EU may require a license.

Mass market solutions and products normally do not require a license and under US, EU and most local laws, are exported from the US under the designation "NLR" (No License Required).

All transactions must undergo a compliance check to ensure that none of the parties to an order are listed on any applicable sanctioned or denied entity list.

Controlled Technologies

Cisco manages technology subject to the U.S. Export Administration Regulations (EAR) and the Wassenaar Arrangement.

These controlled technologies may include items under U.S. Export Control Classification Number (ECCN) 5E001 pertaining to - Optical switching. - Nonaggregated port-speed data transfer rates exceeding 560 Gbits/s and U.S. ECCN 5E002 cryptography. Total Digital Transfer Rates exceeding 560 Gbits/s - also known as high speed data transfer rate, or and U.S. ECCN 5E002 encryption technology.

Recipients of controlled technology are obliged to maintain adequate controls to prevent nationals from Country Groups D:1 or E:1 (listed here ) from accessing Cisco information, subject to ECCN 5E001 (optical switching, nonaggregated port-speed data transfer rates exceeding 560 Gbits/s), or nationals outside the U.S. and Canada from accessing Cisco information, subject to ECCN 5E002 without first obtaining U.S. government authorization. Notification to Cisco is required prior to placing nationals from Country Groups D:1 or E:1 at a Cisco site or on a project requiring collaboration with Cisco operations and/or employees where controlled technology will be accessed.

To request additional information on controlled technologies, please contact Cisco Global Export Trade (GET) get@cisco.com.

Defense Articles and Services

Defense articles, defense services, and technical data subject to control under defense laws and regulations (e.g., the International Traffic in Arms Regulations [ITAR]) may not be transferred to persons, whether located in the United States or abroad, without a valid license or agreement approved by the applicable government authority. For additional information regarding defense article and service controls, please visit http://www.pmddtc.state.gov/regulations_laws/itar.html.

To request additional information on ITAR, please email itar@external.cisco.com.

Civilian Solutions: Restricted, Unrestricted and Mass Market Encryption

Under US export and re-export control rules, Cisco's restricted, unrestricted and Mass Market encryption solutions may be exported or re-exported to most civilian/commercial and less sensitive government end users (for definition see part 772 of the EAR) located in all territories except the embargoed destinations and countries designated as supporting terrorist activities. The Countries listed in Part 746 of the EAR as embargoed destinations requiring a license are Cuba, Iran, North Korea, Sudan, Syria and the Crimea Region.

Under EU export control rules, exports of restricted and unrestricted items from the EU to civilian/commercial end users outside of the EU may require a license. US and EU rules allow Products and Solutions classified as mass market to be delivered to government, civilian, military, and commercial end users around the world except to entities or end users in embargoed countries and sanctioned territories. Local laws may vary.

Government Solutions: Restricted Encryption

Under US export and re-export control rules, Cisco's restricted encryption solutions may be exported or re-exported to many ‘less sensitive’ government entities located in all territories except the embargoed destinations and countries designated as supporting terrorist activities.
Certain government entities not located in the following countries may require a U.S. export license in order to obtain restricted encryption items:
Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom, United States.

Exports of restricted products and solutions from the EU to Government entities outside of the EU may also require an EU export license. Local laws may vary.

Government Solutions: Unrestricted and Mass Market Encryption

Under US export ands re-export controls, Cisco's unrestricted and Mass Market encryption solutions may be exported or re-exported to most government end users located in all territories except the embargoed destinations and countries designated as supporting terrorist activities. Countries listed in Part 746 of the EAR as embargoed destinations requiring a license are Cuba, Iran, North Korea, Sudan, Syria and the Crimea Region.

Exports of unrestricted products and solutions from the EU to government entities outside of the EU may require an EU export license. US and EU rules allow products and solutions classified as mass market to be delivered to government entities around the world except to entities or end users in embargoed countries and sanctioned territories. Local laws may vary.

Civilian or Government Solutions (56-bit or less)(80 bits in the U.S.)

Denied/Restricted Parties List

Cisco solutions and products may not be delivered to individuals or entities listed on the U.S. government's Denied/Restricted Parties List without first obtaining a license. Please review the U.S. Bureau of Industry and Security's Lists of Parties of Concern, at http://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern.

Delivery, Import, and Use

Delivery of Cisco cryptographic products does not imply third-party authority to import, distribute, or use restricted and non-restricted encryption.

  • Importers, distributors, customers, and users are responsible for compliance with U.S. and local country export/Import laws and regulations.
  • Cisco strongly recommends that importers, distributors, and users investigate such regulations prior to encryption product deployment.
  • Cisco encourages customers to contact their local freight forwarder, consultant, or an attorney with knowledge of international export requirements.

Prohibited Uses

Cisco Systems, Inc., commodities, software, and technical data may not be used directly or indirectly in uses inconsistent with its original design and intended application (e.g., communications and network management), including but not limited to the following activities without Cisco Global Export Trade authorization and applicable U.S. government authorization:

  1. Designing, developing, or fabricating nuclear weapons or nuclear explosive devices; or devising, carrying out, or evaluating nuclear tests or nuclear explosions.
  2. Designing, assisting in the design of, constructing, fabricating, or operating facilities for the chemical processing of irradiated special nuclear material, for the production of heavy water, for the separation of isotopes of any source and special nuclear material, or specially designed for the fabrication of nuclear reactor fuel containing plutonium.
  3. Designing, assisting in the design of, constructing, fabricating, furnishing, or modifying equipment for the fabrication of chemical or biological weapons, chemical precursors, viruses, viroids, bacteria, fungi, or protozoa.
  4. Designing, assisting in the design, construction, fabrication, or furnishing equipment for components specially designed, modified, or adapted for use in such facilities.
  5. Training personnel in any of the above activities.

Public Export Product Data (PEPD) Tool

You may locate ECCN (Export Control Classification Number), ANSSIs (formerly DCSSI), Encryption Strength, Encryption Status and CCATS (Commodity Classification Automated Tracking System) Number at the following URL -http://pepd.cloudapps.cisco.com/legal/export/pepd/Search.do

Trade Tool

You may use the Cisco Trade Tool to locate the Harmonized Tariff Schedule (HTS)/(Schedule B) and Country of Origin (by product serial number). The tool is available at http://tools.cisco.com/FinAdm/GCTA/servlet/ControllerServlet?action=QueryForm.

CCATS (Commodity Classification Automated Tracking System)

Cisco posts CCATS (G numbers) at the Public Export Product Data tool, available at http://pepd.cloudapps.cisco.com/legal/export/pepd/Search.do.

Introduction to Commerce Department Export Controls

The U.S. Commerce Department's Bureau of Industry and Security Website provides U.S. export guidance at https://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl.

Re-Export of Cisco items

Non-U.S. and U.S. companies re-exporting Cisco products or technology must comply with both their local export regulations and with the U.S. re-export regulations. Guidance regarding re-exports and other offshore transactions involving U.S. origin Items can be found at https://www.bis.doc.gov/index.php/licensing/reexports-and-offshore-transactions.

Cisco Software Delivery

Delivery of Cisco software is as much an export as any product shipped in a box. These exports have to be properly screened and go through export checks just like every other product that Cisco sells or distributes.

For this reason hand carry of software is not permitted.

The Software Center supports the use of two publishing tools available for use from within Cisco Systems, Inc. -The SIPS and SPRIT applications are approved for use by the Software Center.

Additional information can be found on the web by following the links provided. Additionally, there are two alternative publishing tools that allow Cisco to provide software to customers under special circumstances. These are: Special File Access Publishing and File Exchange Publishing. Usage and their application can be found by following the links provided.

For the purposes of this document, public access to software is categorized as “Anonymous Access” and, as described in this policy, anonymous is not supported by the Export compliance policy guidelines for qualifying software.

Cisco’s cryptographic software distribution policy is to streamline delivery of software to customers and help automate the download process. We are also continuosly adjusting our policy to comply with changes to US government export regulations. The following are the only approved methods of delivering or providing software to customers, users, or development partners. -

Export laws and regulations require Cisco to screen customers to determine if they are eligible to download cryptographic images.
Software export checks are performed when a user provides name and all required information and along with their agreement to follow export control laws.

Strong cryptographic software must be downloaded through the Software Center downloads area on the Cisco Software Center (requires Cisco.com account), or via the Special File Access tool. The Special File Access tool would typically be used when a TAC engineer publishes a special software image for a customer, which isn't available on Software Center.

Customers can gain access by completing the Encryption Form when prompted during the download process. The user will be prompted to complete the Encryption Entitlement Form the first time they select a strong cryptographic image in the Cisco Software Center and then once yearly thereafter. The ability to download cryptographic images is wholly dependent on this form and cannot be accomplished without completing it.

The first time you try to download cryptographic software, you will be automatically prompted to complete this form. If you do not successfully complete this form, or fail to meet the criteria specified by export regulations, you will be unable to download cryptographic software from Cisco.com. If you require assistance contact web-help@cisco.com.