On December 26, 2019, the Department of State published in the Federal Register an interim final rule amending the International Traffic in Arms Regulations (ITAR) to define “activities that are not exports, reexports, retransfers, or temporary imports,” and specifically to clarify that the electronic transmission and storage of properly secured unclassified technical data via foreign communications infrastructure does not constitute an export. The rule also defines “access information” and revises the definition of “release” to address the provision of access information to an unauthorized foreign person.
September 1st marked an important date for companies affected by EAR and ITAR, as significant amendments to the definitions of both regulations went into effect. In a recent alert providing key takeaways on these changes to U.S. export controls, colleagues Nancy Fischer, Stephan Becker, Aaron Hutman, Benjamin Cote, Matthew Rabinowitz and Moushami Joshi discuss the Cloud, passwords and access information, modification technology and other changes that could impact international business, as well as revisions we are still waiting for.
Companies wishing to take advantage of the efficiencies of cloud computing face a dilemma—how to do so without running afoul of export controls? In a recent client alert, authors Christopher Wall and Sanjay Mullick examine how newly proposed regulations from the Directorate of Defense Trade Control (DDTC) and the Bureau of Industry and Security (BIS) could potentially solve this problem, allowing companies to store information on servers in foreign countries if that information is sufficiently encrypted. (And that’s an important “if.”)