[Federal Register Volume 80, Number 106 (Wednesday, June 3, 2015)]
[Proposed Rules]
[Pages 31505-31520]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-12843]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

Bureau of Industry and Security

15 CFR Parts 734, 740, 750, 764, and 772

[Docket No. 141016858-5228-01]
RIN 0694-AG32


Revisions to Definitions in the Export Administration Regulations

AGENCY: Bureau of Industry and Security, Commerce.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This proposed rule is part of the Administration's Export 
Control Reform Initiative. The Initiative will enhance U.S. national 
and economic security, facilitate compliance with export controls, 
update the controls, and reduce unnecessary regulatory burdens on U.S. 
exporters. As part of this effort, this rulemaking proposes revisions 
to the Export Administration Regulations (EAR) to include the 
definitions of ``technology,'' ``required,'' ``peculiarly 
responsible,'' ``proscribed person,'' ``published,'' results of 
``fundamental research,'' ``export,'' ``reexport,'' ``release,'' 
``transfer,'' and ``transfer (in-country)'' to enhance clarity and 
consistency with terms also found on the International Traffic in Arms 
Regulations (ITAR), which is administered by the Department of State, 
Directorate of Defense Trade Controls (DDTC). This rulemaking also 
proposes amendments to the Scope part of the EAR to update and clarify 
application of controls to electronically transmitted and stored 
technology and software. DDTC is concurrently publishing comparable 
proposed amendments to the ITAR's definitions of ``technical data,'' 
``required,'' ``peculiarly responsible,'' ``public domain,'' results of 
``fundamental research,'' ``export,'' ``reexport,'' ``release,'' and 
``retransfer'' for the same reasons. Finally, this rulemaking proposes 
conforming changes to related provisions.

DATES: Comments must be received by August 3, 2015.

ADDRESSES: Comments may be submitted to the Federal rulemaking portal 
(http://www.regulations.gov). The regulations.gov ID for this proposed 
rule is: [BIS-2015-0019]. Comments may also be submitted via email to 
publiccomments@bis.doc.gov or on paper to Regulatory Policy Division, 
Bureau of Industry and Security, Room 2099B, U.S. Department of 
Commerce, Washington, DC 20230. Please refer to RIN 0694-AG32 in all 
comments and in the subject line of email comments. All comments 
(including any personally identifying information) will be made 
available for public inspection and copying.

FOR FURTHER INFORMATION CONTACT: Hillary Hess, Director, Regulatory 
Policy Division, Office of Exporter Services, Bureau of Industry and 
Security at 202-482-2440 or rpd2@bis.doc.gov.

SUPPLEMENTARY INFORMATION: 

Background

    This proposed rule is part of the Administration's Export Control 
Reform (ECR) Initiative. The Initiative will enhance U.S. national and 
economic security, facilitate compliance with export controls, update 
the controls, and reduce unnecessary regulatory burdens on U.S. 
exporters. As part of this effort, this rulemaking proposes revisions 
to the Export Administration Regulations (EAR) to include the 
definitions of ``technology,'' ``required,'' ``peculiarly 
responsible,'' ``proscribed person,'' ``published,'' results of 
``fundamental research,'' ``export,'' ``reexport,'' ``release,'' 
``transfer,'' and ``transfer (in-country)'' to enhance clarity and 
ensure consistency with the International Traffic in Arms Regulations 
(ITAR), which is administered by the Department of State, Directorate 
of Defense Trade Controls (DDTC). This rulemaking also proposes 
amendments to the Scope part of the EAR to update and clarify 
application of controls to electronically transmitted and stored 
technology and software. The DDTC is concurrently publishing comparable 
proposed amendments to the ITAR's definitions of ``technical data,'' 
``required,'' ``peculiarly responsible,'' ``public domain,'' results of 
``fundamental research,'' ``export,'' ``reexport,'' ``release,'' and 
``retransfer'' for the same reasons. Finally, this rulemaking proposes 
conforming changes to related provisions.
    One aspect of the ECR Initiative includes amending the export 
control regulations to facilitate enhanced compliance while reducing 
unnecessary regulatory burdens. For similar national security, foreign 
policy, including human rights, reasons, the EAR and the ITAR each 
control, inter alia, the export, reexport, and in-country transfer of 
commodities, products or articles, technology, technical data, 
software, and services to various destinations, end users, and end 
uses. The two sets of regulations have been issued pursuant to 
different statutes, have been administered by different agencies with 
missions that are distinct from one another in certain respects, and 
have covered different items (or articles). For those reasons, and 
because each set of regulations has evolved separately over decades 
without much coordination between the two agencies regarding

[[Page 31506]]

their structure and content, they often use different words, or the 
same words differently, to accomplish similar regulatory objectives.
    Many parties are regulated by both the Commerce Department's EAR 
and the State Department's ITAR, particularly now that regulatory 
jurisdiction over many types of military items has been transferred 
from the ITAR to the EAR. Using common terms and common definitions to 
regulate the same types of items or actions is intended to facilitate 
enhanced compliance and reduce unnecessary regulatory burdens. 
Conversely, if different concerns between the two sets of export 
control regulations warrant different terms or different controls, then 
the differences should be clear for the same reason. Such clarity will 
benefit national security because it will be easier for exporters to 
know how to comply with the regulations and for prosecutors to be able 
to prosecute violations of the regulations. Such clarity will also 
enhance our economic security because it will reduce unnecessary 
regulatory burdens for exporters when attempting to determine the 
meaning of key words and phrases across similar sets of regulations. 
Finally, such harmonization and clarification is a necessary step 
toward accomplishing one of the ultimate objectives of the ECR 
initiative, which is the creation of a common export control list and 
common set of export control regulations.
    BIS and DDTC have identified a series of similar terms in the EAR 
and the ITAR that are defined differently and that warrant either 
harmonization or the creation of similar structures that would identify 
more clearly the differences in how similar concepts are treated under 
the EAR and the ITAR. The proposed revisions to these terms are 
generally not intended to materially increase or decrease their 
existing scope. In particular, BIS and DDTC will continue to maintain 
their long-standing positions that ``published'' (or ``public domain'') 
information and the results of ``fundamental research'' are excluded 
from the scope of ``technology'' subject to the EAR and the ITAR's 
``technical data.'' Rather, the proposed changes are designed to 
clarify and update BIS policies and practices with respect to the 
application of the terms and to allow for their structural 
harmonization with their counterparts in the ITAR.
    Harmonizing definitions does not mean making them identical. For 
example, under the EAR, technology may be ``subject to'' or ``not 
subject to the EAR.'' Technical data under the ITAR is subject to those 
regulations by definition. While the two terms have substantial 
commonality, they remain different terms used in different ways. This 
rulemaking proposes that, to the extent possible, similar definitions 
be harmonized both substantively and structurally. Substantive 
harmonization will mean using the same words for the same concepts 
across the two sets of regulations. Structural harmonization will mean 
setting forth similar definitions in a paragraph order that renders 
their similarities and differences clearly visible. This structural 
harmonization may require reserving certain paragraphs in an EAR 
definition if the corresponding paragraph does not exist in the ITAR 
definition, or vice versa.
    A side-by-side comparison on the regulatory text proposed by both 
Departments is available on both agencies' Web sites: 
www.pmddtc.state.gov and www.bis.doc.gov.

Scope of the Export Administration Regulations

    An interim rule entitled ``Export Administration Regulation; 
Simplification of Export Administration Regulations'' (61 FR 12714) 
published March 25, 1996, established part 734, Scope of the Export 
Administration Regulations. The interim rule stated that part 734 
``establishes the rules for determining whether commodities, software, 
technology, software, and activities of U.S. and foreign persons are 
subject to the EAR.'' (61 FR at 12716) This rulemaking proposes to 
streamline and clarify part 734 while retaining its purpose and scope 
of control.

Items Subject to the EAR

    Section 734.2, currently titled ``Important EAR terms and 
principles,'' contains two sets of important definitions: A definition 
and description of ``subject to the EAR,'' and definitions of export, 
reexport, and a number of associated terms. This rulemaking proposes to 
retitle the section ``Subject to the EAR,'' retain the definition and 
description of that term, and create separate sections in part 734 to 
define ``export,'' ``reexport,'' ``release,'' and ``transfer (in-
country),'' which will be described in greater detail below. This 
rulemaking proposes to remove current Sec.  734.2(b)(7) regarding the 
listing of foreign territories and possessions in the Commerce Country 
Chart (Supplement No. 1 to part 738) because it duplicates current 
Sec.  738.3(b).

Items Not Subject to the EAR

    Section 734.3(a) describes items (i.e., commodities, software, or 
technology) subject to the EAR. Paragraph (b) describes items that are 
not subject to the EAR. This rulemaking proposes minor revisions to 
paragraph (b)(3), which describes software and technology that is not 
subject to the EAR, to describe more fully educational and patent 
information that is not subject to the EAR, and to add a note to make 
explicit that information that is not ``technology'' as defined in the 
EAR is per se not subject to the EAR. These changes are part of an 
effort to make more clear throughout the EAR that ``technology'' is a 
subset of ``information.'' Only information that is within the scope of 
the definition of ``technology'' is subject to the EAR. If information 
of any sort is not within the scope of the definition of 
``technology,'' then it is not subject to the EAR. This proposed rule 
makes no changes to the notes to paragraphs (b)(2) and (b)(3) that a 
printed book or other printed material setting forth encryption source 
code is not itself subject to the EAR, but that encryption source code 
in electronic form or media remains subject to the EAR. It also makes 
no changes to the note that publicly available encryption object code 
software classified under ECCN 5D002 is not subject to the EAR when the 
corresponding source code meets the criteria specified in Sec.  
740.13(e) of the EAR. (See proposed corresponding revisions to Sec.  
120.6(b) of the ITAR.)

Published Technology and Software

    Current Sec.  734.7 sets forth that technology and software is 
``published'' and thus not subject to the EAR when it becomes generally 
accessible to the interested public in any form, including through 
publication, availability at libraries, patents, and distribution or 
presentation at open gatherings.
    This rulemaking proposes a definition of ``published'' with the 
same scope but a simpler structure. The proposed Sec.  734.7(a) reads: 
``Except as set forth in paragraph (b), ``technology'' or ``software'' 
is ``published'' and is thus not ``technology'' or ``software'' subject 
to the EAR when it is not classified national security information and 
has been made available to the public without restrictions upon its 
further dissemination. This proposed definition is substantially the 
same as the wording of definitions adopted by the multilateral export 
control regimes of which the United States is a member: The Wassenaar 
Arrangement, Nuclear Suppliers Group, Missile Technology Control 
Regime, and Australia Group. The phrase ``classified national security 
information'' refers to information that has been classified in 
accordance with Executive Order 13526, 75 FR 707; 3

[[Page 31507]]

CFR 201 Comp., p. 298. The phrasing following the definition quoted 
above (``such as through'') means that the list that follows consists 
of representative examples taken from the list of such things that are 
in both the ITAR and the EAR and merged together. This is not an 
exhaustive list of published information. Section 734.7(b) keeps 
certain published encryption software subject to the EAR, a restriction 
currently found in Sec.  734.7(c). BIS believes that the proposed 
revised section is easier to read and that the list of examples is 
easier to update than current text. The relevant restrictions do not 
include copyright protections or generic property rights in the 
underlying physical medium. (See proposed corresponding revisions to 
``public domain'' in Sec.  120.11 of the ITAR.)

Fundamental Research

    The current Sec.  734.8 excludes most information resulting from 
fundamental research from the scope of the EAR. The section is 
organized primarily by locus, specifically by the type of organization 
in which the research takes place. This proposed rule would revise 
Sec.  734.8, but it is not intended to change the scope of the current 
Sec.  734.8. The proposed revisions streamline the section by 
consolidating different provisions that involve the same criteria with 
respect to prepublication review, removing reference to locus unless it 
makes a difference to the jurisdictional status, and adding clarifying 
notes. The proposed revisions also consistently use the description 
``arises during or results from fundamental research'' to make clear 
that technology that arises prior to a final result is subject to the 
EAR unless it otherwise meets the provisions of Sec.  734.8. Comments 
regarding whether the streamlined Sec.  734.8 text is narrower or 
broader in scope than the current text in Sec.  734.8 are encouraged.
    Proposed notes clarify that technology initially transferred to 
researchers, e.g., by sponsors, may be subject to EAR, and that 
software and commodities are not ``technology resulting from 
fundamental research.'' Additional notes clarify when technology is 
``intended to be published,'' as it must be in order to be not subject 
to the EAR pursuant to this section.
    Issued in 1985, National Security Decision Directive (NSDD)-189 
established a definition of ``fundamental research'' that has been 
incorporated into numerous regulations, internal compliance regimes, 
and guidance documents. Therefore, in this rulemaking, BIS has proposed 
a definition of ``fundamental research'' that is identical to that in 
NSDD-189. However, BIS solicits comment on a simpler definition that is 
consistent with NSDD-189, but not identical. Specifically, the 
alternative definition would read: ```Fundamental research' means non-
proprietary research in science and engineering, the results of which 
ordinarily are published and shared broadly within the scientific 
community.'' BIS believes that the scope of this wording is the same as 
that of the wording in NSDD-189 and seeks comment on whether the final 
rule should adopt the simpler wording.
    The proposed definition of ``fundamental research'' includes 
references to ``basic'' and ``applied'' research. For clarity, this 
rulemaking proposes definitions of those terms. The definition of 
``basic research'' in proposed Sec.  734.8 is that currently defined in 
the EAR (Sec.  772.1), and in the Wassenaar Arrangement's General 
Technology Note as ``basic scientific research.'' The proposed 
definition of ``applied research'' was drawn from the Defense Federal 
Acquisition Regulation Supplement (48 CFR part 31.205-18). A possible 
alternative definition of applied research is that found in the 2014 
Office of Management and Budget Circular A-11: ``Systematic study to 
gain knowledge or understanding necessary to determine the means by 
which a recognized and specific need may be met.'' (See proposed 
corresponding Sec.  120.49 of the ITAR.)

Educational Information

    Current Sec.  734.9 states that educational information released by 
instruction in a catalog course or associated teaching laboratory of an 
academic institution is not subject to the EAR. This rulemaking 
proposes moving this exclusion to Sec.  734.3(b) and removing Sec.  
734.9. This proposed rule is not intended to change the scope of the 
current Sec.  734.9.

Patents

    This rulemaking proposes to revise current Sec.  734.10, ``Patent 
applications,'' for clarity. For example, instead of an internal cross-
reference to the section of the EAR identifying items not subject to 
the EAR the revised section directly states that ``technology'' is not 
``subject to the EAR'' if it is contained in the patent-related 
documents described in the section. For the sake of structural 
consistency with the ITAR's treatment of information in patents, 
paragraph (a)(1) is added to state that a patent or an open (published) 
patent application available from or at any patent office is per se not 
subject to EAR. The proposed revisions do not, however, change the 
scope of current Sec.  734.10. The existing footnote to the current 
Sec.  734.10 is removed because it would be redundant of the proposed 
text.

Specific National Security Controls

    This rulemaking proposes minor conforming edits to current Sec.  
734.11, which describes specific national security controls. The 
proposed revisions do not change the scope of current Sec.  734.11. As 
described below, this rulemaking proposes to remove Supplement No. 1 to 
part 734, ``Questions and Answers--Technology and Software Subject to 
the EAR.'' Questions and answers are illustrative rather than 
regulatory and are thus more appropriately posted as Web site guidance 
than published as regulatory text.

Export

    In Sec.  734.2(b) of the current EAR, there are definitions of 
export, export of technology or software, and export of encryption 
source code and object code software. Section 772.1 also defines 
``export'' as follows: ``Export means an actual shipment or 
transmission of items out of the United States.'' This rulemaking 
proposes to consolidate the definitions of ``export'' and ``export of 
technology and software,'' while moving ``export of encryption source 
code and object code software'' to a new Sec.  734.13.
    Proposed Sec.  734.13(a) would have six paragraphs. Paragraphs 
(a)(4) and (5) would be reserved. The corresponding paragraphs in the 
ITAR would contain provisions that are not relevant to the EAR.
    Proposed paragraph (a)(1) of the definition of ``export'' uses the 
EAR terms ``actual shipment or transmission out of the United States,'' 
combined with the existing ITAR ``sending or taking an item outside the 
United States in any manner.''
    Paragraph (a)(2), specifying the concept of transfer or release of 
technology to a foreign national in the United States, or ``deemed 
export,'' reflects the long-standing BIS practice of treating software 
source code as technology for deemed export purposes.
    Paragraph (a)(3) includes in the definition of ``export'' 
transferring by a person in the United States of registration, control, 
or ownership (i) of a spacecraft subject to the EAR that is not 
eligible for export under License Exception STA (i.e., spacecraft that 
provide space-based logistics, assembly or servicing of any spacecraft) 
to a person in or a national of any other country, or (ii) of any other 
spacecraft subject to the EAR to a person in or a national of a Country 
Group D:5 country.

[[Page 31508]]

    Paragraphs (a)(4) and (a)(5) remain reserved, reflecting 
placeholders. The ITAR's parallel proposed provisions would control 
transfers to embassies within the United States and defense services. 
Neither topic is relevant to the EAR.
    Paragraph (a)(6) defines as an export the release or other transfer 
of the means of access to encrypted data. This is intended to 
complement the exclusion of certain encrypted data from the definition 
of export, specified in proposed Sec.  734.18(a)(4) and discussed 
below. Logically, providing the means to decrypt or otherwise access 
controlled technology or software that is encrypted should constitute a 
controlled event to the same extent as releasing or otherwise 
transferring the unencrypted controlled technology or software itself. 
Upon transfer of the means of access to encrypted technology or 
software, the technology or software would acquire the classification 
and control status of the underlying technology or software, as 
specified in proposed Sec.  764.2(l). The meaning of ``clear text'' in 
the proposed definition is no different than an industry standard 
definition, e.g., information or software that is readable without any 
additional processing and is not encrypted. Comments are encouraged 
regarding whether a specific EAR definition of the term is warranted 
and, if so, what the definition should be.
    Paragraph (a)(6) of export and paragraph (a)(4) of reexport in this 
proposed rule and the DDTC companion proposed rule present different 
formulations for this control and the agencies request input from the 
public on which text more clearly describes the control. The agencies 
intend, however, that the act of providing physical access to unsecured 
``technical data'' (subject to the ITAR) will be a controlled event. 
The mere act of providing physical access to unsecured ``technology'' 
(subject to the EAR) will not, however, be a controlled event unless it 
is done with ``knowledge'' that such provision will cause or permit the 
transfer of controlled ``technology'' in clear text or ``software'' to 
a foreign national.
    This provision is not confined to the transfer of cryptographic 
keys. It includes release or other transfer of passwords, network 
access codes, software or any other information that the exporter 
``knows'' would result in the unauthorized transfer of controlled 
technology. As defined in current Sec.  772.1 of the EAR, ``knowledge'' 
includes not only positive knowledge that a circumstance exists or is 
substantially certain to occur, but also an awareness of a high 
probability of its existence or future occurrence.
    Paragraph (b) of Sec.  734.13 would retain BIS's deemed export rule 
as set forth in current Sec.  734.2(b). It would also codify a long-
standing BIS policy that when technology or source code is released to 
a foreign national, the export is ``deemed'' to occur to that person's 
most recent country of citizenship or permanent residency. See, e.g., 
71 FR 30840 (May 31, 2006).
    Paragraph (c) would state that items that will transit through a 
country or countries or will be transshipped in a country or countries 
to a new country, or are intended for reexport to the new country are 
deemed to be destined to the new country. This provision would be moved 
without change from current Sec.  734.2(b)(6).

    (See proposed corresponding revisions to Sec.  120.17 of the 
ITAR.)

Reexport

    The current definitions of reexport and reexport of technology or 
software in Sec.  734.2(b) are shipment or transmission of items from 
one foreign country to another foreign country, and release of 
technology or source code to a foreign national ``of another country.'' 
This rulemaking proposes to move the definition of ``reexports'' to new 
Sec.  734.14. In general, the provisions of the proposed definition of 
reexport parallel those of the proposed definition of export discussed 
above, except that reexports occur outside of the United States. 
Paragraphs (a)(1) and (a)(2) mirror the current definition but divide 
it into two paragraphs so that one paragraph pertains to actual 
reexports and another paragraph is specific to deemed reexports. 
Paragraph (a)(3) expands on the existing reference to transfer of 
registration or operational control over satellites in the definition 
of reexport in Sec.  772.1 to include transferring by a person outside 
the United States of registration, control, or ownership (i) of a 
spacecraft subject to the EAR that is not eligible for reexport under 
License Exception STA (i.e., spacecraft that provide space-based 
logistics, assembly or servicing of any spacecraft) to a person in or a 
national of any other country, or (ii) of any other spacecraft subject 
to the EAR to a person in or a national of a Country Group D:5 country. 
Paragraph (a)(4) mirrors the proposed addition in the definition of 
``export'' of the concept that releasing or otherwise transferring, in 
this case, outside the United States, the means to transfer to a 
foreign national controlled technology or software in readable form 
constitutes a ``reexport.'' (See proposed corresponding Sec.  120.19 of 
the ITAR.)

Release

    This provision changes the existing definition of ``release'' in 
Sec.  734.2(b)(3) and adds it to new Sec.  734.15. Notably, while 
existing text provides that ``visual inspection'' by itself constitutes 
a release of technical data or source code, the proposed text provides 
that such inspection (including other types of inspection in addition 
to visual, such as aural or tactile) must actually reveal controlled 
technology or source code. Thus, for example, merely seeing an item 
briefly is not necessarily sufficient to constitute a release of the 
technology required, for example, to develop or produce it. This 
rulemaking proposes adding ``written'' to current ``oral exchanges'' as 
a means of release.
    The proposed text also clarifies that the application of 
``technology'' and ``software'' is a ``release'' in situations where 
U.S. persons abroad use personal knowledge or technical experience 
acquired in the United States in a manner that reveals technology or 
software to foreign nationals. This clarification makes explicit a 
long-standing EAR interpretation. This provision complements proposed 
new Sec.  120.9(a)(5) of the ITAR, which would include in the 
definition of ``defense service'' the furnishing of assistance 
(including training) to the government of a country listed in Sec.  
126.1 of the ITAR in the development, production, operation, 
installation, maintenance, repair, overhaul or refurbishing of a 
defense article or a part, component, accessory or attachment specially 
designed for a defense article. The proposed definition does not use 
the existing phrase ``visual inspection by foreign nationals of U.S.-
origin equipment and facilities'' because such inspections do not per 
se release ``technology.'' For example, merely seeing equipment does 
not necessarily mean that the seer is able to glean any technology from 
it and, in any event, not all visible information pertaining to 
equipment is necessarily ``technology'' subject to the EAR. (See 
proposed corresponding Sec.  120.50 of the ITAR.)

Transfer (In-Country)

    The current definition of transfer (in-country) is the ``shipment, 
transmission, or release of items subject to the EAR from one person to 
another person that occurs outside the United States within a single 
foreign country'' (Sec.  772.1). There is no difference between this 
phrase and the phrase ``in-country transfer'' that is used in the EAR. 
Variations in the use of the term will be harmonized over time.

[[Page 31509]]

    This proposed rule would remove the definition from Sec.  772.1 and 
add a revised definition to new Sec.  734.16. This rulemaking proposes: 
``a transfer (in-country) is a change in end use or end user of an item 
within the same foreign country.'' This revision eliminates any 
potential ambiguity regarding whether a change in end use or end user 
within a foreign country is or is not a ``transfer (in-country).'' This 
new text would parallel the term ``retransfer'' in the ITAR. (See 
proposed corresponding definition of retransfer in Sec.  120.51 of the 
ITAR.)

Export of Encryption Source Code and Object Code Software

    Proposed new Sec.  734.17, export of encryption source code and 
object code software, would retain the text of Sec.  734.2(b)(9). It 
would be moved to this section with only minor conforming and 
clarifying edits so that it is under the section of the regulations 
that would define when such an ``export'' occurs rather than under the 
existing ``important EAR terms and principles.'' Describing when an 
export occurs in the ``export of encryption source code and object code 
software'' section of the regulations is more clear than under a 
general ``important EAR terms and principles'' heading.

Activities That Are Not Exports, Reexports, or Transfers

    Proposed new Sec.  734.18 gathers existing EAR exclusions from 
exports, reexports, and transfers into a single provision, and includes 
an important new provision pertaining to encrypted technology and 
software.
    Paragraph (a)(1) reflects that by statute, launching a spacecraft, 
launch vehicle, payload, or other item into space is not an export. See 
51 U.S.C. 50919(f).
    Paragraph (a)(2), based on existing text in Sec.  734.2(b)(2)(ii), 
would state that the release in the United States of technology or 
software to U.S. nationals, permanent residents, or protected 
individuals is not an export.
    Paragraph (a)(3) would move from current Sec.  734.2(b)(8) text 
stating that shipments between or among the states or possessions of 
the United States are not ``exports'' or ``reexports.'' The word 
``moving'' and `transferring'' were inserted next to ``shipment'' in 
order to avoid suggesting that the only way movement between or among 
the states or possessions would not be a controlled event was if they 
were ``shipped.''
    Paragraph (a)(4) establishes a specific carve-out from the 
definition of ``export'' the transfer of technology and software that 
is encrypted in a manner described in the proposed section. Encrypted 
information--i.e., information that is not in ``clear text''--is not 
readable, and is therefore useless to unauthorized parties unless and 
until it is decrypted. As a result, its transfer in encrypted form 
consistent with the requirements of paragraph (a)(4) poses no threat to 
national security or other reasons for control and does not constitute 
an ``actual'' transmission of ``technology'' or ``software.'' 
Currently, neither the EAR nor the ITAR makes any distinction between 
encrypted and unencrypted transfers of technology or software for 
control or definitional purposes.
    This section specifies the conditions under which this part of the 
definition would apply. An important requirement is that the technology 
or software be encrypted ``end-to-end,'' a phrase that is defined in 
paragraph (b). The intent of this requirement is that relevant 
technology or software is encrypted by the originator and remains 
encrypted (and thus not readable) until it is decrypted by its intended 
recipient. Such technology or software would remain encrypted at every 
point in transit or in storage after it was encrypted by the originator 
until it was decrypted by the recipient.
    BIS understands that end-to-end encryption is not used in all 
commercial situations, particularly when encryption is provided by 
third party digital service providers such as cloud SaaS (software as a 
service) providers and some email services. However, in many such 
situations, technology or software may be encrypted and decrypted many 
times before it is finally decrypted and read by the intended 
recipient. At these points, it is in clear text and is vulnerable to 
unauthorized release. BIS considered this an unacceptable risk and 
therefore specified the use of end-to-end encryption as part of the 
proposed definition. A key requirement of the end-to-end provision is 
to ensure that no non-US national employee of a domestic cloud service 
provider or foreign digital third party or cloud service provider can 
get access to controlled technology or software in unencrypted form.
    Paragraph (a)(4)(iii) describes encryption standards for purposes 
of the definition. In this proposed rule, use of encryption modules 
certified under the Federal Information Processing Standard 140-2 (FIPS 
140-2), supplemented by appropriate software implementation, 
cryptographic key management and other procedures or controls that are 
in accordance with guidance provided in current U.S. National Institute 
for Standards and Technology publications, would qualify as sufficient 
security. FIPS 140-2 is a well understood cryptographic standard used 
for Federal Government procurement in the United States and Canada, as 
well as for many other uses, both in the United States and abroad. 
However, BIS understands that companies may use hardware and software 
that has not been certified by NIST or that does not conform to NIST 
guidelines (e.g., for internal use or conforming to other standards). 
To accommodate this, this paragraph allows for use of ``similarly 
effective cryptographic means,'' meaning that alternative approaches 
are allowable provided that they work. In such cases, the exporter is 
responsible for ensuring that they work. In contrast, the corresponding 
definition proposed by DDTC makes FIPS 140-2 conformity a baseline 
requirement. Hardware and software modules must be certified by NIST, 
and NIST key management and other implementation standards must be 
used. Alternatives are not permitted regardless of effectiveness.
    This paragraph also specifically excludes from the definition 
technology and software stored in countries in Country Group D:5 and 
Russia for foreign policy reasons in light of the embargoes and 
policies of presumptive denial now in place with respect to such 
countries.
    Logically, providing keys or other information that would allow 
access to encrypted technology or software should be subject to the 
same type of controls as the actual export, reexport, or transfer of 
the technology or software itself. This is specifically addressed in 
the proposed Sec.  734.13(a)(6) as part of the definition of 
``export.'' In addition, the proposed Sec.  764.2(1) states that for 
enforcement purposes such an unauthorized release will constitute a 
violation to the same extent as a violation in connection with the 
actual export, reexport, or transfer (in-country) of the underlying 
``technology'' or ``software.''
    Paragraph (c) confirms that the mere ability to access 
``technology'' or ``software'' while it is encrypted in a manner that 
satisfies the requirements in the section does not constitute the 
release or export of such ``technology'' or ``software.'' This responds 
to a common industry question on the issue. (See proposed corresponding 
Sec.  120.52 of the ITAR.)

Activities That Are Not Deemed Reexports

    Proposed Sec.  734.20, activities that are not deemed reexports, 
merely codifies

[[Page 31510]]

BIS's interagency-cleared Deemed Reexport Guidance posted on the BIS 
Web site dated October 31, 2013. This guidance was created so that the 
provisions regarding possible deemed reexports contained in Sec. Sec.  
124.16 and 126.18 of the ITAR would be available for EAR technology and 
source code.
    Under this guidance and new Sec.  734.20, release of technology or 
source code by an entity outside the United States to a foreign 
national of a country other than the foreign country where the release 
takes place does not constitute a deemed reexport of such technology or 
source code if the entity is authorized to receive the technology or 
source code at issue, whether by a license, license exception, or 
situations where no license is required under the EAR for such 
technology or source code and the foreign national's most recent 
country of citizenship or permanent residency is that of a country to 
which export from the United States of the technology or source code at 
issue would be authorized by the EAR either under a license exception, 
or in situations where no license under the EAR would be required.
    Release of technology or source code by an entity outside the 
United States to a foreign national of a country other than the foreign 
country where the release takes place does not constitute a deemed 
reexport if: (i) The entity is authorized to receive the technology or 
source code at issue, whether by a license, license exception, or 
through situations where no license is required under the EAR; (ii) the 
foreign national is a bona fide regular and permanent employee (who is 
not a proscribed person under U.S. law) directly employed by the 
entity; (iii) such employee is a national exclusively of a country in 
Country Group A:5; and (iv) the release of technology or source code 
takes place entirely within the physical territory of any such country. 
This rulemaking also proposes a definition of ``proscribed person'' in 
Sec.  772.1.
    This paragraph corresponds to Sec.  124.16 of the ITAR, but the 
reference to Country Group A:5 instead of the countries in the 
corresponding ITAR section varies slightly. This variation is a 
function of BIS's national security and foreign policy assessment of 
the application of this proposed rule to the nationals of Country Group 
A:5 and as part of a general BIS effort to reduce the number of 
variations in groups of countries identified in the EAR consistent with 
U.S. national security and foreign policy interests. South Korea and 
Argentina are in Country Group A:5, but not in ITAR Sec.  124.16. 
Malta, Albania, and Cyprus are in Sec.  124.16, but not in Country 
Group A:5.
    For nationals other than those of Country Group A:5 countries, 
which are close military allies of the United States, other criteria 
may apply. In particular, the section specifies the situations in which 
the releases would not constitute deemed exports in a manner consistent 
with Sec.  126.18 of the ITAR. An additional paragraph on scope of 
technology licenses included in the Web site would not be included in 
this proposed Sec.  734.20. It would be included in proposed Sec.  
750.7, discussed below. For purposes of this section, ``substantive 
contacts'' would have the same meaning as it has in Sec.  126.18 of the 
ITAR. The proposed phrase ``permanent and regular employee'' is a 
combination of BIS's definition of ``permanent employee,'' as set forth 
in a BIS advisory opinion issued on November 19, 2007, and the ITAR's 
definition of ``regular employee'' in Sec.  120.39. This proposed rule 
adds specific text excluding persons proscribed under U.S. law to make 
clear that Sec.  734.20 does not authorize release of technology to 
persons proscribed under U.S. law, such as those on the Entity List or 
the Specially Designated Nationals List, or persons denied export 
privileges, and defines ``proscribed person'' in Sec.  772.1. The US-UK 
Exchange of Notes and US-Canadian Exchange of Letters referred to in 
the existing online guidance can be found on the State Department's Web 
site. The URL's for the letter are not proposed to be published in the 
EAR since URL addresses periodically change. Upon implementation of a 
final rule in this regard, BIS will place the URL references in an 
``FAQ'' section of its Web site.

Technology

    Like the current definition of ``technology'' in the EAR (Sec.  
772.1), the definition proposed in this rulemaking is based on the 
Wassenaar Arrangement definition of technology. It continues to rest on 
the Wassenaar-defined sub-definitions of ``development,'' 
``production,'' and ``use,'' which are currently defined in Sec.  772.1 
and which this rulemaking does not propose to change. This rulemaking 
also does not propose to change BIS's long-standing policy that all six 
activities in the definition of ``use'' (operation, installation 
(including on-site installation), maintenance (checking), repair, 
overhaul and refurbishing) must be present for an item to be classified 
under an ECCN paragraph that uses ``use'' to describe the 
''technology'' controlled. See 71 FR 30842, May 31, 2006. The proposed 
definition includes, as does the current EAR definition, the terms 
``operation, installation, maintenance, repair, overhaul, or 
refurbishing (or other terms specified in ECCNs on the CCL that control 
`technology') of an item'' because such words are used as to describe 
technology controlled in multiple ECCNs, often with ``or'' rather than 
the ``and'' found in ``use.''
    This rulemaking proposes to incorporate the definitions of 
``technical data'' and ``technical assistance'' into the definition of 
``technology'' as illustrative lists. The note in the existing 
definition of ``technology'' that ``technical assistance'' ``may take 
the forms such as instruction, skills training, working knowledge, and 
consulting services'' is not repeated given that the proposed 
definition and its examples would include any ``technology'' in such 
circumstances and in a manner that is harmonized with the ITAR's 
definition of technical data.
    This rulemaking proposes to add a note to address a common industry 
question about modification. This proposed rule also would add three 
exclusions to clarify the limits of the scope of the definition in a 
manner consistent with long-standing BIS policy and interpretation of 
existing scope of ``technology.'' The first two insertions parallel 
exclusions in the ITAR and the third, the exclusion of telemetry data, 
mirrors specific exclusions inserted into both the ITAR and the EAR as 
part of recent changes regarding the scope of U.S. export controls 
pertaining to satellites and related items. See 79 FR 27417 (May 13, 
2014). Several paragraphs of this section are held in reserve merely to 
allow the entire section to mirror the corresponding ITAR provisions 
that are not relevant to the EAR. (See proposed corresponding revisions 
to Sec.  120.10 of the ITAR.)

Questions and Answers--Technology and Software Subject to the EAR

    This rulemaking proposes to remove Supplement No. 1 to part 734, 
``Questions and Answers--Technology and Software Subject to the EAR.'' 
Because the questions and answers are illustrative rather than 
regulatory, they are more appropriately posted as Web site guidance 
than included in the EAR.

Required

    This proposed rule retains the existing EAR definition of 
``required'' in Sec.  772.1, but proposes adding notes clarifying the 
application of the term. It removes the references in the existing 
definition to CCL Categories 4, 5, 6, and 9 to avoid the suggestion 
that BIS

[[Page 31511]]

applies the definition of ``required'' only to the uses of the term in 
these categories. BIS has never had a separate definition of 
``required'' used elsewhere in the EAR and this removal merely 
eliminates a potential ambiguity and reflects long-standing BIS policy.
    To address common questions BIS has received regarding the meaning 
of the word ``required,'' BIS proposes adding two notes to address the 
questions. The first states that the references to ``characteristics'' 
and ``functions'' are not limited to entries on the CCL that use 
specific technical parameters to describe the scope of what is 
controlled. The ``characteristics'' and ``functions'' of an item listed 
are, absent a specific regulatory definition, a standard dictionary's 
definition of the item. It then includes examples of this point. The 
second refers to the fact that the ITAR and the EAR often divide within 
each set of regulations or between each set of regulations (a) controls 
on parts, components, accessories, attachments, and software and (b) 
controls on the end items, systems, equipment, or other articles into 
which those parts, components, accessories, attachments, and software 
are to be installed or incorporated. Moreover, with the exception of 
technical data specifically enumerated on the USML, the jurisdictional 
status of unclassified technical data or ``technology'' is the same as 
the jurisdictional status of the defense article or item to which it is 
directly related. Examples of this point are provided. (See proposed 
corresponding revisions to Sec.  120.46 of the ITAR.)

Peculiarly Responsible

    This rulemaking proposes a definition of the currently undefined 
term ``peculiarly responsible'' in order to respond to common industry 
questions. The new definition would be modeled on the catch-and-release 
structure BIS adopted for the definition of ``specially designed.'' 
Thus, under the proposed definition, an item is ``peculiarly 
responsible'' for achieving or exceeding any referenced controlled 
performance levels, characteristics, or functions if it is used in 
``development,'' ``production,'' ``use,'' operation, installation, 
maintenance, repair, overhaul, or refurbishing of an item subject to 
the EAR unless (a) the Department of Commerce has determined otherwise 
in a commodity classification determination, (b) it is identical to 
information used in or with a commodity or software that is or was in 
production and is EAR99 or described in an ECCN controlled only for 
Anti-Terrorism (AT) reasons, (c) it was or is being developed for use 
in or with general purpose commodities or software, or (d) it was or is 
being developed with ``knowledge'' that it would be for use in or with 
commodities or software described (i) in an ECCN controlled for AT-only 
reasons and also EAR99 commodities or software or (ii) exclusively for 
use in or with EAR99 commodities or software.

Export of Technical Data for U.S. Persons Abroad

    This rulemaking proposes to amend the temporary export of 
technology provisions of existing License Exception TMP by revising 
Sec.  740.9(a)(3) to clarify that the ``U.S. employer'' and ``U.S. 
persons or their employees'' using this license exception are not 
foreign subsidiaries. The proposed paragraph streamlines current text 
without changing the scope. (See proposed corresponding revisions to 
Sec.  125.4(b)(9) of the ITAR.)

Scope of a License

    This proposed revision would implement in the EAR the interagency-
agreed boilerplate for all licenses that was posted on the BIS Web site 
and began appearing on licenses December 8, 2014. It is a slight 
revision to the existing Sec.  750.7(a), which states that licenses 
authorize only the transaction(s) described in the license application 
and the license application support documents. This proposed revision 
would also codify the existing interpretation that a license 
authorizing the release of technology to an entity also authorizes the 
release of the same technology to the entity's foreign nationals who 
are permanent and regular employees of the entity's facility or 
facilities authorized on the license, except to the extent a license 
condition limits or prohibits the release of the technology to 
nationals of specific countries or country groups.

Release of Protected Information

    This rulemaking proposes adding a new paragraph (l) to Sec.  764.2 
``Violations.'' This paragraph would provide that the unauthorized 
release of decryption keys or other information that would allow access 
to particular controlled technology or software would, for enforcement 
purposes, constitute a violation to the same extent as a violation in 
connection with the export of the underlying controlled ``technology'' 
or ``software.'' Under these and other related provisions, the 
decryption keys (or other technology), while subject to the EAR, do not 
themselves retain the classification of the technology that they could 
potentially release. This allows them to be secured and transmitted 
independently of the technology they could be used to release. (See 
proposed corresponding revisions to Sec.  127.1(b)(4) of the ITAR.)

Removals From and Additions to EAR's List of Definitions in Sec.  772.1

    With the changes proposed in this rulemaking, there would be stand-
alone sections in the EAR to address the scope and meaning of 
``publicly available information,'' ``publicly available technology and 
software,'' and ``technical data.'' To avoid redundancy, the existing 
definitions in Sec.  772.1 would be removed. In light of the changes 
described above, the definitions of ``basic scientific research,'' 
``export,'' ``reexport,'' ``required,'' ``technology,'' and 
``transfer'' would be revised accordingly. A clarifying note would be 
added at the bottom of the definition that the use of ``transfer'' does 
not apply to the unrelated ``transfers of licenses'' provision in Sec.  
750.10 or the antiboycott provisions in Supplement No. 8 to part 760 of 
the EAR. It also states that the term ``transfer'' may also be included 
on licenses issued by BIS. In that regard, the changes that can be made 
to a BIS license are the non-material changes described in Sec.  
750.7(c). Any other change to a BIS license without authorization is a 
violation of the EAR. See Sec. Sec.  750.7(c) and 764.2(e). Finally, 
consistent with the explanations above, definitions for the terms 
``applied research,'' ``fundamental research,'' ``peculiarly 
responsible,'' ``publicly available encryption software,'' 
``published,'' and ``release'' would be added to Sec.  772.1.

Public Comments

    BIS welcomes comments on any aspects of this proposed rule. With 
respect to the proposed revisions, BIS would like to receive comments 
that are as specific and well-supported as possible. Particularly 
helpful comments will include a description of a problem or concern, 
available data on cost or economic impact, and a proposed solution. BIS 
also welcomes comments on aspects of this proposed rule that the public 
considers effective or well designed.
    BIS specifically solicits comment on the following issues:
    1. Whether the revisions proposed in this rulemaking create gaps, 
overlaps, or contradictions between the EAR and the ITAR, or among 
various provisions within the EAR;
    2. Whether the alternative definition of fundamental research 
suggested in the preamble should be adopted;

[[Page 31512]]

    3. Whether the alternative definition of applied research suggested 
in the preamble should be adopted, or whether basic and applied 
research definitions are needed given that they are subsumed by 
fundamental research;
    4. Whether the questions and answers in existing Supplement No. 1 
to part 734 proposed to be removed by this rulemaking have criteria 
that should be retained in part 734;
    5. With respect to end-to-end encryption described in the proposed 
revision of the definition of ``Activities that are Not Exports, 
Reexports, or Transfers,'' whether the illustrative standard proposed 
in the EAR rulemaking also should be adopted in the ITAR rulemaking; 
whether the safe harbor standard proposed in the ITAR rulemaking also 
should be adopted in the EAR rulemaking; or whether the two bodies of 
regulations should have different standards;
    6. Whether encryption standards adequately address data storage and 
transmission issues with respect to export controls; and
    7. Whether the proposed definition of ``peculiarly responsible'' 
effectively explains how items may be ``required'' or ``specially 
designed'' for particular functions.
    8. The public is asked to comment on the effective date of the 
final rule. Export Control Reform rules that revised categories of the 
USML and created new 600 series ECCNs have had a six-month delayed 
effective date to allow for exporters to update the classification of 
their items. In general, rules effecting export controls have been 
effective on the date of publication, due to the impact on national 
security and foreign policy. As this proposed rule, and the companion 
proposed rule from the Directorate of Defense Trade Controls, revise 
definitions within the ITAR and the EAR and do not make any changes to 
the USML or CCL, a 30-day delayed effective date is proposed to allow 
exporters to ensure continued compliance.

Export Administration Act

    Although the Export Administration Act expired on August 20, 2001, 
the President, through Executive Order 13222 of August 17, 2001, 3 CFR, 
2001 Comp., p. 783 (2002), as amended by Executive Order 13637 of March 
8, 2013, 78 FR 16129 (March 13, 2013) and as extended by the Notice of 
August 7, 2014, 79 FR 46959 (August 11, 2014), has continued the Export 
Administration Regulations in effect under the International Emergency 
Economic Powers Act. BIS continues to carry out the provisions of the 
Export Administration Act, as appropriate and to the extent permitted 
by law, pursuant to Executive Order 13222 as amended by Executive Order 
13637.

Regulatory Requirements

    1. Executive Orders 13563 and 12866 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distribute impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. This proposed rule has been designated a ``significant 
regulatory action,'' although not economically significant, under 
section 3(f) of Executive Order 12866. Accordingly, this proposed rule 
has been reviewed by the Office of Management and Budget (OMB).
    2. This proposed rule does not contain information collections 
subject to the requirements of the Paperwork Reduction Act of 1995 (44 
U.S.C. 3501 et seq.) (PRA). Notwithstanding any other provision of law, 
no person is required to respond to, nor is subject to a penalty for 
failure to comply with, a collection of information, subject to the 
requirements of the PRA, unless that collection of information displays 
a currently valid OMB control number.
    3. This proposed rule does not contain policies with Federalism 
implications as that term is defined under E.O. 13132.
    4. Pursuant to the Regulatory Flexibility Act, as amended by the 
Small Business Regulatory Enforcement Fairness Act of 1996, 5 U.S.C. 
601 et seq., BIS has prepared the following initial Regulatory 
Flexibility Act analysis of the potential impact that this proposed 
rule, if adopted, would have on small entities.

Description of the Reasons Why Action Is Being Considered

    The policy reasons for issuing this proposed rule are discussed in 
the background section of the preamble of this document, and are not 
repeated here.

Statement of the Objectives of, and Legal Basis for, the Proposed Rule; 
Identification of All Relevant Federal Rules Which May Duplicate, 
Overlap, or Conflict With the Proposed Rule

    The objective of this proposed rule (and a proposed rule being 
published simultaneously by the Department of State) is to provide 
greater clarity and precision in the EAR and the ITAR by providing 
common definitions and common terms to regulate the same types of 
actions. The proposed rule also seeks to express some concepts more 
clearly.
    The proposed rule would alter definitions in the EAR. It also would 
update and clarify application of controls to electronically 
transmitted technology and software.
    The legal basis for this proposed rule is 50 U.S.C. app. 2401 et 
seq.; 50 U.S.C. 1701 et seq.; E.O. 12938, 59 FR 59099, 3 CFR, 1994 
Comp., p. 950; E.O. 13020, 61 FR 54079, 3 CFR, 1996 Comp., p. 219; E.O. 
13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 
3 CFR, 2001 Comp., p. 783; E.O. 13637 of March 8, 2013, 78 FR 16129 
(March 13, 2013); Notice of August 7, 2014, 79 FR 46959 (August 11, 
2014); Notice of November 7, 2014, 79 FR 67035 (November 12, 2014).
    No other Federal rules duplicate, overlap, or conflict with this 
proposed rule.

Number and Description of Small Entities Regulated by the Proposed 
Action

    This proposed rule would apply to all persons engaged in the 
export, reexport, or transfer of commodities, technology or software 
that is regulated by the EAR. BIS does not maintain data from which it 
can determine how many of those persons are small entities as 
identified in the Small Business Administration size standards. 
Nevertheless, BIS recognizes that some of those persons are likely to 
be small entities.

Description of the Projected Reporting, Recordkeeping, and Other 
Compliance Requirements of the Proposed Rule

    This proposed rule is unlikely to increase the number of 
transactions that must be reported to BIS because EAR reporting 
requirements apply only in five specific situations, none of which 
would change as a result of this proposed rule. Those situations are: 
Exports that do not require a license of items on the Wassenaar 
Arrangement Sensitive List; Exports of High Performance Computers; 
Exports of certain thermal imaging cameras that do not require a 
license; Certain exports of Conventional Arms; and 600 series major 
defense equipment.
    Because recordkeeping requirements already apply to all 
transactions that are subject to the EAR, BIS expects that this 
proposed rule would not expand recordkeeping requirements.
    It is possible that some of these changes would increase the number 
of

[[Page 31513]]

licenses that some small entities would have to seek from BIS although 
BIS is not aware of any specific instance in which additional licenses 
would be required.
    The following discussion describes the changes that would be made 
by this proposed rule. It is divided into two sections: Changes that 
BIS believes would not impose any new regulatory obligations; and 
Changes that are not intended to imposed any new regulatory obligation, 
but that BIS cannot state with certainty would not do so.

Changes That BIS Believes Would Not Impose Any New Regulatory Burden

    This proposed rule would make certain changes to clarify and 
streamline the definitions of comparable terms, phrases, and concepts 
between the EAR and the ITAR. Many of these changes are technical in 
nature and attempt to consolidate and re-phrase the definitions to 
enhance readability and to parallel the structure of the ITAR's 
definition of the same term. However, there are a small number of new 
provisions, but these changes would not impose any new regulatory 
burdens. Specifically, this proposed rule would make the following 
changes:
    Remove Sec.  734.2(b) which currently defines export, reexport, 
release, transfer (in country) and export of encryption source code or 
object code software, because those terms would be defined in separate 
sections. Section 734.2(b) also states the policy of applying license 
requirements that apply to a country to its dependencies and 
possessions; this policy is currently stated elsewhere in the EAR.
    Create new separate sections defining export, reexport, release and 
export of encryption source code or object code software. Those terms 
would be clarified and presented in a more organized manner, but 
substantively unchanged from the existing regulatory text.
    Create a new section identifying activities that are not exports, 
reexports, or transfers. This section restates the transactions that 
are excluded from the definition of export in current regulatory text 
and adds two additional activities that would be expressly declared not 
to be exports, rexports or transfers: space launches and sending, 
taking or storing certain technology or software abroad using specified 
cryptographic techniques. The former, although not expressly in the 
current regulatory text, is required by statute (see 51 U.S.C. 
50919(f)) and consistent with current BIS practice of not treating a 
space launch as an export, reexport or transfer. The latter is, in 
fact, new. However, by removing the transactions it describes from the 
definitions of exports, reexports, or transfers, it removes existing 
license requirements from those transactions.
    Clarify without substantively changing the provisions related to 
patent applications and add specific text stating that technology 
contained in a patent available from or at any patent office is not 
subject to the EAR. The addition reflects BIS' long-standing 
interpretation. To the extent that it could be characterized as new, 
its only effect would be to appear to release from the EAR technology 
that some readers of the EAR might have (erroneously) concluded was 
subject to the EAR.
    Add to License Exception TMP text to emphasize that foreign 
subsidiaries of U.S. companies are neither U.S. employers nor ``U.S. 
persons or their employees'' as those terms are used in the license 
exception. This additional text adds no restriction that is not already 
imposed by the definition of ``U.S. persons'' that currently appears in 
the text of License Exception TMP.
    Add text codifying in the EAR limits on transactions authorized by 
a license that currently are imposed by conditions on the license 
itself.
    Add text prohibiting the release or other transfer of information 
(e.g., decryption keys, passwords or access codes) with knowledge that 
such release or other transfer will result in an unauthorized export, 
reexport or transfer of other technology or software. This addition 
provides specific grounds for bringing charges with respect to one 
particular type of misconduct. However, existing EAR provisions, 
including the prohibition on causing, aiding or abetting a violation of 
the EAR or license, authorization or order could be used to bring 
charges for that same type of misconduct.

Changes That Are Not Intended To Impose Any Regulatory Obligation, but 
That BIS Cannot State With Certainty Would Not Do So

    This proposed rule would add definitions for two new terms 
``applied research,'' and ``peculiarly responsible'' and revise the 
definitions of two existing terms ``required'' and ``transfer (in-
country).'' It also would adopt BIS' interpretative guidance regarding 
deemed reexports as regulatory text. These changes are not intended to 
impose any regulatory obligations on regulated entities, but BIS cannot 
state with certainty that there will be no impact. This proposed rule 
would make the following changes:
    Add to the existing definition of ``fundamental research'' a new 
definition of ``applied research.'' The information arising from 
fundamental research is not subject to the EAR. Fundamental research 
consists of basic and applied research where the results are ordinarily 
published and shared broadly within the scientific community. This 
proposed rule would retain the overall concept of fundamental research 
that is currently in the EAR, but would remove certain limitations 
based on the type of institution in which the research takes place, 
relocate the definition of ``basic research'' from the definitions 
section of the EAR to the section dealing with fundamental research and 
provide a definition of applied research.
    Add to the EAR a definition of the term ``peculiarly responsible.'' 
That currently undefined term appears in the definitions of ``specially 
designed'' and of ``required'' in the EAR. This proposed rule would 
define that term.
    Add to the EAR a definition of ``proscribed person.'' This 
definition does not create any new regulated class. It simply provides 
a clear, shorthand reference to a person who is already prohibited from 
receiving items or participating in a transaction that is subject to 
the EAR without authorization by virtue of U.S. law, such as persons on 
the Entity List, Specially Designated Nationals, or debarred parties.
    Remove from the definition of the term ``required'' references to 
CCL Categories 4, 5, 6 and 9 to accurately reflect BIS' long-standing 
interpretation that its definition applies wherever the EAR imposes a 
license requirement for technology ``required'' for a particular 
process or activity.
    In the definition of ``transfer (in-country),'' replace the phrase 
``shipment, transmission, or release of items subject to the EAR from 
one person to another person that occurs outside the United States 
within a single foreign country'' with ``a change in end use or end 
user of an item within the same foreign country.'' This new text would 
parallel the term ``retransfer'' in the ITAR and would eliminate any 
potential ambiguity that a change in end use or end user within a 
foreign country is or is not a ``transfer (in-country).''
    Each of the foregoing changes would serve the overall policy goals 
of reducing uncertainty and harmonizing the requirements of the ITAR 
and the EAR. In most instances, reduced uncertainty will be beneficial 
to persons who have to comply with the regulations, particularly 
persons who engage in transactions subject to both sets of regulations. 
They would be able to make decisions more quickly and

[[Page 31514]]

have less need to contact BIS for advice. Additionally, by making these 
terms more explicit, the possibility of their being interpreted 
contrary to BIS' intent is reduced. Such contrary interpretations would 
have three undesirable effects. First, they would undermine the 
national security and foreign policy objectives that the EAR are 
intended to implement. Second, persons who are interpreting the 
regulations in a less restrictive manner than BIS intends may seek 
fewer licenses from BIS than their competitors who are interpreting the 
regulations consistent with BIS' intent or who are obtaining advice 
from BIS, thereby gaining a commercial advantage to the detriment of 
the relevant national security or foreign policy interests. Third, 
unnecessary regulatory complexity and unnecessary differences between 
the terminology of the ITAR and that of the EAR could discourage small 
entities from even attempting to export. The beneficial effects of 
making these terms more explicit justify any economic impact that might 
be incurred by small entities that would have to change their conduct 
because their contrary interpretations could no longer be defended 
given the clearer and more explicit terms in the regulations.
    This proposed rule also would add to the EAR a description of 
activities that are not deemed reexports. This description currently 
appears as interpretative guidance on BIS' Web site and closely tracks 
the regulatory text of the ITAR. Deemed reexports are releases of 
technology or software source code within a single foreign country by a 
party located outside the United States to a national of a country 
other than the country in which the releasing party is located. The 
guidance describes three situations in which that party may release the 
technology or source code without obtaining a license from BIS.
    By adopting this guidance as regulatory text that closely tracks 
the text governing the same activities in the ITAR, BIS reduces both 
complexity and unnecessary differences between the two sets of 
regulations with the salutary effects of faster decision making, 
reduced need to contact BIS for advice and reduced possibility that 
small entities would be discouraged from exporting as noted above.

Description of Any Significant Alternatives to the Proposed Rule That 
Accomplish the Stated Objectives of Applicable Statutes and That 
Minimize Any Significant Economic Impact of the Proposed Rule on Small 
Entities

    As required by 5 U.S.C. 603(c), BIS' analysis considered 
significant alternatives. Those alternatives are: (1) The preferred 
alternative of altering definitions and updating and clarifying 
application of controls to electronically transmitted technology and 
software; (2) Maintaining the status quo and not revising the 
definitions or updating and clarifying application of controls to 
electronically transmitted technology and software; and (3) 
Establishing a size threshold below which entities would not be subject 
to the changes proposed by this rulemaking.
    By altering definitions and updating and clarifying application of 
controls to electronically transmitted technology and software as this 
proposed rule would do, BIS would be reducing uncertainty for all 
parties engaged in transactions that are subject to the EAR. Potential 
ambiguities would be reduced; decisions could be made more quickly; the 
need to contact BIS for advice be reduced; and the possibility of 
inconsistent interpretations providing one party commercial advantages 
over others would be reduced. Persons (including small entities) 
engaged in transactions that are subject to the ITAR and transactions 
that are subject to the EAR would face fewer actual or apparent 
inconsistencies that must be addressed in their regulatory compliance 
programs. Although small entities, along with all other parties, would 
need to become familiar with the revised terminology, in the long run, 
compliance costs are likely to be reduced when compared to the present 
situation where the ITAR and the EAR use different terminology to 
regulate the same types of activity in the same manner. Therefore, BIS 
adopted this alternative.
    If BIS chose to maintain the status quo, small entities and other 
parties would not have to incur the cost and effort of becoming 
familiar with the revised regulations and any party who is currently 
interpreting the regulations that would clearly be precluded by the 
more explicit interpretations would incur the cost of complying with 
the regulations consistent with their underlying intent and in the way 
that BIS believes most regulated parties do. However, the benefits of 
these proposed changes would be lost. Those benefits, greater clarity, 
consistency between the ITAR and the EAR, and reduced possibility of 
inconsistent application of the regulations by similarly situated 
regulated parties, would be foregone. Therefore, BIS has not adopted 
this alternative.
    If BIS chose to create a size threshold exempting small entities as 
currently defined by the SBA size standards from the changes imposed by 
this proposed rule, those entities would face a more complicated 
regulatory environment than larger entities. The small entities would 
continue to be subject to the EAR as a whole but without the benefit of 
the clarifications introduced by this proposed rule. The only way to 
make a size threshold beneficial to entities falling below the 
threshold would be to exempt them from all or at least many of the 
requirements of the EAR. However, doing so would create a major 
loophole allowing commodities, software, and technology that are 
controlled for export for national security or foreign policy reasons 
to go, without restriction, to any party abroad, undermining the 
interests that the regulations are intended to protect. Therefore, BIS 
has not adopted this alternative.

List of Subjects

15 CFR Parts 734 and 772

    Exports.

15 CFR Parts 740 and 750

    Administrative practice and procedure, Exports, Reporting and 
recordkeeping requirements.

15 CFR Part 764

    Administrative practice and procedure, Exports, Law enforcement, 
Penalties.

    For the reasons stated in the preamble, parts 734, 740, 750, 764, 
and 772 of the Export Administration Regulations (15 CFR subchapter C) 
are proposed to be amended as follows:

PART 734--SCOPE OF THE EXPORT ADMINISTRATION REGULATIONS

0
1. The authority citation for part 734 continues to read as follows:

    Authority:  50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 
E.O. 12938, 59 FR 59099, 3 CFR, 1994 Comp., p. 950; E.O. 13020, 61 
FR 54079, 3 CFR, 1996 Comp., p. 219; E.O. 13026, 61 FR 58767, 3 CFR, 
1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 
783; E.O. 13637 of March 8, 2013, 78 FR 16129 (March 13, 2013); 
Notice of August 7, 2014, 79 FR 46959 (August 11, 2014) ; Notice of 
November 7, 2014, 79 FR 67035 (November 12, 2014).


Sec.  734.2--[Amended]  

0
2. Section 734.2 is amended by revising the heading to read as follows 
and by removing and reserving paragraph (b).


Sec.  734.2  Subject to the EAR.

0
3. Section 734.3 is amended by revising paragraph (b) introductory 
text, paragraph (b)(3), the Note to paragraphs (b)(2) and (b)(3), and 
the Note to paragraph (b)(3) to read as follows.

[[Page 31515]]

Sec.  734.3  Items subject to the EAR.

* * * * *
    (b) The following are not subject to the EAR:
* * * * *
    (3) Information and ``software'' that:
    (i) Are ``published,'' as described in Sec.  734.7;
    (ii) Arise during, or result from, ``fundamental research,'' as 
described in Sec.  734.8;
    (iii) Concern general scientific, mathematical, or engineering 
principles commonly taught in schools, and released by instruction in a 
catalog course or associated teaching laboratory of an academic 
institution; or
    (iv) Appear in patents or open (published) patent applications 
available from or at any patent office, unless covered by an invention 
secrecy order, or are otherwise patent information as described in 
Sec.  734.10.

    Note to paragraphs (b)(2) and (b)(3): A printed book or other 
printed material setting forth encryption source code is not itself 
subject to the EAR (see Sec.  734.3(b)(2)). However, notwithstanding 
Sec.  734.3(b)(2), encryption source code in electronic form or 
media (e.g., computer diskette or CD ROM) remains subject to the EAR 
(see Sec.  734.17)). Publicly available encryption object code 
software classified under ECCN 5D002 is not subject to the EAR when 
the corresponding source code meets the criteria specified in Sec.  
740.13(e) of the EAR.


    Note to paragraph (b)(3): Except as set forth in part 760 of 
this title, information that is not within the scope of the 
definition of ``technology'' (see Sec.  772.1 of the EAR) is not 
subject to the EAR.

* * * * *
0
4. Section 734.7 is revised to read as follows:


Sec.  734.7  Published.

    (a) Except as set forth in paragraph (b) of this section, 
unclassified ``technology'' or ``software'' is ``published,'' and is 
thus not ``technology'' or ``software'' subject to the EAR, when it has 
been made available to the public without restrictions upon its further 
dissemination such as through any of the following:
    (1) Subscriptions available without restriction to any individual 
who desires to obtain or purchase the published information;
    (2) Libraries or other public collections that are open and 
available to the public, and from which the public can obtain tangible 
or intangible documents;
    (3) Unlimited distribution at a conference, meeting, seminar, trade 
show, or exhibition, generally accessible to the interested public;
    (4) Public dissemination (i.e., unlimited distribution) in any form 
(e.g., not necessarily in published form), including posting on the 
Internet on sites available to the public; or
    (5) Submission of a written composition, manuscript or presentation 
to domestic or foreign co-authors, editors, or reviewers of journals, 
magazines, newspapers or trade publications, or to organizers of open 
conferences or other open gatherings, with the intention that the 
compositions, manuscripts, or publications will be made publicly 
available if accepted for publication or presentation.
    (b) Published encryption software classified under ECCN 5D002 
remains subject to the EAR unless it is publicly available encryption 
object code software classified under ECCN 5D002 and the corresponding 
source code meets the criteria specified in Sec.  740.13(e) of the EAR.
0
5. Section 734.8 is revised to read as follows:


Sec.  734.8  ``Technology'' that arises during, or results from, 
fundamental research.

    (a) ``Technology'' that arises during, or results from, fundamental 
research and is `intended to be published' is thus not ``subject to the 
EAR.''

    Note 1 to paragraph (a):  The inputs used to conduct fundamental 
research, such as information, equipment, or software, are not 
``technology that arises during or results from fundamental 
research'' except to the extent that such inputs are ``technology'' 
that arose during or resulted from earlier fundamental research.


    Note 2 to paragraph (a): There are instances in the conduct of 
research, whether fundamental, basic, or applied, where a 
researcher, institution or company may decide to restrict or protect 
the release or publication of ``technology'' contained in research 
results. Once a decision is made to maintain such ``technology'' as 
restricted or proprietary, the ``technology,'' if within the scope 
of Sec.  734.3(a), becomes ``subject to the EAR.''

    (b) Prepublication review. ``Technology'' that arises during, or 
results, from fundamental research is ``intended to be published'' to 
the extent that the researchers are free to publish the technology 
contained in the research without restriction or delay. ``Technology'' 
that arises during or results from fundamental research subject to 
prepublication review is still ``intended to be published'' when:
    (1) Prepublication review is conducted solely to ensure that 
publication would not compromise patent rights, so long as the review 
causes no more than a temporary delay in publication of the research 
results;
    (2) Prepublication review is conducted by a sponsor of research 
solely to insure that the publication would not inadvertently divulge 
proprietary information that the sponsor has furnished to the 
researchers; or
    (3) With respect to research conducted by scientists or engineers 
working for a Federal agency or a Federally Funded Research and 
Development Center (FFRDC), within any appropriate system devised by 
the agency or the FFRDC to control the release of information by such 
scientists and engineers.

    Note 1 to paragraph (b): Although ``technology'' arising during 
or resulting from fundamental research is not considered ``intended 
to be published'' if researchers accept restrictions on its 
publication, such ``technology'' will nonetheless qualify as 
``technology'' arising during or resulting from fundamental research 
once all such restrictions have expired or have been removed.


    Note 2 to paragraph (b): Except as provided in Sec.  734.11, 
``technology'' that is subject to other publication restrictions, 
such as U.S. government-imposed access and dissemination controls, 
is not ``intended to be published.''

    (c) Fundamental research definition. ``Fundamental research'' means 
basic or applied research in science and engineering, the results of 
which ordinarily are published and shared broadly within the scientific 
community. This is distinguished from proprietary research and from 
industrial development, design, production, and product utilization, 
the results of which ordinarily are restricted for proprietary or 
national security reasons.
    (1) ``Basic research'' means experimental or theoretical work 
undertaken principally to acquire new knowledge of the fundamental 
principles of phenomena or observable facts, not primarily directed 
towards a specific practical aim or objective.
    (2) ``Applied research'' means the effort that:
    (i) Normally follows basic research, but may not be severable from 
the related basic research;
    (ii) Attempts to determine and exploit the potential of scientific 
discoveries or improvements in technology, materials, processes, 
methods, devices, or techniques; and
    (iii) Attempts to advance the state of the art.


Sec.  734.9  [Removed and Reserved]

0
6. Section 734.9 is removed and reserved.
0
7. Section 734.10 is revised to read as follows:

[[Page 31516]]

Sec.  734.10  Patents.

    ``Technology'' is not ``subject to the EAR'' if it is contained in:
    (a) A patent or an open (published) patent application available 
from or at any patent office;
    (b) A published patent or patent application prepared wholly from 
foreign-origin technology where the application is being sent to the 
foreign inventor to be executed and returned to the United States for 
subsequent filing in the U.S. Patent and Trademark Office;
    (c) A patent application, or an amendment, modification, supplement 
or division of an application, and authorized for filing in a foreign 
country in accordance with the regulations of the Patent and Trademark 
Office, 37 CFR part 5; or
    (d) A patent application when sent to a foreign country before or 
within six months after the filing of a United States patent 
application for the purpose of obtaining the signature of an inventor 
who was in the United States when the invention was made or who is a 
co-inventor with a person residing in the United States.
0
8. Section 734.11 is revised to read as follows:


Sec.  734.11  Government-sponsored research covered by contract 
controls.

    (a) If research is funded by the U.S. Government, and specific 
national security controls are agreed on to protect information 
resulting from the research, the provisions of Sec.  734.3(b)(3) will 
not apply to any export or reexport of such information in violation of 
such controls. However, any export or reexport of information resulting 
from the research that is consistent with the specific national 
security controls may nonetheless be made under this provision.
    (b) Examples of ``specific national security controls'' include 
requirements for prepublication review by the Government, with right to 
withhold permission for publication; restrictions on prepublication 
dissemination of information to non-U.S. citizens or other categories 
of persons; or restrictions on participation of non-U.S. citizens or 
other categories of persons in the research. A general reference to one 
or more export control laws or regulations or a general reminder that 
the Government retains the right to classify is not a ``specific 
national security control.''
0
9. Section 734.13 is added to read as follows:


Sec.  734.13  Export.

    (a) Except as set forth in Sec.  734.17, ``export'' means:
    (1) An actual shipment or transmission out of the United States, 
including the sending or taking of an item out of the United States, in 
any manner;
    (2) Releasing or otherwise transferring ``technology'' or ``source 
code'' (but not ``object code'') to a foreign national in the United 
States (a ``deemed export'');
    (3) Transferring by a person in the United States of registration, 
control, or ownership of:
    (i) A spacecraft subject to the EAR that is not eligible for export 
under License Exception STA (i.e., spacecraft that provide space-based 
logistics, assembly or servicing of any spacecraft) to a person in or a 
national of any other country; or
    (ii) Any other spacecraft subject to the EAR to a person in or a 
national of a Country Group D:5 country; or
    (4) [Reserved]
    (5) [Reserved]
    (6) Releasing or otherwise transferring decryption keys, network 
access codes, passwords, ``software'' or other information with 
``knowledge'' that such provision will cause or permit the transfer of 
other ``technology'' in clear text or ``software'' to a foreign 
national.
    (b) Any release in the United States of ``technology'' or ``source 
code'' to a foreign national is a deemed export to the foreign 
national's most recent country of citizenship or permanent residency.
    (c) The export of an item that will transit through a country or 
countries or will be transshipped in a country or countries to a new 
country, or are intended for reexport to the new country, is deemed to 
be an export to the new country.
0
10. Section 734.14 is added to read as follows:


Sec.  734.14  Reexport.

    (a) Except as set forth in Sec. Sec.  734.18 and 734.20, 
``reexport'' means:
    (1) An actual shipment or transmission of an item from one foreign 
country to another foreign country, including the sending or taking of 
an item to or from such countries in any manner;
    (2) Releasing or otherwise transferring ``technology'' or ``source 
code'' to a foreign national of a country other than the foreign 
country where the release or transfer takes place (a ``deemed 
reexport'');
    (3) Transferring by a person outside the United States of 
registration, control, or ownership of:
    (i) A spacecraft subject to the EAR that is not eligible for 
reexport under License Exception STA (i.e., spacecraft that provide 
space-based logistics, assembly or servicing of any spacecraft) to a 
person in or a national of any other country; or
    (ii) Any other spacecraft subject to the EAR to a person in or a 
national of a Country Group D:5 country; or
    (4) Releasing or otherwise transferring outside of the United 
States decryption keys, network access codes, passwords, ``software,'' 
or other information with ``knowledge'' that such provision will cause 
or permit the transfer of other ``technology'' in clear text or 
``software'' to a foreign national.
    (b) Any release outside of the United States of ``technology'' or 
``source code'' subject to the EAR to a foreign national of another 
country is a deemed reexport to the foreign national's most recent 
country of citizenship or permanent residency, except as described in 
Sec.  734.20.
    (c) The reexport of an item subject to the EAR that will transit 
through a country or countries or will be transshipped in a country or 
countries to a new country, or are intended for reexport to the new 
country, is deemed to be a reexport to the new country.
0
11. Section 734.15 is added to read as follows:


Sec.  734.15  Release.

    (a) Except as set forth in Sec.  734.18, ``technology'' and 
``software'' are ``released'' through:
    (1) Visual or other inspection by a foreign national of items that 
reveals ``technology'' or ``source code'' subject to the EAR to a 
foreign national;
    (2) Oral or written exchanges with a foreign national of 
``technology'' in the United States or abroad; or
    (3) The application by U.S. persons of ``technology'' or 
``software'' to situations abroad using personal knowledge or technical 
experience acquired in the United States, to the extent that the 
application reveals to a foreign national ``technology'' or ``source 
code'' subject to the EAR.
    (b) [Reserved]
0
12. Section 734.16 is added to read as follows:


Sec.  734.16  Transfer (in-country).

    Except as set forth in Sec.  734.18, a transfer (in-country) is a 
change in end use or end user of an item within the same foreign 
country. ``Transfer (in-country)'' is synonymous with ``in-country 
transfer.''
0
13. Section 734.17 is added to read as follows:


Sec.  734.17  Export of encryption source code and object code 
software.

    (a) For purposes of the EAR, the export of encryption source code 
and object code software means:

[[Page 31517]]

    (1) An actual shipment, transfer, or transmission out of the United 
States (see also paragraph (b) of this section); or
    (2) A transfer of such software in the United States to an embassy 
or affiliate of a foreign country.
    (b) The export of encryption source code and object code software 
controlled for ``EI'' reasons under ECCN 5D002 on the Commerce Control 
List (see Supplement No. 1 to part 774 of the EAR) includes:
    (1) Downloading, or causing the downloading of, such software to 
locations (including electronic bulletin boards, Internet file transfer 
protocol, and World Wide Web sites) outside the U.S., or
    (2) Making such software available for transfer outside the United 
States, over wire, cable, radio, electromagnetic, photo optical, 
photoelectric or other comparable communications facilities accessible 
to persons outside the United States, including transfers from 
electronic bulletin boards, Internet file transfer protocol and World 
Wide Web sites, unless the person making the software available takes 
precautions adequate to prevent unauthorized transfer of such code. See 
Sec.  740.13(e) of the EAR for notification requirements for exports or 
reexports of encryption source code software considered to be publicly 
available or published consistent with the provisions of Sec.  
734.3(b)(3). Publicly available encryption software in object code that 
corresponds to encryption source code made eligible for License 
Exception TSU under Sec.  740.13(e) of this subchapter is not subject 
to the EAR.
    (c) Subject to the General Prohibitions described in part 736 of 
the EAR, such precautions for Internet transfers of products eligible 
for export under Sec.  740.17(b)(2) of the EAR (encryption software 
products, certain encryption source code and general purpose encryption 
toolkits) shall include such measures as:
    (1) The access control system, either through automated means or 
human intervention, checks the address of every system outside of the 
U.S. or Canada requesting or receiving a transfer and verifies such 
systems do not have a domain name or Internet address of a foreign 
government end-user (e.g., ``.gov,'' ``.gouv,'' ``.mil'' or similar 
addresses);
    (2) The access control system provides every requesting or 
receiving party with notice that the transfer includes or would include 
cryptographic software subject to export controls under the Export 
Administration Regulations, and anyone receiving such a transfer cannot 
export the software without a license or other authorization; and
    (3) Every party requesting or receiving a transfer of such software 
must acknowledge affirmatively that the software is not intended for 
use by a government end user, as defined in part 772 of the EAR, and he 
or she understands the cryptographic software is subject to export 
controls under the Export Administration Regulations and anyone 
receiving the transfer cannot export the software without a license or 
other authorization. BIS will consider acknowledgments in electronic 
form provided they are adequate to assure legal undertakings similar to 
written acknowledgments.
0
14. Section 734.18 is added to read as follows:


Sec.  734.18  Activities that are not exports, reexports, or transfers.

    (a) The following activities are not exports, reexports, or 
transfers:
    (1) Launching a spacecraft, launch vehicle, payload, or other item 
into space.
    (2) While in the United States, releasing technology or software to 
United States citizens, persons lawfully admitted for permanent 
residence in the United States, or persons who are protected 
individuals under the Immigration and Naturalization Act (8 U.S.C. 
1324b(a)(3)).
    (3) Shipping, moving, or transferring items between or among the 
United States, the District of Columbia, the Commonwealth of Puerto 
Rico, or the Commonwealth of the Northern Mariana Islands or any 
territory, dependency, or possession of the United States as listed in 
Schedule C, Classification Codes and Descriptions for U.S. Export 
Statistics, issued by the Bureau of the Census.
    (4) Sending, taking, or storing technology or software that is:
    (i) Unclassified;
    (ii) Secured using end-to-end encryption;
    (iii) Secured using cryptographic modules (hardware or software) 
compliant with Federal Information Processing Standards Publication 
140-2 (FIPS 140-2) or its successors, supplemented by software 
implementation, cryptographic key management and other procedures and 
controls that are in accordance with guidance provided in current U.S. 
National Institute for Standards and Technology publications, or other 
similarly effective cryptographic means; and
    (iv) Not stored in a country listed in Country Group D:5 (see 
Supplement No. 1 to part 740 of the EAR) or in the Russian Federation.
    (b) Definitions. For purposes of this section, `end-to-end 
encryption' means the provision of uninterrupted cryptographic 
protection of data between an originator and an intended recipient, 
including between an individual and himself or herself. It involves 
encrypting data by the originating party and keeping that data 
encrypted except by the intended recipient, where the means to access 
the data in unencrypted form is not given to any third party, including 
to any Internet service provider, application service provider or cloud 
service provider.
    (c) The ability to access ``technology'' or ``software'' in 
encrypted form that satisfies the criteria set forth in paragraph 
(a)(4) of this section does not constitute the release or export of 
such ``technology'' or ``software.''

    Note to Sec.  734.18:  Releasing ``technology'' or ``software'' 
to any person with knowledge that a violation will occur is 
prohibited by Sec.  736.2(b)(10) of the EAR.

Sec.  734.19  [Reserved]

0
15. Section 734.19 is reserved.
0
16. Section 734.20 is added to read as follows:


Sec.  734.20  Activities that are not ``deemed reexports.''

    (a) Release of ``technology'' or ``source code'' by an entity 
outside the United States to a foreign national of a country other than 
the foreign country where the release takes place does not constitute a 
deemed reexport of such ``technology'' or ``source code'' if:
    (1) The entity is authorized to receive the ``technology'' or 
``source code'' at issue, whether by a license, license exception, or 
situations where no license is required under the EAR for such 
``technology'' or ``source code;'' and
    (2) The entity is certain that the foreign national's most recent 
country of citizenship or permanent residency is that of a country to 
which export from the United States of the ``technology'' or ``source 
code'' at issue would be authorized by the EAR either under a license 
exception, or in situations where no license under the EAR would be 
required.
    (b) Release to A:5 nationals. Release of ``technology'' or ``source 
code'' by an entity outside the United States to a foreign national of 
a country other than the foreign country where the release takes place 
does not constitute a deemed reexport of such ``technology'' or 
``source code'' if:

[[Page 31518]]

    (1) The entity is authorized to receive the ``technology'' or 
``source code'' at issue, whether by a license, license exception, or 
through situations where no license is required under the EAR;
    (2) The foreign national is a bona fide regular and permanent 
employee who is not a proscribed person under U.S. law and is directly 
employed by the entity;
    (3) Such employee is a national exclusively of a country in Country 
Group A:5; and
    (4) The release of ``technology'' or ``source code'' takes place 
entirely within the physical territory of any such country.
    (c) Release to other than A:5 nationals. Release of ``technology'' 
or ``source code'' by an entity outside the United States to a foreign 
national of a country other than the foreign country where the release 
takes place does not constitute a deemed reexport of such 
``technology'' or ``source code'' if:
    (1) The entity is authorized to receive the ``technology'' or 
``source code'' at issue, whether by a license, license exception, or 
situations where no license is required under the EAR;
    (2) The foreign national is a bona fide regular and permanent 
employee who is not a proscribed person under U.S. law and is directly 
employed by the entity;
    (3) The release takes place entirely within the physical territory 
of the country where the entity is located, conducts official business, 
or operates;
    (4) The entity has effective procedures to prevent diversion to 
destinations, entities, end users, and end uses contrary to the EAR; 
and
    (5) Any one of the following six (i.e., paragraphs (c)(5)(i), (ii), 
(iii), (iv), (v), or (vi) of this section) situations is applicable:
    (i) The foreign national has a security clearance approved by the 
host nation government of the entity outside the United States;
    (ii) The entity outside the United States:
    (A) Has in place a process to screen the foreign national employee 
and to have the employee execute a non-disclosure agreement that 
provides assurances that the employee will not disclose, transfer, or 
reexport controlled technology contrary to the EAR;
    (B) Screens the employee for substantive contacts with countries 
listed in Country Group D:5 (see Supplement No. 1 to part 740 of the 
EAR). Although nationality does not, in and of itself, prohibit access 
to ``technology'' or ``source code'' subject to the EAR, an employee 
who has substantive contacts with persons from countries listed in 
Country Group D:5 shall be presumed to raise a risk of diversion, 
unless BIS determines otherwise;
    (C) Maintains a technology security or clearance plan that includes 
procedures for screening employees for such substantive contacts;
    (D) Maintains records of such screenings for the longer of five 
years or the duration of the individual's employment with the entity; 
and
    (E) Will make such plans and records available to BIS or its agents 
for civil and criminal law enforcement purposes upon request;
    (iii) The entity is a UK entity implementing Sec.  126.18 of the 
ITAR (22 CFR 126.18) pursuant to the US-UK Exchange of Notes regarding 
Sec.  126.18 of the ITAR for which the UK has provided appropriate 
implementation guidance;
    (iv) The entity is a Canadian entity implementing Sec.  126.18 of 
the ITAR pursuant to the US-Canadian Exchange of Letters regarding 
Sec.  126.18 of the ITAR for which Canada has provided appropriate 
implementation guidance;
    (v) The entity is an Australian entity implementing the exemption 
at paragraph 3.7b of the ITAR Agreements Guidelines; or
    (vi) The entity is a Dutch entity implementing the exemption at 
paragraph 3.7c of the ITAR Agreements Guidelines.
    (d) Definitions. (1) ``Substantive contacts'' includes regular 
travel to countries in Country Group D:5; recent or continuing contact 
with agents, brokers, and nationals of such countries; continued 
demonstrated allegiance to such countries; maintenance of business 
relationships with persons from such countries; maintenance of a 
residence in such countries; receiving salary or other continuing 
monetary compensation from such countries; or acts otherwise indicating 
a risk of diversion.
    (2) ``Permanent and regular employee'' is an individual who:
    (a) Is permanently (i.e., for not less than a year) and directly 
employed by an entity, or
    (b) Is a contract employee who:
    (i) Is in a long-term contractual relationship with the company 
where the individual works at the entity's facilities or at locations 
assigned by the entity (such as a remote site or on travel);
    (ii) Works under the entity's direction and control such that the 
company must determine the individual's work schedule and duties;
    (iii) Works full time and exclusively for the entity; and
    (iv) Executes a nondisclosure certification for the company that he 
or she will not disclose confidential information received as part of 
his or her work for the entity.

    Note to paragraph (d)(2):  If the contract employee has been 
seconded to the entity by a staffing agency, then the staffing 
agency must not have any role in the work the individual performs 
other than to provide the individual for that work. The staffing 
agency also must not have access to any controlled ``technology'' or 
``source code'' other than that authorized by the applicable 
regulations or a license.

PART 740--LICENSE EXCEPTIONS

0
17. The authority citation for part 740 continues to read as follows:

    Authority:  50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 
22 U.S.C. 7201 et seq.; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., 
p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice 
of August 7, 2014, 79 FR 46959 (August 11, 2014).

0
18. Section 740.9(a)(3) is revised to read as follows:


Sec.  740.9  Temporary imports, exports, reexports, and transfers (in-
country) (TMP).

* * * * *
    (a) * * *
    (3) ``Technology,'' regardless of media or format, may be exported 
by or to a U.S. person or a foreign national employee of a U.S. person, 
traveling or on temporary assignment abroad, subject to the following 
restrictions:
    (i) Foreign nationals may only export or receive such 
``technology'' as they are authorized to receive through a license, 
license exception other than TMP or because no license is required.
    (ii) ``Technology'' exported under this authorization may only be 
possessed or used by a U.S. person or authorized foreign national and 
sufficient security precautions must be taken to prevent the 
unauthorized release of the ``technology.'' Such security precautions 
include encryption of the ``technology,'' the use of secure network 
connections, such as Virtual Private Networks, the use of passwords or 
other access restrictions on the electronic device or media on which 
the ``technology'' is stored, and the use of firewalls and other 
network security measures to prevent unauthorized access.
    (iii) The U.S. person is an employee of the U.S. Government or is 
directly employed by a U.S. person and not, e.g., by a foreign 
subsidiary.
    (iv) Technology'' authorized under this exception may not be used 
for foreign production purposes or for technical assistance unless 
authorized through a license or license exception other than TMP.
    (v) The U.S. person employer of foreign nationals must document the 
use of this exception by foreign national

[[Page 31519]]

employees, including the reason that the ``technology'' is needed by 
the foreign nationals for their temporary business activities abroad on 
behalf of the U.S. person.
* * * * *

PART 750--APPLICATION PROCESSING, ISSUANCE, AND DENIAL

0
19. The authority citation for 15 CFR part 750 continues to read as 
follows:

    Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 
Sec 1503, Pub. L. 108-11, 117 Stat. 559; E.O. 13026, 61 FR 58767, 3 
CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., 
p. 783; E.O. 13637 of March 8, 2013, 78 FR 16129 (March 13, 2013); 
Presidential Determination 2003-23 of May 7, 2003, 68 FR 26459, May 
16, 2003; Notice of August 7, 2014, 79 FR 46959 (August 11, 2014).

0
20. Section 750.7 is amended by revising paragraph (a) to read as 
follows:


Sec.  750.7  Issuance of licenses.

    (a) Scope. Unless limited by a condition set out in a license, the 
export, reexport, or transfer (in-country) authorized by a license is 
for the item(s), end-use(s), and parties described in the license 
application and any letters of explanation. The applicant must inform 
the other parties identified on the license, such as the ultimate 
consignees and end users, of the license's scope and of the specific 
conditions applicable to them. BIS grants licenses in reliance on 
representations the applicant made in or submitted in connection with 
the license application, letters of explanation, and other documents 
submitted. A BIS license authorizing the release of technology to an 
entity also authorizes the release of the same technology to the 
entity's foreign nationals who are permanent and regular employees (and 
who are not proscribed persons under U.S. law) of the entity's facility 
or facilities authorized on the license, except to the extent a license 
condition limits or prohibits the release of the technology to 
nationals of specific countries or country groups.
* * * * *

PART 764--ENFORCEMENT AND PROTECTIVE MEASURES

0
21. The authority citation for part 764 continues to read as follows:

    Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 
E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 
7, 2014, 79 FR 46959 (August 11, 2014).

0
22. Section 764.2 is amended by adding paragraph (l) to read as 
follows:


Sec.  764.2  Violations.

* * * * *
    (l) No person may ``release'' or otherwise transfer information, 
such as decryption keys, network access codes, or passwords, that would 
allow access to other ``technology'' in clear text or ``software'' with 
``knowledge'' that the release will result, directly or indirectly, in 
an unauthorized export, reexport, or transfer of the ``technology'' in 
clear text or ``software.'' Violation of this provision will constitute 
a violation to the same extent as a violation in connection with the 
export of the controlled ``technology'' or ``software.''

PART 772--DEFINITIONS OF TERMS

0
23. The authority citation for part 772 continues to read as follows:

    Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 
E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of August 
7, 2014, 79 FR 46959 (August 11, 2014).

0
24. Section 772.1 is amended by:
0
a. Adding, in alphabetical order, the definition for ``Applied 
research'';
0
b. Revising the definitions of ``Basic scientific research'' and 
``Export'';
0
c. Adding, in alphabetical order, definitions for ``Fundamental 
research,'' ``Peculiarly responsible,'' ``Proscribed person,'' and 
``Publicly available encryption software'';
0
d. Removing the definitions of ``Publicly available information'' and 
``Publicly available technology and software'';
0
e. Adding, in alphabetical order, the definition for ``Published'';
0
f. Revising the definitions of ``Reexport'';
0
g. Adding, in alphabetical order, the definition for ``Release'';
0
h. Revising the definition of ``Required'';
0
i. Removing the definition of ``Technical data''; and
0
j. Revising the definitions of ``Technology,'' and ``Transfer.''
    The revisions and additions read as follows:


Sec.  772.1  Definitions of terms as used in the Export Administration 
Regulations (EAR).

* * * * *
    Applied research. See Sec.  734.8(c) of the EAR.
* * * * *
    Basic scientific research. (GTN)--Experimental or theoretical work 
undertaken principally to acquire new knowledge of the fundamental 
principles of phenomena or observable facts, not primarily directed 
towards a specific practical aim or objective. See also Sec.  734.8(c) 
of the EAR.
* * * * *
    Export. See Sec.  734.13 of the EAR.
* * * * *
    Fundamental research. See Sec.  734.8 of the EAR.
* * * * *
    Peculiarly responsible. An item is ``peculiarly responsible for 
achieving or exceeding the controlled performance levels, 
characteristics or functions'' if it is used in or for use in the 
``development,'' ``production,'' ``use,'' operation, installation, 
maintenance, repair, overhaul, or refurbishing of an item subject to 
the EAR unless:
    (1) The Department of Commerce has determined otherwise in a 
commodity classification determination;
    (2) [Reserved];
    (3) It is identical to information used in or with a commodity or 
software that:
    (i) Is or was in production (i.e., not in development); and
    (ii) Is EAR99 or described in an ECCN controlled only for Anti-
Terrorism (AT) reasons;
    (4) It was or is being developed with ``knowledge'' that it would 
be for use in or with commodities or software:
    (i) Described in an ECCN; and
    (ii) Also commodities or software either not enumerated on the CCL 
or the USML (e.g., EAR99 commodities or software) or commodities or 
software described in an ECCN controlled only for Anti-Terrorism (AT) 
reasons;
    (5) It was or is being developed for use in or with general purpose 
commodities or software, i.e., with no ``knowledge'' that it would be 
for use in or with a particular commodity or type of commodity; or
    (6) It was or is being developed with ``knowledge'' that it would 
be for use in or with commodities or software described:
    (i) In an ECCN controlled for AT-only reasons and also EAR99 
commodities or software; or
    (ii) Exclusively for use in or with EAR99 commodities or software.
* * * * *
    Proscribed person. A person who is prohibited from receiving the 
items at issue or participating in a transaction that is subject to the 
EAR without authorization by virtue of U.S. law, such as persons on the 
Entity List, Specially Designated Nationals, or debarred parties.
    Publicly available encryption software. See Sec.  740.13(e) of the 
EAR.
    Published. See Sec.  734.7 of the EAR.
* * * * *
    Reexport. See Sec.  734.14 of the EAR.
    Release. See Sec.  734.15 of the EAR.
* * * * *
    Required. (General Technology Note)--As applied to ``technology'' 
or

[[Page 31520]]

``software'', refers to only that portion of ``technology'' or 
``software'' which is peculiarly responsible for achieving or exceeding 
the controlled performance levels, characteristics or functions. Such 
``required'' ``technology'' or ``software'' may be shared by different 
products. For example, assume product ``X'' is controlled if it 
operates at or above 400 MHz and is not controlled if it operates below 
400 MHz. If production technologies ``A'', ``B'', and ``C'' allow 
production at no more than 399 MHz, then technologies ``A'', ``B'', and 
``C'' are not ``required'' to produce the controlled product ``X''. If 
technologies ``A'', ``B'', ``C'', ``D'', and ``E'' are used together, a 
manufacturer can produce product ``X'' that operates at or above 400 
MHz. In this example, technologies ``D'' and ``E'' are ``required'' to 
make the controlled product and are themselves controlled under the 
General Technology Note. (See the General Technology Note.)

    Note 1 to the definition of required:
     The references to ``characteristics'' and ``functions'' are not 
limited to entries on the CCL that use specific technical parameters 
to describe the scope of what is controlled. The ``characteristics'' 
and ``functions'' of an item listed are, absent a specific 
regulatory definition, a standard dictionary's definition of the 
item. For example, ECCN 9A610.a controls ``military aircraft 
specially designed for a military use that are not enumerated in 
USML paragraph VIII(a).'' No performance level is identified in the 
entry, but the control characteristic of the aircraft is that it is 
specially designed ``for military use.'' Thus, any technology, 
regardless of significance, peculiar to making an aircraft ``for 
military use'' as opposed to, for example, an aircraft controlled 
under ECCN 9A991.a, would be technical data ``required'' for an 
aircraft specially designed for military use thus controlled under 
ECCN 9E610.


    Note 2 to the definition of required:
     The ITAR and the EAR often divide within each set of 
regulations or between each set of regulations:
    1. Controls on parts, components, accessories, attachments, and 
software; and
    2. Controls on the end items, systems, equipment, or other items 
into which those parts, components, accessories, attachments, and 
software are to be installed or incorporated.
    Moreover, with the exception of technical data specifically 
enumerated on the USML, the jurisdictional status of unclassified 
technical data or ``technology'' is the same as the jurisdictional 
status of the defense article or ``item subject to the EAR'' to 
which it is directly related. Thus, if technology is directly 
related to the production of a 9A610.x aircraft component that is to 
be integrated or installed in a USML VIII(a) aircraft, then the 
technology is controlled under ECCN 9E610, not USML VIII(i).

* * * * *
    ``Technology'' means:
    (a) Except as set forth in paragraph (b) of this definition:
    (1) Information necessary for the ``development,'' ``production,'' 
``use,'' operation, installation, maintenance, repair, overhaul, or 
refurbishing (or other terms specified in ECCNs on the CCL that control 
``technology'') of an item. ``Technology'' may be in any tangible or 
intangible form, such as written or oral communications, blueprints, 
drawings, photographs, plans, diagrams, models, formulae, tables, 
engineering designs and specifications, computer-aided design files, 
manuals or documentation, electronic media or information gleaned 
through visual inspection;

    Note to paragraph (a)(1) of this definition:  The modification 
of an existing item creates a new item and technology for the 
modification is technical data for the development of the new item.
    (2) [Reserved];
    (3) [Reserved];
    (4) [Reserved]; or
    (5) Information, such as decryption keys, network access codes, 
or passwords, that would allow access to other ``technology'' in 
clear text or ``software.''
    (b) ``Technology'' does not include:
    (1) Non-proprietary general system descriptions;
    (2) Information on basic function or purpose of an item; or
    (3) Telemetry data as defined in note 2 to Category 9, Product 
Group E (see Supplement No. 1 to Part 774 of the EAR).

* * * * *
    Transfer. A shipment, transmission, or release of items subject to 
the EAR either within the United States or outside the United States. 
For in-country transfer/transfer (in-country), see Sec.  734.16 of the 
EAR.

    Note to definition of transfer:
    This definition of ``transfer'' does not apply to Sec.  750.10 
of the EAR or Supplement No. 8 to part 760 of the EAR. The term 
``transfer'' may also be included on licenses issued by BIS. In that 
regard, the changes that can be made to a BIS license are the non-
material changes described in Sec.  750.7(c) of the EAR. Any other 
change to a BIS license without authorization is a violation of the 
EAR. See Sec. Sec.  750.7(c) and 764.2(e) of the EAR.

* * * * *

    Dated: May 18, 2015.
Kevin J. Wolf,
Assistant Secretary for Export Administration.
[FR Doc. 2015-12843 Filed 6-2-15; 8:45 am]
 BILLING CODE P