Software development and U.S. export controls
April 23, 2013 —
(Page 1 of 4)
Related Search Term(s): security
You can’t help but notice the growing trend of U.S.-based software companies using cloud computing. But have you noticed that the cloud can be used by American companies to deliver software developed overseas to customers back in the U.S.?
Why is that? Well, offshoring the design and production of software may allow software companies to keep their profits “outside the reach of U.S. taxes.” It’s also possible, however, that collaborations between American and offshore sites may involve American export laws.
The export laws apply broadly to Americans, wherever located, as well as to goods that contain a certain amount of American content or were made using certain American technology. Physical transfers, cloud computing, even providing a foreign national with access to technical data, source code, or other information may require an export license from American authorities, depending on the product and countries involved. Thus, the very tools that allow teams of developers located in different countries to collaborate on designing software can create challenges for export compliance.
Reviewing the rules
The U.S. government regulates the export of goods, technology and services through a maze of regulatory acronyms. The State Department’s Directorate of Defense Trade Controls (DDTC) regulates the export of defense articles, related technical data, and defense services listed on the U.S. Munitions List (USML) through the International Traffic in Arms Regulations (ITAR).
The Department of Commerce’s Bureau of Industry and Security (BIS) enforces the Export Administration Regulations (EAR), which govern the export and re-export of commercial and “dual-use” commodities (generally those items not listed on the USML).
Because most commercial software is subject to the EAR, this article focuses on the BIS regulatory framework. It bears noting, however, that some software developed or designed primarily for defense purposes may fall under ITAR and be subject to DDTC licensing requirements. In addition, all export transactions should be reviewed for compliance with economic sanctions administered by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC).
What is an export?
Most American companies understand that the export or re-export of a finished product involves export laws. Less-often appreciated is that American export controls also cover the transmission of software source and object code overseas, and the sharing of technology or source code with foreign persons, whether located in the U.S. or abroad (known as “deemed exports”). This means that technology, software, or source and object code can be exported through visual inspection, release on a website, sent through e-mail or exchanged orally.