The scope of the two Open General Export Licences (OGEL) for security items has been further refined and amendments to the OGELs were on Wednesday (26 May 2021) published by the Department for International Trade in a Notice to Exporters.
The updated OGELs permit the export of low risk information security items that rely on encryption technologies listed in Schedule 1 to each OGEL.
The new Information Security OGELs cover a significantly wider range of items than the previous editions (which applied to a relatively narrow range of networking systems and equipment, and related components, development kits and software), and they now authorise certain exports of:
- General purpose computing equipment or servers (provided the use of information security is limited to certain functions);
- Routers, switches, gateways or relays (other than those designed for Public Safety Radio, and within certain performance limitations), and software specially designed or modified for the “use” of such equipment or having the characteristics of, or performing or simulating the functions of such equipment; and
- Technology for the “use” of the above items.
These products must only use standard algorithms that are approved or adopted by recognised international standards bodies. Additionally, the OGELs only cover items where cryptographic functionality cannot be easily changed by the user, and exclude items which have an ˈopen cryptographic interfaceˈ (a mechanism which is designed to allow a customer or other party to insert cryptographic functionality without the intervention, help or assistance of the manufacturer or its agents).
The jurisdictional scope of the OGELs has also been expanded and China, Hong Kong and Macao are no longer excluded as destinations under the licence, except where the export is for a military end use.
The licences cannot be used for exports to any military or government end user (including State Owned Enterprises and other organisations acting on their behalf), nor can it be used where an exporter has been informed, is aware, or has grounds for suspecting that the items are or may be intended for prohibited WMD or military end-uses (as set out in paragraph 2 of the new licences). Full limitations and conditions on use are set out in the licences.
Notably, the new Information Security OGELs still require exporters to comply with pre-export Technical Data reporting requirements (using a specified form) and annual Additional Reporting requirements. However, the Technical Data required by the licence has been simplified to be more user-friendly and reduce the burden on companies exporting low-risk items under this licence.
