Encryption Controls

Trust Our Experts To Navigate And Solve Your Encryption Control Needs

Encryption controls are one of the most complicated aspects of the EAR. Almost every item under Category 5, Part 2 of the Commerce Control List is controlled because it contains encryption functionality. However, there a numerous caveats, notes, and other exceptions which can apply in any particular case.

How do you evaluate your software or product against the Commerce Department’s encryption controls? How do the new changes to encryption regulations impact your business? Do you need to submit a CCATS for your encrypted software or item?  We can help you answer these and other questions, and apply the right solution for your business.

Our team of encryption experts can:
  • Determine if your product is subject to the Commerce Department’s encryption controls.
  • Determine mass market classifications and submit those requests to BIS as applicable.
  • File a CCATS with BIS.
  • Evaluate and apply License Exception ENC.
  • Review and file your annual (or semi-annual) reports.
  • Help you understand and apply recent changes to encryption controls to your products and software.
  • Answer your questions and provide advice on BIS encryption controls.

Encryption Controls FAQs

Do I still need an Encryption Registration Number (ERN)?
No, registration is no longer required.

What is asymmetric encryption?
Also known as public-key encryption, asymmetric encryption involves using a pair of corresponding keys, one private key, and one public key, to encrypt and decrypt a file to protect it from unauthorized use.

I already have a CCATS for my encryption item Do I need to renew it?
Generally speaking, CCATS do not expire. However, if the encryption functionality or other technical characteristics have changed which may affect the classification, you will need to review the classification and possibly obtain a new CCATS.