Tech Law Blog

Irish Export Control: Encryption Products and Upcoming Changes

20 November 2014

Click here to subscribe to our weekly tech law updates

This post, the third in our series on export control, discusses the application of dual use export controls to encryption products. (Our last post on the impact of export controls on cloud computing can be found here.)

Dual-use Export Controls

By virtue of EU Council Regulation 428/2009 (the “EU Regulation”), Ireland operates an export control licensing system in relation to certain goods, software and technology which may have both military and civilian uses (“dual-use items”). For more information on dual-use controls, see our previous post on Dual Use Items and Intangible Exports.

Control of Encryption Products

Annex I of the EU Regulation lists the dual-use items which are subject to export control (the “EU Control List”). The EU Control List is divided into ten broad categories of dual-use items, Category 5 of which covers Telecommunications and Information Security items and accounts for the majority of export licences issued in Ireland. Category 5 is split into two parts. Goods, software and technology relating to encryption (hereafter referred to as “encryption products”) are mainly found in Part 2 of Category 5 (entitled “Information Security”). Annex IV of the EU Regulation, which lists those Annex I items considered to be highly sensitive, also includes some encryption products.