UK issues guidance on updated controls for information security products

The UK’s Export Control Joint Unit, part of the Department for International Trade, has published a Notice to Exporters (2018/03) providing detailed guidance on the 2017 update to the ‘information security’ section of the consolidated list of strategic export controls (26 February).

The changes are to category 5, part 2 of the list, which outlines controls on information security products, in particular cryptography. The update reflects the growth in the use of cryptography and increase in the number of items falling within the controlled list or which are excluded from it. The changes were agreed between the Wassenaar Arrangement participating states at the end of 2016, appearing in Annex 1 to Council Regulation (EC) No 428/2009 (amended by Regulation (EU) No 2268/2027) in 2017.

The changes are designed to create a ‘positive’ rather than ‘negative’ set of controls, for ‘ease of use and clarity’. Notice to Exporters 2018/03 states: ‘The broad intent of the restructure was to maintain the scope of Category 5 Part 2, so the new text should not change the control status of most items.’

For a full list of the changes outlined in Notice to Exporters 2018/03 see: https://www.gov.uk/government/publications/notice-to-exporters-201803-updates-to-controls-on-information-security-products-using-cryptography/notice-to-exporters-201803-updates-to-controls-on-information-security-products-using-cryptography