Effective on March 25, 2020, the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) interim final rule amended the “Encryption Rule” under the International Traffic in Arms Regulations (ITAR) (22 C.F.R. § 120.54) with definitions more clearly explaining activities that are not considered to be exports, reexports, retransfers or temporary imports of secured and unclassified technical data. A summary of the proposal was provided in a previous Trump and Trade post on January 3, 2020 and the DDTC issued a summary of the changes on February 3, 2020.
On March 27, 2020, the DDTC issued a new entry in its frequently asked questions (FAQ) on the subject of providing access information to a foreign person under the Encryption Rule. Specifically, the FAQ address how users should reconcile technical data encrypted in accordance with section 120.54(a)(5) and not deemed an export, reexport or retransfer, with section 120.50(b) prohibiting regulated persons from providing access information to unauthorized foreign persons. The FAQ clarifies there would be a violation under section 120.54(b) if a “regulated person” provides access information to a foreign person who is able to “access, view, or possess” the encrypted technical data in an “unencrypted form” and is “not authorized to have the technical data.”