The scope of the two Open General Export Licences (OGEL) for security items has been further refined and amendments to the OGELs were on Wednesday (26 May 2021) published by the Department for International Trade in a Notice to Exporters.

The updated OGELs permit the export of low risk information security items that rely on encryption technologies listed  in Schedule 1 to each OGEL.

The new Information Security OGELs cover a significantly wider range of items than the previous editions (which applied to a relatively narrow range of networking systems and equipment, and related components, development kits and software), and they now authorise certain exports of:

  • General purpose computing equipment or servers (provided the use of information security is limited to certain functions);
  • Routers, switches, gateways or relays (other than those designed for Public Safety Radio, and within certain performance limitations), and software specially designed or modified for the “use” of such equipment or having the characteristics of, or performing or simulating the functions of such equipment; and
  • Technology for the “use” of the above items.

These products must only use standard algorithms that are approved or adopted by recognised international standards bodies. Additionally, the OGELs only cover items where cryptographic functionality cannot be easily changed by the user, and exclude items which have an ˈopen cryptographic interfaceˈ (a mechanism which is designed to allow a customer or other party to insert cryptographic functionality without the intervention, help or assistance of the manufacturer or its agents).

The jurisdictional scope of the OGELs has also been expanded and China, Hong Kong and Macao are no longer excluded as destinations under the licence, except where the export is for a military end use.

The licences cannot be used for exports to any military or government end user (including State Owned Enterprises and other organisations acting on their behalf), nor can it be used where an exporter has been informed, is aware, or has grounds for suspecting that the items are or may be intended for prohibited WMD or military end-uses (as set out in paragraph 2 of the new licences). Full limitations and conditions on use are set out in the licences.

Notably, the new Information Security OGELs still require exporters to comply with pre-export Technical Data reporting requirements (using a specified form) and annual Additional Reporting requirements. However, the Technical Data required by the licence has been simplified to be more user-friendly and reduce the burden on companies exporting low-risk items under this licence.

Author

Ross Evans is a member of the EU, Competition and Trade team in London, who specialises in advising companies in the technology, telecoms, engineering, and fintech sectors on how to manage a rapidly changing landscape of competition/antitrust, trade law, and national security and investment regimes. He regularly advises clients in relation to UK public interest intervention rules and national security and investment issues, and on global foreign investment review strategy, leveraging his expertise in trade and export control laws and competition merger control regimes, and an in-depth understanding of emerging technologies.

Author

Author

Johanna is a trainee solicitor in the EU, Competition and Trade team in London.