Latest Posts
Search for:

UK – Updates to UK Information Security Open Licences – what’s new?

By , , and 3 Mins Read

The scope of the two Open General Export Licences (OGEL) for security items has been further refined and amendments to the OGELs were on Wednesday (26 May 2021) published by the Department for International Trade in a Notice to Exporters.

The updated OGELs permit the export of low risk information security items that rely on encryption technologies listed  in Schedule 1 to each OGEL.

The new Information Security OGELs cover a significantly wider range of items than the previous editions (which applied to a relatively narrow range of networking systems and equipment, and related components, development kits and software), and they now authorise certain exports of:

  • General purpose computing equipment or servers (provided the use of information security is limited to certain functions);
  • Routers, switches, gateways or relays (other than those designed for Public Safety Radio, and within certain performance limitations), and software specially designed or modified for the “use” of such equipment or having the characteristics of, or performing or simulating the functions of such equipment; and
  • Technology for the “use” of the above items.

These products must only use standard algorithms that are approved or adopted by recognised international standards bodies. Additionally, the OGELs only cover items where cryptographic functionality cannot be easily changed by the user, and exclude items which have an ˈopen cryptographic interfaceˈ (a mechanism which is designed to allow a customer or other party to insert cryptographic functionality without the intervention, help or assistance of the manufacturer or its agents).

The jurisdictional scope of the OGELs has also been expanded and China, Hong Kong and Macao are no longer excluded as destinations under the licence, except where the export is for a military end use.

The licences cannot be used for exports to any military or government end user (including State Owned Enterprises and other organisations acting on their behalf), nor can it be used where an exporter has been informed, is aware, or has grounds for suspecting that the items are or may be intended for prohibited WMD or military end-uses (as set out in paragraph 2 of the new licences). Full limitations and conditions on use are set out in the licences.

Notably, the new Information Security OGELs still require exporters to comply with pre-export Technical Data reporting requirements (using a specified form) and annual Additional Reporting requirements. However, the Technical Data required by the licence has been simplified to be more user-friendly and reduce the burden on companies exporting low-risk items under this licence.

Categories:
Author

Ross Evans is a senior associate in Baker McKenzie's Competition, Trade and Foreign Investment Department in London. He is a highly regarded advisor on sanctions, export controls, and foreign investment and national security laws, with particularly deep expertise in the technology, media and telecoms sector, and in relation to cryptography and cybersecurity, data infrastructure, AI, and key advanced and emerging technologies.

Author

Andrew joined Baker McKenzie's London office as a trainee in 2015 and qualified in 2017. His practice concentrates on compliance with EU/UK trade regulations, as well as anti-bribery and antitrust. Andrew previously was previously seconded to Baker McKenzie's European Competition Law Practice in Brussels.

Author

Johanna Asplund is an associate at the Firm’s London office in the Competition, Trade and Foreign Investment Practice Group. She completed her degree in International Relations from London School of Economics then a Graduate Diploma in Law and Legal Practice Course (LLM) from BPP University in 2019.

Author

Related Posts