A community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.
This community works best when people use their real names. Please register for a free account.
Doug Nebeker ("Doug")
We are a UK based company and one of our larger customers based in the U.S. has requested the ECCN (Export Control Classification Number) certificate for one of our products.
Basically, the application is a client/server application. Our customer will be hosting the server in the U.S, but it will be accessed by foreign nationals in India. In addition, our customer will be transmitting the client software to the remote users.
Data transmitted between the client and server is encrypted.
The majority of our existing customers are American, and a lot already do this (host the server and allow remote access to their distributed developers) but, until now, none have requested an ECCN certificate.
My question is basically this: since we are a UK company, do we really need to provide this and, if so, is easy to get?
I can give a partial answer.
Presumably your US customer wants to know that they will not be violating export regulations, so what they want to know is under what ECCN classification the software is listed. It sounds like they are transferring the problem to you, in the hopes that you will provide the classification, solving the problem for them.
You might find this classification useful, because if other US customers are worried about the same thing, you will have the classification.
You can determine the classification for the product yourself, by going through the classification information. See the information at http://www.bis.doc.gov/licensing/exportingbasics.htm.
As an alternative, it is possible to get someone at the Department of Commerce to look up the ECCN for you. Friends of mine that are particularly concerned about the classification of their products (for example, they have substantial military sales in the US) get the Department of Commerce to do that for them, so they have a better excuse if there is trouble.
You can go even further and get an export license. This is not a classification, it is an actual license for your product to be exported. The last time I looked into this, the system was not well worked out for software, because it was completely unclear how new versions or updates would be handled. The license was to export a specific product for a specific amount of time.
Your life will be simplest if you can determine that the product is not licensed for export and does not have an ECCN classification (EAR99).
One more thing - because you are in a NATO country, if your software does fall under export licensing rules, you may find it useful to deal with this issue in Europe. The last time I looked at this, NATO had its own system for classifying export-controlled products. At the time, I thought the NATO system was complex, but I had not yet seen the US system.
I assume that the US recognizes NATO classifications, but I do not know. That is, if you have a NATO classification for your product, and your customer is reexporting the product from the US (a NATO country), does your customer require a US ECCN, or is a NATO classification adequate?
This topic is archived. No further replies will be accepted.Other recent topics