The Apache Software Foundation Blog

Wednesday May 22, 2019

Statement by The Apache Software Foundation regarding US Federal Register Notice of non-US affiliates added to Entity List Ruling

Restrictions on exports and reexports to parties named on Entity List specifically apply to activities and transactions subject to the Export Administration Regulation (EAR). [1] Open Source publicly available encryption software source code, as reclassified by the US Department of Commerce, Bureau of Industry and Security (BIS) effective September 20, 2016, is "publicly available" and "published" and is not "subject to the EAR." [2]

Open Source projects involving encryption software source code are still required to send a notice of the URL to BIS and NSA to satisfy the "publicly available" notice requirement in EAR ยง 742.15(b).

The ASF continues to work with Apache projects and their communities to ensure their notices are up to date and are maintained in the future.[3]

Open Source software, collaboration on Open Source code, attending open telephonic or in person meetings, and providing sponsorship funds are all activities that are not subject to the EAR and therefore should have no impact on our communities.

For more information, visit http://apache.org/foundation/license-faq.html


Roman Shaposhnik
ASF Vice President Legal Affairs

We thank DLA Piper and The Linux Foundation for their legal counsel and collaboration regarding this subject. 

[1] https://www.bis.doc.gov/index.php/documents/regulations-docs/2395-effective-date-of-huawei-and-affiliates-entity-list-rule

[2] 81 Fed. Reg. 64656, 64668 (September 20, 2016). See also, https://www.bis.doc.gov/index.php/policy-guidance/encryption/223-new-encryption

[3] https://www.apache.org/licenses/exports/

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation