On April 18, 2017, the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) issued a final rule revising the Entity List entry for the Russian Federal Security Service (“FSB”), Russia’s principal security agency, in order to permit certain exports, reexports, and in-country transfers to the FSB without a BIS license in conformance with Cyber-related General License No. 1 (“General License No. 1”), which was issued by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) on February 2, 2017. Today’s change by BIS should further alleviate concerns of U.S. technology companies that need to deal with the FSB in its regulatory role in approving the import, distribution, and use of encryption products in Russia.

BIS effected this rule change through an amendment to the Entity List entry that was added for the FSB on January 4, 2017. As a result, any person (U.S. or non-U.S.) dealing in goods, software, or technology (collectively, “items”) subject to the Export Administration Regulations (“EAR”) is now permitted to export, reexport or transfer in-country such items, in support of:

  1. Requesting, receiving, utilizing, paying for, or dealing in licenses, permits, certifications, or notifications issued or registered by the FSB for the importation, distribution, or use of information technology products in Russia, provided that the payment of any fees to the FSB for such licenses, permits, certifications, or notifications does not exceed $5,000 in any calendar year;
  2. Complying with law enforcement or administrative actions or investigations involving the FSB (e.g., anti-bribery investigations); and
  3. Complying with rules and regulations administered by the FSB.

All other exports, reexports or in-country transfers of items subject to the EAR to the FSB remain prohibited. Please see our previous post for a discussion on OFAC General License No. 1 and here for a discussion about BIS’ addition of the FSB to the Entity List on January 4, 2017.