1. Background –The General Israeli Regulatory Framework

According to the Israeli Import and Export Order 2006 (supervision of products, services and dual-use technology export), the export and trade of any product or technology explicitly mentioned in one or more of the Wassenaar Arrangement’s (1996) nine categories as dual-use, (said categories include inter alia: advanced materials, computer and electronics products, data security products etc.) requires a permit from the authorized regulators (i.e several named officials within the Ministry of Economy). Supplemental to the said order, the Law for Supervision of Defense Export, 2007 limits the possibility of trade in certain products that possess military capabilities. The Wassenaar Arrangement is a multilateral export control regime (MECR) with 41 participating states (excluding Israel) that was established in order to contribute to regional and international security and stability by promoting transparency and responsibility in transfers of conventional arms and dual-use goods and technologies, seeking to prevent destabilizing accumulations within  malicious intended entities. The State of Israel has adopted  the Wassenaar Arrangement and although it is not a formal member it is considered as an “obeying country”, therefore the Israeli Ministry of Economy adopted the Wassenaar Arrangement and has used the same definitions used under the Wassenaar Arrangement to define dual-use products as any product, software, technology, knowledge and services generally used for civilian purposes but which may also possess military abilities (or may be transformed into such) and applications which may contribute to the manufacturing or distribution of weapons.   The export and trade of military or defense products is regulated separately by the Israeli Ministry of Defense.

  1. Draft for Order of Cyber Products Supervision (2016)

The Department for Supervision of Defense Export within the Ministry of Defense has issued a proposed draft for the definition of products and knowledge to be supervised in the cyber field. The proposed draft would not only assimilate the requirements of the Wassenaar Arrangement in the Israeli legal system, but also expand the list of products that will be subject to extensive regulation both in development stages and while conducting business with respect to applicable products. Final adoption of the draft, and matching legislation if such will actually follow, would give Israel the challenging opportunity of being a pioneer in adopting the regulation regime described in the Arrangement. Although the draft was only recently published (7th of January 2016), the Israeli cyber industry is already in turmoil over the regulatory changes it provides. Aside for claims of problematic results for the entire sector and the financial outcomes that such regime will create, the draft explicitly states that certain “highlighted” parts of it are an expansion of the Wassenaar arrangement’s dual-use products list. Since Israel is the first to implement a local arrangement that will enforce the “expanded” Wassenaar regulatory regime, the local cyber industry as well as Israel’s defensive equipment manufacturers, are highly concerned of a new competitive burden to which it might be exposed in its day to day business as well as the incentive for successful corporations to shift their operations to other jurisdictions.

The main product features that will be regulated under the proposed draft, should it be made into law, are: intrusion software, software weakness oversight and detection, systems or components designed or adjustable to fit strategic and defense purposes and any software with forensic capabilities.

It should be emphasized that at this point, in light of the unified opposition presented from cyber companies, Israel’s defensive equipment manufacturers, the Department for Supervision of Defense Export within the Ministry of Defense, has announced that it will welcome suggestions from the industry as to how to “soften” the actual implementation of the Cyber Products Supervision.

Furthermore, we note that the actual ratification of the Order of Cyber Products Supervision requires further government and legislative approvals.

  1. Enforcement

On October 11th, 2015, the Rehovot Magistrate Court in Israel ruled in the case of the State of Israel vs. Illan Shimon Yaacobi, in which for the first time  the State of Israel handed down  a criminal sentence for the illegal export of supervised products through eBay (and has made such verdict a matter of public record). The esteemed court sentenced the defendant, an Israeli citizen who bought de-commissioned radios and communication supplies and equipment from sub contractors of the IDF in a legal manner and subsequently sold them on eBay after repairing such devices  for a total of more than $200,000. All said products were “Supervised Products” according to the Law for Supervision of Defense Export, 2007. While the esteemed court sentenced Yaacobi for community service and a fine of NIS70,000 (approx.$17,800), it explicitly stated that the leniency of the sentence is solely due to this instance being the first time a criminal verdict is handed down with respect to an Israeli individual for such a breach of defense export rules.