e-CFR banner

Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

 

Electronic Code of Federal Regulations

e-CFR data is current as of March 30, 2020

Amendment


22 CFR--PART 120

View Printed Federal Register page 84 FR 70892 in PDF format.

Amendment(s) published December 26, 2019, in 84 FR 70892

Effective Dates: Mar. 25, 2020

9. Section 120.54 is added to read as follows:

§120.54   Activities that are not exports, reexports, retransfers, or temporary imports.

(a) The following activities are not exports, reexports, retransfers, or temporary imports:

(1) Launching a spacecraft, launch vehicle, payload, or other item into space.

(2) Transmitting or otherwise transferring technical data to a U.S. person in the United States from a person in the United States.

(3) Transmitting or otherwise transferring within the same foreign country technical data between or among only U.S. persons, so long as the transmission or transfer does not result in a release to a foreign person or transfer to a person prohibited from receiving the technical data.

(4) Shipping, moving, or transferring defense articles between or among the United States as defined in §120.13 of this subchapter.

(5) Sending, taking, or storing technical data that is:

(i) Unclassified;

(ii) Secured using end-to-end encryption;

(iii) Secured using cryptographic modules (hardware or software) compliant with the Federal Information Processing Standards Publication 140-2 (FIPS 140-2) or its successors, supplemented by software implementation, cryptographic key management, and other procedures and controls that are in accordance with guidance provided in current U.S. National Institute for Standards and Technology (NIST) publications, or by other cryptographic means that provide security strength that is at least comparable to the minimum 128 bits of security strength achieved by the Advanced Encryption Standard (AES-128);

(iv) Not intentionally sent to a person in or stored in a country proscribed in §126.1 of this subchapter or the Russian Federation; and

Note to paragraph (a)(5)(iv): Data in-transit via the internet is not deemed to be stored.

(v) Not sent from a country proscribed in §126.1 of this subchapter or the Russian Federation.

(b)(1) For purposes of this section, end-to-end encryption is defined as:

(i) The provision of cryptographic protection of data, such that the data is not in an unencrypted form, between an originator (or the originator's in-country security boundary) and an intended recipient (or the recipient's in-country security boundary); and

(ii) The means of decryption are not provided to any third party.

(2) The originator and the intended recipient may be the same person. The intended recipient must be the originator, a U.S. person in the United States, or a person otherwise authorized to receive the technical data, such as by a license or other approval pursuant to this subchapter.

(c) The ability to access technical data in encrypted form that satisfies the criteria set forth in paragraph (a)(5) of this section does not constitute the release or export of such technical data.

Need assistance?