On December 2, 2020, China’s Ministry of Commerce (“MOFCOM”), State Cryptography Agency (“SCA”), and the General Administration of Customs (“Customs”) jointly issued three documents (here) related to import and export of commercial encryption items:

  • List of Commercial Encryption Subject to Import Licensing Requirement (“Import List”);
  • List of Commercial Encryption Subject to Export Control (“Export List”); and
  • Procedural Rules on [Applications for] Licenses for the Import and Export of Commercial Encryption (“Procedural Rules”).

The issuance of these lists and procedural rules marks a key step forward implementing both the commercial encryption import and export framework established under the Encryption Law, which took effect on January 1, 2020, and the export control regime under the new Export Control Law, which took effect on December 1, 2020.  (Our previous client alert on the Encryption Law can be found here, and our alert on the Export Control Law can be found here.)  The consolidation of previously separate regulatory frameworks under the commercial encryption rules and export control rules could also show a future trend of implementing a more unified system to control the import and export of sensitive data and technologies to and from China.

Under Article 28 of the Encryption Law, importers must obtain a license if the imported commercial encryption item “may impact national security or the public interest” and “provides an encryption protection function.”  The law itself is silent on which agency issues a license, but the law specifically calls for MOFCOM, SCA, and Customs to publish a list of commercial encryption items that fall within the scope of the abovementioned framework.  The release of the Import List specifically addresses this requirement and clarifies what categories of commercial encryption may be subject to the import licensing requirements.

At the same time, under the new Export Control Law, agencies such as MOFCOM must impose export controls on items that are related to the “maintenance of China’s national security and national interests” or the performance of China’s international obligations.  This Export List is the first control list ever issued under the new Export Control Law.  Moreover, commercial encryption items listed in the Import List and Export List are designated as “dual-use items and technologies,” and the importer and exporter of any such items must submit an application to MOFCOM in order to obtain a license.

We explain below the items included in the Import and Export Lists and the procedural steps to obtain a license.

Import and Export List

The Import List includes only four types of commercial encryption hardware:

  • encrypted phones;
  • encrypted fax machines;
  • crypto machines (including crypto cards) [i.e., machines with main function to perform cryptographic computing]; and
  • encryption VPN hardware devices.

The Export List covers a broader range of commercial encryption items:

  • Systems, devices, and components, including:
    • security chips;
    • crypto cards;
    • encryption VPN hardware devices;
    • products for cryptographic key management;
    • security devices used for special purposes (e.g., devices that are used in sectors such as electricity, tax, public security, and financial services and that satisfying certain technical specifications);
    • quantum encryption devices; and
    • devices used to analyze encryption technologies, products, or systems.
  • Devices specifically designed for testing, inspection, and manufacturing of the seven types of items mentioned in the bullet point above.
  • Software specifically designed or improved for the R&D, manufacturing, and use of the commercial encryption items listed in the two bullet points above.
  • Technologies specifically designed or improved for the R&D, manufacturing, and use of the commercial encryption items listed above.

Procedural Requirements for Obtaining the License

Importers and exporters of the commercial encryption items listed on the Import List and Export List must submit an application to MOFCOM through MOFCOM’s provincial branches and provide the following materials to apply for a license:

  • Dual-Use Items and Technologies Import and Export Application Form;
  • IDs of the legal representative, the person mainly responsible for the management, and the person responsible for the application;
  • explanation of the encryption technologies;
  • descriptions of the end user and purpose; and
  • other materials required by MOFCOM.

Upon receipt of the above application materials, MOFCOM and SCA will review and make a decision based on the procedural requirements described in the Regulations on the Management of Import and Export Licenses for Dual-use Items and Technologies, issued by MOFCOM and Custom issued in 2005.  If the application is approved, MOFCOM will issue the Import License or the Export License to the applicant.  The importer or exporter provides the license to Customs when going through Customs procedures.

Violation of the import and export restrictions may be subject to administrative penalties or criminal liability, if such violation constitutes a crime.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Eric Carlson Eric Carlson

Eric Carlson has nearly two decades of experience advising clients operating in China and other jurisdictions in Asia on compliance and investigations matters, particularly in the areas of corruption/FCPA/fraud and export controls/sanctions.

Having lived in China for more than a decade, he has

Eric Carlson has nearly two decades of experience advising clients operating in China and other jurisdictions in Asia on compliance and investigations matters, particularly in the areas of corruption/FCPA/fraud and export controls/sanctions.

Having lived in China for more than a decade, he has deep experience leading highly sensitive investigations in China and other jurisdictions in Asia, including investigations presenting complex legal, political, and reputational risks. He speaks Mandarin and Cantonese and has led more than four hundred witness interviews in Chinese in 24 provinces in China, and conducted dozens of trainings in Chinese. He is a Certified Fraud Examiner.

Eric also counsels clients on the compliance risks of proposed transactions, conducts compliance due diligence as part of mergers, acquisitions, and joint ventures, assists companies in updating and strengthening their internal compliance programs and tailoring them to the unique features of Asian markets, and developing and presenting tailored compliance training in Chinese and English. Eric has advised scores of companies and organizations representing nearly every major industry.

Eric is a regular speaker on China-related compliance issues. He has been quoted in publications such as The Wall Street JournalThe Economist, The Financial Times, Global Investigations Review, Compliance Week, FCPA Report, The Corporate Treasurer, Commercial Dispute Resolution, China Business Law Journal, and Economy and Nation Weekly and was a contributing editor to the FCPA Blog. Chambers notes that Eric has “much more than just a conversational grasp of the language, but the ability to conduct interviews on specific subject matter details and get to the root of the issues.” Chambers further notes that “his language skills are very impressive” and that he provides “great advice that is grounded in reality,” adding: “They know the industry and their advice is very risk-based and balanced.” One client noted to Chambers: “They have strong regional coverage both in terms of footprint as well as language skills. If I have a compliance investigation in region with a tight timeframe, I know they can get it done. They take a more realistic approach to scoping investigations.” Other clients noted to Chambers that Eric is “really brilliant” and “an expert in this field.” According to one client surveyed by Chambers, “he is particularly adept at ‘right sizing’ the scope of an investigation to get at the key issues without incurring unnecessary operational or financial burden. He is also incredibly responsive to client communications.”

Photo of Yan Luo Yan Luo

With over 10 years of experience in global technology regulations, Yan Luo specializes in the intersection of law and technology, focusing on regulatory compliance and risk mitigation for technology-driven business models. Her key strengths include data protection, cybersecurity, and international trade, with a

With over 10 years of experience in global technology regulations, Yan Luo specializes in the intersection of law and technology, focusing on regulatory compliance and risk mitigation for technology-driven business models. Her key strengths include data protection, cybersecurity, and international trade, with a particular emphasis on adapting to regulatory changes and ensuring compliance to support technology sector business strategies.

In recent years, Yan has guided leading multinational companies in sectors such as cloud computing, consumer brands, and financial services through the rapidly evolving cybersecurity and data privacy regulations in major Asian jurisdictions, including China. She has addressed challenges such as compliance with data localization mandates and regulatory audits. Yan’s work includes advising on high-stakes compliance issues like data localization and cross-border data transfers, navigating cybersecurity inspections for multinational companies, and providing data protection insights for strategic transactions. Additionally, Yan has counseled leading Chinese technology companies on global data governance and compliance challenges across major jurisdictions, including the EU and the US, focusing on specific regulations like GDPR and CCPA.

More recently, Yan has supported leading technology companies on geopolitical risk assessments, particularly concerning how geopolitical shifts impact sectors at the cutting edge, such as artificial intelligence and semiconductor technologies.

Yan was named as Global Data Review’s40 under 40” in 2018 and is frequently quoted by leading media outlets including the Wall Street Journal and the Financial Times.

Prior to joining the firm, Yan completed an internship with the Office of International Affairs of the U.S. Federal Trade Commission in Washington, DC. Her experiences in Brussels include representing major Chinese companies in trade, competition and public procurement matters before the European Commission and national authorities in EU Member States.