1 / 25

PRC Encryption Controls Summit on Export Controls Compliance Singapore, October 20-21, 2010

PRC Encryption Controls Summit on Export Controls Compliance Singapore, October 20-21, 2010. Eric Carlson, Attorney Covington & Burling LLP, Beijing Office. Overview of Presentation. Brief overview of PRC encryption regulatory scheme December 2009 notice and core/non-core determinations

irush
Download Presentation

PRC Encryption Controls Summit on Export Controls Compliance Singapore, October 20-21, 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PRC Encryption ControlsSummit on Export Controls ComplianceSingapore, October 20-21, 2010 Eric Carlson, AttorneyCovington & Burling LLP, Beijing Office

  2. Overview of Presentation • Brief overview of PRC encryption regulatory scheme • December 2009 notice and core/non-core determinations • Permit conditions

  3. Brief Overview of PRC Encryption Regulatory Scheme

  4. PRC Encryption Regulatory Scheme • China is not a member of Wassenaar Arrangement • China does not control encryption products/technologies solely on strength

  5. PRC Encryption Regulatory Scheme • State Encryption Management Commission (SEMC 国家密码管理局) administers China’s encryption system • a/k/a State Encryption Administration, or State Encryption Management Bureau, or State Cryptography Office • Within the SEMC, Office of State Commercial Cipher Administration (OSCCA, 商用密码管理办公室, a/k/a Commercial Cryptography Office) is the subordinate office that handles commercial encryption products

  6. PRC Encryption Regulatory Scheme • 1999 Regulations (商用密码管理条例) provide general guidance • Import, export, and use of encryption products and technology are highly regulated • Only products approved by the SEMC may be used in China • SEMC regularly publishes a list of approved products (537 as of August 31, 2010) • Must be purchased from approved seller

  7. PRC Encryption Regulatory Scheme • Domestic entities and individuals cannot use foreign-produced encryption products • Only foreign-invested entities can apply to OSCCA to use foreign-produced commercial encryption products (to ensure technological parity)

  8. PRC Encryption Regulatory Scheme • “Encryption product” not defined under laws and regulations • “Commercial encryption product” (CEP) is defined broadly under the relevant regulations to include “encryption technology and encryption products used for encryption protection or security certification information, not involving state secrets” • The definition is quite vague, and subsequent guidance has narrowed the definition only slightly to include products that incorporate encryption and decryption as their “core functions” (核心功能)

  9. PRC Encryption Regulatory Scheme • SEMC has issued specific rules on production of, sale of, use, and scientific research on commercial encryption products • Foreign encryption products and technology imported into China (or use by foreign companies of encryption products) require additional approvals • March 2008: SEMC notices suggest possible move away from “core function” test

  10. December 2009 Notice and Core/Non-Core Determinations

  11. December 2009 Notice • December 2009: Joint Notice issued by SEMC and Customs (国家密码管理局 海关总署联合公告2009年第18号) • Effective January 2010, companies must obtain special import permits for nine products listed in the Catalog (Version 1)

  12. December 2009 Notice Exceptions for: • processing trade (imported only for the purpose of processing and re-export) • temporary imports • goods entering into bonded areas or export processing zones

  13. December 2009 Notice Catch-all provision • Even if not specifically listed in the Catalog, if the importer “knows or ought to know” (进口单位知道或者应当知道) that a imported product contains encryption technology, importer must obtain an import permit and proactively submit it to Customs • Companies assumed to know whether products contain encryption technology

  14. December 2009 Notice Implications: • SEMC reaffirmed “core function” test • Confirmed in subsequent meeting between industry and SEMC • “Version 1” of the Catalog implies that other versions will be forthcoming • 1999 Regulations also will be updated, but not imminently

  15. December 2009 Notice Implications: • Burden-shifting: importer in theory now has burden to apply for permit if product contains encryption technology, even if not on list • 2010 Catalog includes 9 items (2009 draft included 11 items)

  16. How Does SEMC/Customs Decide What Is Core vs. Non-core? • SEMC has not further defined “core” vs. “non-core” functions • If item is not listed in Catalog, possible to make self-classification • Import of company’s own products vs. other products used by company in China

  17. How Does SEMC/Customs Decide What is Core vs. Non-core? • Caveat: if Customs later challenges self-classification, imports may be blocked, and fines may be imposed • Customs enforces determinations of SEMC • Less likely that one provincial Customs Bureau will interpret the provision one way and another provincial Customs Bureau a different way

  18. How Does SEMC/Customs Decide What Is Core vs. Non-core? • Possible to call SEMC or its local bureaus • SEMC has indicated in meetings its openness to enterprises calling • SEMC will conduct its own internal research and revert with guidance • May not be legally binding, but provides helpful guidance

  19. Permit Conditions

  20. Two Types of Permits 1. Import Permit • “Permit to Import Encryption Equipment” (密码产品进口许可证) • Use Permits • “Permit to Use Foreign-Manufactured Encryption Products” (使用境外生产的密码产品准用证) • “Permit for Foreign Organization or Individual to Use Encryption Products” (境外组织或个人使用密码产品准用证)

  21. sample import permit

  22. Conditions on Permits Import Permit (进口许可证) • SEMC issues two types of import permits • Single-use • Multiple-use (up to 20 times) • Must show permit to Customs at time of import

  23. Use Permit (准用证) • Time limitation: valid for three years • Must be returned to local office of SEMC after use • End-user control: cannot transfer product to others • End-use control: any change in use must be approved by SEMC • If products need to be repaired, must be repaired by SEMC-designated maintenance entities

  24. Questions? Eric Carlson Covington & Burling, Beijing Office (86 10) 5910-0503 ecarlson@cov.com

More Related