Skip to Content

Monday Morning eBriefing

BIS Rule Sets New Control for Certain Cybersecurity Exports

May 30, 2022 by Luke Zimmer
The Commerce Department’s Bureau of Industry and Security (BIS) has finalized changes to License Exception ACE and corresponding changes in the definition section of the Export Administration Regulations (EAR) in response to public comments to an Oct. 21, 2021 interim rule. The final rule takes effect May 26.

The rule established a new control on certain cybersecurity items for National Security (NS) and Anti-terrorism (AT) reasons, as well as adding a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in certain circumstances.

“These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” BIS said in the Federal Register notice announcing the final rule.

The rule also corrects Export Control Classification Number (ECCN) 5D001 in the Commerce Control List (CCL).

For questions regarding the ECCNs included in this rule or License Exception ACE, contact BIS’s Aaron Amundson at (202) 482-0707 or e-mail