SSLs, as described in category (11) of the 31 CFR § 560.540 List of Services, Software, and Hardware Incident to Communications (“31 CFR § 560.540 List”) encompass “provisioning and verification software for Secure Socket Layer (SSL) certificates designated EAR99 or classified under ECCN 5D992.c, and services necessary for the operation of such software.” Additional provisioning and verification software not subject to the EAR may be included under 31 CFR § 560.540’s authorization for, in relevant part, software not subject to the EAR that is exported, reexported, or provided, directly or indirectly, by a U.S. person located outside the United States, that is of a type described in the 31 CFR § 560.540 List, provided that it would be designated as EAR99 or would meet the criteria for classification under the relevant ECCN specified therein if it were subject to the EAR.
Date Updated: May 16, 2024