Export Compliance and Self-Classification Report for Encryption Items

Learn how to to submit the Export Compliance and the Self-Classification Report for Encryption items

Last Updated

June 4th, 2019

Reading Time

2 min

User Level

Introduction

Once you’ve created your branded mobile app, before publishing it on the iOS App Store, you are required to answer the Export Compliance question regarding the use of cryptography in your app and then submit the Self-Classification Report for Encryption Items in order to be compliant with the U.S. Encryption and Export Administration Regulations (EAR).

If you publish your branded application on Android Google Play Store, this documentation is not required.

This article outlines how to answer the Export Compliance question and how to produce and present the Self-Classification Report. For further information about the U.S. Bureau of Industry and Security’s Encryption and Export Administration Regulations (EAR) and Self-Classification Report, refer to the linked articles. You can also find a detailed document about the Export Compliance in the App Store Connect Help.

Please note that Docebo is not responsible for the content of the external documents linked above. Remember that it is your responsibility to check if these documents are updated or changed in any way.

Export Compliance

The Export Compliance asks you if your branded app uses cryptography. Simply choose the Yes answer, because your app uses, contains or incorporates cryptography. In fact, your app uses the HTTPS protocol, which is considered a public domain cryptographic algorithm.

According to the geographical region, you’ll see one of the three following images (note that the question is the same in the three images below):

Export compliance

Export compliance information

Self-Classification Report

Once you’ve answered the Export Compliance, you’re required to produce and then submit an annual Self-Classification Report for applicable encryption commodities, software and components exported or re-exported during a calendar year.

The self-classification is a report containing information about the application and its manufacturer. You can download a template of this report here. The table in this file provides an example of the fields required in the report. Rename the .csv file that you have downloaded and substitute the fields within square brackets with your app’s information.

This table lists the fields you have to substitute:

Self-Classification Report fields

When you have finished creating the report, send an email to the following three email addresses:

crypt@bis.doc.gov

crypt-supp8@bis.doc.gov

enc@nsa.gov

The email subject is Self-Classification Report for Encryption Items and the email body must be left blank. Finally, you are required to attach your self-classification report in .csv file format.