Once you’ve created your branded mobile app, before publishing it on the iOS App Store, you are required to answer the Export Compliance question regarding the use of cryptography in your app and then submit the Self-Classification Report for Encryption Items in order to be compliant with the U.S. Encryption and Export Administration Regulations (EAR).
If you publish your branded application on Android Google Play Store, this documentation is not required.
This article outlines how to answer the Export Compliance question and how to produce and present the Self-Classification Report. For further information about the U.S. Bureau of Industry and Security’s Encryption and Export Administration Regulations (EAR) and Self-Classification Report, refer to the linked articles. You can also find a detailed document about the Export Compliance in the App Store Connect Help.
Please note that Docebo is not responsible for the content of the external documents linked above. Remember that it is your responsibility to check if these documents are updated or changed in any way.
The Export Compliance asks you if your branded app uses cryptography. Simply choose the Yes answer, because your app uses, contains or incorporates cryptography. In fact, your app uses the HTTPS protocol, which is considered a public domain cryptographic algorithm.
According to the geographical region, you’ll see one of the three following images (note that the question is the same in the three images below):
Once you’ve answered the Export Compliance, you’re required to produce and then submit an annual Self-Classification Report for applicable encryption commodities, software and components exported or re-exported during a calendar year.
The self-classification is a report containing information about the application and its manufacturer. You can download a template of this report here. The table in this file provides an example of the fields required in the report. Rename the .csv file that you have downloaded and substitute the fields within square brackets with your app’s information.
This table lists the fields you have to substitute:
When you have finished creating the report, send an email to the following three email addresses:
The email subject is Self-Classification Report for Encryption Items and the email body must be left blank. Finally, you are required to attach your self-classification report in .csv file format.