Understanding US Export Controls and Open Source Projects (2021 Update)
The Linux Foundation | 15 July 2021
One of the greatest strengths of open source development is how it enables collaboration across the entire world. However, because open source development is a global activity, it necessarily involves making available software across national boundaries. Some countries’ export control regulations, such as the United States, may require taking additional steps to ensure that an open source project is satisfying obligations under local laws.
In July of 2020, The Linux Foundation published a whitepaper on how to address these issues in detail, which can be downloaded here. In 2021, the primary update in the paper is to reflect a change in the US Export Administration Regulations.
- Previously, in order for publicly available encryption software under ECCN 5D002 to be not subject to the EAR, email notifications were required regardless of whether or not the cryptography it implemented was standardized.
- Following the change, email notifications are only required for software that implements “non-standard cryptography”.
Please see the updated paper and the EAR for more specific details about this change.
2023 Compliance and Security Cloud Computing Projects Linux How-To Diversity & Inclusion Open Source Open Source Best Practices 2022 Cross Technology Training and Certification Newsletter 2024 LFX AI LF Research Legal Research Networking and Edge Topic: Data Blog Data Governance Featured LF Energy Linux Linux Foundation Open Mainframe Open Models OpenChain System Administration Topic: Security eBPF generative AI kernel license compliance maintainer techtalentsurvey