Export controls are legal and regulatory measures implemented by countries to control the export of sensitive goods, technology, software, and information for reasons related to national security, foreign policy, or economic protection.
These controls often require exporters to secure a license before shipping certain products or technology abroad, especially if these items have potential military applications or if they're being shipped to certain countries.
- In 2017, ZTE was penalized by the U.S. Department of Commerce for violating U.S. export controls by shipping U.S.-origin items to Iran. This resulted in a penalty of $1.19 billion in 2017, one of the largest penalties ever imposed in an export control case.
- In 2007, ITT Corporation pleaded guilty to charges of exporting classified or controlled night-vision technology to China and other countries and was fined $100 million.
Intersection With Open Source
- The United States regulates the export of non-standard cryptography under the Export Administration Regulations (EAR), which classifies cryptographic items as "dual-use" commodities, software, or technology that have both civilian and military applications, and require an export license depending on the encryption strength, end-use, or destination country.
- Export of cryptography from the United States - Wikipedia Article.
- Encryption items NOT Subject to the EAR - from US Government Export Controls guidance.
- U.S. Export Controls and “Published” Encryption Source Code Explained
- Your policy will have to make a clear distinction between "exporting" and "contributing into an open source repository".