Export Control Decision Tree Form Export Controls Decsion Tree Please answer the below questions to the best of your ability. If you are unsure how to answer any question please select “I am not sure” and our Export Control Office will reach out with assistance. To the right of each question are notes that provide definitions and context to each question. We recommend reviewing the notes before answering the questions. Question 1: Are you sharing, shipping, transmitting or transferring encryption software in source code or object code (including travel outside the country with such software)? Yes No I am not sure Question 1 notes Note on Encryption Software The sharing, shipping, transmission or transfer of almost all encryption software in either source code or object code is subject to U.S. export controls. Even most publicly available “dual-use” encryption code captured by the Export Administration Regulations (EAR) requires the availability of a License Exception. A License Exception under the EAR is an authorization based on a set of criteria, which when met, allows the exporter to circumvent export licensing requirements. The release of publicly available encryption code under the EAR is generally authorized by License Exception TSU (Technology and Software – Unrestricted) whereby the exporter provides the U.S. Government with a “one-time” notification of the location of the publicly available encryption code at the time the code is placed in the Public Domain. In addition, U.S. persons are prohibited without prior authorization from providing technical assistance (i.e., instruction, skills training, working knowledge, consulting services) to a foreign person with the intent to assist in the overseas development or manufacture of encryption software that is subject to U.S. Government notification or authorization. This prohibition does NOT limit University personnel from teaching or discussing general information about cryptography. Note on license exemptions during travel Two license exceptions are available for the Northeastern community when the tangible export of items and software containing encryption code is necessary for travel or relocation: The Temporary Export license exemption (TMP) allows those departing from the U.S. on university business to take with them, as “tools of the trade,” University-owned, retail-level encryption items such as laptops, personal digital assistants (PDAs), and cell phones and encryption software in source or object code to all countries except Sudan and Cuba, as long as the items and software will remain under their “effective control” overseas and are returned to the US within 12 months or are consumed or destroyed abroad; License Exception BAG (Baggage) allows individuals departing the U.S. either temporarily (travel) or longer-term (relocation) to take with them as personal baggage family-owned retail-level encryption items including laptops, personal digital assistants (PDAs), and cell phones and encryption software in source or object code. The encryption items and software must be for their personal use in private or professional activities. Citizens and permanent resident aliens of all countries except Cuba, Libya, Syria, Sudan, North Korea and Iran may take (as personal baggage) non-retail “strong” encryption items and software to all locations except embargoed or otherwise restricted locations. Note on Object versus Source Code Source code is generally understood to mean programming statements that are created by a programmer with a text editor or a visual programming tool and then saved in a file. Object code generally refers to the output, a compiled file, which is produced when the Source Code is compiled with a C compiler. The object code file contains a sequence of machine-readable instructions that is processed by the CPU in a computer. Operating system or application software is usually in the form of compiled object code. Question 2: Do you know or have any reason to believe that the item, information or software to be shared, shipped, transmitted or transferred will (or maybe “can”) support the design, development, production, stockpiling or use of a nuclear explosive device, chemical or biological weapons, or missiles? Yes No I am not sure Question 2 notes Note defining items in the question U.S. persons are specifically prohibited from engaging in activities, either directly or indirectly, that support the proliferation of nuclear explosive devices and missiles to certain countries and their nationals without an export license. Furthermore, U.S. persons are specifically prohibited from knowingly engaging in activities that support the proliferation of chemical or biological weapons to any country and its nationals without an export license. Prohibited activities include direct support (through sharing, shipping, transmission or transfer), or indirect support (through financing, contracting, servicing, transportation, support or employment) that a U.S. person knows will facilitate the proliferation of these weapons of mass destruction (WMD) in or by those countries. In addition, an individual or organization is prohibited from proceeding with a shipment, transmission or transfer of equipment or software, or from a disclosure of information, with the knowledge that an export control violation has, or is about to, occur. Certain chemical and biological weapons agents and precursors are listed on the U.S. Munitions List (USML) at Category XIV and on the Commerce Control List (CCL) in Category 1 at 1C350 through 1C360. Question 3: Has an external sponsor, vendor, collaborator or other third party provided the item, information or software to be shared, shipped, transmitted or transferred under a Non-Disclosure or Confidential Disclosure Agreement (NDA)? Yes No I am not sure Question 3 notes Note on NDAs and Confidentiality Agreements Northeastern faculty may be asked to accept confidential, proprietary, or export controlled data or material as part of a research project subject to a Non-Disclosure Agreement (NDA) signed by both the discloser and the recipient. Please note, the University, through NU-RES or CRI, must approve all such agreements. NDAs may include licensing agreements which limit or prohibit the disclosure or transfer of the licensed data or materials, therefore, negating the Fundamental Research Exemption (FRE). In addition, if you accept confidential or proprietary information subject to a Confidentiality or Non-Disclosure Agreement, and the disclosure restrictions affect your ability to publish research results, the research itself will lose its characterization as “fundamental research” for export control purposes. Should the research entail information or software identified on U.S. export control lists, and you wish to have foreign nationals participate in the research, you may be required to obtain an export license because you have lost the “fundamental research” exemption. Question 4: Is the item being shared, shipped, transmitted or transferred a defense article (i.e. does not have a predominant civil application) not specifically identified on the ITAR U.S. Munitions List (USML)? Yes No I am not sure Question 4 notes Note on definition of a defense article A defense article is either: Specifically designed, developed, configured, adapted, or modified for a military application, and does not have predominant civil applications, and does not have performance equivalent (defined by form, fit and function) to those of an article or service used for civil applications; Specifically designed, developed, configured, adapted, or modified for a military application, and has significant military or intelligence applicability (examples are nuclear, biological, or chemical weapons and satellite technology with military application); or On the US Munitions List (USML, the US State Department ITAR list). Question 5: Is the information or software being shared, shipped, transmitted or transferred technical data on the ITAR’s U.S. Munitions List (USML)? Yes No I am not sure Question 5 notes Technical Data includes: Information, other than software, required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. Such information may be, but is not limited to, blueprints, drawings, photographs, plans, instructions and documentation. Classified information relating to defense articles and defense services. Information covered by an invention secrecy order. Software directly related to defense articles. Technical Data EXCLUDES: Information concerning general scientific, mathematical or engineering principles commonly taught in schools, colleges and universities, information in the public domain, or information generated in the course of performing fundamental research. Basic marketing information on function or purpose or general system descriptions of defense articles. Question 6: Are you shipping or transferring items on the Commerce Control List (CCL) of the Export Administration Regulations (EAR)? Yes No I am not sure Question 6 notes Note: If you prefer not to make the classification on your shipment, please select not sure and NU-RES Research Compliance will help you with the classification process. Definition of Commerce Control List (CCL) Commerce Control Lists are generally designated by categories represented by the letters “A”, “B”, and “C” following the initial digit in an Export Control Commodity Number (ECCN). Examples are ECCNs such as 4A994, 5B001, and 1C351. “A” category = Systems, Equipment and Components “B” category = Test, Inspection and Production Equipment “C” category = Materials Definition of Export Administration Regulations (EAR) The Commerce Control List (CCL) is maintained by the Bureau of Industry and Security (part of the US Department of Commerce) as part of the Export Administration Regulations (EAR). This list is sometimes called the “dual use” list, as the items on it may have either a military or commercial application. Question 7: Are you sharing, transmitting or transferring technology (information) or software code on the Commerce Control List (CCL)? Yes No I am not sure Question 7 notes Note: If you prefer not to make the classification on your shipment, please select not sure and NU-RES Research Compliance will help you with the classification process. Definition of “technology” per the EAR Specific information necessary for the “development”, “production” or “use” of equipment or software. Technology includes information subject to the EAR released in the form of technical assistance or technical data. Technical assistance includes instruction, skills training, working knowledge, consulting services. Technical assistance may involve transfer of export controlled information. Technical data includes blueprints, plans, diagrams, models, formulae, tables, engineering designs and specifications, manuals and instructions written or recorded on other media or devices such as disk, tape, read-only memories. Information that is, or will be, placed in the public domain, such as that generated by fundamental research, is not subject to the EAR and is exempt from export control regulations. Definition of software code per the EAR The EAR defines software code as a collection of one or more programs or micro-programs fixed in any tangible medium of expression. Software code is comprised of source code or object code: Source Code: A convenient expression of one or more processes that may be turned by a programming system into equipment executable form (“object code” or object language). Object Code: An equipment-executable form of a convenient expression of one or more processes (“source code” or source language) that has been converted by a programming system. Question 8: Is the disclosure, shipment, transmission, or transfer going to an embargoed or otherwise restricted location including State Sponsors of Terrorism or to an entity on any Debarred, Denied or Specially Designated lists? Yes No I am not sure Question 8 notes Note: College administrators have access to the University’s screening software, Visual Compliance, which will assist in screening across the lists referenced above. If you would like to know who in your college is a point of contact for screening, please email researchcompliance@northeastern.edu If you have not screened the individuals in your potential transaction, please select not sure and NU-RES Research Compliance will help you with the screening process. Email Comments, questions or notes (such as more information on what you are exporting, to whom and the location) A copy of this form is sent to exportcontrol@northeastern.edu. Our Export Control Office will follow up with you if you responded “yes” or “I am not sure” to any question to help you work through any concerns. You will also receive a copy of this form for your records. If you are human, leave this field blank. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Submit