EXPORT CONTROLS AND SANCTIONS
By Richard Tauwhare, Dechert LLP
Uploading software or technology to the “cloud” can risk breaching export controls or sanctions and potentially incurring heavy civil and criminal penalties. This article looks at the law, how it applies to cloud computing and how organisations can comply.
The legal framework
Restrictions may apply as part of the general controls on what may be exported or as part of a package of trade sanctions adopted in relation to a particular country.
General Export Controls
Export controls aim to prevent items which can have military or security applications from being acquired by those who might misuse them. The three main legal instruments applicable in the UK are:
- The Export Control Act 2002 empowers the Government to make “Orders” (a type of secondary legislation) to control the export of strategic goods, the transfer of technology, the provision of technical assistance overseas and trade in military-rated equipment between overseas countries;
- The Export Control Order 2008 provides for the control of exports from the UK of listed military, paramilitary and certain other goods, technology and software. Most require a licence for export outside the UK, including to other countries within the EU. The licensing process is administered by the Export Control Organisation, a unit within the Department for Business, Innovation and Skills;
- The EU Dual Use Regulation 2009 establishes similar controls on exports of listed goods, software and technology considered to be ‘dual-use’. Most require licences only if exported outside the EU but particularly sensitive items need a licence for transfers within the EU.
Taken together, these instruments impose licence requirements which are broader than is often appreciated.
To read the full article please click on the link below