More Due Diligence

My January post about due diligence in compliance included reviewing updated HTS and Schedule B codes. Another best practice is to check your ECCN codes and License Exceptions. Chances are you have been using the same ECCN and License Exceptions or EAR99 and NLR as default entries.

Here is some recent info from BIS (Bureau of Industry and Security) about changes to ECCN and License Exceptions. While this notice may not apply to you, the point is that ECCNs and License Exceptions can change. For help contact mitch@

87 FR 1670

Information Security Controls: Cybersecurity Items; Delay of Effective Date

On October 21, 2021, the Bureau of Industry and Security (BIS) published an interim final rule that establishes new controls on certain cybersecurity items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception, Authorized Cybersecurity Exports (ACE), that authorizes exports of these items to most destinations except in the circumstances described in that rule.  That rule was published with a 45-day comment period, which ended on December 12, 2021, and a 90-day delayed effective date (January 19, 2022). This rule delays the effective date of the interim final rule by 45 days (March 7, 2022).  This action does not extend or reopen the comment period for BIS’s previous request for comments on the interim final rule.