Shiva Aminian Discusses Export Controls and Cloud Computing with MCC
Contact:
Akin Gump international trade partner Shiva Aminian spoke with Metropolitan Corporate Counsel for the article “Decoding the Export Controls of Cloud Computing: Identify “necessary” versus “required” data?”
Among the topics covered by Aminian:
- Challenges re: export controls in the cloud: “[One] challenge is the location of the users accessing the information on the cloud…Technology that is subject to U.S. export control regulations is uploaded in the cloud. In this example, the cloud provider has ensured that all servers are located in the U.S., and so on its face, an export is not occurring because the data is not leaving the U.S. If a user in China accesses the data on the cloud, however, an export has just occurred, even though the data and servers are all located in the U.S. Depending on the J/C [jurisdiction and classification] of the data and the location of the user (in this example, China), an export control license may be required.”
- Export Administration Regulations and the cloud: “The current definition of ‘export’ is the actual shipment or transmission of items out of the U.S. This means that the transmission of technology subject to EAR to a non-U.S. server is an export. The proposed rule includes an important carve-out from this definition. Specifically, it establishes a specific carve-out from the definition of ‘export’ for the transfer of technology and software that is encrypted in a specific manner. This means that cloud users may be able to upload encrypted technical data to the cloud and fall outside the scope of an export and the resulting licensing requirements for server locations, user locations and non-U.S. administrators.”
- Risk mitigation for companies: “Companies can mitigate risks by ensuring that they know the J/C of the data they are uploading to the cloud, and ensuring that they are only using the cloud for nontechnical information or ‘low-level’ technology. If low-level technology is involved, companies must take steps to ensure against unauthorized exports to the handful of prohibited countries. Companies can also safeguard against risks by requiring contract provisions that limit the authorized locations for servers and nationalities of IT administrators. Apart from that, companies should be active in the rulemaking process…Companies should carefully consider and weigh in on the proposed rules, and ensure that their concerns are addressed through the rulemaking process.”
To read the full interview, please click here.
© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.