US Government Throws “Kitchen Sink” Export Controls at Russia, Plus Sweeping EAR99 Software Controls, and IT and Software Services Sanctions

Three US agencies – the US Department of Commerce, Bureau of Industry and Security (BIS), the US Department of the Treasury, Office of Foreign Assets Control (OFAC), and the US Department of State – took new actions on June 11, significantly stepping up US efforts to weaken Russia’s war economy through export controls and sanctions.

The US government imposed sweeping export controls and economic sanctions on Russia’s “full war economy” this past Tuesday. There is now a license requirement on kitchen sinks to Russia and Belarus, making us almost long for the days of good old-fashioned country-wide embargoes to put us out of our misery.

BIS’s new export controls (set to publish on June 18) can be found here. OFAC and State’s announcements of new sanctions can be found here and here. For a more complete overview of actions taken by the United States against Russia over the last two years, visit our Russia Task Force page.

Even More Export Controls

Kitchen Sink and 521 other EAR99 HTS items:

Yes, the BIS one-upped the current export controls on items classified as EAR99 to Russia and Belarus, adding 522 additional Harmonized Tariff Schedule (HTS)-6 Code entries, including not only the kitchen sink, but also the bathtub:


We are not sure that anyone is exporting sinks or bathtubs to Russia or Belarus, but they had better stop now.  Seriously, the complete list can be found here (see changes to Supplement No. 4 to EAR Part 746). If anyone is still exporting, reexporting or transferring (in-country) any EAR99 items subject to the Export Administration Regulations (EAR) to or within Russia or Belarus, this is required reading.

Virtually all EAR99 Business Software:

More significant as a practical matter are new export control licensing requirements on a wide range of EAR99 software to Russia and Belarus. Until this change, EAR99 software subject to the EAR did not require a license for export, reexport or transfer to or within Russia or Belarus, except for a very limited set of software included in paragraph (g)(9) to Supplement 6 to part 746 of the EAR. The new export controls go into effect 90 days after the publication of BIS’s new rule in the Federal Register (currently scheduled for June 18), so expect the license requirements to kick in on September 16. The following types of EAR99 software will require a license:

  • Enterprise resource planning (ERP).
  • Customer relationship management (CRM).
  • Business intelligence (BI).
  • Supply chain management (SCM).
  • Enterprise data warehouse (EDW).
  • Computerized maintenance management system (CMMS).
  • Project management software.
  • Product lifecycle management (PLM).
  • Building information modelling (BIM).
  • Computer aided design (CAD).
  • Computer-aided manufacturing (CAM).
  • Engineering to order (ETO).

To make sure there is no misunderstanding, the regulation states that these controls include software updates of the software types identified above. BIS has provided an exclusion aimed at the medical and agricultural industries; EAR99 software falling into these categories are excluded from the new license requirements “when destined to entities engaged exclusively in the agriculture or medical industries.” In addition, BIS has excluded from the license requirement exports, reexports and transfers of software and updates to civil end users in Russia and Belarus that are subsidiaries of US companies and companies headquartered in A:5 and A:6 countries.[1]

The upshot of this will be to make it very difficult for Russian and Belarusian businesses to operate if they rely on business software made by US-based or headquartered software companies.

Consolidation of All the Russian and Belarusian Export Controls in One Section 746.8 (But We Still Have Those Pesky Appendices)

Just when we got used to peering in Sections 746.5, 746.8, and 746.10 for the Russia and Belarus export controls, BIS streamlined them and put them all in Section 746.8. The proof of this pudding will be in the eating, but the combined section, while still large and clunky, is streamlined and much easier to digest than popping from section to section. Thank you, BIS Regulatory Policy division; that cannot have been an easy lift.  

The various appendices containing the actual lists of prohibited items are still separate, which will still keep the top of our web browsers happily populated with plenty of ECFR tabs, however.

License Exception Consumer Communications Devices (CCD) Narrowed for Russia and Belarus

BIS has limited the eligible commodities and software that can go under license exception CCD to Russia and Belarus, meaning that Cuba (and Iran, but we won’t go there) gets more consumer communications devices than Russia and Belarus do. Not surprisingly, things like consumer disk drives and solid-state storage equipment, graphic accelerators, and network access controllers and communications channel controllers (see below items 9-18) can no longer be exported under CCD to Russia or Belarus.

License exception CCD is still available to Cuba, Russia, and Belarus for 1-8:

  1. Consumer computers, tablets, and peripherals including microphones, speakers, and headphones designated EAR99 or classified under Export Control Classification Numbers (ECCN) 5A992.c or 4A994.b.
  2. Mobile phones, including cellular and satellite telephones, personal digital assistants, and subscriber information module (SIM) cards, accessories for such devices and similar devices classified under ECCNs 5A992.c or 5A991 or designated EAR99; drivers and connectivity software for such hardware designated EAR99 or classified under ECCN 5D992.c.
  3. Monitors classified under ECCN 5A992.c or designated EAR99.
  4. Printers, including multifunctional printers, classified under ECCN 5A992.c or designated EAR99.
  5. Keyboards, mice, and similar devices designated EAR99.
  6. Batteries, chargers, carrying cases, and accessories for the equipment described in paragraphs (b)(1) through (5) of this section that are designated EAR99.
  7. Consumer “information security” equipment, “software” (except “encryption source code”), such as firewalls, virtual private network clients, antivirus, user authentication, password managers, identification verification, and peripherals classified under ECCNs 5A992.c or 5D992.c or designated EAR99.
  8. Consumer “software” (except “encryption source code”) classified under ECCNs 4D994, 5D991, or 5D992.c or designated EAR99 to be used for equipment described in paragraphs (b)(1) through (16) of this section.

License exception CCD is available ONLY to Cuba, and no longer to Russia and Belarus for 9-18:

  1. Consumer disk drives and solid-state storage equipment classified under ECCN 5A992 or designated EAR99.
  2. Graphics accelerators and graphics coprocessors designated EAR99.
  3. Modems, network interface cards, routers, switches, and WiFi access points, designated EAR99 or classified under ECCNs 5A992.c or 5A991; drivers, communications, and connectivity software for such hardware designated EAR99 or classified under ECCN 5D992.c.
  4. Network access controllers and communications channel controllers classified under ECCN 5A991.b.4, 5A992.c, or designated EAR99.
  5. Memory devices classified under ECCN 5A992.c or designated EAR99.
  6. Digital cameras (including webcams) and memory cards classified under ECCN 5A992 or designated EAR99.
  7. Television and radio receivers, set top boxes, video decoders, and antennas, classified under ECCNs 5A991, 5A992, or designated EAR99.
  8. Recording devices classified under ECCN 5A992 or designated EAR99.
  9. Commodities described under 3A991.p or 4A994.l.
  10. Batteries, chargers, carrying cases, and accessories for the equipment described in paragraphs (b)(8) through (17) of this section that are designated EAR99.

This list can be found in the rule linked above (see changes to EAR Section 740.19).

Addresses on the Entity List

Finally, the rule adds the five entities and eight addresses under 13 entries to the Entity List. The eight addresses – currently listed as simply “Address 01,” “Address 02,” and so on – are associated with multiple entities and were reportedly involved with transshipment of controlled items to Russia. We expect this list of addresses to grow (and eventually be published as actual addresses on the Entity List). See Section II.C.2 of the rule (linked above) for a full list of what was added. The online version Entity List will also be updated come June 18.

BIS explains that it is including addresses on the Entity List to combat shell companies, which are often established to facilitate international transshipment, and can just as easily be dissolved or reformed to evade US law. The listed addresses have been identified as “high risk diversion addresses” that were repeatedly used by parties seeking to transship controlled items to prohibited destinations. 

Savings Clause

For shipments of items that have been removed from eligibility for a License Exception or export, reexport, or transfer without a license (NLR) due to the new regulatory action, if these shipments were already en route to a port of export, reexport, or transfer on June 12, they can proceed to their destination under the previous regulations. This is allowed as long as the export, reexport, or transfer is completed by July 12.

OFAC/State Designations and Prohibition on Certain Information Technology and Software Services

Not to be outdone, OFAC and the Department of State have designated over 300 new Russia-related individuals, entities, and vessels subject to blocking sanctions. The new designations involve significant aspects of Russia’s financial infrastructure, including the Moscow Exchange, the National Clearing Center, and the Russian National Reinsurance Company. Although a number of general licenses and FAQs were concurrently issued, the shock was enough to result in Russia’s suspension on Thursday of all dollar and euro trading on Russian’s main exchange. OFAC also expanded its definition of the Russian “military industrial base” such that foreign financial institutions now face an additional risk of secondary sanctions if they engage in transactions with any blocked Russian individual or entity or person.

In a further and significant sanctions action, OFAC also issued a new determination under Executive Order (EO) 14071 that, starting September 12, will prohibit the direct or indirect export, reexport, sale, or supply by a US person or from the United States of certain information technology (IT) and cloud-based services to any person located in the Russian Federation. Specifically, and with certain exceptions noted below, the services prohibited starting September 12 will include:

  • IT consultancy and design services.
  • IT support services and cloud-based services for:
    • Enterprise management software.
    • Design and manufacturing software.

Significant exceptions are provided for the provision of these IT or cloud-based services:

  • Directly or indirectly to US-owned or controlled entities in Russia.
  • In connection with the wind-down of, or divestiture from an entity that is not Russian-owned or controlled (directly or indirectly).
  • For software that is licensed or otherwise authorized by the Department of Commerce for export, reexport, or transfer (in-country) to Russia or, if not subject to the EAR, that would qualify for a license exception or otherwise be authorized by Commerce if it were subject to the EAR.

OFAC concurrently issued FAQs 1186 and 1187, which define in detail the meaning of the terms IT consultancy services, IT design services, IT support services, cloud-based services, enterprise management software, and design and manufacturing software. These FAQs also provided a number of illustrative examples. OFAC specifically notes that retail sale of off-the-shelf software falling under United Nations’ Central Product Classification (UNCPC) Code 63252 is not included in the scope of IT consultancy and design services or IT support services, although it may be regulated by other Federal laws (such as the new US export controls described above).

OFAC makes clear in new FAQ 1184 that existing authorizations continue to apply related to certain transactions ordinarily incident to the receipt or transmission of telecommunications and the provision of certain services incident to the exchange of communications over the internet. Those authorization are contained in General License 25D, which is newly amended to both expand and restrict some of its prior authorizations. OFAC also clarifies that the general license for transactions otherwise prohibited related to the production, manufacturing, sale, transport, or provision of agricultural or medical items remains in place, and will not be affected by these new prohibitions, and the relevant General License 6D is amended accordingly.

Finally, OFAC also issued FAQ 1188 explaining that the new prohibition on certain IT and cloud-based services will not restrict the provision of these services to Russian-owned entities outside of Russia (provided the services are not used in a way that their benefit is received by a person in Russia).

[1] This exclusion for the EAR99 business software will be added onto to the current mass market encryption commodities and software exclusion in Section 746.8(a)(12) and will apply to civil end-users that are:

(A) Wholly owned US subsidiaries, branches, or sales offices; (B) Joint ventures between two or more US companies, including the wholly owned subsidiaries, branches, or sales offices of such joint ventures; (C) Joint ventures between US companies and companies headquartered in countries from Country Group A:5 and A:6 in supplement no. 1 to part 740 of the EAR, including the wholly owned subsidiaries, branches, or sales offices of such joint ventures; (D) Wholly owned subsidiaries, branches, or sales offices of companies headquartered in countries from Country Group A:5 and A:6 in supplement no. 1 to part 740; (E) Joint ventures between two or more companies headquartered in Country Group A:5 and A:6 in supplement no. 1 to part 740, including the wholly owned subsidiaries, branches, or sales offices of such joint ventures.


Continue Reading