Articles 13 and 14
Article 13(3) does not apply to “goods” or “software” which are for “use” by the exporter, or by any “subsidiary” or “parent undertaking” of the exporter, or by a “business or academic collaborator” of the exporter, in his or their own commercial cryptographic “goods”, “software” or “development” activities but only insofar as they are activities pursuant to the agreement establishing the collaboration, as follows:
1. Any cryptography “development” “software” in entry 5D002 of Annex I to “the Regulation”, other than “software” having the characteristics, or performing or simulating the functions, of equipment designed or modified to perform cryptanalytic functions; orU.K.
2. Any cryptography “development” “technology” in entry 5E002 of Annex I to “the Regulation”, other than “technology” for the “development”, “production” or “use” of:U.K.
(a.)Equipment designed or modified to perform cryptanalytic functions; or
(b.)“Software” having the characteristics, or performing or simulating the functions, of equipment designed or modified to perform cryptanalytic functions.
Note 1.: “Business or academic collaborator” means a person who is either working by way of business in research and “development” of cryptography or cryptographic “goods” or “software” or is teaching, or undertaking research as a member of or at a university or institution of higher education into, cryptography or cryptographic “goods” or “software” and with whom an exporter has previously entered into an agreement for the carrying out of work comprising or related to research into or “development” of cryptography or cryptographic “goods” or “software”.
Note 2.: “Parent undertaking” and “subsidiary undertaking” have the same meanings assigned by sections 258 and 259 of the Companies Act 1985 (as substituted by sections 21 and 22 of the Companies Act 1989).
The following information is required to be kept on record in relation to certain “goods” and “software” in Part 2 of Category 5 of Annex I to “the Regulation”:
1. A general description of the “goods” and “software”(as defined in “the Regulation”), such as might be contained in a product brochure;U.K.
2. Descriptions of all relevant encryption algorithms and key management schemes, and descriptions of how they are used by the “goods” and “software”(e.g., which algorithm is used for authentication, which for confidentiality and which for key exchange); and details (e.g., source code) of how they are implemented (e.g., how keys are generated and distributed, how key length is governed and how the algorithm and keys are called by the “software”);U.K.
3. Details of any measures taken to preclude user modification of the encryption algorithm, key management scheme or key length;U.K.
4. Details of pre- or post-processing of data, such as compression of plain text or packetisation of encrypted data;U.K.
5. Details of programming interfaces that can be used to gain access to the cryptographic functionality of the “goods” and “software”; andU.K.
6. A list of any standards or protocols to which the “goods” and “software” adhere.U.K.