On 22 February 2021, NASSCOM submitted a proposal to Ministry of Electronics and Information Technology (MEITY) for the review of the Wassenaar Arrangement (WA) Control List of Dual-Use Goods and Technologies. In the proposal, we highlighted the need for clarifying that only those items which use “cryptography for information security” as the primary function should be regulated according to the technical parameters in Category 5 Part 2. Items which use “cryptography for information security” functionality as the secondary criterion should be regulated according to the technical parameters in other categories of the WA List.
Moreover, we recommend that guidelines for determining as to what falls under ‘primary function’ and ‘secondary function’ should be provided in the WA list. This can be done by notifying the functions which would be primary functions, for example, communication (sending/storing/receiving information), computing, information security are primary functions. However, if an item is using encryption technology but these functions are not the primary function that this item performs, then it would not be covered under Category 5 Part 2.
For example, an IoT device that automates house lighting and can be operated by a phone application, uses encryption for information security, however, it is not the primary function being performed by the IoT device or the phone application that controls it. Instead, the primary function being performed is to automate the house lighting. Data sending and storage is just a secondary or in-support function. Therefore, this would not be covered under Category 5 Part 2. However, the phone itself is performing the primary function of networking and communication. Therefore, it would be covered under Category 5 Part 2.
Background on WA and the control list of dual-use goods and technologies
India is a member of the WA, an international treaty which regulates the export of dual-use items (items which can be used for both military and civilian purposes) in member countries. As a member of the WA, India is required to align its national export control laws with India’s obligations under the WA. The WA contains a list of dual-use goods and technologies, with several categories, for instance, ‘Information Security’ (Category 5 Part 2) etc. Among others, certain items with “cryptographic functionality” are controlled under the WA list. India has adopted the WA list in its foreign trade policy; India’s national export control list of dual-use items is called SCOMET. An item which is covered under SCOMET requires an export licence from DGFT before it may be exported from India.
The WA members meet annually to discuss the issues related to the controlled items and formulation of international regulations and guidelines on dual use items. The next meeting of the Experts Group (EG) is scheduled to be held on 21 April 2021.
NASSCOM continues to engage with MEITY and DGFT on export control issues. For any information, please write to firstname.lastname@example.org.