Home   About Us   News   Contact Us
IP Cores, Inc. is an American company. As such, we are subject to the US export regulations - and the US government does regulate the export of encryption products. This page contains a brief explanation of our export licensing situation. It is intended to be used as an introductory material for engineers planning to use our encryption cores. It cannot and should not be used as a substitute for a thorough review of applicable US export laws - check with your company legal department for such a review. If you have no time to read this text, just browse through the first section below.
The export licensing process is well-described on the official US government site http://www.bis.doc.gov/licensing/exportingbasics.htm. Note that not just an American-made IP core, but the foreign-made products based on the core might be subject to the US export licensing.
In a nutshell
  This section contains a brief summary of a longer discussion below. For our encryption cores, unless your circumstances are special (say, you work for a government - other than the US government, naturally - not industry):
  • A subsidiary of a US company in most countries does not need an export license
  • A Canadian company does not need an export license
  • A company from the European Union does not need an export license
  • A company based in Australia, Hong Kong, India, Indonesia, Israel, Japan, Malaysia, Mexico, New Zealand, Norway, Philippines, Singapore, South Africa, South Korea, Switzerland, Taiwan, Thailand, or Turkey does not need a license
  • Companies from other countries do need the export license, so a 30-day review by the US government is inevitable. Since there are no fees associated with the license, we can easily apply for an export license early in the process of engagement. There is a good chance that the legal department at your company works slower than the US government, thus the license is typically issued by the time the contract is ready for signatures.
  • It is most likely that your product, manufactured with the use of our core, will not require a US license due of the use of our core.
Information about us and our cores
The information in this section (coupled with the pricing information) is sufficient for an export licensing professional to determine if an export or re-export license is required for the core.
  • Our AES-based cores are classified as 5E002
  • Country restrictions are NS1 and AT1
  • We have been granted license exemption ENC sections 740.17(a) and 740.17(b)(1), which permit export to the "EU+" countries (EU and Australia, Japan, New Zealand, Norway, and Switzerland)
  • We have been allowed to export our encryption cores to the following additional countries: Hong Kong, India, Indonesia, Israel, Malaysia, Mexico, Philippines, Singapore, South Africa, Taiwan, Thailand, and Turkey.
Additional information for some of our US customers: We are a California corporation and are wholly US-owned. All our employees are US citizens.
Checking the countries
  Look at your country row and columns NS1 and AT1 in the Country Chart http://www.access.gpo.gov/bis/ear/pdf/738spir.pdf; see if the country is subject to one of these restrictions. If both columns are clear, license is generally not required. Unless you are located in Canada, don't actually bother to look into this file - only Canada currently has both NS1 and AT1 columns clear.
Checking the exemptions
  Exemptions relax the restrictions from the Country Chart. Brief description of available exemptions can be found in http://www.bis.doc.gov/Encryption/lechart1.htm - the particular ones granted to us are listed below. If one of these applies, you do not need a license (see the "bad guys" lists below, though).

740.17(a) permits export to non-government users in "EU+" countries (EU and Australia, Japan, New Zealand, Norway, and Switzerland, current list can be found in Supplement 3 to Part 740);

740.17(b)(1) permits export to subsidiaries of American companies in practically any country of the world (exceptions - "T" countries - currently are Cuba, Iran, Libya, North Korea, Syria, and Sudan). In order to immediately use the 740.17(a) exemption, the exporter (IP Cores) should have previously filed an exemption review for particular core with BIS per http://www.bis.doc.gov/Encryption/enc.htm (please check with us); all export using 740.17(a) is subject to semi-annual reporting (also by IP Cores).

Checking the additional countries
  We have been granted a permission to export our encryption cores to the end-users in the following additional countries: Hong Kong, India, Indonesia, Israel, Malaysia, Mexico, Philippines,  Singapore, South Africa, Taiwan, Thailand, and Turkey.
Checking against bad guy lists
  To use an exemption, the company should not be in one of the four lists of bad guys maintained by the US government agencies; the list of lists is in the section "Who will receive your item?" of http://www.bis.doc.gov/licensing/exportingbasics.htm. Getting onto these lists requires a solid determination to upset the US government, so there is a 99.999% probability that your company is not there  (we know of no major companies on the lists that are based in the countries we can export to without obtaining a license). 

If you need a license
  Don't be discouraged - in most cases, getting a license is neither a long nor a hard process - and it is completely free of charges! We can file the "Multipurpose Application" for export online with SNAP-R, if you provide us with sufficient data, and the relevant US agencies are required to produce a response within 30 days. See these instructions for the actual details; note that most of the information comes from us, look for words "end-user", "purchaser" and "consignee". In particular, we will need:
  • Your Name, Address, City, Country, Postal Code, Telephone or FAX
  • End User's Name, Address, City, Country, Postal Code, Telephone or FAX (if you are not the end-user)
  • Specific End-Use (complete and detailed description of the use intended). A good example of a description for an ASIC core: "The (insert our core name here) core will be embedded in an (insert your product name here) chip compliant with the (insert the standard you are following here) specifications. The users of the (insert your product name here) chip will not have direct access to the cryptographic algorithms, except as defined by the( insert the standard you are following here) specifications."
We are sometimes required by the US Department of Commerce as a condition for the license to obtain from you a so called "letter of assurance" that simply states that your company is aware of the US export regulations affecting our cores and will comply with these regulations. Alternatively (very rare event, never happened to us so far), we may be required to ask the "ultimate consignee" (your company) to sign the form BIS-711, which pretty much states that you are going to do with the product precisely what you told us you will do, or (if you are really unlucky) to provide the "End-User Certificate", which is essentially a promise from you / your government to the US government not to re-export the items.

Does your product need a license?
  Your product incorporating our core might be subject to US export licensing as well. This is called "re-export" and is covered by a complex set of rules summarized in http://www.bis.doc.gov/Licensing/ReExportGuidance.htm.

Note that the terms of our licenses typically permit the application of the "de minimis" rule to your product. De minimis rule is defined in EAR 734.4 and 736.2(b)(2) and essentially states that as long as the "controlled" items percentage (by price) is below a certain threshold in your product (typically 25%), the item you make is not subject to the US export regulations. Some EAR details translated into plain English can be found in

If your final product is a chip, you might also qualify for the 740.17(b)(2) or, for consumer ("mass market") applications, 740.17(b)(3) exemptions. Note that in order to qualify for these exemptions, you will need to submit your product for "review", as described in http://www.bis.doc.gov/Encryption/ MassMarket_Keys64bitsNUp.html. You can start exporting products to non-government users 30 days after the review request is "registered" with BIS, unless notified otherwise. For mass market products, you can start exporting in 30 days as well.

It is therefore very likely that you will not need a US export license for your product. Your mileage might vary, of course.