Are you dealing with cyber-surveillance items or products that could be used for both civil and military purposes? Here are new regulatory requirements you need to know!

A new EU regulation on dual-use items has entered into force
In September 2021, the new EU Regulation (2021/821) on the control of exports, brokering, technical assistance, transit and transfer of dual-use items, entered into force (“Regulation”). Subject to the new Regulation, companies who export cyber-surveillance items and/or other “dual-use items” (i.e. items that could be used for both civil and military purposes), or otherwise provide technical assistance on the dual-use items listed in Annex I to the Regulation, may be required to obtain export authorisation prior to carrying out such business, as well as to take various measures in relation to such business.

New requirements
The new EU Regulation is in its essence a recast of the previous EU regulation on the same matter, however, now imposing several new requirements for companies exporting, providing and dealing with dual-use items within its business. The most important updates are the following:

1. Companies established in the EU may be required to obtain export authorisation in order to be able to provide technical assistance on dual-use items (listed in Annex I to the Regulation), if such technical assistance is provided in a country outside of the customs territory of the EU, or to a resident of a third country that is temporarily present within the customs territory of the EU. Anyone (i.e. not solely companies established in the EU) who provides technical assistance from the customs territory of the EU into the territory of a third country could also be required to obtain export authorisation. The term “technical assistance” means any technical support related to repairs, development, manufacture, testing, maintenance and other technical services. Technical assistance may take form as instructions, advice, training, consulting services and transmission of know-how.
2. Companies established in the EU must keep detailed registers and records, for five years, of any technical assistance provided on dual-use items to anyone according to 1) above (no matter whether authorisation is required or not).
3. Export authorisation may be required for the export of “cyber-surveillance items” not listed in Annex I to the EU Regulation.
4. Exporters using global export authorisations must implement and have an “internal compliance program” in place, meaning effective policies and procedures to facilitate compliance with the Regulation and the relevant authorisation(s), including, inter alia, due diligence measures to assess risks related to any export of dual-use items to end-users and any end uses of exported dual-use items.
5. Lastly, EU general export authorisations are now available in regards to intra-group export of software and technology to certain countries, and export of certain encryption items.

We can help you
Setterwalls’ team can help you to be and remain compliant with Swedish and EU export control legislation. We may assist you with carrying out comprehensive reviews of your obligations in connection with your export of controlled products or provision of technical assistance on the same, as well as drafting contracts and export policies. We also provide legal advice if your products are detained by the Swedish Customs, or if you are investigated by the Swedish Inspectorate of Strategic Products (the ISP).