Introduction
Once you’ve created your branded mobile app, before publishing it on the iOS App Store, you are required to answer the
Export Compliance question regarding the use of cryptography in your app and then submit the
Self-Classification Report for Encryption Items in order to be compliant with the U.S. Encryption and Export Administration Regulations (EAR).
If you publish your branded application on Android Google Play Store, this documentation is not required.
This article outlines how to answer the
Export Compliance question and how to produce and present the
Self-Classification Report. For further information about the U.S. Bureau of Industry and Security’s
Encryption and Export Administration Regulations (EAR) and
Self-Classification Report, refer to the linked articles. You can also find a detailed document about the
Export Compliance in the
App Store Connect Help.
Please note that Docebo is not responsible for the content of the external documents linked above. Remember that it is your responsibility to check if these documents are updated or changed in any way.
Export Compliance
The
Export Compliance asks you if your branded app uses cryptography. Simply choose the
Yes answer, because your app uses, contains or incorporates cryptography. In fact, your app uses the HTTPS protocol, which is considered a public domain cryptographic algorithm.
According to the geographical region, you’ll see one of the three following images (note that the question is the same in the three images below):
Self-Classification Report
Once you’ve answered the
Export Compliance, you’re required to produce and then submit an annual
Self-Classification Report for applicable encryption commodities, software and components exported or re-exported during a calendar year.
The self-classification is a report containing information about the application and its manufacturer. You can download a template of this report
here. The table in this file provides an example of the fields required in the report. Rename the .csv file that you have downloaded and substitute the fields within square brackets with your app’s information.
This table lists the fields you have to substitute:
When you have finished creating the report, send an email to the following three email addresses:
crypt@bis.doc.gov
crypt-supp8@bis.doc.gov
enc@nsa.gov
The email subject is
Self-Classification Report for Encryption Items and the email body must be left blank. Finally, you are required to attach your self-classification report in .csv file format.