Understanding export restrictions on cryptography

Applies to Windows and Windows Phone

Use this info to determine if your app uses cryptography in a way that might prevent it from being listed in the Windows Store.

The Bureau of Industry and Security in the United States Department of Commerce regulates the export of technology that uses certain types of encryption. All apps listed in the Windows Store must comply with these laws and regulations because the app files can be stored in the United States. Even apps that are uploaded by app developers from other countries for distribution outside of the United States must comply with these regulations. Consequently, when submitting an app to the Windows Store, all app developers must affirm that their apps don't contain any technology that is restricted by these regulations. The info provided in the Cryptography step of the app submission process can help you determine if your app uses a technology that these regulations control.

Note  The information provided here and in the Cryptography step provides some guidance, but it is your responsibility as the app developer who is publishing apps in the Windows Store to make sure that your app complies with all applicable laws and regulations.

For more info about the U.S. Department of Commerce and the Bureau of Industry and Security, see About the Bureau of Industry and Security.

For info about the Export Administration Regulations (EAR) that govern the export of technology that includes encryption, see EAR Controls for Items That Use Encryption.

Does your app call, support, contain, or use cryptography or encryption?

This question helps you determine if your app uses a type of cryptography that is governed by the Export Administration Regulations. The question includes the examples shown in the list here; but remember that this list doesn't include every possible application of cryptography.

Important  When you answer this question, consider not only the code you wrote for your app, but also all the software libraries, utilities and operating system components that your app includes or links to.

  • Any use of a digital signature, such as authentication or integrity checking
  • Encryption of any data or files that your app uses or accesses
  • Key management, certificate management, or anything that interacts with a public key infrastructure
  • Using a secure communication channel such as NTLM, Kerberos, Secure Sockets Layer (SSL), or Transport Layer Security (TLS)
  • Encrypting passwords or other forms of information security
  • Copy protection or digital rights management (DRM)
  • Antivirus protection

For the complete and current list of cryptographic applications, see EAR Controls for Items That Use Encryption.

Is the cryptography or encryption limited to one or more of the tasks listed here?

If you answered yes to the first question, then the second question lists some of the applications of cryptography that are not restricted. Here are the unrestricted tasks:

  • Password encryption
  • Copy protection
  • Authentication
  • Digital rights management
  • Using digital signatures

If your app calls, supports, contains, or uses cryptography or encryption for any task that is not in this list then your answer to this question is No.

For the complete and current list of cryptographic applications, see EAR Controls for Items That Use Encryption.

Your app needs an Export Commodity Classification Number (ECCN)

If your app calls, supports, contains, or uses cryptography or encryption for any task that is not in the list of unrestricted tasks, it needs an Export Commodity Classification Number (ECCN) to be sold in the store.

If you don't have an ECCN, see ECCN Questions and Answers.

Related topics

Cryptography
Submitting your app

 

 

Show:
© 2014 Microsoft