This page provides detailed information on the export control status of the Apache Software Foundation's products , as well as pointers to the open source code from which those products are built.
ASF projects and PMCs should consult our guide to handling cryptography in order to comply with our export policies.
Exporting ASF Products¶
The Apache Software Foundation (ASF) is a 501(c)3 nonprofit charity based in the United States of America. All of our products are developed via online collaboration in public forums and distributed from a central server within the U.S. Therefore, U.S. export laws and regulations apply to our distributions and remain in force as products and technology are re-exported to different parties and places around the world. Information on export control classifications and associated restrictions may be required for exporting, re-exporting, record keeping, bundling/embedding of ASF products, encryption reporting, and shipping documentation. More information on U.S. Export Regulations can be found at " http://www.bis.doc.gov/ ".
The Bureau of Industry and Security (BIS) , a branch of the U.S. Department of Commerce, regulates exports through the Export Administration Regulations (EAR). The regulations describe the export rules and restrictions on a wide range of commodities, technologies, and software. This document is no substitute for understanding those regulations; the ASF cannot anticipate how they might apply to third party distributions or for specific export decisions made by those parties. End-user, end-use and country of ultimate destination may affect export licensing requirements.
The ASF Product Classification Matrix is a general listing of ASF software products and their source links for which we have determined an export classification for that product as distributed by the Apache Software Foundation. The matrix is to be used in conjunction with the EAR to provide classification information in order to assist exporters in the export of ASF products and to provide guidance to BIS employees that seek the source code for ASF products. All export classification information contained in the matrix is subject to change without notice.
ASF software and/or technical data may NOT be exported/reexported, either directly or indirectly, to any destination subject to U.S. embargoes or trade sanctions unless formally authorized by the U.S. Government. Note that said embargoed destinations are subject to change and the scope of what technology is included in the embargo is specific to each embargoed country. For the most current information on U.S. embargoed and sanctioned countries, see the U.S. Export Administration Regulations and Treasury Department regulations.
Denied Parties List¶
U.S. export regulations require that all international and domestic transactions be screened against the U.S. Government listing of prohibited end users. Shipments to certain individuals, organizations, or institutions who have violated U.S. export laws are prohibited. The United States government maintains export prohibited lists , including but not limited to the Treasury Department's Specially Designated Nationals List and Commerce Department's Entity and Denied Persons Lists.
ASF Product Classification Matrix¶
The Apache Software Foundation (ASF) makes NO WARRANTY or representation that the information contained in the ASF Product Classification Matrix is accurate, current, or complete. It is your obligation as the exporter to comply with the current applicable requirements of United States export rules and regulations. Any use of such information by you is without recourse to the ASF and is at your own risk. The ASF is in no way responsible for any damages, whether direct, consequential, incidental, or otherwise, suffered by you as a result of using or relying upon such information for any purpose.
Each ASF product is classified with an Export Control Classification Number (ECCN) if it is believed to correspond to an entry in the Commerce Control List (CCL) and subject to the EAR. All ASF software is published in a publicly available source code form. Since publicly available software is only subject to the EAR when it is classified as ECCN 5D002 or 5D992 , all ASF software product versions that do not fit those two classifications are noted as ECCN "n/a" (not applicable) or not included in the matrix.
Products classified as ECCN 5D002 , are exported by the ASF under the TSU exception in EAR 740.13(e) , which applies to software containing or designed for use with encryption software that is publicly available as open source. Exception TSU further provides that " Posting encryption source code and corresponding object code on the Internet (e.g., FTP or World Wide Web site) where it may be downloaded by anyone neither establishes "knowledge" of a prohibited export or reexport for purposes of this paragraph, nor triggers any "red flags" necessitating the affirmative duty to inquire[...] " Note that exporters other than the ASF within the US may or may not be eligable for exception TSU, and it is each specific exporter's responsibility to understand and comply with all export regulations applicable within their jurisdiction.