Export Information on Sophos Products

General rules governing, and information relating to, the export of Sophos products.

Sophos is committed to complying with the laws and regulations relating to export controls. As part of this compliance effort, Sophos agreements contain provisions requiring Sophos customers and partners to ensure compliance with these laws and regulations. In order to assist our customers and partners, Sophos uses this portion of its web site to communicate export control information specific to its products to our customers and partners. This information may be required for shipping documentation, record keeping, or post-shipment reporting.

Customers and partners are encouraged to familiarize themselves with the import regulations of their country to ensure compliance with their specific regulations and to ensure timely delivery of Sophos products they may purchase.

NOTE: The contents on this website are not tailored to the needs of a specific entity or a particular export scenario. The information provided below is for general information purposes only. Exportation of restricted goods is a complex area and while Sophos will make reasonable efforts to maintain the information on this website, you are responsible for seeking your own legal advice and ensuring your compliance in relation to such matters.

Global Export Controls

Sophos is required to adhere to the laws and regulations of the United States, European Union, and every country in which it conducts business. Non-compliance with Global Trade regulations can subject Sophos, and its Business Partners to criminal and civil penalties, the seizure of assets, and the denial of import or export privileges.

As a Business Partner, customers and partners are also expected to abide by relevant laws and regulations, inclusive of all business transactions with Sophos. As such, Sophos requires that any party we conduct business with becomes familiar with, and ensure compliance with U.S. and EU export regulations, and applicable export/import regulations in the countries which it operates.

On occasion, Sophos will send communications to highlight important regulatory information to reinforce any related parties education on certain topics.

Crimea
In response to the annexation of the Crimea region of the Ukraine, please be aware that the recent restrictions on transactions with the Crimea region imposed by the United States and European Union require Sophos and any related parties to cease transactions and communications with business partners and/or customers in the Crimea region.

The following activities are expressly prohibited under the U.S. sanctions:

  1. New investment in the Crimea region of Ukraine;
  2. The importation, directly or indirectly, of any goods, services, or technology from the Crimea region of Ukraine;
  3. The exportation, re-exportation, sale, or supply, directly or indirectly, of any goods, services, or technology to the Crimea region of Ukraine; and
  4. Any approval, financing, facilitation, or guarantee of a transaction.

The scope of the restrictions includes the prohibition of any service or support for existing equipment in the Crimean region. Additionally, certain parties in Crimea have been added to the U.S. list of Specially Designated Nationals.
U.S. license applications for exports, re-exports or transfers of U.S. EAR-regulated items will be subject to a presumption of denial, unless the item is included in the Office of Foreign Asset Control’s (OFAC) General License No. 4, which covers medical supplies and related replacement parts.

The U.S. Department of Commerce known as the Bureau of Industry and Security (BIS) also amended the U.S. EAR to restrict the availability of License Exceptions for exports and re-exports to the Crimea region. U.S. license exception “ENC”, which is used for many Sophos products, may no longer be used for exports to Crimea.

Although the E.U. has not imposed a comprehensive embargo on Crimea and Sevastopol, trade and investment is severely curtailed, details on regulatory compliance are found here:

U.S. http://www.treasury.gov/resource-center/sanctions/Programs/Pages/ukraine.aspx 
E.U. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:JOL_2015_040_R_0003

United States Export Controls

Sophos products are subject to US export regulations. In the United States, a branch of the U.S. Department of Commerce known as the Bureau of Industry and Security regulates exports through the Export Administration Regulations (EAR). These regulations spell out the export restrictions on a wide variety of goods, software, and technologies. Sophos products may not be exported to Cuba, Iran, North Korea, Syria, or Sudan, but most products may be exported to other countries subject to the applicable import regulations of such country.

The US export classification control numbers for Sophos products are set out inTable 1 below.

Some Sophos products are subject to export restrictions because they include encryption technology. In the case of Sophos products containing encryption, a one-time government technical review is usually required prior to export. Once a review has been completed, products may become eligible for a particular license exception, such as ENC. This exception may then be used by other exporters, as provided by the U.S. EAR. 

Government End-Users: Restricted Encryption Products (UTM, Red, Access Points)

Certain government entities not located in the member countries of the EU, Australia, Canada, Japan, New Zealand, or the United States require a U.S. export license in order to obtain the noted Sophos restricted encryption products. 

It must be noted that due to the current situation within Ukraine, the USA require additional validation on any transactions with Ukrainian or Russian businesses.  As part of this process is the screening of not only the company itself, but all its Directors & Shareholders. 

If any individual or company owning 51% or above of this company is highlighted on the Sectorial Sanctions list then the transaction isn’t permitted to proceed.

For any further information in regard to the Sectorial Sanctions in place by the U.S. Department of Commerce known as the Bureau of Industry and Security (BIS) please see the following link:

http://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/ssi_list.aspx

All government end users in the Russia and Ukraine require a U.S. export license in order to obtain the noted Sophos restricted encryption products. 

With the exception of Russia and Ukraine, Sophos’s encryption licensing arrangement (ELA), Export License No. D1009384, permits Local, State and Provincial government end users, as well as to National, Federal and Royal government end users that provide the civil government services listed below, to obtain the noted restricted encryption products:

  1. Census and Statistics Services;
  2. Civil Public Works Infrastructure Services (Construction, Maintenance, Repair, Regulation and Administration) as follows: Buildings, Public Transportation, Roads and Highways, Trucking;
  3. Civil Service Administration and Regulation, including Human Resources and Personnel/Labor Management;
  4. Clean Water Infrastructure Services (Treatment, Supply and Testing);
  5. Economic (Trade/Commerce/Investment), Business and Industrial Development, Promotion, Regulation and Administration; excluding the following end-users/end-uses:
    1. Agencies, Departments, Boards and Councils for Science and Technology,
    2. Research, Development and National Laboratories (other than as authorized in paragraphs (K) (Measurements and Standards) and (L) (Meteorology / Weather / Atmospheric Services) below)
    3. National Telecommunications and Information Technology Agencies, Boards, Councils and Development Authorities (including National Information Center, and Information Communications Technology (ICT) / Telecommunications Infrastructure / Spectrum Planning, Policy, Regulations and Testing);
  6. Elections, Balloting and Polling Services;
  7. Energy Regulation and Administration, including Oil, Gas and Mining Sectors;
  8. Environmental/ Natural Resources Regulation, Administration and Protection, including Wildlife, Fisheries and National Parks;
  9. Food/ Agriculture Regulation and Administration;
  10. Labor/Community/Social Services Planning, Regulation and Administration, including: Housing and Urban Development, Municipality And Rural Affairs;
  11. Measurements and Standards Services;
  12. Meteorology (Weather, Atmospheric) Services;
  13. National Archives/Museums;
  14. Patents;
  15. Pilgrimage and Religious Affairs;
  16. Postal Services;
  17. Public and Higher Education (Excluding Government Research Institutions and any agency, institution or affiliate engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List);
  18. Public Health and Medicine/Pharmaceutical Regulation and Administration;
  19. Public Libraries;
  20. Sports/Culture (Includes Film, Commercial Broadcasting and the Arts) Promotion, Regulation and Administration;
  21. Travel/Tourism Promotion, Regulation and Administration.

Note that the applicable definition of “government partner or end user” covers certain government organizations at the central, regional, and local levels, which are departments, agencies, or entities performing government functions, including governmental corporations that manufacture or distribute items or services controlled on the Wassenaar Munitions List, governmental research institutions and international governmental organizations. However, the definition of government end-users for US export purposes does not include:

  • Utility providers (such as providers of gas, electricity, telecommunications and internet service);
  • Transport agencies and entities (such as bus, train, and airport authorities);
  • Entertainment or broadcast entities (such as radio or television organizations);
  • Education organizations (such as schools, colleges and universities or other organizations that have direct contact with students);
  • Health and medical organizations (such as hospitals and clinics);
  • Retail & Manufacturing entities (such as retail or wholesale firms; and manufacturers or industrial entities that do not manufacture or distribute Wassenaar Munitions List items or services).

* The above restrictions do not apply to the following Sophos specific product versions: UTM 100, Red 10, Access Point (AP) 10, 30 & 50.

See the following URLs for more information on US export regulations:

http://www.bis.doc.gov; http://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear

EU Export Controls

Sophos products are subject the EU Dual Use export control regime is governed by Regulation (EC) No 428/2009 (hereunder "the Regulation"), which provides for common EU control rules, a common EU control list and harmonized policies that as a business Sophos must adhere to.

Under the EU regime, the export of dual-use items is subject to control and dual-use items may not leave the EU customs territory without an export authorization. The requirement for an export authorization applies to: - dual-use items listed in the EU Control List, in Annex I to the Regulation.

The EU Control List is based on decisions adopted by the following international export control regimes:

  • Australia Group (AG),
  • Nuclear Suppliers Group (NSG)
  • Wassenaar Arrangement and the Missile Technology Control Regime (MTCR).

Non-listed items may also be controlled under the so-called catch-all clause, under certain conditions, when there is reason to believe such items are intended for use in connection with a biological, chemical, nuclear weapons or ballistic missile weapons programme, or for use in violation of an arms embargo

EU Member States may exceptionally impose additional controls on non-listed dual-use items for reasons of public security or human rights consideration.

In specific cases, the export of dual-use items may be subject to additional EU restrictive measures (sanctions). Such restrictive measures currently apply with respect to trade of dual-use items with DPRK, Iran, and Syria.

The EU Regulation is binding and directly applicable throughout the EU.

Dual-Use products within the EU may be traded freely within the EU.

There are four types of export authorizations in place in the EU export control regime:

EU General Export Authorizations (EU GEAs) allow for the export of dual-use items to certain destinations under certain conditions. There are currently 6 EU GEAs in place:

  1. Exports to Australia, Canada, Japan, New Zealand, Norway, Switzerland (including Liechtenstein) and United States of America
  2. Export of certain dual-use items to certain destinations
  3. Export after repair/replacement
  4. Temporary export for exhibition or fair
  5. Telecommunications
  6. Chemicals

Global export control licenses are granted by national authorities to one exporter and may cover multiple items to multiple countries of destination or end users. Individual licenses are granted by national authorities to one exporter and cover exports of one or more dual-use items to one end-user or consignee in a third country.

Please note that the products stated in Table 2 & Table 3 may not be exported to the following countries unless export licensing is acquired by Sophos:

Afghanistan, Angola, Armenia, Azerbaijan, Belarus, Burma (Myanmar), Burundi, Cote d'Ivoire, Cuba, Democratic Republic of Congo, Eritrea, Ethiopia, Guinea, Iraq, Iran, Lebanon, Liberia, Libya, Mozambique, Nigeria, North Korea, Pakistan, Somalia, Sudan, South Sudan, Syria, Tanzania, Uganda, Uzbekistan, Yemen & Zimbabwe.

In addition to the above, sales to Government end users and any Military, Para Military, Police, Secret Service (and related organizations) end users are only permitted if the relevant export licenses are held by Sophos.

UK Export Controls

Certain products have also been classified in accordance with UK export controls, as noted in Table 2 below, and may be exported in accordance with the Community General Export Authorization (CGEA) and Open Individual Export Licences (OIEL). Such restrictions apply when Sophos products are exported from the UK or by the Sophos UK entity. 

In regard to the above mentioned Open Individual Export Licenses, the UK Government requires completion of a Consignee Undertaking from parties-to these transactions as a condition of Sophos’s country license agreement (OIEL). This should be prepared by the ship-to partner, as defined in UK government guidance note which can be viewed on the below link:-

https://www.gov.uk/open-individual-export-licences

Any orders for Sophos Hardware as defined in the list below are controlled products, and the below mentioned Sophos products are controlled as per the UK strategic export control lists and in accordance with EU Council Regulation 428/2009. 

Sophos controlled hardware 5A002 that can include loaded controlled software 5D002 are included on this strategic export control list, and when shipping from the EU will be export held until this form is completed to ensure Sophos corporate compliance policy is adhered to.

  1. Sophos Unified Threat Management Systems
  2. Sophos Remote Ethernet Devices
  3. Sophos Access Point Appliances

Without preparation and submission of these forms, Sophos Ltd could lose its bulk or by country export license privileges, resulting in all future orders of encryption products requiring individual export licenses.

German Export Controls

The Sophos products listed in Table 3 below have also been classified in accordance with German export controls and may only be exported in accordance with the AGG16 and EU001 general licenses.

See the following URL for more information on German export controls: http://www.bafa.de/bafa/en/export_control/index.html

Military End-Users

Military and military-related organizations not located in the member countries of the EU, Australia, Canada, Japan, New Zealand, or the United States may require an export license in order to obtain Sophos products.

Sophos products may not be exported, in their entirety or in part, for (i) military purposes, or (ii) use in connection with the development, production, handling, operation, maintenance, storage, detection, identification or dissemination of chemical, biological or nuclear weapons, or other nuclear explosive devices, or the development, production, maintenance or storage of missiles capable of delivering such weapons.

Products Appearing in More Than One Table

If a product appears in multiple tables below, the applicable export controls of all such countries must be complied with in regards to the exportation of such product.

As noted above, exportation of restricted goods is a complex area and you are responsible for seeking your own legal advice and ensuring your compliance in relation to such matters in the context of your specific export scenario.

Bundled Products

From time-to-time, Sophos may rename or rebundle various products. If you are unsure which of the product names below reflect your purchase, please contact your Sophos Account Manager and they will review your purchase and, upon consultation with the Sophos Legal Department, provide you with the relevant information.


Table 1

Sophos Product ECCN1 License Exception2 CCATS3 HTS Code (Tariff) Country of Origin
Suites
Complete Security Suite 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
End-user Data Suite 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
End-user Web Suite 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Gateway Protection Suite 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
End-user Protection 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Endpoint Protection - Business 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Cloud Endpoint 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Sophos Anti-Virus – Business 5D992 N/A (mass market per 742.15(b)(1)) N/A N/A USA
Sophos Anti-Virus for vShield 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Sophos Anti-Virus for vShield - Server 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Email Protection - Advanced 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Web Protection - Advanced 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Email & Web Protection Appliances See hardware and virtual appliance classifications below
PureMessage for Microsoft Exchange (AV, AS, content) 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Sophos Server Protection 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Endpoint Protection - Advanced 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Web Protection Suite 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
Data Protection Suite 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
SafeGuard Data Exchange 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
SafeGuard Disk Encryption Advanced 5D992 NLR (mass market per 742.15(b)(1)) N/A N/A USA
SafeGuard Disk Encryption for Mac 5D992 NLR (mass market per 742.15(b)(1)) N/A N/A USA
SafeGuard Enterprise Encryption 5D992 NLR (mass market per 742.15(b)(1)) N/A N/A USA
SafeGuard Encryption for Cloud Storage 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
SafeGuard Encryption for File Shares 5D992 N/A (mass market per 742.15(b)(7)(i)(C)) N/A N/A USA
SafeGuard Native Device Encryption 5D002 ENC (unrestricted per 740.17(b)(1) N/A N/A USA
Software
Sophos Cloud Migration Tool 5D992 N/A (mass market) N/A N/A USA
Sophos Anti-Spam Interface (SASI) 5D002 (C.1) ENC (unrestricted) G076251 N/A USA
Sophos Anti-Virus (SAV) for Mac 5D992 (C) N/A (mass market) G076252 N/A USA
Sophos Anti-Virus Interface (SAVI) 5D002 (C.1) ENC (unrestricted per 740.17(b)(3)) G151143 N/A USA
Sophos Computer Security Scan 5D992 (C) N/A (mass market) G079727 N/A USA
Sophos Endpoint Security & Control 5D992 (C) N/A (mass market) G076250 N/A USA
Sophos Endpoint Security & Data Protection 5D992 (C) N/A (mass market) G076250 N/A USA
SafeGuard File Encryption for Mac 5D002 ENC (unrestricted per 740.17(b)(1)) N/A N/A USA
Sophos for Microsoft SharePoint 5D992 (C) N/A (mass market) G076094 N/A USA
Sophos Mobile Control 5D992 N/A (mass market per 742.15(b)(1)) N/A N/A USA
Sophos Mobile Control as a Service 5D992 N/A (mass market per 742.15(b)(1)) N/A N/A USA
Sophos Mobile Encryption 5D992 N/A (mass market) N/A N/A USA
Sophos Mobile Security - Enterprise 5D992 N/A (NLR) N/A N/A USA
Sophos NAC Advanced 5D002 (C) ENC (unrestricted) G076250 N/A USA
Sophos for Network Storage EAR99 N/A N/A N/A USA
Sophos PureMessage for Exchange 5D992 (B) N/A (mass market) G079729 N/A USA
Sophos PureMessage for UNIX 5D992 (C) N/A (mass market) G076094 N/A USA
Sophos PureMessage for Lotus Domino 5D992 (C) N/A (mass market) G076094 N/A USA
Sophos SafeGuard CryptoServer CS and SE software 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard CryptoServer Software Development Kit (SDK) 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard Device Encryption 5D002 ENC (unrestricted per 740.17(b)(1)) N/A N/A USA
Sophos SafeGuard Enterprise 5D992 (C) N/A (mass market) G077275 N/A USA
Sophos SafeGuard Easy 5D992 N/A (mass market per 742.15(b)(1)) N/A N/A USA
Sophos SafeGuard LAN Crypt 5D992 N/A (mass market) N/A N/A USA
Sophos SafeGuard MailGateway 5D992 N/A (mass market) N/A N/A USA
Sophos SafeGuard PortProtector 5D992 N/A (NLR) N/A N/A USA
Sophos SafeGuard PrivateCrypto 5D992 N/A (mass market) N/A N/A USA
Sophos SafeGuard PrivateDisk 5D992 N/A (mass market) N/A N/A USA
Sophos SafeGuard RemovableMedia 5D992 N/A (mass market) N/A N/A USA
Sophos Secure OS 5D992 N/A (mass market) N/A N/A USA
Sophos Security Monitor for iPhone EAR99 N/A N/A N/A USA
Sophos Virtual Email Appliance 5D992 N/A (mass market) N/A N/A USA
Sophos Virtual Web Appliance 5D992 N/A (mass market) N/A N/A USA
Sophos UTM Appliance / Sophos UTM Software (software-only virtual appliance versions 110, 120, 220, 320, 425, 525, 625) 5D002 ENC (restricted per 740.17(b)(2)) G153960 N/A USA
Sophos UTM XG Appliance Software (software-only virtual appliance versions 105, 105w, 115, 115w, 125, 125w, 135, 135w, 210, 230, 310, 330, 430, 450, 550, 650) 5D002 ENC (restricted per 740.17(b)(2)) G160973 N/A USA
Sophos UTM Endpoint Protection 5D992 N/A (mass market per 742.15(b)(1)) N/A N/A USA
Sophos UTM Smart Installer 5A992 EAR 742.15(b)(1) N/A N/A USA
Sophos UTM Essential Firewall 5D002 ENC (restricted per 740.17(b)(2)) G152563 N/A USA
Appliances
Sophos Access Point Access Points (AP5, AP10, AP30, AP50) 5A992 NLR (mass market per 742.15(b)(1)) N/A 8517620050 Taiwan
Sophos Access Point Access Points (AP55,AP55c,AP100,AP100c) 5A992 NLR (mass market per 742.15(b)(1)) N/A 8517620050 China
Sophos Email Appliance ES100 5A002 (A.1) ENC (unrestricted) G078960 8517620050 USA
Sophos Email Appliance ES1000 5A002 (A.1) ENC (unrestricted) G050803 8517620050 USA
Sophos Email Appliance ES1100 5A002 (A.1) ENC (unrestricted) G073773 8517620050 USA
Sophos Email Appliance ES4000 5A002 (A.1) ENC (unrestricted) G043583 8517620050 USA
Sophos Email Appliance ES5000 5A002 (A.1) ENC (unrestricted) G068377 8517620050 USA
Sophos Email Appliance ES8000 5A002 (A.1) ENC (unrestricted) G068377 8517620050 USA
Sophos iView 5D992 N/A (mass market) N/A N/A USA
Sophos Management Appliance SM2000 5A002 (A.1) ENC (unrestricted) G068809 8517620050 USA
Sophos Management Appliance SM5000 5A002 (A.1) ENC (unrestricted) G070752 8517620050 USA
Sophos Web Appliance WS100 5A002 (A.1) ENC (unrestricted) G078960 8517620050 USA
Sophos Web Appliance WS500 5A002 (A.1) ENC (unrestricted) G068810 8517620050 USA
Sophos Web Appliance WS1000 5A002 (A.1) ENC (unrestricted) G051630 8517620050 USA
Sophos Web Appliance WS1100 5A002 (A.1) ENC (unrestricted) G068809 8517620050 USA
Sophos Web Appliance WS5000 5A002 (A.1) ENC (unrestricted) G138827 8517620050 USA
Sophos UTM Appliance (sold with hardware versions 110, 120, 220, 320, 425, 525, 625) 5A002 ENC (restricted per 740.17(b)(2)) G153960 8517620050 Taiwan
Sophos UTM 100 Appliance with BasicGuard 5A992 N/A (mass market per 742.15(b)(1)) G153960 8517620050 Taiwan
Sophos UTM SG Appliance (sold with hardware, versions 210-450 and later) 5A002 ENC (restricted per 740.17(b)(2)) G153960 8517620050 Taiwan
Sophos UTM XG Appliance (sold with hardware, versions 105, 105w, 115, 115w, 125, 125w, 135, 135w, 210, 230, 310, 330, 430, 450, 550, 650) 5A002 ENC (restricted per 740.17(b)(2)) G160973 8517620050 Taiwan
Components
Astaro Mail Archiving (AMA) 5D992 N/A (mass market) N/A N/A USA
PureMessage for Microsoft Exchange (includes Anti-Spam Interface) 5D992 N/A (mass market) N/A N/A USA
Sophos Access Points 5A992 N/A (mass market) N/A N/A USA
Sophos Anti Virus (SAV) (includes Windows 9x/NET, 2000+ versions) 5D992 N/A (mass market) G076252 N/A USA
Sophos Anti-Virus (SAV) for Linux/Unix 5D992 ENC (mass market) N/A N/A USA
Sophos Anti-Virus (SAV) for Mac 5D992 N/A (mass market) G076252 N/A USA
Sophos Anti-Virus (SAV) for VMware vShield 5D002 ENC (unrestricted) N/A N/A USA
Sophos AutoUpdate (SAU) 5D002 ENC (unrestricted) N/A N/A USA
Sophos Cloud Agent 5D992 N/A (mass market) N/A N/A USA
Sophos Cloud Web Agent 5D002 ENC (unrestricted) N/A N/A USA
Sophos Data Leakage Protection (DLP) EAR99 N/A N/A N/A USA
Sophos Diagnostic Utility (SDU) EAR99 N/A N/A N/A USA
Sophos Endpoint Security & Control for Windows 5D992(C) N/A (mass market) G076252 N/A USA
Sophos Enterprise Console (SEC) 5D992 N/A (mass market) N/A N/A USA
Sophos IPSec Client 5D992 N/A (mass market) N/A N/A USA
Sophos LAN Crypt5 5D992 N/A (mass market) N/A N/A USA
Sophos License Identifier (SLID) 5D992 N/A N/A N/A USA
Sophos Management Communications System (MCS) 5D992 N/A (mass market) N/A N/A USA
Sophos Mobile Control 5D992 N/A (mass market) N/A N/A USA
Sophos Mobile Encryption 5D992 N/A (mass market) N/A N/A USA
Sophos Network Access Control (NAC) 5D002 ENC (unrestricted) G076250 N/A USA
Sophos Outlook Add-In 5D002 ENC (unrestricted) N/A N/A USA
Sophos Patch Assessment (SPA) 5D002 ENC (unrestricted) N/A N/A USA
Sophos RED 10 & RED15 5A992 N/A (mass market per 742.15(b)(1)) N/A 8517620050 China
Sophos RED 50 5A002 ENC (restricted per 740.17(b)(2)) G151089 8517620050 Taiwan
Sophos SafeGuard Management Center (MC) 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard Device Encryption (DE) 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard Data Exchange (DX) 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard Cloud Storage (CS) 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard FileShare (FS) 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard Partner Connect 5D002 ENC (unrestricted) N/A N/A USA
Sophos SafeGuard File Encryption for Mac 5D002 ENC (unrestricted) N/A N/A USA
Sophos Smart Installer 5D992 N/A (mass market) N/A N/A USA
Sophos UTM Email Protection 5D002 ENC (unrestricted) N/A N/A USA
Sophos UTM Endpoint Protection 5D992 N/A (mass market) N/A N/A USA
Sophos UTM Essential Firewall 5D002 ENC (restricted) G152563 N/A USA
Sophos UTM Manager 5D992 N/A (mass market) N/A N/A USA
Sophos UTM Network Protection 5D002 ENC (restricted) G152563 N/A USA
Sophos UTM Web Protection 5D992 N/A (mass market) N/A N/A USA
Sophos UTM Web Server Protection 5D002 ENC (restricted) G152563 N/A USA
Sophos UTM Wireless Protection 5D002 ENC (unrestricted) N/A N/A USA
Sophos Virus Removal Tool (SVRT) EAR99 N/A N/A N/A USA



Table 2

Sophos Product Control Entry4 ECO Reference No. HTS Code (Tariff) Country of Origin
Sophos Anti-Spam Interface (SASI) 5D002c1 ERE2009/003981 N/A USA
Sophos Anti-Virus (SAV) for Mac 5D002c1 ERE2009/003971 N/A USA
Sophos Anti-Virus (SAV) for UNIX 5D002c1 ERE2009/003971 N/A USA
Sophos Anti-Virus (SAV) for Linux 5D002c1 ERE2009/003971 N/A USA
Sophos Anti-Virus Interface (SAVI) 5D002c1 ERE2009/003981 N/A USA
Sophos Endpoint Security & Control 5D002c1 ERE2009/003966 N/A USA
Sophos Endpoint Security & Data Protection 5D002c1 ERE2009/003966 N/A USA
Sophos for Microsoft SharePoint NLR ERE2009/003881 N/A USA
Sophos NAC Advanced 5D002c1 ERE2009/003966 N/A USA
Sophos PureMessage for Exchange NLR ERE2009/003881 N/A USA
Sophos PureMessage for UNIX NLR ERE2009/003881 N/A USA
Sophos PureMessage for Lotus Domino NLR ERE2009/003881 N/A USA
Sophos SafeGuard Enterprise NLR ERE2009/002227 N/A USA
Sophos SafeGuard Easy NLR ERE2009/002227 N/A USA
Sophos Small Business Suite NLR R/845/2004 N/A USA
Sophos Anti-Virus (with Sophos Enterprise Console and EM Library ) NLR R/462/2005 N/A USA
Sophos Mobile Control (SMC) 5D002c1 GBSIE2014/02460 N/A USA
RED (Red10, Red15) 5A002a1a GBSIE2014/02460 8517620090 China
RED (Red50) 5A002a1a GBSIE2014/02460 8517620090 Taiwan
Access Points (AP5, AP10, AP30, AP50) 5A002a1a GBSIE2014/02460 8517620090 Taiwan
Access Points (AP55,AP55c,AP100,AP100c) 5A002a1a GBSIE2014/02460 8517620090 China
UTM hardware with pre-loaded software (625, 525, 425, 320, 220, 120) and later versions 5A002a1a GBSIE2014/02460 8517620090 Taiwan
UTM software (FullGuard) 5D002c1 GBSIE2014/03354 N/A USA
Sophos UTM XG Appliance with pre-loaded software (versions 105, 105w, 115, 115w, 125, 125w, 135, 135w, 210, 230, 310, 330, 430, 450, 550, 650) 5A002a1a SC 8517620090 Taiwan
Sophos UTM Virtual Appliances (including SG & XG UTM series) 5D002c1 SC N/A USA
UTM software (Network Protection) 5D002c1 GBSIE2014/03354 N/A USA
UTM software (Web Protection) 5D002c1 GBSIE2014/03354 N/A USA
UTM software (Wireless Protection) 5D002c1 GBSIE2014/03354 N/A USA
UTM software (Webserver Protection) 5D002c1 GBSIE2014/03354 N/A USA
UTM software (Email Protection) 5D002c1 GBSIE2014/03354 N/A USA
UTM 100 & 110 with preloaded software (BasicGuard) NLR SIE2014/001667 8517620090 Taiwan



Table 3

Sophos LAN Crypt5

  1. ECCN
    Export Control Classification Number assigned by the U.S. Department of Commerce, Bureau of Industry and Security (BIS) in the Commerce Control List (CCL). This is the fundamental designation indicating the level of control for an item.
    Please review the current Commerce Control List Overview and the Country Chart for up to date information on the current countries to which exports are restricted for the referenced ECCNs. Currently, unless otherwise restricted by another country's more restrictive controls, mass market items may be exported without a license to any destination, except to embargoed/sanctioned countries (Cuba, Iran, North Korea, Sudan, and Syria) or to prohibited end-users or for prohibited end-uses.

  2. License Exception ENC
    Sophos received a License Exception from the U.S. Department of Commerce for each of the appliance products after submitting each to a one-time significant technical review by the National Security Agency (NSA). See the following URL for further information on the ENC License Exception: http://www.bis.doc.gov/encryption/enc_faqs.htm#7

  3. CCATS (Commodity Classification Automated Tracking System)
    This is the code number assigned by BIS to products that it has classified against the CCL. If no CCATS number is provided, this indicates that the products have been classified under the Department of Commerce, Bureau of Industry and Security self-classification regulations.

  4. NLR
    This abbreviation indicates that UK Export Control Organization ("ECO") has indicated that the product does not require a license for export from the UK ("No License Required").

  5. Subject to German Export Control
    The LanCrypt products are subject to German export controls as 5A002 or 5D002 products and may only be exported in accordance with the AGG16 and EU001 general licenses as further detailed above.