Skip to main content
Lenzo IconLenzo

ECCN Lookup 5A002

  • NS
  • RS
  • AT
  • EI

"Information security" systems, equipment and "components," as follows (see List of Items Controlled).

Category:
5Telecommunications & Information Security
Product Group:
A — Equipment, Assemblies & Components
Last updated:
2026-05-04

Items Covered

  • a.Designed or modified to use 'cryptography for data confidentiality' having a 'described security algorithm', where that cryptographic capability is usable, has been activated, or can be activated by any means other than secure "cryptographic activation", as follows:
    • 1. Items having "information security" as a primary function;
    • 2. Digital communication or networking systems, equipment or components, not specified in paragraph 5A002.a.1;
    • 3. Computers, other items having information storage or processing as a primary function, and components therefor, not specified in paragraphs 5A002.a.1 or .a.2;
    • 4. Items, not specified in paragraphs 5A002.a.1 to a.3, where the 'cryptography for data confidentiality' having a 'described security algorithm' meets all of the following:
      • 4.a. It supports a non-primary function of the item; and
      • 4.b. It is performed by incorporated equipment or "software" that would, as a standalone item, be specified by ECCNs 5A002, 5A003, 5A004, 5B002 or 5D002.
  • a.Whether the item meets the criteria of 5A002.a.1 to a.4; or
  • b.Whether the cryptographic capability for data confidentiality specified by 5A002.a is usable without "cryptographic activation."
  • a.Smart cards and smart card 'readers/writers' as follows:
    • 1. A smart card or an electronically readable personal document (e.g., token coin, e-passport) that meets any of the following:
      • 1.a. The cryptographic capability meets all of the following:
        • 1.a.1. It is restricted for use in any of the following:
          • 1.a.1.a. Equipment or systems, not described by 5A002.a.1 to a.4;
          • 1.a.1.b. Equipment or systems, not using 'cryptography for data confidentiality' having a 'described security algorithm'; or
          • 1.a.1.c. Equipment or systems, excluded from 5A002.a by entries b. to f. of this Note; and
        • 1.a.2. It cannot be reprogrammed for any other use; or
      • 1.b. Having all of the following:
        • 1.b.1. It is specially designed and limited to allow protection of 'personal data' stored within;
        • 1.b.2. Has been, or can only be, personalized for public or commercial transactions or individual identification; and
        • 1.b.3. Where the cryptographic capability is not user-accessible;
    • 2. 'Readers/writers' specially designed or modified, and limited, for items specified by paragraph a.1 of this Note;
  • b.Cryptographic equipment specially designed and limited for banking use or 'money transactions';
  • c.Portable or mobile radiotelephones for civil use (e.g., for use with commercial civil cellular radio communication systems) that are not capable of transmitting encrypted data directly to another radiotelephone or equipment (other than Radio Access Network (RAN) equipment), nor of passing encrypted data through RAN equipment (e.g., Radio Network Controller (RNC) or Base Station Controller (BSC));
  • d.Cordless telephone equipment not capable of end-to-end encryption where the maximum effective range of unboosted cordless operation (i.e., a single, unrelayed hop between terminal and home base station) is less than 400 meters according to the manufacturer's specifications;
  • e.Portable or mobile radiotelephones and similar client wireless devices for civil use, that implement only published or commercial cryptographic standards (except for anti-piracy functions, which may be non-published) and also meet the provisions of paragraphs a.2 to a.4 of the Cryptography Note (Note 3 in Category 5-Part 2), that have been customized for a specific civil industry application with features that do not affect the cryptographic functionality of these original non-customized devices;
  • f.Items, where the "information security" functionality is limited to wireless "personal area network " functionality implementing only published or commercial cryptographic standards;
  • g.Mobile telecommunications Radio Access Network (RAN) equipment designed for civil use, which also meet the provisions of paragraphs a.2 to a.4 of the Cryptography Note (Note 3 in Category 5-Part 2), having an RF output power limited to 0.1W (20 dBm) or less, and supporting 16 or fewer concurrent users;
  • h.Routers, switches, gateways or relays, where the "information security" functionality is limited to the tasks of "Operations, Administration or Maintenance" ("OAM") implementing only published or commercial cryptographic standards;
  • i.General purpose computing equipment or servers, where the "information security" functionality meets all of the following:
    • 1. Uses only published or commercial cryptographic standards; and
    • 2. Is any of the following:
      • 2.a. Integral to a CPU that meets the provisions of Note 3 in Category 5-Part 2;
      • 2.b. Integral to an operating system that is not specified by 5D002; or
      • 2.c. Limited to "OAM" of the equipment; or
  • j.Items specially designed for a 'connected civil industry application', meeting all of the following:
    • 1. Being any of the following:
      • 1.a. A network-capable endpoint device meeting any of the following:
        • 1.a.1. The "information security" functionality is limited to securing 'non-arbitrary data' or the tasks of "Operations, Administration or Maintenance" ("OAM"); or
        • 1.a.2. The device is limited to a specific 'connected civil industry application'; or
      • 1.b. Networking equipment meeting all of the following:
        • 1.b.1. Being specially designed to communicate with the devices specified by paragraph j.1.a. above; and
        • 1.b.2. The "information security" functionality is limited to supporting the 'connected civil industry application' of devices specified by paragraph j.1.a. above, or the tasks of "OAM" of this networking equipment or of other items specified by paragraph j. of this Note; and
    • 2. Where the "information security" functionality implements only published or commercial cryptographic standards, and the cryptographic functionality cannot easily be changed by the user.
  • b.Being a 'cryptographic activation token';
  • c.Designed or modified to use or perform "quantum cryptography";
  • d.Designed or modified to use cryptographic techniques to generate channelizing codes, scrambling codes or network identification codes, for systems using ultra-wideband modulation techniques and having any of the following:
    • 1. A bandwidth exceeding 500 MHz; or
    • 2. A "fractional bandwidth" of 20% or more;
  • e.Designed or modified to use cryptographic techniques to generate the spreading code for "spread spectrum" systems, not specified by 5A002.d, including the hopping code for "frequency hopping" systems.
  • f.through y. [Reserved]
  • z.Other commodities, as follows:
    • 1.a. Commodities that are described in 5A002.a and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
  • z.1.b Commodities that are described in 5A002.a and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
  • z.2.a Commodities that are described in 5A002.b and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
  • z.2.b Commodities that are described in 5A002.b and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
  • z.3.a Commodities that are described in 5A002.c and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
  • z.3.b Commodities that are described in 5A002.c and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
  • z.4.a Commodities that are described in 5A002.d and that also meet or exceed the performance parameters in 3A090.a or 4A090.a;
  • z.4.b Commodities that are described in 5A002.d and that also meet or exceed the performance parameters in 3A090.b or 4A090.b;
  • z.5.a Commodities that are described in 5A002.e and that also meet or exceed the performance parameters in 3A090.a or 4A090.a; or
  • z.5.b Commodities that are described in 5A002.e and that also meet or exceed the performance parameters in 3A090.b or 4A090.b.

Control Reasons Explained

This ECCN is controlled for the following reasons. Each reason maps to a column on the Commerce Country Chart, which determines whether a license is required for a given destination.

NSNational Security
Items that could contribute to the military potential of countries of concern. Check the Commerce Country Chart column for NS to determine license requirements.
RSRegional Stability
Items that could destabilize regions through conventional-arms build-up. Review RS columns on the Commerce Country Chart.
ATAnti-Terrorism
Basic anti-terrorism controls that apply to most items on the CCL. A license is required for exports to countries designated as state sponsors of terrorism.
EIEncryption Items
Items containing encryption technology. Many encryption items qualify for License Exception ENC after classification reporting.

Common Questions About 5A002

What does ECCN 5A002 cover?
ECCN 5A002 is an entry on the Commerce Control List (Telecommunications). The List of Items Controlled below describes the products, software, or technology captured by this classification. Compare your item against those parameters when self-classifying.
How do license requirements work for this ECCN?
License need depends on the control reasons shown for this code (for example NS, RS, MT, AT), the destination country, and how your transaction maps against the Commerce Country Chart, de minimis, and other EAR provisions. This page is a research aid only. Confirm against the current rule text and your specific facts before exporting.
Where is the official text for this ECCN?
The legal text appears in Supplement No. 1 to part 774 of the Export Administration Regulations (15 CFR Part 774). Use the official BIS link on this page to open the current supplement entry for this ECCN.
What if my product matches more than one ECCN?
When several ECCNs appear to fit, the controlling entry is usually the one that is most specific to your item's form, function, or technical limits. Cross-references in the List of Items Controlled and related ECCNs listed on this page are common starting points for narrowing the choice.
How often should I re-check this classification?
The Commerce Control List changes when BIS publishes new or amended rules. Revisit the official entry when regulations update, when the product's technical parameters change, or when the destination, end-user, or end-use of a transaction changes.
What do the control reason codes mean?
Each control reason (NS, RS, MT, AT, etc.) maps to a column on the Commerce Country Chart in Supplement No. 1 to part 738 of the EAR. When a control reason applies to your ECCN and the destination country has an X in that column, a license is generally required unless an exception applies. See the Control Reasons Explained section on this page for details on each code.

Not sure if your product matches 5A002?

Lenzo's classifier analyzes product descriptions and assigns the correct ECCN automatically — with audit trail and license requirements included.

View pricing →

Lenzo is powered by AI and can make mistakes. Please double-check results. Not legal or compliance advice. Terms