General Export Compliance

Export Compliance and Cisco Products

Cisco products, software, and technology (Cisco products) are subject to export controls under the laws and regulations of the United States (U.S.), the European Union (EU), United Kingdom (UK), and any other applicable countries’ export laws and regulations. Export, re-export, transfer, and use of Cisco products may require obtaining U.S. and local authorizations, permits, or licenses.

Cisco products are controlled under the U.S. Export Administration Regulations, EU Dual-Use Regulation, UK Dual-Use Regulation, and Wassenaar Arrangement as telecommunications/networking equipment in category 5, part 2. The classification of Cisco’s products and CCATs can be retrieved from Cisco's Public Export Product Data Tool.

Cisco products may not be exported or re-exported to sanctioned jurisdictions: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions. Certain Cisco products may not be elgible for export or re-export to non-government-controlled regions of Zaporizhzhia and Kherson if prohibited under EU or UK sanctions laws. Cisco products may not be delivered to individuals or entities listed as under restrictions by the U.S. government or other applicable jurisdictions without first obtaining a license.

Cisco products may not be used directly or indirectly for uses inconsistent with their original design and intended applications (e.g., communications and network management).

As a U.S. company, Cisco is obliged to comply with U.S. anti-boycott laws and refuse to participate in foreign boycotts that the United States does not sanction.

Exporters, distributors, customers, and users of Cisco products are responsible for compliance with U.S. and local country export/import laws and regulations.

U.S., EU and UK export control laws and regulations

In the U.S., the export, re-export, and in-country transfer of controlled goods, software, and technology (dual-use items) are controlled by a branch of the U.S. Department of Commerce known as the Bureau of Industry and Security through the Export Administration Regulations (EAR).

In the EU, the export of dual-use items are controlled under EU Regulation 2021/821, setting up a community regime for the control of exports, transfer, brokering, and transit of dual-use items.

U.S., EU and UK export restrictions for Cisco products

Cisco reviews its products prior to export and classifies them in accordance with the U.S. Export Administration Regulations (EAR) and any other applicable export control lists. 

Once a review has been completed, products may become eligible for a particular license exception, such as ENC, and this exception may then be used by other exporters, as provided by EAR or other applicable export controls.

Cisco solutions and products specified by EAR740.17(b)(1) or EAR740.17(b)(3) may be exported and re-exported under License Exception ENC to most civilian, commercial, and government end users located in all territories, with the exception of sanctioned jurisdictions and countries designated as supporting terrorist activities. The countries listed in part 746 of EAR as sanctioned jurisdictions requiring a license are: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions.

Cisco's encryption solutions and products specified by EAR740.17(b)(2) have undergone a one-time review by the U.S. government and may be exported or re-exported under License Exception ENC to most civilian, commercial, and less-sensitive government end users (for definition see part 772 of EAR) located in all territories except the embargoed destinations and countries designated as supporting terrorist activities (i.e., Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions). Exports and re-exports to more-sensitive government entities (see part 772 EAR) not located in the following countries may require a U.S. export license: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom, and the United States.

Mass-market products generally do not require a license under U.S., EU, UK, and most local laws (except when exporting to embargoed destinations). Mass-market products are authorized for export from the U.S. under the designation “No License Required” (NLR).

All transactions must undergo a compliance check to ensure that none of the parties to an order are listed on any applicable sanctioned or denied entity list. Please review the U.S. Bureau of Industry and Security Lists of Parties of Concern. Consolidated list of persons, groups and entities subject to EU financial sanctions, the UK Sanctions List and any other applicable sanctioned, denied or other restricted party lists.

No Cisco products are regulated by the International Traffic in Arms Regulations (ITAR) or EU or UK military export controls.

Under EU export control laws exports of dual-use encryption items outside the EU require a license. Transfers of certain sensitive encryption items between EU member states require a license.

Similarly, under UK export control laws exports of dual-use encryption items outside the UK require a license.

Further information

The U.S. Commerce Department Bureau of Industry and Security website provides U.S. export guidance at https://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl.

Non-U.S. and U.S. companies re-exporting Cisco products or technology must comply with both their local export regulations and with the U.S. re-export regulations. Guidance regarding re-exports and other offshore transactions involving U.S. origin items can be found at https://www.bis.doc.gov/index.php/licensing/reexports-and-offshore-transactions.

The European Commission provides information about EU export control laws at https://ec.europa.eu/trade/import-and-export-rules/export-from-eu/dual-use-controls/.

Further guidance published by some EU member states can be found at: