How do export regulations impact the applications I create with Vuo?

If you plan to distribute an application made with Vuo, and you are based in the United States, your application may be subject to United States Export Administration Regulations if it includes nodes that can access files via HTTPS, such as “Fetch Image,” “Fetch Scene,” or “Play Audio File”. With nodes that access HTTPS files, your application will include the OpenSSL library for decrypting files downloaded via HTTPS.

Many other countries have export control regulations, so if you are based outside the United States, you may need to investigate how your country handles applications that include decrypting downloaded files via HTTPS.

For those in the United States, although we can’t offer legal advice, we can point you to some of the relevant information about U.S. Export Administration Regulations. It’s up to you to determine whether your application is subject to U.S. Export Administration Regulations.

The United States, through the U.S. Bureau of Industry and Security, controls the export of some software that contains encryption functionality. The guidelines are contained in the U.S. Export Administration Regulations (EAR). Vuo makes use of the OpenSSL Library for encryption functionality, including apps made with Vuo.

Regulations allow for software meeting certain requirements to be exempt from EAR encryption-related export controls. Some exemptions are classified as “Note 4 to Category 5, Part 2 of the EAR,” as follows:

Note 4: Category 5, Part 2 [of the EAR regulation] does not apply to [exempts] items incorporating or using “cryptography” and meeting all of the following:

(a) The primary function or set of functions is not any of the following:
(1) “Information security”;
(2) A computer, including operating systems, parts and components therefor;
(3) Sending, receiving or storing information (except in support of entertainment, mass commercial broadcasts, digital rights management or medical records management); or
(4) Networking (includes operation, administration, management and provisioning);

(b) The cryptographic functionality is limited to supporting their primary function or set of functions; and

(c) When necessary, details of the items are accessible and will be provided, upon request, to the appropriate authority in the exporter’s country in order to ascertain compliance with conditions described in paragraphs (a) and (b) above.

More information is provided in the BIS Encryption FAQs, particularly “What is Note 4.”

App builders who are interested in sharing their apps should make their own determinations on whether their apps are exempt from cryptography-related export controls.