We are doing work for a company, based in the UK, who are planning on developing an application that uses the BouncyCastle.Crypto.dll. They intend to make their product (including the crypto dll) available for download over the Internet. Are there UK restrictions on the export of crypto software that would prevent them from doing this? From Wikipedia, I understand it's okay to export it from the US, but not sure about the UK.
EDIT: To be clear, their product itself wouldn't provide any crypto. All the crypto functionality would be within the BouncyCastle DLL only, which is already widely available for download on the internet. Not sure if there are any BouncyCastle library mirror download sites in the UK?
EDIT 2 Thanks for the feedback so far. The most useful responses pointed us to the relevant UK government websites. We're going to give the The Export Control Organisation (ECO) a call as they have a dedicated helpline for the UK strategic export control lists.
EDIT 3 We were told by a nice lady at the BIS that the company need to apply online for an export licence using the SPIRE system.
From the website:
SPIRE is the Export Control Organisation's fully electronic system for processing strategic export and trade licence applications. It is the main system exporters need to use to apply or register for an export licence for military or Dual-Use products.
Also:
SPIRE allows you to:
- apply for licences online
- complete an application form over a number of sessions, as required
- access previous applications and information, using this in new application forms
- automatically validate your application as part of the process
- track how your application is progressing at every stage
A copy of the electronic licence will also be held by HM Revenue & Customs.
Thanks again for the helpful feedback that put us on the right track.