- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE)
Commission Delegated Regulation (EU) 2020/1749Dangos y teitl llawn
Commission Delegated Regulation (EU) 2020/1749 of 7 October 2020 amending Council Regulation (EC) No 428/2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items
You are here:
- Rheoliadau yn deillio o’r UE
- 2020 No. 1749
- ANNEX I
- CATEGORY 5 – TELECOMMUNICATIONS...
- Part 2 – "INFORMATION SECURITY"
- Systems, Equipment and Components
Pa Fersiwn
Nodweddion Uwch
- Dangos Graddfa Ddaearyddol(e.e. Lloegr, Cymru, Yr Alban aca Gogledd Iwerddon)
- Dangos Llinell Amser Newidiadau
Rhagor o Adnoddau
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
Mae hon yn eitem o ddeddfwriaeth sy’n deillio o’r UE
Mae unrhyw newidiadau sydd wedi cael eu gwneud yn barod gan y tîm yn ymddangos yn y cynnwys a chyfeirir atynt gydag anodiadau.Ar ôl y diwrnod ymadael bydd tair fersiwn o’r ddeddfwriaeth yma i’w gwirio at ddibenion gwahanol. Y fersiwn legislation.gov.uk yw’r fersiwn sy’n weithredol yn y Deyrnas Unedig. Y Fersiwn UE sydd ar EUR-lex ar hyn o bryd yw’r fersiwn sy’n weithredol yn yr UE h.y. efallai y bydd arnoch angen y fersiwn hon os byddwch yn gweithredu busnes yn yr UE. EUR-Lex Y fersiwn yn yr archif ar y we yw’r fersiwn swyddogol o’r ddeddfwriaeth fel yr oedd ar y diwrnod ymadael cyn cael ei chyhoeddi ar legislation.gov.uk ac unrhyw newidiadau ac effeithiau a weithredwyd yn y Deyrnas Unedig wedyn. Mae’r archif ar y we hefyd yn cynnwys cyfraith achos a ffurfiau mewn ieithoedd eraill o EUR-Lex. The EU Exit Web Archive legislation_originated_from_EU_p3
Changes over time for: Systems, Equipment and Components
Changes to legislation:
This version of this Regulation was derived from EUR-Lex on IP completion day (31 December 2020 11:00 p.m.). It has not been amended by the UK since then. Find out more about legislation originating from the EU as published on legislation.gov.uk.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
[5A2] Systems, Equipment and Components U.K.
[5A002] "Information security" systems, equipment and components, as follows:
NB: For the control of "satellite navigation system" receiving equipment containing or employing decryption, see 7A005 and for related decryption "software" and "technology" see 7D005 and 7E001. U.K.
a.
Designed or modified to use ‘cryptography for data confidentiality’ having a ‘described security algorithm’, where that cryptographic capability is usable, has been activated, or can be activated by any means other than secure "cryptographic activation", as follows:
1.
Items having "information security" as a primary function;
2.
Digital communication or networking systems, equipment or components, not specified in 5A002.a.1.;
3.
Computers, other items having information storage or processing as a primary function, and components therefor, not specified in 5A002.a.1. or 5A002.a.2.;
NB: For operating systems, see also 5D002.a.1. and 5D002.c.1. U.K.
4.
Items, not specified in 5A002.a.1. to 5A002.a.3., where the ‘cryptography for data confidentiality’ having a ‘described security algorithm’ meets all of the following:
a.
It supports a non-primary function of the item; and
b.
It is performed by incorporated equipment or "software" that would, as a standalone item, be specified in Category 5 – Part 2.
Technical Notes: U.K.
1. For the purposes of 5A002.a., ‘cryptography for data confidentiality’ means "cryptography" that employs digital techniques and performs any cryptographic function other than any of the following: U.K.
a.
"Authentication";
b.
Digital signature;
c.
Data integrity;
d.
Non-repudiation;
e.
Digital rights management, including the execution of copy-protected "software";
f.
Encryption or decryption in support of entertainment, mass commercial broadcasts or medical records management; or
g.
Key management in support of any function described in paragraph a. to f. above.
2. For the purposes of 5A002.a., ‘described security algorithm’ means any of the following: U.K.
a.
A "symmetric algorithm" employing a key length in excess of 56 bits, not including parity bits;
b.
An "asymmetric algorithm" where the security of the algorithm is based on any of the following:
1.
Factorisation of integers in excess of 512 bits (e.g., RSA);
2.
Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ); or
3.
Discrete logarithms in a group other than mentioned in paragraph b.2. in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve); or
c.
An "asymmetric algorithm" where the security of the algorithm is based on any of the following:
1.
Shortest vector or closest vector problems associated with lattices (e.g., NewHope, Frodo, NTRUEncrypt, Kyber, Titanium);
2.
Finding isogenies between Supersingular elliptic curves (e.g., Supersingular Isogeny Key Encapsulation); or
3.
Decoding random codes (e.g., McEliece, Niederreiter).
Technical Note: U.K.
An algorithm described by Technical Note 2.c. may be referred to as being post-quantum, quantum-safe or quantum-resistant.
Note 1: When necessary as determined by the appropriate authority in the exporter’s country, details of items must be accessible and provided to the authority upon request, in order to establish any of the following: U.K.
a.
Whether the item meets the criteria of 5A002.a.1. to 5A002.a.4.; or
b.
Whether the cryptographic capability for data confidentiality specified in 5A002.a. is usable without "cryptographic activation".
Note 2: 5A002.a. does not control any of the following items, or specially designed "information security" components therefor: U.K.
a.
Smart cards and smart card ‘readers/writers’ as follows:
1.
A smart card or an electronically readable personal document (e.g., token coin, e-passport) that meets any of the following:
a.
The cryptographic capability meets all of the following:
1.
It is restricted for use in any of the following:
a.
Equipment or systems not described by 5A002.a.1. to 5A002.a.4.;
b.
Equipment or systems not using ‘cryptography for data confidentiality’ having a ‘described security algorithm’; or
c.
Equipment or systems, excluded from 5A002.a., by paragraphs b. to f. of this Note; and
2.
It cannot be reprogrammed for any other use; or:
b.
Having all of the following:
1.
It is specially designed and limited to allow protection of ‘personal data’ stored within;
2.
Has been, or can only be, personalised for public or commercial transactions or individual identification; and
3.
Where the cryptographic capability is not user-accessible;
Technical Note: U.K.
‘Personal data’ includes any data specific to a particular person or entity, such as the amount of money stored and data necessary for "authentication".
b.
Cryptographic equipment specially designed and limited for banking use or ‘money transactions’;
Technical Note: U.K.
‘Money transactions’ in 5A002.a. Note 2.b. includes the collection and settlement of fares or credit functions.
c.
Portable or mobile radiotelephones for civil use (e.g., for use with commercial civil cellular radio communication systems) that are not capable of transmitting encrypted data directly to another radiotelephone or equipment (other than Radio Access Network (RAN) equipment), nor of passing encrypted data through RAN equipment (e.g., Radio Network Controller (RNC) or Base Station Controller (BSC));
d.
Cordless telephone equipment not capable of end-to-end encryption where the maximum effective range of unboosted cordless operation (i.e. a single, unrelayed hop between terminal and home base station) is less than 400 metres according to the manufacturer’s specifications;
e.
Portable or mobile radiotelephones and similar client wireless devices for civil use, that implement only published or commercial cryptographic standards (except for anti-piracy functions, which may be non-published) and also meet the provisions of paragraphs a.2. to a.4. of the Cryptography Note (Note 3 in Category 5, Part 2), that have been customised for a specific civil industry application with features that do not affect the cryptographic functionality of these original non-customised devices;
f.
Items, where the "information security" functionality is limited to wireless "personal area network" functionality, implementing only published or commercial cryptographic standards;
g.
Mobile telecommunications Radio Access Network (RAN) equipment designed for civil use, which also meet the provisions of paragraphs a.2. to a.4. of the Cryptography Note (Note 3 in Category 5, Part 2), having an RF output power limited to 0,1 W (20 dBm) or less, and supporting 16 or fewer concurrent users;
h.
Routers, switches, gateways or relays, where the "information security" functionality is limited to the tasks of "Operations, Administration or Maintenance" ("OAM") implementing only published or commercial cryptographic standards; or
i.
General purpose computing equipment or servers, where the "information security" functionality meets all of the following:
1.
Uses only published or commercial cryptographic standards; and
2.
Is any of the following:
a.
Integral to a CPU that meets the provisions of Note 3 to Category 5–Part 2;
b.
Integral to an operating system that is not specified in 5D002; or
c.
Limited to "OAM" of the equipment.
j.
Items specially designed for a ‘connected civil industry application’, meeting all of the following:
1.
Being any of the following:
a.
A network-capable endpoint device meeting any of the following:
1.
The "information security" functionality is limited to securing ‘non-arbitrary data’ or the tasks of "Operations, Administration or Maintenance" ("OAM"); or
2.
The device is limited to a specific ‘connected civil industry application’; or
b.
Networking equipment meeting all of the following:
1.
Being specially designed to communicate with the devices specified in paragraph j.1.a. above; and
2.
The "information security" functionality is limited to supporting the ‘connected civil industry application’ of devices specified in paragraph j.1.a. above, or the tasks of "OAM" of this networking equipment or of other items specified in paragraph j. of this Note; and
2.
Where the "information security" functionality implements only published or commercial cryptographic standards, and the cryptographic functionality cannot easily be changed by the user.
Technical Notes: U.K.
1. ‘Connected civil industry application’ means a network connected consumer or civil industry application other than "information security", digital communication, general purpose networking or computing. U.K.
2. ‘Non-arbitrary data’ means sensor or metering data directly related to the stability, performance or physical measurement of a system (e.g., temperature, pressure, flow rate, mass, volume, voltage, physical location etc.), that cannot be changed by the user of the device. U.K.
b.
Being a ‘cryptographic activation token’;
Technical Note: U.K.
A ‘cryptographic activation token’ is an item designed or modified for any of the following:
1.
Converting, by means of "cryptographic activation", an item not specified in Category 5 – Part 2 into an item specified in 5A002.a. or 5D002.c.1., and not released by the Cryptography Note (Note 3 in Category 5 – Part 2); or
2.
Enabling, by means of "cryptographic activation", additional functionality specified in 5A002.a. of an item already specified in Category 5 – Part 2.
c.
Designed or modified to use or perform "quantum cryptography";
Technical Note: U.K.
"Quantum cryptography" is also known as Quantum Key Distribution (QKD).
d.
Designed or modified to use cryptographic techniques to generate channelising codes, scrambling codes or network identification codes, for systems using ultra-wideband modulation techniques and having any of the following:
1.
A bandwidth exceeding 500 MHz; or
2.
A "fractional bandwidth" of 20 % or more;
e.
Designed or modified to use cryptographic techniques to generate the spreading code for "spread spectrum" systems, other than those specified in 5A002.d., including the hopping code for "frequency hopping" systems.
[5A003] Systems, equipment and components, for non-cryptographic "information security", as follows:
a.
Communications cable systems designed or modified using mechanical, electrical or electronic means to detect surreptitious intrusion;
Note: 5A003.a. only controls physical layer security. For the purpose of 5A003.a., the physical layer includes Layer 1 of the Reference Model of Open Systems Interconnection (OSI) (ISO/IEC 7498-1). U.K.
b.
Specially designed or modified to reduce the compromising emanations of information-bearing signals beyond what is necessary for health, safety or electromagnetic interference standards.
[5A004] Systems, equipment and components for defeating, weakening or bypassing "information security", as follows:
a.
Designed or modified to perform ‘cryptanalytic functions’.
Note: 5A004.a. includes systems or equipment, designed or modified to perform ‘cryptanalytic functions’ by means of reverse engineering. U.K.
Technical Note: U.K.
‘Cryptanalytic functions’ are functions designed to defeat cryptographic mechanisms in order to derive confidential variables or sensitive data, including clear text, passwords or cryptographic keys.
b.
Items, not specified in 4A005 or 5A004.a., designed to perform all of the following:
1.
‘Extract raw data’ from a computing or communications device; and
2.
Circumvent "authentication" or authorisation controls of the device, in order to perform the function described in 5A004.b.1.
Technical Note: U.K.
‘Extract raw data’ from a computing or communications device means to retrieve binary data from a storage medium (e.g., RAM, flash or hard disk) of the device without interpretation by the device’s operating system or filesystem.
Note1: 5A004.b. does not control systems or equipment specially designed for the "development" or "production" of a computing or communications device. U.K.
Note: 5A004.b. does not include: U.K.
a.
Debuggers, hypervisors;
b.
Items limited to logical data extraction;
c.
Data extraction items using chip-off or JTAG; or
d.
Items specially designed and limited to jail-breaking or rooting.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Annex
PrintThe Whole Division
PrintThe Whole Part
PrintThis Division only
You have chosen to open the Whole Regulation
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open Schedules only
Y Rhestrau you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Mae deddfwriaeth ar gael mewn fersiynau gwahanol:
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE): Mae'r wreiddiol version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys
Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Dewisiadau Agor
Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd
Rhagor o Adnoddau
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
- y PDF print gwreiddiol y fel adopted version that was used for the EU Official Journal
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- pob fformat o’r holl ddogfennau cysylltiedig
- slipiau cywiro
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Llinell Amser Newidiadau
Mae’r llinell amser yma yn dangos y fersiynau gwahanol a gymerwyd o EUR-Lex yn ogystal ag unrhyw fersiynau dilynol a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig.
Cymerir dyddiadau fersiynau’r UE o ddyddiadau’r dogfennau ar EUR-Lex ac efallai na fyddant yn cyfateb â’r adeg pan ddaeth y newidiadau i rym ar gyfer y ddogfen.
Ar gyfer unrhyw fersiynau a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig, bydd y dyddiad yn cyd-fynd â’r dyddiad cynharaf y daeth y newid (e.e. ychwanegiad, diddymiad neu gyfnewidiad) a weithredwyd i rym. Am ragor o wybodaeth gweler ein canllaw i ddeddfwriaeth ddiwygiedig ar Ddeall Deddfwriaeth.
Rhagor o Adnoddau
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
- y PDF print gwreiddiol y fel adopted fersiwn a ddefnyddiwyd am y copi print
- slipiau cywiro
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Mae’r holl gynnwys ar gael dan Drwydded Llywodraeth Agored v3.0 ac eithrio ble nodir yn wahanol. Yn ychwanegol mae’r safle hwn â chynnwys sy’n deillio o EUR-Lex, a ailddefnyddiwyd dan delerau Penderfyniad y Comisiwn 2011/833/EU ar ailddefnyddio dogfennau o sefydliadau’r UE. Am ragor o wybodaeth gweler ddatganiad cyhoeddus Swyddfa Gyhoeddiadau’r UE ar ailddefnyddio.