Export Control Statement - Nygma.ai

1.1 Encryption Capabilities

The Service implements the following encryption technologies:

• • AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode)
• • ChaCha20-Poly1305 (for performance-optimized encryption)
• • PBKDF2 with 100,000 iterations (for key derivation)
• • TLS 1.3 (for data in transit)
• • All encryption/decryption occurs client-side using locally generated keys
• • Zero-knowledge architecture prevents server-side access to unencrypted data

1.2 Technical Classification

The Service falls under the following technical classifications:

• • U.S. Export Administration Regulations (EAR): ECCN 5D002
• • EU Dual-Use Regulation: 5D002.c.1
• • Wassenaar Arrangement: Category 5, Part 2
• • These classifications are subject to change based on regulatory updates

2.1 Export Administration Regulations (EAR)

• Classification: ECCN 5D002 (Software for cybersecurity)
• License Exception: ENC (Encryption commodities and software)
• Mass Market Status: Qualified for mass market exemption

2.2 Bureau of Industry and Security (BIS) Compliance

• • Annual self-classification reviews conducted
• • Technical documentation maintained for BIS review
• • Compliance with notification requirements under License Exception ENC

3.1 EU Dual-Use Regulation

• Classification: Category 5, Part 2 (Information Security)
• General Export Authorization: EU General Export Authorization No. 1 (cryptography)
• Intra-EU Transfers: Generally permitted under EU law

3.2 Member State Requirements

• • Compliance with individual EU member state export control laws
• • Some member states may impose additional requirements
• • Regular review of member state specific regulations

4.1 Strategic Export Licensing

• Classification: Category 5, Part 2 under UK Strategic Export Control Lists
• Open General Export License: OGEL (Cryptography) applies
• Post-Brexit Compliance: Independent UK export control regime

5.1 Canada

• Export Control List: Category 5, Part 2
• General Export Permit: GEP-ENC (Encryption)
• Compliance: Regular review of Canadian export control requirements

5.2 Australia

• Defence and Strategic Goods List: Category 5A002/5D002
• General Export Controls: Encryption exports generally permitted
• Compliance: Australian export control law compliance maintained

8.1 Automated Screening

• • Automated screening of user locations and IP addresses
• • Real-time blocking of access from restricted jurisdictions
• • Regular updates to screening databases

8.2 Manual Review

• • Periodic manual review of user accounts and access patterns
• • Investigation of suspicious activity or potential violations
• • Cooperation with law enforcement and regulatory authorities

9.1 Geographic Restrictions

• • Technical measures to prevent access from restricted locations
• • IP address blocking and geolocation verification
• • Regular updates to geographic restriction lists

9.2 Access Controls

• • Strong authentication requirements
• • Account verification procedures
• • Monitoring for unauthorized access attempts

10.1 Government Requests

• • Cooperation with legitimate regulatory inquiries
• • Technical limitations may prevent full compliance with some requests
• • Legal challenge of inappropriate or overly broad requests

11.1 Regulatory Changes

• • Regular monitoring of export control law changes
• • Prompt implementation of new requirements
• • User notification of changes affecting service availability