ANNEX I - Goods and technology referred to in Articles 2(1), (2) and (4), 3(3), 5(1), 6, 8(4), 17(2) and 31(1)

PART A

EU Regulation No 267/2012

a. Systems, equipment, application specific ‘electronic assemblies’, modules and integrated circuits for ‘information security’ related to networks such as wifi, 2G, 3G, 4G or fixed networks (classical, ADSL or optic fiber), as follows, and components therefor specially designed for ‘information security’: N.B.: For the control of Global Navigation Satellite Systems (GNSS) receiving equipment containing or employing decryption (i.e., GPS or GLONASS), see 7A005 of Annex I to Regulation (EC) No 428/2009. 1. Designed or modified to use ‘cryptography’ employing digital techniques performing any cryptographic function other than authentication or digital signature and having any of the following: Technical Notes: 1. Authentication and digital signature functions include their associated key management function. 2. Authentication includes all aspects of access control where there is no encryption of files or text except as directly related to the protection of passwords, Personal Identification Numbers (PINs) or similar data to prevent unauthorised access. 3. ‘Cryptography’ does not include ‘fixed’ data compression or coding techniques. Note: 1.a.1. includes equipment designed or modified to use ‘cryptography’ employing analogue principles when implemented with digital techniques. a. A ‘symmetric algorithm’ employing a key length in excess of 56 bits; or b. An ‘asymmetric algorithm’ where the security of the algorithm is based on any of the following: 1. Factorisation of integers in excess of 512 bits (e.g., RSA); 2. Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ); or 3. Discrete logarithms in a group other than mentioned in 1.a.1.b.2. in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve);