Export control
Export control aims to prevent strategically sensitive products from ending up in the wrong hands, and sending to recipients outside of the country (export or transfer) may require permits. On this page, you can read more about which products are classified as sensitive and read about the University’s procedures and regulatory framework for export control.
Export control and potential permit requirements apply to physical products as well as information about technology for the development, production or use of products subject to export restrictions. Export refers to physical transport of goods and to electronic transfer of information and verbal transfer of technology. Publication and cloud services may therefore be covered by export control. Export control is primarily intended to prevent the export of weapons and strategic products to regions and countries that are considered politically unstable or a threat to peace in the area.
Contents on this page:
- What is covered by export control?
- Responsibility and compliance
- Export control process
- What is categorised as a DUI?
- Classification of DUIs
- Catch-all clause
- Sanctions
- Support and guidance
- On-line education: Export Controls for Higher Education Institutions
- Links to further information
- Related to export control: the Screening of Foreign Direct Investments Act
What is covered by export control?
Military equipment and dual-use items (DUI) are subject to export control.
Military equipment and technical assistance are listed in the annex to the Military Equipment Ordinance (the Munitions List). Anyone running an organisation is obliged to check whether the organisation comprises items classified as munitions or technical assistance related to such items. Certain technical assistance is exempt from the permit requirement, for example technology that is covered by the concepts “publicly available” and “basic research” as well as technical assistance given within Sweden.
DUIs are products, software or technology with a civil application but that can also be used for military purposes. Certain products of particular strategic importance are also classified as DUIs, such as equipment for information security using cryptography. Lund University is mainly concerned with export control of DUIs that affect the organisation. This is often a question of ensuring that certain knowledge or information is not disseminated to unauthorised recipients.
Exports of DUIs from the EU to third countries always require permission. In general, permits are not required for transfers within the EU but are required for certain sensitive products. Even if a permit is not required for transfer within the EU, there is still an obligation to inform the recipient if the items being exported are DUIs.
Responsibility and compliance
Anyone managing products that are covered by export control needs to be aware of how the product could be misused, for example if there is a connection to a weapons of mass destruction programme. The person responsible for the product needs to ensure that it does not end up in the wrong hands through, for example, theft, data security breach or unauthorised onward transmission.
The responsibility for compliance with the regulatory framework on export control lies with the organisation in question within Lund University. To ensure compliance with regulatory framework Lund University has its own export control programme (STYR 2020/2073) setting out the University’s export control organisation and clarifying its policy, responsibilities, roles and procedures. The programme also contains a section on the export control process, describing how export control matters are managed.
Go to the page on the regulatory framework to find the export control programme
Export control process
If an export permit is required, the organisation needs to have the permit in place before initiating the export process. The process of identifying and initiating an export control matter is done within the organisational unit (department or equivalent) where the need to export arises. The researcher/teaching staff member in charge is the person best informed about the products and technology used and is therefore responsible for communicating the necessary information to the relevant head of department so as to enable the latter to examine export control issues.
To determine whether an item is covered by export control, it must be checked against the regulatory framework. This can be done using a special checklist. If the product is covered by export control, product classification is carried out by the researcher/teaching staff member responsible. Contact the faculty’s local export control administrators for help and access to the “Export control: Guide and checklist.” If it is necessary to apply for permission to export, this is only done once the matter has been raised via the head of department to the dean responsible for export control, for a decision on further management of the matter.
What is categorised as a DUI?
Products, software and technology that are classified as DUIs are listed and described in Annex I of the DUI Regulation (Regulation (EU) 2021/821). Annex I is a list of items that require permission for export beyond EU borders, divided into ten categories:
- Nuclear material, facilities and equipment
- Special materials and related equipment
- Materials processing
- Electronics
- Computers
- Telecommunications and ‟information security”
- Sensors and lasers
- Navigation and avionics
- Marine
- Aerospace and propulsion
Classification of DUIs
In order to determine whether a product, software or technology is controlled pursuant to Annex I in the DUI Regulation, a classification must be carried out. This is done by comparing the product’s properties with the technical descriptions in the annex. The faculty’s administrators for export control can assist where necessary. This is done by comparing the product’s properties with the technical descriptions in Annex I. If a description (control text) corresponds to the product or technology in question, the item is a DUI with a corresponding control number. If in doubt about the classification, a product query can be made to the ISP (Inspectorate of Strategic Products).
Catch-all clause
In order to prevent exporters from deliberately attempting to circumvent the intended effect of the law, there is a catch-all clause in the DUI regulation. The clause means that if the exporter is aware that the product, software or technology in question may be used for weapons of mass destruction or for military purposes, it may then be subject to export control even if the product is not listed in Appendix I of the DUI regulation.
If the person exporting is aware that DUIs not listed in Annex I of the DUI Regulation, wholly or partially, are intended for weapons of mass destruction or for military purposes, the ISP must be informed. The ISP subsequently determines whether or not the product is covered by the requirement for a permit.
Sanctions
Export is permitted unless there are special reasons to the contrary. Sometimes sanctions are placed on countries, companies or individuals, which means that restrictions on freedom of trade are introduced. The sanctions that apply in Sweden are decided upon by the UN or EU. Examples of sanction measures are weapons embargos, financial sanctions, prohibitions against equipment that can be used for internal repression and prohibition and permit requirements for the export or import of certain goods and certain technologies.
Support and guidance
Administrators for export control are appointed within the faculties that are repeatedly affected by issues around export control. They act as local support to the organisational unit and assist with information and advice. They can also assist in preparing export control matters for processing.
The Export Control Officer at LU Estates provides university-wide support in the form of coordination, information and advice on export control.
On-line education: Export Controls for Higher Education Institutions
Course about export control regulations on items (including materials, software and technology) of strategically sensitive products/items. This course is developed for researchers and other professionals working at Swedish higher education institutions.
The course gives answer to questions like these:
- Why is the export control regulation important to know about?
- What is dual-use items?
- What is military equipment?
- How do you classify products in research and education according to the export control regulation?
Link to the course in English:
Links to further information
Introduction to and regulatory framework for export control, Inspectorate of Strategic Products (ISP) website:
Read more on the ISP website
Information on export control concerning category 0, Swedish Radiation Safety Authority website:
Read more on the Swedish Radiation Safety Authority website (in Swedish)
Recommendation for research on DUIs, introduction and guidance:
Read more on the ISP website (in Swedish)
Government Office, current sanctions:
Read more at Regeringen.se
Related to export control: the Screening of Foreign Direct Investment Act
The Act (2023:560) relating to foreign direct investment covers investments in a number of protection-worthy activities. The act aims to enable the prevention of foreign investments in protection-worthy activities, information or technology with implications for Sweden’s security, but it also affects completely Swedish organisations. The law has implications for the University since certain listed protected activities must be reported to the ISP before they begin.
The act describes what is meant by protection-worthy activities in the context of foreign direct investment. Among the activities are research about military equipment, DUIs and technical knowledge within emerging technologies or other strategically protection-worthy technology. Even the large-scale processing of sensitive personal data or location data in or through a product or service and certain essential services are covered.
When the University and one or more external parties enter into an agreement to collaborate for a common purpose, for example in a research project, the law applies if the subject matter of the collaboration falls within the meaning of the law as protection-worthy activities. The University is not necessarily prevented from carrying out activities covered by the law, but the activities must be reported to and assessed by the ISP before they begin. A special department within ISP manages and provides information about this, see contact details on ISP’s website:
Foreign direct investment – ISP
Questions about which activities may be protection-worthy should be addressed in the first instance to the faculty’s local export control administrators or, if there are no such administrators, the export control officer at LU Estates.
Questions about what the Screening of Foreign Direct Investment Act entails should be addressed to the Legal Division.
Contact details for the Legal Division on matters of contract law
Contact
Robert Collin
Acting CISO,
Chief Information Security Officer
Assistant Security Protection Officer
Security coordinator
+46 46 222 69 29
robert [dot] collin [at] bygg [dot] lu [dot] se