App Store Connect Help

Support / App Store Connect / Manage app information / Overview of export compliance

Manage app information

Overview of export compliance

If your app uses, accesses, contains, implements, or incorporates encryption, and you intend to upload, test, and distribute your app, you’ll need to determine your export compliance requirements in App Store Connect.

Examples of apps requiring an export compliance determination include, but aren’t limited to, apps that use:

  • Standard encryption algorithms.

  • Crypto functionality within Apple’s operating system.

  • Proprietary or non-standard encryption algorithms. The U.S. Government defines "non-standard cryptography" as any implementation of “cryptography” involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body (e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and have not otherwise been published.

Please note that it’s your responsibility to review the Export Administration Regulation to determine if your app’s use of encryption requires a formal classification (Commodity Classification Automated Tracking System or CCATS) from BIS. All liabilities associated with misinterpretation of export regulations or claiming exemption inaccurately are your responsibility. To learn about encryption export controls, search for “encryption policy” on the U.S. Department of Commerce Bureau of Industry and Security (BIS) website. The import and export of encryption apps distributed in France are also controlled by the Government of France. The main items of control for France are Secure Storage, Secure Communications, and Security Anti-Virus applications. Exemptions include Banking and Medical applications. For more information about these French controls, visit the Agence nationale de la sécurité des systèmes d’information (ANSSI) website.

When you submit a new version of your app, you’ll need to answer questions in App Store Connect about your app's use of encryption. Follow the steps below before submitting your app to App Review to ensure that you’re submitting the right documentation and to bypass these questions if your app doesn’t use encryption.

Determine your export compliance requirements

App Store Connect provides a simple way for you to determine your export compliance requirements by presenting you with a set of questions about your app and where you plan to make it available. Complete the following next steps based on the results of your answers:

Scenario

Next Steps

No export compliance documentation required

Update your app’s information property list (Info.plist) file in Xcode so that you don’t need to answer encryption questions with each app submission.

Export compliance documentation required