Overview of export compliance

If your app uses, accesses, contains, implements, or incorporates encryption, and you intend to upload, test, and distribute it, you need to determine your export compliance requirements in App Store Connect.

Examples of apps requiring an export compliance determination include, but aren’t limited to, apps that use:

Standard encryption algorithms.
Crypto functionality within Apple’s operating system.
Proprietary or non-standard encryption algorithms. The U.S. Government defines "non-standard cryptography" as any implementation of “cryptography” involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body (e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and haven’t otherwise been published.

Please note that it’s your responsibility to review the Export Administration Regulation to determine whether your app's use of encryption requires a formal classification (Commodity Classification Automated Tracking System or CCATS) from BIS. You are responsible for all liabilities associated with misinterpretation of export regulations or claiming exemption inaccurately. To learn about encryption export controls, search for "encryption policy" on the U.S. Department of Commerce Bureau of Industry and Security (BIS) website. The import and export of encryption apps distributed in France are also controlled by the French Government. The main items of control for France are Secure Storage, Secure Communications, and Security Anti-Virus applications. Exemptions include Banking and Medical applications. For more information about these French controls, visit the Agence nationale de la sécurité des systèmes d’information (ANSSI) website.

When you submit a new version of your app, you’ll need to answer questions in App Store Connect about your app's use of encryption. Follow the steps below before submitting your app to App Review to ensure that you’re submitting the right documentation and to bypass these questions if your app doesn’t use encryption.

Determine your export compliance requirements

App Store Connect provides a simple way for you to determine your export compliance requirements by presenting you with a set of questions about your app and where you plan to make it available. Based on your answers, complete the following steps:

Scenario				Next Steps
No export compliance documentation required				Update your app’s information property list (Info.plist) file in Xcode so that you don’t need to answer encryption questions with each app submission.
Export compliance documentation required				Use App Store Connect to submit your app encryption documentation. Once the documentation is approved, attach it to your beta build or app version build. Update your app’s information property list (Info.plist) file in Xcode so that you don’t need to answer encryption questions with each app submission.