Is there an official Export Control statement as fo RHEL?

Dear Rocky Linux community, thanks for the great work you are doing, I have an Export Control question, I saw on product page " Rocky Linux rebuilds sources directly from RHEL®", "Export Compliance/Customs Information By downloading Rocky software, you acknowledge that you understand all of the following:

Rocky software and technical information may be subject to the U.S. Export Administration Regulations (the “EAR”) and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to a prohibited destination country under the EAR or U.S. sanctions regulations (currently Cuba, Iran, North Korea, Syria, and the Crimea Region of Ukraine, subject to change as posted by the United States government); (b) to any prohibited destination or to any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (c) for use in connection with the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems." BUT to know if it is dual use I need a classification statement on ECCN. is available or not applicable as for Red Hat Enterprise Linux 9.x, Includes all versions of RHEL 9 Includes all RHEL 9 add-ons: ECCN: 5D992.c for Mass Market, isit the same for Rocky Linux? Can you please confirm?, Thank you very much

There was a chat already on Rocky Mattermost Off-topic channel about this, and the ECCN for Rocky is exactly the same as the one you mentioned above (based on the reply I already saw on Mattermost). Rocky is the same as RHEL, so the ECCN are the same as well.

1 Like

Hi Everyone, I got an offcial statement from a RESF Rocky Linux memeber, which is the following:

Rocky Linux is under ECCN 5D002. Rocky Linux in source code and binary code form is publicly available and is not subject to the EAR in accordance with §742.15(b). We have met the notification requirement outlined in §742.15(b) of the EAR. CCATS is not applicable.

The only problem now is that what is stated on download page (similar assertion was on CentOS page,as precaution I beleive) contraddict statement I received, and external Auditors may became confuse.
Is it possible to update the Export Control statement in the download page as for above?

Thank you everyone

Hi Adolf. After further research it appears that you are correct, the appropriate ECCN for Rocky Linux is 5D992.c.

5D002 was inherited from older CentOS documentation, the regulations were relaxed in 2021.

I will be conferring with a lawyer to publish a conclusive notice of all the regulatory information necessary for Rocky Linux users.


Dear Brian, is there any update on the Rocky Linux Export Control classification? On the Download page I still see the previous generic statement. I’m sorry for my tedious but necessary request. Kind regards Adolf