Update as of 20th September 2016

截至 2016 年 9 月 20 日的更新

ERN's are no longer required, so it seems many apps will no longer need to register with the US government. (Though you may still need to file a bi-annual Supp. No. 8 to Part 742 report.) http://www.bis.doc.gov/InformationSecurity2016-updates

不再需要 ERN，因此许多应用程序似乎不再需要向美国政府注册。（尽管您可能仍需要提交一份两年一次的第 8 号补充报告，适用于第 742 部分。）http://www.bis.doc.gov/InformationSecurity2016-updates

(Thanks to @EugenioDeHoyos and @user3562927 for pointing this out!)

（感谢@EugenioDeHoyos 和@user3562927 指出这一点！）

French Government registration is still required to sell in France.

在法国销售仍然需要法国政府注册。

The iTunes Connect FAQshave been updated to cover this change and are the most readable reference I've found.

在iTunes Connect的常见问题已更新来弥补这一变化，是最可读的参考，我发现。

Old Answer

旧答案

The process has changed, as of Summer 2010, and you (probably) need an ERN now, not a CCATS as was necessary at the time John wrote his answer.

从 2010 年夏季开始，流程发生了变化，您（可能）现在需要一个 ERN，而不是约翰写他的答案时所必需的 CCATS。

See Apple iTunes export restrictions on apps. The iTunes connect faq also contains a lot of useful information on export compliance.

请参阅Apple iTunes 对应用程序的导出限制。iTunes Connect 常见问题解答还包含许多有关出口合规性的有用信息。

There are also now restrictions that apply to distributing apps with encryption on the French app store - see the itunes connect FAQ and the French Export Compliance thread on the devforums.

现在还有一些限制适用于在法国应用商店上分发加密的应用程序 - 请参阅 itunes connect 常见问题解答和devforums 上的法国出口合规主题。

Now in November 2017...

现在在 2017 年 11 月...

This is legal stuff really, so this is pointers to what I've found useful and how I've interpreted things. Don't take it as advice (it's not).

这真的是合法的东西，所以这是我发现有用的东西以及我如何解释事物的指针。不要把它当作建议（不是）。

The Apple FAQ as mentioned in other answers here is an excellent starting place: https://itunespartner.apple.com/en/apps/faq/Managing%20Your%20Apps_Export%20Compliance

此处其他答案中提到的 Apple 常见问题解答是一个很好的起点：https: //itunespartner.apple.com/en/apps/faq/Managing%20Your%20Apps_Export%20Compliance

This leads to doing the following: In iTunes Connect, go to your App. Pick the 'features' tab at the top and select 'Encryption' on the side. Click 'Add Export Compliance Documentation for iOS' in the main page. First question says: 'Export Compliance: Is your app designed to use cryptography...' Choose 'Yes'. The following questions says (and I copy and paste):

这会导致执行以下操作： 在 iTunes Connect 中，转到您的应用程序。选择顶部的“功能”选项卡，然后选择侧面的“加密”。单击主页中的“添加适用于 iOS 的出口合规文档”。第一个问题是：“出口合规性：您的应用程序是否旨在使用加密技术...”选择“是”。以下问题说（我复制并粘贴）：

Does your app meet any of the following:
(a) Qualifies for one or more exemptions provided under category 5 part 2
(b) Use of encryption is limited to encryption within the operating system (iOS or macOS)
(c) Only makes call(s) over HTTPS
(d) App is made available only in the U.S. and/or Canada

您的应用是否满足以下任一条件：
(a) 符合第 5 类第 2 部分规定的一项或多项豁免条件
(b) 加密的使用仅限于操作系统（iOS 或 macOS）内的加密
(c) 仅拨打电话（ s) 通过 HTTPS
(d) 应用程序仅在美国和/或加拿大可用

(c) is the SSL style reference (as per your question), so select Yes to this question. [Note the bottom of the guidance on this screen has a link to the above FAQ link]

(c) 是 SSL 样式参考（根据您的问题），因此对此问题选择是。[请注意，此屏幕上的指南底部有一个指向上述常见问题解答链接的链接]

In selecting 'Yes' one of the popup-guidance box says (and I quote):

在选择“是”时，弹出式指导框之一说（我引用）：

If you are making use of ATS or making a call to HTTPS please note that you are required to submit a year-end self classification report to the US government. Learn more

如果您正在使用 ATS 或调用 HTTPS，请注意您需要向美国政府提交年终自我分类报告。了解更多

And back in the FAQ, a key quote is:

回到常见问题解答中，关键引用是：

Why does my app require an encryption review if I don't live in the United States? Can I bypass the encryption review if I only release my app in my home country?

Your app will be uploaded to an Apple server in the U.S., which means that your app will be exported from the U.S. and is subject to U.S. export laws. This requirement applies even if you only plan to distribute within your own country.

如果我不住在美国，为什么我的应用程序需要加密？如果我只在我的祖国发布我的应用程序，我可以绕过加密吗？

您的应用程序将上传到美国的 Apple 服务器，这意味着您的应用程序将从美国出口并受美国出口法律的约束。即使您只计划在您自己的国家/地区进行分发，此要求也适用。

The last bit I think answers the 2nd bit of your question... You still have to comply even if you're not in the US and even if you don't intend to distribute outside your own country...

我认为最后一点回答了你的问题的第二点......即使你不在美国，即使你不打算在你自己的国家以外分发，你仍然必须遵守......

So, as of what I read today (in November 2017), if using SSL (HTTPS) in an iOS App, even if outside the US, boxes need to be ticked within iTunes Connect... (The process started under the 'features tab' described above). Beyond this, you then need to make an annual self classification report.

因此，就我今天（2017 年 11 月）所读到的内容而言，如果在 iOS 应用程序中使用 SSL (HTTPS)，即使在美国境外，也需要在 iTunes Connect 中勾选框......（该过程在“功能标签'如上所述）。除此之外，您还需要制作年度自我分类报告。

The link in the Apple FAQ relating to this is currently broken (as I write this), but this link is useful: https://www.bis.doc.gov/index.php/policy-guidance/product-guidance/high-performance-computers/223-new-encryption/1238-how-to-file-an-annual-self-classification-report

Apple FAQ 中与此相关的链接目前已损坏（在我撰写本文时），但此链接很有用：https: //www.bis.doc.gov/index.php/policy-guidance/product-guidance/high -performance-computers/223-new-encryption/1238-how-to-file-an-annual-self-classification-report

This page includes the email addresses to send your report to (you have to send it to 2 places), when it must be sent and what format and information needs to be sent (a carefully created very prescribed .csv file) I failed to find this with the bis.doc.gov search engine, but found it using a general search engine searching for 'year-end Self Classification Report'. So if this particular link dies in the future, this search might help find any replacement :)

此页面包括将您的报告发送到的电子邮件地址（您必须将其发送到 2 个地方）、必须发送的时间以及需要发送的格式和信息（精心创建的非常规定的 .csv 文件）我没有找到这是通过 bis.doc.gov 搜索引擎找到的，但使用通用搜索引擎搜索“年终自我分类报告”找到了它。因此，如果此特定链接将来失效，此搜索可能有助于找到任何替代品:)

As to details of how to craft this .csv file for an iOS App using SSL I'm not sure yet - I hope to have success and will edit this post with details if it seems appropriate.

至于如何使用 SSL 为 iOS 应用程序制作此 .csv 文件的详细信息，我还不确定 - 我希望能取得成功，如果合适，我会编辑这篇文章的详细信息。

Towards this though, in this linked doc: https://www.bis.doc.gov/index.php/documents/new-encryption/1651-740-17-enc-table/file(which you might need to zoom in to read) I figure the relevant line is the 3rd one (b)(1) as the submission requirements match. It refers to having to

尽管如此，在这个链接的文档中：https: //www.bis.doc.gov/index.php/documents/new-encryption/1651-740-17-enc-table/file（您可能需要放大阅读）我认为相关行是第三行（b）（1），因为提交要求匹配。它指的是必须

submit Supp. 8, part 742, by email

提交补充。8，第 742 部分，通过电子邮件

This document also has an ECCN column, and I'm getting to thinking the relevant ECCN number is 5A002 dot something

该文档还有一个 ECCN 列，我开始认为相关的 ECCN 编号是 5A002 dot something

This next document has more details about picking the correct ECCN code:

下一个文档包含有关选择正确 ECCN 代码的更多详细信息：

https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file

https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file

Reading this my current best guess is that if SSL is being used as a small part of an App this relates to code 5A002.a.4

阅读这篇我目前最好的猜测是，如果 SSL 被用作应用程序的一小部分，这与代码 5A002.a.4 相关

UPDATE:

更新：

So at the bottom of bis.doc.gov guidance the description for creating the .csv file says:

所以在 bis.doc.gov 指南的底部，创建 .csv 文件的描述说：

• First line of the annual self-classification report must consist of the following 12 entries: PRODUCT NAME, MODEL NUMBER, MANUFACTURER, ECCN, AUTHORIZATION TYPE, ITEM TYPE, SUBMITTER NAME, TELEPHONE NUMBER, E-MAIL ADDRESS, MAILING ADDRESS, NON-U.S. COMPONENTS, NON-U.S. MANUFACTURING LOCATIONS.
• No entry may be left blank.
• PRODUCT NAME and ECCN must be completed.
• For MODEL NUMBER and MANUFACTURER, if necessary, enter "NONE" or "N/A".
• For AUTHORIZATION TYPE, enter ENC or MMKT.
• For ITEM TYPE, pick from the list of item types provided in the Supp. 8 to Part 742 (a)(6).
• Column headers SUBMITTER NAME through NON-U.S. MANUFACTURING LOCATIONS relate to the company as a whole, and thus should be entered the same for each product (i.e., only one point of contact, one ‘YES' or ‘NO' answer to whether any of the reported products incorporate non-U.S. sourced encryption components, and one list of non-U.S. manufacturing locations, is required for the report). Duplicate this information into each row of the spreadsheet
• The only permitted use of a comma is the necessary separator between the 12 entries for each line item. The only commas allowed are the ones inserted automatically during spreadsheet conversion.

• 年度自我分类报告的第一行必须包含以下 12 个条目：产品名称、型号、制造商、ECCN、授权类型、项目类型、提交者名称、电话号码、电子邮件地址、邮寄地址、非美国组件，非美国制造地点。
• 任何条目不得留空。
• 必须填写产品名称和 ECCN。
• 对于 MODEL NUMBER 和 MANUFACTURER，如有必要，输入“NONE”或“N/A”。
• 对于授权类型，输入 ENC 或 MMKT。
• 对于 ITEM TYPE，从 Supp 中提供的项目类型列表中进行选择。8 至第 742 (a)(6) 部分。
• 列标题 SUBMITTER NAME 到 NON-US MANUFACTURING LOCATIONS 与整个公司相关，因此应该为每个产品输入相同的内容（即，只有一个联系人，一个“是”或“否”回答是否有任何一个报告的产品包含非美国采购的加密组件，报告需要一份非美国制造地点的清单）。将此信息复制到电子表格的每一行中
• 唯一允许使用的逗号是每个行项目的 12 个条目之间的必要分隔符。唯一允许的逗号是在电子表格转换过程中自动插入的逗号。

Using Supplement No. 8 to Part 742—Self-Classification Report for Encryption Itemsfor further guidance, I got to a .csv file like this:

使用742 部分的第 8 号补充资料—加密项目的自分类报告作为进一步指导，我得到了一个 .csv 文件，如下所示：

PRODUCT NAME, MODEL NUMBER, MANUFACTURER, ECCN, AUTHORIZATION TYPE, ITEM TYPE, SUBMITTER NAME, TELEPHONE NUMBER, E-MAIL ADDRESS, MAILING ADDRESS, NON-U.S. COMPONENTS, NON-U.S. MANUFACTURING LOCATIONS
[my-app-name] iOS App,[my-App-version-number],SELF,5A002,ENC,Link encryption,[My-name],[my-phone-number],[my-email],[my address with no commas],YES,[my-location]

Note that this should be well a well formed .csv file which this isn't quite. I suggest creating something in a spreadsheet and saving as a .csv

请注意，这应该是一个格式良好的 .csv 文件，但这并不完全正确。我建议在电子表格中创建一些内容并保存为 .csv

Also note that this is not an advised result - it's my best interpretation as an unqualified individual having had no advice. The example .csv at the bottom of the bis.doc.gov guidance helped me further and seemed to suggest that the ECCN could just be 5A002 without further detail. The ITEM TYPE has to be picked from the list in Supplement number 8 - something else might fit the nature of your App better. I wasn't so sure on MODEL NUMBER, but the example looked like it was using version number type descriptions. Maybe App Apple ID would be better here. Given it's optional, it might not matter...

另请注意，这不是建议的结果 - 这是我作为一个没有建议的不合格个人的最佳解释。bis.doc.gov 指南底部的示例 .csv 对我有进一步的帮助，似乎暗示 ECCN 可能只是 5A002，而没有进一步的细节。ITEM TYPE 必须从 Supplement number 8 的列表中选择 - 其他可能更适合您的应用程序的性质。我对 MODEL NUMBER 不太确定，但该示例看起来像是使用了版本号类型描述。也许App Apple ID在这里会更好。鉴于它是可选的，这可能无关紧要......

UPDATE (Jan 2019): Finally made my submission for 2018 and went for:

更新（2019 年 1 月）：终于提交了我 2018 年的提交并进行了：

PRODUCT NAME, MODEL NUMBER, MANUFACTURER, ECCN, AUTHORIZATION TYPE, ITEM TYPE, SUBMITTER NAME, TELEPHONE NUMBER, E-MAIL ADDRESS, MAILING ADDRESS, NON-U.S. COMPONENTS, NON-U.S. MANUFACTURING LOCATIONS
[my-app-name] iOS App,N/A,SELF,5A002,ENC,Link encryption,[My-name],[my-phone-number],[my-email],[my address with no commas],NO,[my-location]

The changes were to put 'N/A' as the Model Number and 'NO' for NON-U.S. COMPONENTS. 'NO' because there are no bought-in components to my App (US or NON-US) - the encryption code is just the iOS encryption library.

更改是将“N/A”作为型号，将“NO”作为非美国组件。“不”，因为我的应用程序（美国或非美国）没有购买组件 - 加密代码只是 iOS 加密库。

I actually went back to Apple and it turns out that any application using SSL doesneed approval (unfortunately). There are apparently some exceptions, such as if the application uses SSL only for a single payment transaction.

我实际上回到了 Apple，结果证明任何使用 SSL 的应用程序都需要批准（不幸的是）。显然有一些例外，例如如果应用程序仅将 SSL 用于单个支付交易。

There is more information in Mass Market Encryption CCATS Commodity Classification for iPhone Applications in 8 Easy Stepsand iPhone Encryption Export Compliance for Apps making HTTPS (TLS) Connections.

在 8 个简单步骤中针对 iPhone 应用程序的大众市场加密 CCATS 商品分类和 iPhone 加密出口合规性进行 HTTPS (TLS) 连接的应用程序中有更多信息。

All these answers are obsolete as of September 20th, 2016. I just got off the phone with the SNAP-R folks (government), and they said that new legislation landed on September 20th. The new regulation removes the requirement to register your app simply because it uses encryption.

截至 2016 年 9 月 20 日，所有这些答案都已过时。我刚刚与 SNAP-R 人员（政府）通了电话，他们说新的立法于 9 月 20 日登陆。新法规取消了注册您的应用程序的要求，因为它使用了加密。

I described my app (a game) to them, and they said it's an "EAR-99", which means that I don't have to register. It's likely that Apple is about to update their website. But in the meantime, if you're trying to go through this process because you use SSL/HTTPS, just stop now. You won't even be successful in filling out the forms, because they have changed significantly.

我向他们描述了我的应用程序（一个游戏），他们说它是“EAR-99”，这意味着我不必注册。苹果很可能即将更新他们的网站。但与此同时，如果您因为使用 SSL/HTTPS 而尝试完成此过程，请立即停止。您甚至无法成功填写表格，因为它们已经发生了重大变化。

I found this article from someone who went through the process recently (Dec 2015) extremelyhelpful. The overall consensus seems to be that you really do need to go through this process even if you are just using a REST call that utilizes SSL. This article will help you run through the process quickly.

我发现最近（2015 年 12 月）经历过这个过程的人写的这篇文章非常有帮助。总体共识似乎是，即使您只是使用利用 SSL 的 REST 调用，您也确实需要完成此过程。本文将帮助您快速完成整个过程。

https://carouselapps.com/2015/12/15/legally-submit-app-apples-app-store-uses-encryption-obtain-ern/

https://carouselapps.com/2015/12/15/legally-submit-app-apples-app-store-uses-encryption-obtain-ern/

I ran across this question earlier today and thought I'd come back to report my experience.

我今天早些时候遇到了这个问题，并认为我会回来报告我的经历。

Check out: http://tigelane.blogspot.com/2011/01/apple-itunes-export-restrictions-on.htmlfor a procedure that worked well for me (be sure to read the whole thing including the comments -- there have been some changes since the original post, mostly for the better, and the updated info is in the comments).

查看：http: //tigelane.blogspot.com/2011/01/apple-itunes-export-restrictions-on.html了解一个对我来说效果很好的程序（一定要阅读包括评论在内的全部内容——那里自原始帖子以来发生了一些变化，主要是为了更好，更新的信息在评论中）。

The process is pretty streamlined now (except for Safari and Chrome not recognizing their own site's SSL certificate. A little ironic there. :-); I got approval about 10-15 minutes after submitting the info.

这个过程现在非常简化（除了 Safari 和 Chrome 无法识别他们自己网站的 SSL 证书。有点讽刺。:-)；提交信息后大约 10-15 分钟我得到了批准。

I'd guess that this has become a routine thing for them (at least if you're only using SSL rather than some kind of exotic crypto).

我猜这对他们来说已经成为例行公事（至少如果你只使用 SSL 而不是某种奇异的加密）。

Because the app is setting up and using secure SSL connections it is considered an encryption product. The US export controls depend on whether you use encryption, not where you find it. It doesn't matter that you are using a built-in function instead of writing your own, using a commercial library, or using a specialized processor--it is still an encryption item.

由于该应用程序正在设置和使用安全 SSL 连接，因此它被视为一种加密产品。美国的出口管制取决于您是否使用加密，而不是您在哪里找到它。使用内置函数而不是编写自己的函数、使用商业库或使用专用处理器都没有关系——它仍然是一个加密项。

Check out the BIS web site at www.bis.doc.gov/encryption or call the help desk at 202-482-0707 if you want to discuss the particulars of your app. If you find out you need an encryption classification then the link for the SNAPR is there too.

如果您想讨论您的应用程序的详细信息，请访问 BIS 网站 www.bis.doc.gov/encryption 或致电 202-482-0707 致电帮助台。如果您发现需要加密分类，那么 SNAPR 的链接也在那里。