Export Compliance Policy

Updated on January 1, 2020

1. Purpose

Idera, Inc. and its subsidiaries (a comprehensive list of all Idera’s subsidiaries is available at (collectively, the “Company”) maintains an Export Compliance Policy (this “Policy”) prohibiting any export, reexport, transfer (includes in-country transfer) in violation to U.S. Export Laws, to which all of the Company’s products are subject. The Department of Commerce’s Bureau of Industry and Security (“BIS”) controls the export of most commercial products. While only a small percentage of exports under BIS’s jurisdiction require an export license, a product’s technical characteristics, the destination country, the end user, and a product’s end use must be examined in determining whether an export license is required. Details of the U.S. Commercial Encryption Export controls can be found at the BIS website.

2. Scope

This Policy applies to the Company’s operations worldwide and to all directors, officers and employees of the Company, its subsidiaries and affiliates. Violations of this Policy or applicable regulations will be grounds for disciplinary action up to and including termination. The Company also expect that our business partners fully understand and comply with their obligations under U.S. export and other international trade laws. Failure to do so will be grounds for immediate termination of the business relationship with any such business partner.

The Company’s compliance team is responsible for ensuring that all departments acknowledge, read and understand this Policy.

3. Policy

The first step for deciding whether or not a product requires an export license is determining if it has a specific Export Control Classification Number (“ECCN”) by checking the U.S. Export Administration Regulations (“EAR”). Please note that the EAR applies to all U.S.-origin items, and thus can apply to both U.S. and non-U.S. exports (to the extent U.S. origin content is incorporated in any non-U.S. exports). If a product has a five-character ECCN code, the EAR will also list one or more reasons why it is controlled. Businesses use these reasons for control to help them determine if they need to apply for an export license based on the countries to which they are exporting. Products that do not have an ECCN code and are not subject to control by any other U.S. agency are designated as EAR99. Products classified as EAR99 are low technology consumer goods and usually do not require an export license. However, even EAR99 items require licenses for exporting to embargoed countries, to a restricted party, or in support of a prohibited end use.

The Company analyses all of its products’ technical characteristics and determines the ECCN for each of its product, including all products that are designated as EAR99. The compliance team together with the legal department are responsible for overseeing and analysing the Export Compliance Product Questionnaire. To the extent applicable, the Company will apply for an export license with the BIS.

The Company revenue manager (for entities incorporated in the U.S.) and the Finance Director (for entities incorporated overseas) (collectively, the “Stakeholders”) are responsible for ensuring that employees who report to them, directly or indirectly, comply with the Restricted Party Screening Policy and complete any certification and training required of them.

Prohibited End Users

In accordance with United States’ and applicable export control and economic sanctions laws and regulations, all Company products and services* are prohibited for export/reexport/transfer (includes in-country transfer) to or access by the following:

  • Any company or national of Cuba, Iran, North Korea, Sudan, Syria, and the Crimea region. Export licensing of commodities or services intended for these countries is presumed denied;
  • Re-export to these countries is prohibited; you may not proceed with any proposed transaction if you "know or have reason to know" it would be contrary to U.S. or applicable laws or regulations;
  • Any customer you know or have reason to know, who is involved in the design, development, manufacture or production of nuclear technology, or nuclear, biological or chemical "weapons of mass destruction."
  • Please note: cloud access and/or download from these countries or regions is considered an export under U.S. export and applicable economic sanctions laws and regulations and is therefore prohibited.

*The Company’s products and services include, but are not limited to, programs, integrated software, support, operating systems, product technical data, educations, consulting, cloud services.

Restricted Party Screening

Before finalizing any sales transaction, a Stakeholders must screen the contact information for the prospective customer (i.e. name, address, country, phone number) against the Consolidated Screening List (“CSL”), which is a consolidation of multiple export screening lists of the Departments of Commerce, State and the Treasury and may be used as an aid to industry in conducting electronic screens of potential parties to regulated transactions. The parties listed in the CSL are restricted by the United States Government on exports, reexports or transfers of items.

In the event that a company, entity or person on the list appears to match a prospective customer or a party potentially involved in the Company export transaction, additional due diligence should be conducted before proceeding. To that end, a Stakeholder should email all information to [email protected] for proper review and analysis. The compliance team will work together with the Company’s legal department to determine if the match was a “false positive” or a “valid match”.


Ongoing training of all Company personnel involved in the export process including all management, sales and support staff is part of the Company’s corporate compliance program.

Reporting and Non-Retaliation

Report any conduct that you believe to be a violation of this Policy, either directly to a member of the Compliance team at [email protected] or to the Company’s Legal Department at [email protected]. Your detailed notes and/or emails will be dealt with confidentiality, unless it is necessary to share such information in order to address the matter appropriately. Regardless, you have the Company’s commitment that you will be protected from retaliation.

The Company will not tolerate retaliation against an Employee for reporting a concern in good faith or for cooperating with a compliance investigation, even when no evidence is found to substantiate the report.

A failure to report known or suspected wrongdoing in connection with the Company’s business of which an employee, business associate or agent has knowledge may, by itself, subject that individual to disciplinary action.

Further Information

If you have any questions or concerns relating to this Policy, consult your manager, the Company’s Legal Department at [email protected] or a member of the Compliance Team at [email protected]. If you learn of any conduct that you believe may violate this Policy, report it immediately by any of the means listed under the heading “Reporting and Non-Retaliation” above.