On April 21, 2026, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) amended the Export Administration Regulations (EAR), adding cryptographic modules implementing China’s SM2 and SM4 algorithms — specifically those used for key negotiation and firmware signing in on-board chargers (OBCs) — to EAR Supplement No. 7. This regulatory update directly affects Chinese OBC manufacturers’ technology licensing, joint development, and integrated export activities with U.S. partners, prompting North American EV charging infrastructure integrators to urgently assess alternative supply chain options.

Event Overview

The U.S. Bureau of Industry and Security (BIS) updated the Export Administration Regulations (EAR) on April 21, 2026. The amendment explicitly lists cryptographic modules based on China’s national cryptography standards SM2 and SM4 — when deployed in on-board chargers (OBCs) for key negotiation and firmware signature verification — in EAR Supplement No. 7 (‘Commerce Control List’). This change is now in effect and publicly confirmed via official BIS notice.

Industries Affected by Segment

Chinese OBC Manufacturers

These firms are directly impacted because their OBC products incorporating SM2/SM4-based secure boot or firmware update mechanisms now fall under U.S. export controls — even if no U.S.-origin components are used. Impact manifests in three areas: restrictions on technology licensing agreements with U.S. entities; limitations on joint R&D projects involving U.S. engineers or software tools subject to EAR; and potential denial of export licenses for complete OBC units destined for integration into U.S.-bound EV charging systems.

North American EV Charging Infrastructure Integrators

Integrators that source OBCs from Chinese suppliers — especially those embedding SM2/SM4 for secure communication or OTA updates — must now reassess compliance exposure. Their impact centers on delayed project timelines, increased due diligence costs, and possible redesign requirements to replace or bypass controlled crypto functions. Some integrators may face requalification of entire charging station platforms if OBC firmware signatures fall under EAR-controlled functionality.

Technology Licensing & IP Collaboration Firms

Firms facilitating cross-border IP licensing (e.g., crypto library providers, firmware security consultants) face new review thresholds. Agreements covering SM2/SM4 implementation guidance, test vectors, or integration support for OBCs may now require BIS license authorization — irrespective of whether the underlying code is open-source or developed domestically.

What Relevant Enterprises or Practitioners Should Monitor and Do Now

Track official BIS clarifications and licensing guidance

BIS has not yet published FAQs or advisory notes specific to OBC implementations of SM2/SM4. Enterprises should monitor the Federal Register and BIS website for interpretive bulletins — particularly regarding de minimis thresholds, encryption item classification (ECCN 5A002 vs. 5D002), and potential license exceptions (e.g., ENC).

Map crypto functionality across current OBC product lines

Manufacturers and integrators should conduct internal technical audits to identify which OBC models use SM2/SM4 for key exchange, firmware signing, or secure boot — and whether those functions are enabled by default, configurable, or hardware-bound. This mapping is essential for accurate ECCN self-classification and license application preparation.

Distinguish between policy signal and operational impact

This rule change reflects a targeted expansion of existing controls — not a blanket ban. Enforcement focus is likely limited to cases where SM2/SM4 modules are integral to system-level security architecture (e.g., preventing unauthorized firmware updates). Standalone algorithm documentation or non-integrated test implementations may remain outside scope — but formal confirmation awaits BIS guidance.

Prepare contingency plans for procurement and certification

Integrators should initiate parallel sourcing evaluations for OBCs using FIPS-140 validated or NIST-approved alternatives (e.g., ECDSA with P-256, AES-256-GCM), and engage third-party labs early to validate cryptographic module compliance with U.S. import requirements. Internal documentation of design rationale and crypto usage context should be updated to support future license applications.

Editorial Observation / Industry Perspective

From an industry perspective, this amendment is best understood as a calibrated escalation in export control alignment with broader U.S. technology security priorities — rather than an abrupt disruption. Analysis来看, it signals growing U.S. scrutiny of cryptographic sovereignty features embedded in EV powertrain subsystems, especially where such features could impede remote diagnostics, cybersecurity oversight, or firmware integrity verification by foreign operators. Observation来看, the timing coincides with accelerated deployment of bidirectional V2X-capable OBCs, suggesting BIS is proactively addressing emerging attack surfaces. Current更值得关注的是 how narrowly or broadly BIS interprets ‘key negotiation’ and ‘firmware signature’ in practice — a determination that will define real-world enforcement scope far more than the regulation’s text alone.

In summary, this EAR update does not prohibit all OBC trade or collaboration, but introduces a new compliance layer tied specifically to cryptographic implementation choices in vehicle power electronics. It underscores that cryptographic design decisions — once considered purely technical — now carry direct regulatory weight in cross-border EV infrastructure value chains. For stakeholders, the most constructive approach is to treat this as a technical compliance checkpoint requiring precise scoping, documentation, and proactive engagement with regulatory frameworks — not as an insurmountable barrier.

Source: U.S. Department of Commerce, Bureau of Industry and Security (BIS), Final Rule amending 15 CFR Parts 730–774, published April 21, 2026. Note: Interpretation of implementation scope, eligibility for license exceptions, and enforcement posture remains subject to ongoing BIS guidance and case-by-case review.