Global Trade Compliance

1. Policy 

Nozomi Policy on Export Controls and Trade Sanctions

It is the policy of Nozomi Networks, Inc. (“Nozomi” or the “Company”) to comply fully with all relevant export control and trade sanctions laws and regulations including, but not limited to, those of the United States. The export-related requirements and procedures outlined below in the Export Compliance Manual (section 2, the “Manual”), must be followed by all Nozomi employees, contractors (collectively referred to herein as “personnel”), and all partners and vendors engaged in business activities with Nozomi Networks, to meet the Company’s compliance obligations.

The Nozomi Export Compliance Leader must be consulted with any questions regarding the laws and regulations covered by this Policy and must be notified of any suspected export violations. Violations of the laws and regulations described in this Policy can result in criminal and civil penalties, and personnel who violate this Policy may be subject to corporate discipline, including termination. However, no personnel will be discharged suspended or demoted for good faith reporting of suspected violations.

‍

2. Export Compliance Manual

2.1 Introduction and Purpose

2.1.1 Company Overview

Nozomi Networks is the leader in OT & IoT security for critical infrastructure. Nozomi’s platform uniquely combines network and endpoint visibility, threat detection, and AI-powered analysis for fast, effective incident response. Customers around the world rely on Nozomi to minimize risk and complexity while maximizing operational resilience.

From day one, Nozomi’s solutions have been deeply rooted in addressing the complex requirements of industrial and critical infrastructure environments. As OT converges with the vastly different worlds of IT and IoT, that experience has given Nozomi a unique understanding of the tools and processes associated with the largest networks in the world. Nozomi has earned a global reputation for unmatched service, superior cyber and physical system visibility, advanced OT and IoT threat detection, and scalability across distributed environments.

Nozomi provides real-time asset visibility, threat detection and actionable intelligence that keeps organizations in control of their critical infrastructure.

2.1.2 Purpose

The purpose of this Manual is:

• to set forth Nozomi’ export compliance policies and procedures related to export controls and trade sanctions laws and regulations;
• to provide an overview of such laws and regulations;

• to help ensure that Nozomi personnel are aware of, and comply with, all applicable Company policies and procedures; and,
• to outline certain processes and requirements that must be followed by Nozomi personnel with respect to exports of goods, software, and technology by the Company (collectively, “Items”).

This Manual focuses primarily on U.S. requirements.  While it summarizes complex laws and regulations, the Manual does not serve as a substitute for consultation with, and advice from, legal counsel and subject matter experts and/or review of any applicable laws or regulations.  If Nozomi personnel have questions concerning the application of export control or trade sanctions laws to a proposed transaction, contact the Nozomi Export Compliance Leader before you take any action (e.g., engaging in a new research and development or production project with a pharmaceutical company).  

‍

2.2 Overview of U.S. Export Controls and Trade Sanctions

2.2.1 U.S. Trade Sanctions Regulations  

Certain destinations are subject to significant U.S. trade embargoes.  Nozomi may not deal with parties in or the governments of the following destinations:  Cuba, Iran, North Korea, Syria, the Donetsk People's Republic (DNR), the Luhansk People's Republic (LNR), and the Crimea regions of Ukraine. This list is subject to change and the restriction applies to all Nozomi personnel, buyers, sellers, and Items globally.

The U.S. government has imposed significant economic and/or trade sanctions (commonly called embargoes in their most extreme form) against a small number of destinations and many parties.  The U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) is the lead U.S. government agency in administering these sanctions programs, with complementary authority exercised by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”).¹

The embargo restrictions prohibit virtually all transactions, directly or indirectly, with, including exports to and imports from the embargoed destinations, as well as any transactions with persons or entities, wherever located, that are owned or controlled by, or acting on behalf of, the governments of these destinations.  The restrictions generally preclude dealing in goods, technology, or services originating in the target destinations.

OFAC also administers several sanctions regimes against individuals, groups, and entities prohibited for reasons of national security or foreign policy.  The most restrictive and commonly administered list is the Specially Designated Nationals and Blocked Persons List (the “SDN List”) which includes but is not limited to:  

• parties owned or controlled by or acting for the governments of destinations subject to significant trade sanctions;

• parties engaged in or associated with international narcotics trafficking;
• parties engaged in child, forced or slave labor;  
• parties engaged in or associated with international terrorism; and,
• identified weapons proliferators.

OFAC’s other sanctions lists identify parties subject to less than full blocking sanctions, but for which it may be, among other things, prohibited to provide certain goods or services as well as important restrictions absent a statutory exception.

U.S. persons, including U.S. citizens, are generally prohibited from engaging in any dealings with a party on the SDN List or any party 50% or more owned by one or more parties on the SDN List (the “50% rule”).  The 50% rule also applies to parties listed on OFAC’s other sanctions lists.  All OFAC prohibitions also generally apply to parties controlled by one or more sanctioned parties.

2.2.2 U.S. Export Controls

The U.S. Export Administration Regulations (“EAR”) are the primary embodiment of U.S. export controls regarding dual-use and/or commercially available Items.  The EAR are promogulated and enforced by BIS. The EAR apply to export transactions involving all countries, not just embargoed destinations or SDN List parties.  The EAR regulate cross-border transfers of most U.S.-origin Items (i.e., goods, software, and technology).²  Generally speaking and in contrast to the trade sanctions described above, export controls under the EAR apply to any persons dealing in Items subject to the EAR, regardless of who and where such persons are.  In this respect, the EAR controls not only the export of nearly all Items from the United States, but also the reexport from third countries by foreign persons of U.S.-origin Items, and the export from abroad of foreign-produced Items with more than de minimis U.S. content or in some cases derived from U.S. technology or software.³

The terms “export” and “reexport” are broadly defined in the EAR and encompass not only the physical transfer of Items across borders, but also non-physical exports, such as electronic transmissions (e.g., e-mails, web downloads) and “releases” of software and technology (including technical data) to foreign nationals (so-called “deemed exports and reexports”) whether inside the United States or elsewhere.  The EAR broadly defines what constitutes a “release” of software and technology.  A release includes (but is not limited to) visual inspections (such as reading specifications or blueprints or inspecting equipment during plant tours), the oral exchange of technology (such as during technical meetings), and the application abroad of technical knowledge acquired in the United States.

The EAR impose export clearance, documentation, and record-keeping requirements on transactions subject to the EAR and impose certain restrictions, noted below, on all exports or reexports of Items subject to the regulations.  Depending on the destination and export classification of the Item, among other factors, prior approval in the form of a specific license from BIS might be required for an export or reexport to go forward.  In many cases no license is required, and in some cases where a specific license would be required, an EAR license exception might be available that would permit the export or reexport.⁴

Items Subject to the EAR

Jurisdiction refers to the determination of the applicable country and set of export regulations that govern an Item’s export.  Generally, U.S.-origin Items and any Item being exported out of the United States are subject to the EAR.  The same is true for non-U.S. items that incorporate controlled U.S.-origin parts, components or other content in quantities exceeding certain de minimis levels.⁵  The EAR specifically excludes from its scope public domain technology and software that meet the prescribed tests in the EAR for public availability, such as information contained in libraries, patent applications, or public journals.

Export Classification of Items Subject to the EAR

Export classification refers to the determination of the specific category within the U.S. export control regulations that an Item falls under depending on the Item’s particular characteristics and functionality. The determination of an Item’s export classification therefore governs whether the Item can be exported to a specific destination, end-user, and/or end-use – and if an authorization is required under the applicable regulations.  

If an Item is subject to the EAR, the exporter or re-exporter must determine the proper classification of the Item under the EAR.  All Items subject to the EAR have a designated export classification. The EAR’s Commerce Control List (“CCL”) is a list of dual-use Items, i.e., primarily commercial – as well as some lower-risk military – Items that have potential military or nefarious applications.  Every Item that appears on the CCL is assigned a unique ECCN. Each ECCN entry in the CCL delineates applicable Reason(s) for Control, that, in turn, determine potential license requirements and associated restrictions under the EAR.

Items subject to the EAR that do not fall under a specific ECCN on the CCL default to the EAR99 classification. EAR99 Items generally may be exported to any destination, except embargoed countries, without a license unless a general end-use or end-user prohibition described below applies.⁶  

The Supply Chain, Procurement and Export Control Team must ensure all Items intended for ultimate export by Nozomi are reviewed and properly classified.  To help validate the classification of any third-party Item intended to be exported by Nozomi, the Supply Chain, Procurement and Export Control Team is responsible, as necessary, for reaching out to the relevant third-party to obtain the classification and/or the technical data necessary for Nozomi, or its designee, to reasonably make its own classification determination.  The applicable ECCN will be recorded in a centralized repository accessible to all relevant Nozomi personnel.  

Shipments of Items, including technical data transfers, destined for locations outside the U.S. will be put on hold if: 1) the ECCN for the Item(s) intended for export is missing from the classification list.  

As applicable, export control classification information (e.g., ECCNs) for Nozomi Items shall be provided in the normal course of business to Nozomi’s partners to support their export compliance efforts.

Currently, Nozomi personnel retain export classification information for Items on the ECCN tracker provided by outside export controls counsel on an updated basis from time to time.  It is Nozomi’s policy to apply for a CCATS for all new Nozomi products and these CCATS are captured on the ECCN tracker.

Determining U.S. License Requirements Based on Item’s Classification and Destination

Typically, once the ECCN and applicable Reason(s) for Control have been determined per the CCL, the next step to determining whether the Item is controlled for export purposes (i.e., requires a BIS license or license exception) to the destination at issue is to check the stated Reason(s) for Control against the destination as shown on the Commerce Country Chart of the EAR (https://www.bis.doc.gov/index.php/documents/regulations-docs/14-commerce-country-chart/file). The Commerce Country Chart shows the Reasons for Control applicable to every country in the world.⁷

Nozomi will be, though not exclusively, exporting ECCN 5A002 (License Exception ENC), 5D002 (License Exception ENC), 5A991, and EAR99 items.  The only prohibited destinations for those Items will be those destinations that are subject to a full U.S. embargo (see Section III.A above) and potentially Russia and Belarus.  In addition, all non-EAR 99 items with AT only controls (i.e., in the case of 5A99a items) will need to be reviewed prior to export to China, Venezuela, Cambodia, and Burma for military end use controls.

Electronic Export Information (EEI) Filing Requirements and Procedures

The Foreign Trade Regulations (FTR) impose reporting requirements for physical export shipments from the United States. The regulations are administered by the U.S. Census Bureau, Division of Foreign Trade Statistics and enforced by U.S. Customs and Border Protection. Required information is submitted electronically via the Automated Export System (AES) prior to the export for certain types of export shipments. Although the main purpose of these requirements is to track export statistics, they are also used by BIS and the State Department to enforce export controls. Accordingly, violations are enforced through penalties.

The U.S. Principal Party in Interest (USPPI) or its Agent in the U.S. is required to file the EEI.  In general, an EEI filing is required for shipments from the U.S. classified under a single Schedule B number (or HTS) with a value of $2,500 or more. There is a general exception for shipments to Canada, regardless of value.  Additionally, an EEI is required for all exports from the U.S. that are subject to an export license (regardless of value), including to Canada.

Restricted Parties

Regardless of the classification or destination of an Item, it may require a license based on the parties involved in the transaction.  All third parties (i.e., non- Nozomi entities) to a transaction, and third-party identifying information (i.e., names and addresses) collected during the normal course of business, must be screened by Nozomi or its designee against, at a minimum, the following U.S. government lists of restricted parties prior to engaging in an export of Items:

• Denied Persons List: Lists persons and entities who have been denied U.S. export privileges for a certain period for violating U.S. export controls.
  ‍
• Entity List: Lists persons and entities believed to be involved in weapons proliferation activities.  All or specified Items subject to the EAR may not be supplied to listed parties.
  ‍
• Unverified List: Lists foreign persons who were parties to a transaction with respect to which the U.S. government could not conduct a pre-license check or a post-shipment verification.  Any export transaction with an “Unverified” party does not automatically trigger a license requirement but raises a “red flag” requiring further review.
  ‍
• Military End User List: Parties whose presence in a transaction as a party to the transaction triggers a license requirement for any Item subject to the EAR listed in Supplement No. 2 to Part 744 of the EAR.⁸  
  ‍
• Nonproliferation Sanctions: Parties that have been sanctioned under various statutes.  

• AECA Debarred List: Entities and individuals prohibited from participating directly or indirectly in the export of defense articles, including technical data and defense services. Pursuant to the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR), the AECA Debarred List includes persons convicted in court of violating or conspiring to violate the AECA and subject to “statutory debarment” or persons established to have violated the AECA in an administrative proceeding and subject to “administrative debarment.” 
  ‍
• Specially Designated Nationals List: described above, is relevant if U.S. persons are involved.  Parties who may be prohibited from export transactions based on OFAC’s regulations. The EAR requires a license for exports or reexports to any party in any entry on this list that contains any of the suffixes “SDGT,” “SDT,” “FTO,” “IRAQ2” or “NPWMD.” Even when such persons are not involved in a transaction, the EAR prohibit the export or reexport of Items subject to the EAR to certain designated parties that appear on OFAC’s list.
  ‍
• Foreign Sanctions Evaders List: Foreign individuals and entities determined to have violated, attempted to violate, conspired to violate, or caused a violation of U.S. sanctions on Syria or Iran, as well as foreign persons who have facilitated deceptive transactions for or on behalf of persons subject to U.S. Sanctions. Transactions by U.S. persons or within the United States involving Foreign Sanctions Evaders (FSEs) are prohibited.

• Sectoral Sanctions Identifications (SSI) List:  Individuals operating in sectors of the Russian economy with whom U.S. persons are prohibited from transacting in, providing financing for, or dealing in debt with a maturity of longer than 90 days. 

• Palestinian Legislative Council (PLC) List: Individuals of the PLC who were elected on the party slate of Hamas, or any other Foreign Terrorist Organization (FTO), Specially Designed Terrorist (SDT), or Specially Designated Global Terrorist (SDGT). 

• Correspondent Account or Payable-Through Account Sanctions (CAPTA) List: Foreign Financial Institutions Subject to CAPTA. As of March 14, 2019, the List includes one foreign financial institution subject to correspondent or payable-through account sanctions. Prior to March 14, 2019, this entity was on OFAC’s Part 561 List.

• Non-SDN Menu-Based Sanctions List (NS-MBS List): Persons subject to certain non-blocking menu-based sanctions that have been imposed under statutory or other authorities, including certain sanctions described in Section 235 of the Countering America’s Adversaries Through Sanctions Act (CAATSA), as implemented by Executive Order 13849, and the Ukraine Freedom Support Act of 2014, as amended by CAATSA. As of May 2021, the Non-SDN Menu-Based Sanctions List will also include entities identified for the Protecting Europe’s Energy Security Act of 2019 (PEESA) screening list.   

• Non-SDN Chinese Military-Industrial Complex Companies (CMIC) (NS-CCMC): This publication by OFAC is designed as a reference tool that identifies persons subject to certain sanctions that have been imposed under statutory or other authorities, including certain sanctions described in Executive Order 13959, “Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies,” as amended by Executive Order 13974.  

The parties to be screened by Nozomi or its designee, if known in the normal course of business, include but are not limited to bill-to parties, ship-to parties, intermediate and ultimate consignees, vendors, partners, parties to contracts, shipping companies, freight forwarders, agents, and banks.  The restricted party lists change frequently, so it is essential that transactional screening is done prior to each export of Item(s) by Nozomi.  In addition, the Nozomi Export Compliance Leader must perform periodic, batch screening of active, registered buyer and seller data.⁹  

If there are any potential matches during Nozomi screening of parties, by Nozomi or its designee the Nozomi Export Compliance Leader or their designee must be contacted immediately, and the transaction must be placed on hold.  The hold must be maintained until the potential match has been reviewed and the Nozomi Export Compliance Leader or their designee has provided direction on how to proceed. If the transaction involving the potential match has already occurred, the Nozomi Export Compliance Leader will work with the relevant parties on next steps depending on the resolution status and legal implications of the potential match.

Restricted Destination Screening

For any export transaction, including a U.S. domestic sale that Nozomi knows is intended for export, the country of ultimate destination, as well as any intermediate destinations, must be identified and checked against the list of destinations currently subject to a full U.S. embargo. This list may change over time.  As identified in Section III.A, Nozomi currently may not deal with parties in or the governments of the following destinations based on U.S. law: Cuba, Iran, North Korea, Syria, and the Donetsk People's Republic (DNR), the Luhansk People's Republic (LNR), and the Crimea Regions of Ukraine. These restrictions apply to all Nozomi personnel, buyers, sellers, and Items globally.

The Nozomi Export Compliance Leader or its designee is responsible for performing restricted destination screening on all known third-party addresses gathered in the normal course of business prior to export of Items by Nozomi. If there are any potential matches during Nozomi’s destination screening, the Export Compliance Leader must be contacted immediately, and the transaction must be placed on hold until the potential match has been reviewed and the Export Compliance Leader has provided direction on how to proceed. If the transaction involving the potential match has already occurred, the Nozomi Export Compliance Leader will work with the relevant parties on next steps depending on the resolution status and legal implications of the potential match.

Restricted End Uses

If a transaction passes the classification, restricted party and destination reviews, a license still may be required under the EAR if the exporter or re-exporter knows or has reason to know that the intended end-use of the Item relates to the proliferation of chemical, biological, or nuclear weapons, or missiles capable of delivering such weapons. Items exported by Nozomi may not be used for any of these prohibited end-uses.

While unlikely given the nature of Nozomi’s business, the Customer Service Teams must be on the lookout for warning flags that Nozomi Items are destined for a restricted end-use and escalate any concerns to the Nozomi Export Compliance Leader for further review.

Warning Flags  

The EAR prohibits exporters from proceeding with transactions if the facts and circumstances indicate that a product will be diverted to an impermissible destination, end-user or end-use.  Diversions typically occur in one of two ways.  First, a physical diversion occurs when a customer, freight forwarder or other transaction party routes the product to a previously unidentified country or end-user.  Second, a “diversion in place” occurs when the identified customer uses the product for a prohibited end-use, rather than the originally identified end-use.

Exporters of diverted products can be liable for a violation if the exporter “knew or had reason to know” of the diversion before it occurred.  Knowledge includes actual knowledge, as may happen if a freight forwarder informs the exporter of a new destination.  Knowledge can also exist if the exporter was aware of facts and circumstances that would indicate the possibility of a diversion.  Knowledge can also be established if the exporter deliberately avoided learning information that it would ordinarily obtain in the ordinary course of business.  

Facts and circumstances that would indicate a possible diversion are called “Warning Flags.”  The EAR does not normally require exporters to investigate customer representations regarding the destination or use of a product.  However, the presence of Warning Flags creates a duty to inquire further.  The failure to follow-up on Warning Flags is enough to establish reasonable knowledge of the diversion under regulations.

Warning Flags include any facts, circumstances or events that are unusual in the context of the exporter’s business.  It is important to remember that Warning Flags are industry-specific.  Actions and events that are normal and commonplace in one business can be highly unusual in another.  

Warning Flags generally fall into four categories.  Examples are provided below.
‍

Warning Flags related to whether the exported products are consistent with the stated end-use:

• The product or product configuration does not match the stated end-use (e.g., buyer claims the computer will be used for accounting department, but orders Computer-Aided Design software);
• The customer’s line of business has no connection with the stated end-use of the product, (e.g., telecommunications company orders fabric looms or spare parts).

Warning Flags related to commercial terms or actions that are unusual for the industry include:

• The customer declines installation or testing when these are normally included as part of the sales price.
• The customer declines normal warranty terms.

Warning Flags related to unusual or suspicious shipping instructions include:

• The customer requests shipment to a freight forwarder rather than the customer address.
• The customer requests delivery in an unexpected location or through unexpected countries.
• The delivery locations change several times or changes just before the product is to be shipped.

Warning Flags related to customer behavior include:  

• Customer is not familiar with the functions and uses of the product being purchased.
• The customer is reluctant to identify the end-use or offers conflicting statements about the end-use.
  

Nozomi personnel in sales operations, finance, supply chain, procurement and export control and other relevant functions are responsible for reviewing all pertinent information they receive in the normal course of their roles for planned exports to unrelated, third parties and take note of these or any other abnormal circumstances that might indicate that the export is intended for an inappropriate end-use, end-user or destination.  If the planned export raises a warning flag, the shipment must be placed on hold and the Nozomi Supply Chain, Procurement and Export Control Team must be notified immediately.  

Technology Controls  

In addition to physical shipments, an export or reexport can occur through the transfer of technology controlled under the U.S. export regulations.  Under the U.S. regulations, “technology” refers to information or software code necessary for the development, production, use, operation, installation, maintenance, repair, overhaul, or refurbishing of an Item subject to the EAR (“Technology”).  Such transfers of Technology can occur via electronic transmission or access, visual access, travel or transfer across national borders, or oral communication. For example, technical data can be released through oral exchanges with a foreign national (e.g., during a meeting or plant tour) or through electronic dissemination such as by e-mail.  

Technology exports therefore may occur when nationals of different countries access certain electronic information via software systems, applications, or networks and when Nozomi personnel transfer company information or software controlled under the U.S. export regulations to entities or individuals in other countries (via, e.g., email or file transfer or shares).  It is therefore essential that Nozomi identify, classify, store, access, and transfer its Technology compliantly.  

All Company developed technology or technology received from partners outside the United States will undergo an export classification review by the Supply Chain, Procurement and Export Control Team, prior to export out of the United States or transfer to a non-U.S. person¹⁰ in the United States.  Any copies of technology controlled under the U.S. export regulations will be visibly and prominently marked in all electronic and physical repositories with the relevant Export Control Classification Number (“ECCN”).  The Nozomi IT Team is responsible for working at the direction of the Nozomi Export Leader to establish and maintain system controls to help ensure that any electronic transfers of such technology, including emails, and access to databases by non-U.S. persons is restricted as required under applicable regulations.  

U.S. Antiboycott Compliance

U.S. Antiboycott laws generally prohibit U.S. companies and their subsidiaries from complying with requests to restrict their business with Israel or participate in any other unsanctioned boycotts. For Nozomi, that means that the following rules will apply if received by U.S. subsidiaries/facilities or U.S. person personnel are involved in the transaction giving rise to the boycott concern. Examples of boycott-related language include:

• references to Israel (in shipments to other countries);
• references to the Arab League and/or its boycott of Israel;

• references to a blacklist; and
• references to vessel’s eligibility to enter certain ports (i.e., including Israeli ports).

Potential boycott-related language may appear in any form of communication, ranging from in person conversations to e-mails.  Examples of typical documents that must be scrutinized for boycott-related language include:

• transactional documents;
• purchase orders;

• contracts;
• bids;
• tenders;
• letters of credit;
• invoices; and

• shipping documents.

In order to ensure compliance with U.S. Antiboycott laws where U.S. persons are involved in the transaction, Nozomi must ensure that all applicable documents and communications with third parties are reviewed for potential boycott related language – and that any associated government reporting requirements are met.  It is the responsibility of the Nozomi Sales Operations and Finance Teams to review any documentation they receive in the normal course of their roles for potential boycott language and to escalate any questions or concerns to the Nozomi Supply Chain, Procurement and Export Control Team for further review.

Applying for a U.S. Export License  

Nozomi will apply for a U.S. export license when required, depending on the specific requirements of each jurisdiction.

Release of Export Licenses and Shipments: Orders that require a U.S. export license cannot be processed or shipped by Nozomi until the license is approved by the appropriate government agency.  Nozomi’s Supply Chain, Procurement and Export Control Team  will release shipments after the customer(s) – and any other parties listed on the license – provide written confirmation of the terms and conditions provided on an approved license. Nozomi and customer(s) must comply with all license conditions and requirements.

License Management: The Nozomi Supply Chain, Procurement and Export Control Team will manage the license, including handling of decrementation and working on subsequent filings. Accordingly, all exports under the license and any changes of licensing conditions (e.g., ownership, location, use) may affect the validity of the license and should be communicated to the Nozomi Compliance Team immediately to determine if further filings and/or a new license application are requirements of each jurisdiction.

Export Control Language in Contracts

Nozomi should take the steps to include the following export control language in all its sales contracts, specifically that the buyer will not “…directly or indirectly, export, reexport, or transship products, technology, or software (“the Commodities”) in violation of any applicable export control laws and regulations.”

Before proceeding with an export shipment, consider whether there have been any changes or developments since the contract was signed that could hint at a violation of export law, such as a change of destination country or an end-use that is different from what was originally indicated.  Nozomi should also confirm that the vendor and/or customer have supplied all the information and documents stipulated in the contract.  If there is any concern about the contract terms, or if a change in the sale conditions has occurred, contact the Nozomi Supply Chain, Procurement and Export Control Team or External Legal Counsel for guidance.

Recordkeeping Requirements

U.S. export regulations, like other jurisdictions, require companies to retain documents pertaining to exports of U.S. export-controlled Items.  These records may be kept electronically or in hard copy if they are able to be readily accessed and read as needed. Accordingly, all documents relating to transactions involving Nozomi’s export of Items must be retained for five years from the date of the last activity associated with the export or longer if required by local law or license requirements.  Such documents include the following:

• purchase orders;
• invoices;
• air waybills or bills of lading;

• Shipper’s Export Declarations or electronic equivalent;
• any export licenses or other approvals issued by a U.S. government agency; and,
• completed front-end and back-end screening checklists.

Nozomi’s Supply Chain, Procurement and Export Control Team is responsible for maintaining export control records in the following locations: hosted by Oracle and SalesForce cloud-based solutions (with cloud servers located in the United States).  Shipment logs should also be maintained by the Nozomi Supply Chain, Procurement and Export Control Team. A shipment log is a useful tool used to identify and track export shipments by one of several variables, such as date of export, commercial invoice number, and customer / end-user name.  Nozomi’s Supply Chain, Procurement and Export Control Team files any required post-export reports to EU or U.S. government agencies.  

Nozomi will periodically review export records on a at least an annual basis to confirm ongoing compliance with applicable recordkeeping requirements. Nozomi’s Supply Chain, Procurement and Export Control Team may engage outside legal counsel from time-to-time conduct export control compliance audits, including related to recordkeeping.

Training & Audits

Export-related training and audits will be conducted on a regularly scheduled basis under the supervision of the Nozomi Export Compliance Leader.  

Training

Government agencies charged with administering and enforcing export control regulations have consistently stressed the importance of a company’s training program in helping to prevent unauthorized export transactions.  If a violation were to be discovered, a comprehensive training program could serve as a mitigating factor for lowering the fines and penalties that are assessed.

Training sessions will be conducted on a periodic basis to inform and remind relevant personnel of their responsibilities under this Policy and to inform them of relevant updates or developments. At a minimum, basic export compliance training will occur at Nozomi every year, and Nozomi’s Supply Chain, Procurement and Export Control Team will receive more targeted export compliance training on certain subjects (e.g., managing export classification reviews, restricted party screening) as needed.

Audits

It is essential that Nozomi regularly monitor compliance with its U.S. export compliance policy and supporting processes.  At a minimum, Nozomi will perform internal audits of its compliance with certain requirements set forth in this Policy every year. In addition, Nozomi will arrange for a third party to audit its compliance with the requirements set forth in this Policy also annually.  

Nozomi’s Supply Chain, Procurement and Export Control Team is responsible for arranging comprehensive audits of Nozomi’s export procedures.  If material export control violations are discovered during an audit, the Nozomi Supply Chain, Procurement and Export Control Team will work with the Legal Team to identify the nature and scope of the violation, take the steps necessary to ensure any appropriate correction actions are taken by the business and consider reporting it to the appropriate government authorities.

3. Escalation of Export Control and Trade Sanctions Compliance Issues  

Identifying and reporting potential export compliance violations, as well as remedying existing compliance gaps, outside the audit process is key to ensuring Nozomi meets its U.S. export compliance obligations.  All Nozomi personnel are required to report immediately to the Nozomi Supply Chain, Procurement and Export Control Team through email, exportcompliance@nozominetworks.com, any suspected violations of U.S. export regulations or of the requirements set out in this Policy by either Nozomi, or any Nozomi customers, agents, or partners.  Potential export compliance violations must be identified, reported, investigated and, ultimately, resolved through the implementation of warranted corrective actions to strengthen Nozomi’s compliance program and help to prevent potential future violations.

In addition, Nozomi personnel must immediately contact the Nozomi Supply Chain, Procurement and Export Control Team if approached by any government official inquiring about the supply, sale, or distribution of any Nozomi Items.  

No personnel will be discharged suspended or demoted for good faith reporting of suspected violations.

You should promptly report violations or suspected violations of this Policy to the Nozomi Networks Legal Department at: 1-800-314-6114 ext.120, 575 Market Street, Unit 3650, San Francisco, CA 94105 U.S.A. If you wish to remain anonymous, send an anonymous letter addressed to the above address or you may report pursuant to the company’s whistleblower email address:  legal@nozominetworks.com.

4. Enforcement  

Nozomi is committed to complying with all applicable U.S. export laws and regulations.  All Nozomi personnel and contractors (collectively referred to herein as “personnel”) have a role to play in fulfilling this commitment, and, as such, it is important to understand Nozomi’s U.S. export compliance policy and its regulatory obligations and requirements, as described in Nozomi’s Export Compliance Policy (see above).  

Certain Nozomi products, software, and technology (collectively, “items”) are subject to U.S. export control laws and regulations may be restricted in certain instances. For example:  

• U.S. export control laws prohibit Nozomi from exporting items to certain persons on the U.S. government’s lists of restricted persons and entities;

• U.S export control laws prohibit exports of items to certain embargoed or sanctioned destinations;
• U.S. export controls laws prohibit sharing certain technical data with foreign nationals in the United States; and,  
• U.S. export control laws require U.S. export authorizations, or licenses, to export certain items.
  ‍

Considering these and other export controls and requirements, Nozomi must follow its export compliance procedures for reviewing and ensuring the export transactions it is engaged in comply with all relevant laws and regulations.  All Nozomi personnel must comply with all applicable laws and Company internal policies.  

An export violation can result in significant penalties against Nozomi, its officers and/or individual personnel.  Any personnel who violate U.S. export control laws, causes Nozomi to do so, or violates Nozomi’s export compliance policies may be subject to disciplinary action, including termination.  

If you believe a violation of any law has occurred, please follow the process set forth in Nozomi’s Export Compliance Policy, section 4 (enforcement).  Nozomi treats all reports very seriously, upholds a non-retaliation policy for concerns raised in good faith and will promptly investigate any suspected violations.  

All Nozomi personnel electronically acknowledge your receipt and understanding of the above.  If you have any questions, please reach out to the Head of Nozomi’s Export Compliance at exportcompliance@nozominetworks.com.