Export Controls & Sanctions Compliance

k&z compliance framework for export control regulations, dual-use technology classification, and international sanctions affecting quantum AI infrastructure services.

Effective Date: January 1, 2026 — Version: 1.0

1. Introduction

This Export Controls & Sanctions Compliance Policy (“Policy”) describes K&z Limited’s (“k&z”) commitment to compliance with applicable export control laws, dual-use technology regulations, and international sanctions. Quantum computing technology is subject to an evolving regulatory landscape, and k&z maintains a robust compliance program to ensure that our Services are provided in accordance with all applicable legal requirements.

This Policy applies to all k&z employees, contractors, partners, and clients. By using the k&z quantum AI infrastructure platform and associated services (the “Services”), you agree to comply with the export control and sanctions requirements described herein. This Policy is incorporated into the Terms of Service and any applicable Master Service Agreement.

2. Applicable Laws and Regulations

2.1 Hong Kong Export Controls

As a Hong Kong private company, k&z is subject to Hong Kong export control legislation, including:

  • The Hong Kong Strategic Commodities Control Ordinance (Cap. 60);
  • The Import and Export (Strategic Commodities) Regulations under Cap. 60;
  • Sanctions regulations implementing UN Security Council resolutions as applied in Hong Kong; and
  • Hong Kong Customs and Excise Department licensing requirements and guidance.

2.2 European Union Regulations

To the extent k&z provides Services within or to clients in the European Union, the following regulations apply:

  • EU Regulation 2021/821 on dual-use export controls (EU Dual-Use Regulation), including the control lists in Annex I;
  • EU restrictive measures (sanctions) regulations adopted under the Common Foreign and Security Policy (CFSP); and
  • National implementing legislation of EU member states.

2.3 United States Regulations

To the extent k&z’s Services involve U.S.-origin technology, software, or components, or are provided to U.S. persons, the following regulations may apply:

  • The Export Administration Regulations (EAR), administered by the U.S. Bureau of Industry and Security (BIS);
  • The International Traffic in Arms Regulations (ITAR), administered by the U.S. Department of State Directorate of Defense Trade Controls (DDTC);
  • The Office of Foreign Assets Control (OFAC) sanctions programs; and
  • Executive orders and other presidential directives relating to export controls and sanctions.

2.4 Multilateral Regimes

k&z also monitors and complies with multilateral export control regimes that influence national control lists, including the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, the Nuclear Suppliers Group (NSG), and the Australia Group.

3. Classification of Quantum Technology

3.1 Dual-Use Nature of Quantum Computing

Quantum computing technology has significant dual-use potential, with applications in both civilian and military/intelligence domains. k&z recognizes that certain aspects of its technology and services may be subject to export controls, including:

  • Quantum Hardware: QPU systems, cryogenic infrastructure, control electronics, and interconnect components may be classified as controlled items under applicable export control lists.
  • Quantum Software: Quantum compilers, error correction algorithms, simulation software, and optimization libraries may be subject to software export controls.
  • Quantum Technology: Technical data, know-how, training materials, and documentation related to quantum computing design, development, and operation may constitute controlled technology.
  • Cloud-Based QPU Access: The provision of remote access to quantum computing resources may constitute a deemed export or technology transfer depending on the end-user’s location and nationality.

3.2 Classification Assessments

k&z conducts regular classification assessments of its products, software, and technology to determine applicable Export Control Classification Numbers (ECCNs) under the EAR, control list entries under the EU Dual-Use Regulation, and Hong Kong strategic commodities control list classifications. Classifications are reviewed at least annually and whenever new products, services, or technology are introduced.

3.3 Emerging Technology Controls

k&z monitors developments in emerging and foundational technology controls that may affect quantum computing, including proposed rules and regulations under Section 1758 of the Export Control Reform Act (ECRA) and equivalent EU and Hong Kong initiatives. k&z will update its compliance program as new controls are implemented.

4. Screening Procedures

4.1 Pre-Engagement Screening

Before providing Services to any new client, k&z conducts comprehensive screening that includes:

  • Denied Party Screening: Automated screening of the client entity and all authorized users against applicable denied party, restricted party, and sanctions lists (see Section 4.2).
  • Country Screening: Verification that the client is not located in or operating from a restricted or sanctioned jurisdiction.
  • End-Use Assessment: Evaluation of the client’s stated intended use of the Services to identify potential red flags or prohibited end-uses.
  • End-User Assessment: Evaluation of the client entity, beneficial owners, and key personnel to determine whether the client is a military end-user, intelligence end-user, or entity of concern.

4.2 Denied Party Lists

k&z screens against the following lists and databases, among others:

  • Hong Kong sanctions lists;
  • EU Consolidated Sanctions List;
  • U.S. OFAC SDN List, Sectoral Sanctions Identifications (SSI) List, and Non-SDN Menu-Based Sanctions List;
  • U.S. BIS Entity List, Denied Persons List, and Unverified List;
  • U.S. Department of Defense Chinese Military Companies List;
  • UN Security Council Consolidated List;
  • UK OFSI Consolidated List; and
  • Other applicable national sanctions and restricted party lists.

4.3 Ongoing Screening

Screening is not a one-time event. k&z conducts daily automated re-screening of all active clients against updated sanctions and denied party lists. Alerts are reviewed by the compliance team within twenty-four (24) hours.

5. End-User Certificates

5.1 When Required

k&z may require clients to provide end-user certificates, end-use statements, or equivalent documentation in the following circumstances:

  • When the Services involve access to controlled quantum computing resources or technology;
  • When required by applicable export control regulations or licensing conditions;
  • When the client is located in a jurisdiction for which enhanced due diligence is required;
  • When the intended use of the Services raises potential dual-use or military application concerns; or
  • When requested by k&z’s compliance team as part of enhanced due diligence.

5.2 Content of End-User Certificates

End-user certificates typically require the client to certify:

  • The identity and location of the end-user;
  • The specific intended end-use of the Services and quantum computing resources;
  • That the Services will not be used for prohibited purposes, including weapons of mass destruction development, military applications (unless specifically authorized), or any other prohibited end-use;
  • That the Services and any results or technology derived therefrom will not be re-exported or transferred to prohibited destinations or entities without authorization; and
  • That the client will comply with all applicable export control and sanctions regulations.

6. Reporting Obligations

6.1 Internal Reporting

All k&z employees and contractors are required to report any suspected export control or sanctions violations to the k&z Compliance Officer immediately. k&z maintains a confidential reporting mechanism for such reports.

6.2 Government Reporting

k&z will make all required disclosures to applicable governmental authorities, including: filing for export licenses where required; submitting annual or periodic reports as mandated by licensing conditions; reporting violations or potential violations to the relevant authorities (Hong Kong Customs and Excise Department, BIS, OFAC); and cooperating with government investigations and audits.

6.3 Voluntary Self-Disclosure

In the event that k&z identifies a potential violation of export control or sanctions regulations, k&z will evaluate whether a voluntary self-disclosure to the relevant authority is appropriate and will make such disclosure in accordance with applicable guidelines.

7. Country Restrictions

7.1 Embargoed Countries

k&z does not provide Services to clients located in comprehensively sanctioned countries, currently including: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions. This list is updated as sanctions regimes change.

7.2 Restricted Countries

Certain countries may be subject to partial restrictions, requiring enhanced due diligence, specific licensing, or limitations on the types of Services available. The list of restricted countries is maintained internally and updated as regulatory conditions change. Clients in restricted countries may be required to provide additional documentation and certifications before Services are provisioned.

7.3 Geolocation Controls

k&z implements technical measures to prevent access to the Services from embargoed jurisdictions, including IP geolocation filtering and VPN/proxy detection. Attempts to circumvent these controls constitute a violation of the Terms of Service and this Policy.

8. Client Obligations

By using the Services, you represent, warrant, and agree that:

  • You are not located in, organized under the laws of, or a resident of any embargoed country or territory;
  • You are not listed on any applicable denied party, sanctions, or restricted party list;
  • You will not use the Services for any purpose prohibited by applicable export control or sanctions laws;
  • You will not re-export, transfer, or make available the Services, or any technology or results derived from the Services, to any prohibited destination, entity, or end-use without proper authorization;
  • You will promptly notify k&z of any change in circumstances that may affect your eligibility or compliance status; and
  • You will cooperate with k&z’s compliance procedures, including providing documentation and certifications as reasonably requested.

9. Training and Awareness

k&z maintains an export controls and sanctions compliance training program for all employees involved in sales, business development, client onboarding, and service delivery. Training is provided upon hire and annually thereafter, covering applicable regulations, red flags, screening procedures, and escalation protocols.

10. Contact

For export controls and sanctions compliance inquiries:

  • Compliance Officer: support@kandz.co
  • Export Controls: support@kandz.co
  • Legal Department: support@kandz.co