What is the export control status of Mbed TLS?
Mbed TLS, as supplied in the open source repository, is considered open source and publicly available for purposes of the U.S. Export Administration Regulations (EAR) and as such, is not subject to the EAR.
Your usage of, or any modifications or changes you make to, Mbed TLS may affect the export control status of Mbed TLS under the EAR and any other applicable export control regimes. As noted on the U.S. BIS website:
While open source code itself may be publicly available and not subject to the EAR, an item is not considered publicly available merely because it incorporates or calls to publicly available open source code. Rather, a new item with encryption functionality has been created which would need to be evaluated as a whole under the EAR.
The information provided here is intended to assist you with your determination of the applicable export compliance requirements and does not, and is not intended to, constitute legal advice. It remains your responsibility to comply with applicable export controls and sanctions regimes, and to consult applicable government authorities and/or counsel as needed.