This section assumes that a CSP vendor from outside North America has already received the CSPDK under an appropriate U.S. export license; those who have not yet received the CSPDK can contact Microsoft (cspsign@microsoft.com) for information on the CSPDK license process.
Because all of the required certifications are completed during the U.S. export license process, when a CSP vendor from outside North America is ready to have their CSP signed its not necessary to complete an Export Compliance Certificate or other documentation. They should simply notify Microsoft when they are ready, or preferably notify Microsoft approximately two to three weeks prior to when the CSP may be ready to sign. Microsoft will use the time to verify the request against any possible terms and conditions of the export license covering the CSP development. When confirmation is complete, you'll be contacted with information on arrangements to sign your CSP.
Its possible that a U.S. export license or other export approval for a CSP intended for export may require independent or government verification of the CSP's implemented security features prior to signing, which would be the responsibility of the CSP vendor. It may also be a condition of the U.S. export license that Microsoft receives the actual CSP for signing, and not just a hash.
At present we will sign CSPs at our facilities in Redmond, Washington, USA. It is possible in the future that we will sign CSPs at approved locations in foreign countries, at which time we will offer CSP vendors from outside North America the option of offshore signing.
In summary, Microsoft will sign CSPs for vendors outside North America subject only to the limitations of U.S. export controls and other national controls on this technology. We will sign CSPs from competitors. Microsoft will make every effort to review signing requests and sign CSPs as expeditiously as possible. Exact time frames for review of signing requests and CSP signing depend significantly on whether the U.S. export license permitting the CSP development set down any conditions for review or confirmation of the CSP's implemented security features.