Hi, the export regulations from the US government are very strict when there is any crypto code developed in the US. Developed in the US is = developed from a developer when he stay in the US, when he work for a US company (also abroad), when he have a green-card or when he is US citizen and write the code as example in Europe.
The EAR divide between restricted countries and highly restricted countries and when there is any crypto code US origin, you fall under the export restrictions from the EAR. As example you can use OpenSSL, developed mostly outside from the US, but a few patches contributed from US developers. The US developers need to send a TSU notification for every patch. When you want export OpenSSL to a country which is restricted from US export you need to go also for Open Source Software trough all the bureaucracy to export the OpenSSL package. There are a lot of countries which are under the radar from the EAR, not only the T5. At the moment the OpenBSD core system is not controlled by the EAR so long you don't download it from a US server. As a private person it is not a problem, but when a company want use OpenBSD and there is US crypto in, the thing will become very complicated and OpenBSD will be automatically restricted. At the moment OpenBSD is the only modern Operation system which is in the core free from export restrictions.
