The UK Export Control Organisation issued a guidance note explaining the intrusion software controls. To fall within the definition of intrusion software, the software must be specifically designed or modified to avoid detection or defeat protective countermeasures and has to be able to steal or modify data or the execution path to run externally provided instructions.