I was in the industry when key lengths for SSL were different between US domestic and US products for export. That’s one reason so much Open Source cryptography software expertise built up in Europe so quickly.

Much of that muscle was already well built in Western Europe well before the SSL stuff because of KU Leuven, COSIC, and IMEC.

The issue is by the late 2000s to 2010s, most European organizations didn't take advantage of that base despite being US comparable in the 1970s-90s.