Last updated 3 months ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.
The United States government maintains a comprehensive system of export controls, regulating the shipment of certain goods, software, and technology to foreign destinations.
This is a critical instrument of national policy with historical roots, evolving from wartime controls on military equipment to the modern peacetime regime established in the 1940s.
The fundamental purpose of these regulations is to protect U.S. national security, advance foreign policy objectives, prevent the proliferation of weapons of mass destruction, and counter threats such as international terrorism and human rights abuses.
The Three Key Agencies
Understanding export controls requires knowing the roles of three federal agencies that form the backbone of the U.S. export control system. Each operates under distinct legal authority and oversees different types of products and transactions.
Department of Commerce, Bureau of Industry and Security (BIS)
BIS is the primary regulatory body for items that have both commercial and potential military applications, known as “dual-use” items. It also controls some less sensitive military items and purely commercial goods.
BIS implements and enforces the Export Administration Regulations (EAR), found in Title 15 of the Code of Federal Regulations, Parts 730-774. Its mission is to advance U.S. national security, foreign policy, and economic objectives while promoting continued U.S. strategic technology leadership.
Department of State, Directorate of Defense Trade Controls (DDTC)
DDTC has authority over the export and import of items and services specifically designed, developed, or modified for military or defense purposes. These are known as “defense articles” and “defense services.”
DDTC administers the International Traffic in Arms Regulations (ITAR), found in Title 22 of the CFR, Parts 120-130. The ITAR implements the Arms Export Control Act, which grants the President authority to control the trade of defense items to safeguard U.S. national security.
Department of the Treasury, Office of Foreign Assets Control (OFAC)
OFAC administers and enforces economic and trade sanctions against specific foreign countries, regimes, terrorists, narcotics traffickers, and other individuals and entities engaged in activities that threaten U.S. national security or foreign policy.
OFAC’s regulations can prohibit transactions that might otherwise be permissible under EAR or ITAR rules, making its screening requirements a critical and often overriding component of export compliance.
The 95 Percent Myth
Statistics from the International Trade Administration suggest that approximately 95 percent of all items exported from the United States do not require an export license. This figure can be misleading—it’s not a license to ship freely.
Rather, this statistic results from a mandatory and complex due diligence process that the U.S. government legally requires every exporter to conduct for every single transaction. The ultimate responsibility for determining if a license is needed, classifying the product, screening all parties involved, and maintaining records rests squarely with the exporter.
Failure to perform this due diligence can lead to severe penalties, regardless of whether a license was ultimately required. The central challenge for any business isn’t the statistical likelihood of needing a license, but the 100 percent legal requirement to implement, follow, and document a robust compliance process to prove whether a license is needed.
Determining Jurisdiction: ITAR or EAR?
The most critical decision in the export compliance process is determining which regulatory body has jurisdiction over your product. This determination dictates the entire compliance path, from registration and classification to licensing.
The U.S. government has established a clear “Order of Review” that exporters must follow: you must always check your item against the ITAR’s United States Munitions List (USML) first. Only if your item is not described on the USML do you then proceed to analyze it under the EAR’s Commerce Control List (CCL).
Is Your Item on the U.S. Munitions List?
The International Traffic in Arms Regulations control the export and import of defense-related items and services. The heart of the ITAR is the United States Munitions List (USML), which is found in Part 121 of the regulations.
The ITAR’s scope is intentionally broad and covers three distinct areas:
Defense Articles: These are tangible items and technical data specifically designed, developed, configured, adapted, or modified for a military, defense, or space application. The ITAR controls not only major systems like tanks, missiles, and military aircraft, but also individual parts, components, accessories, and attachments that go into them.
The USML is divided into 21 categories that list these items, such as firearms (Category I), launch vehicles and missiles (Category IV), military electronics (Category XI), and spacecraft (Category XV).
Technical Data: This includes any information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of a defense article. This encompasses blueprints, drawings, plans, software directly related to a defense article, and any classified information about defense articles or services.
Defense Services: This refers to furnishing assistance, including training, to a foreign person (whether in the U.S. or abroad) in connection with a defense article. It also includes providing any ITAR-controlled technical data to a foreign person. Military training of foreign forces is a clear example of a defense service.
The ITAR “Contamination” Effect
A common and significant compliance risk arises from the ITAR’s “contamination” effect. The jurisdiction of ITAR isn’t solely based on the final product’s application but on its design intent and origin.
A seemingly commercial component, such as a specialized gasket, a high-tolerance bearing, or a custom circuit board, becomes an ITAR-controlled defense article if it’s “specifically designed or modified” for an item on the USML, like a guided missile or a military aircraft.
Once an item is determined to be ITAR-controlled, it remains so throughout its lifecycle unless its status is officially changed through a government determination. This means a small business acting as a subcontractor to a prime defense contractor may inadvertently begin manufacturing ITAR-controlled defense articles.
Even if they’re not producing a “weapon,” they’re producing a defense article, which triggers the full and demanding requirements of ITAR compliance, including mandatory registration with the Department of State. This can be a significant and often unexpected operational and financial burden for a company accustomed to operating in the commercial space.
Getting Official Clarification
If you’re uncertain whether your item falls under ITAR or EAR jurisdiction, don’t guess. The DDTC provides a formal mechanism to resolve this ambiguity: the Commodity Jurisdiction (CJ) request. By submitting a CJ request, an exporter can receive an official determination from the U.S. government clarifying which set of regulations controls the item. This is a critical “safe harbor” process for managing compliance risk.
If Not on the USML, Your Item is Likely Subject to the EAR
If, after carefully reviewing the USML, you determine your item isn’t listed, it’s most likely “subject to the EAR.” The EAR governs a vast array of items, including purely commercial goods without any obvious military use, “dual-use” items that have both commercial and potential military or proliferation applications, and certain less sensitive military items that have been formally moved from the USML to the EAR’s Commerce Control List through export control reform initiatives.
The EAR’s jurisdiction is broad, covering nearly all items in U.S. commerce that aren’t controlled by another federal agency, such as the DDTC or the Nuclear Regulatory Commission.
| Feature | International Traffic in Arms Regulations (ITAR) | Export Administration Regulations (EAR) |
|---|---|---|
| Controlling Agency | Department of State, Directorate of Defense Trade Controls (DDTC) | Department of Commerce, Bureau of Industry and Security (BIS) |
| Governing Regulations | 22 CFR Parts 120-130 | 15 CFR Parts 730-774 |
| Types of Items Controlled | Defense articles, defense services, and related technical data specifically designed for military or space applications | “Dual-use” items (commercial and potential military use), purely commercial items, and some less sensitive military items |
| Key Control List | United States Munitions List (USML) | Commerce Control List (CCL) |
| Registration Requirement | Mandatory for all U.S. manufacturers, exporters, and brokers of USML items, even if they do not export | Not required for general exporting. Registration is only for using specific online systems like SNAP-R |
The ITAR Compliance Path
If you’ve determined that your product, technical data, or service is controlled by the ITAR, your company must adhere to a strict and comprehensive compliance framework. Unlike the transaction-based nature of the EAR, ITAR compliance is about a company’s ongoing status.
If you’re in the business of manufacturing, exporting, or brokering defense articles, you’re an ITAR-regulated entity and must meet several foundational requirements.
Mandatory DDTC Registration
The cornerstone of ITAR compliance is registration with the Directorate of Defense Trade Controls. Any U.S. person or company that manufactures, exports, or brokers defense articles or furnishes defense services is required to register with the DDTC. This isn’t an optional step—it’s a legal mandate.
A critical point that’s often misunderstood is that this registration requirement applies even to companies that manufacture USML-listed items but don’t export them. The act of manufacturing a defense article itself triggers the registration obligation.
Furthermore, registration is a prerequisite for applying for any export licenses or using most of the available license exemptions. Companies must complete the registration process and pay the associated fees before engaging in any ITAR-controlled activities.
Develop and Maintain an ITAR Compliance Program
The DDTC strongly advises, and for all practical purposes expects, any company dealing with USML items to establish and maintain a formal, written ITAR Compliance Program (ICP). A robust ICP is the primary mechanism for preventing violations and demonstrating due diligence.
The DDTC has published guidelines outlining the key elements of an effective program, which should be tailored to the specific risks and activities of the business. Core elements include:
Management Commitment: A formal, written policy statement from senior leadership that commits the organization to full compliance with the ITAR and allocates sufficient resources for the compliance program.
Risk Assessment: A systematic process to identify the company’s specific ITAR-related risks. This includes assessing vulnerabilities related to foreign person employees, international travel, physical and cybersecurity, and relationships with foreign suppliers or affiliates.
Jurisdiction and Classification: Documented procedures for correctly identifying which items, data, and services are subject to the ITAR by classifying them against the USML.
Recordkeeping: A system for maintaining complete records of all ITAR-related activities, including manufacturing, exports, and licensing, for a minimum of five years from the date of the transaction.
Training: A dynamic and tiered training program tailored to different employee roles. All employees should receive basic awareness training, while those in export functions, engineering, and management require more detailed instruction.
Audits: A schedule of regular internal and/or external audits to monitor the effectiveness of the ICP, identify weaknesses, and implement corrective actions.
Reporting Violations: Clear procedures for employees to report suspected violations and for the company to investigate them. This includes a process for determining when to submit a voluntary self-disclosure to the DDTC to mitigate potential penalties.
Applying for an ITAR License
When a company needs to export a defense article, transfer technical data to a foreign person, or provide a defense service, it must obtain a license or other approval from the DDTC before the transaction occurs.
All applications for licenses and other approvals are submitted electronically through the DDTC’s Defense Export Control and Compliance System (DECCS) portal. Common license types include the Form DSP-5 for the permanent export of unclassified defense articles and technical data, and the Form DSP-73 for the temporary export of unclassified defense articles.
The EAR Analysis: A Four-Factor Test
If your item isn’t on the USML, it’s likely subject to the Export Administration Regulations. Unlike the status-based nature of ITAR, EAR compliance is a transaction-specific process. For each potential export, the exporter must conduct a systematic analysis based on four key factors. A license is required only if the specific combination of these factors triggers a control.
Factor 1: What is the item? (Classification)
The first and most technical step in the EAR analysis is to classify your item. The goal is to determine if your item is listed on the Commerce Control List (CCL) and, if so, to identify its specific Export Control Classification Number (ECCN).
Finding Your ECCN
Start with the Manufacturer or Supplier: The simplest and often quickest method is to ask the item’s original manufacturer for its ECCN. Many companies that export regularly provide classification information on their websites, in technical documentation, or upon request.
However, be aware that the ultimate legal responsibility for the correct classification rests with you, the exporter. You should perform due diligence to feel confident in the information provided by your supplier.
Self-Classify Using the Commerce Control List: If you cannot obtain the ECCN from the manufacturer, you must classify the item yourself. This requires a technical understanding of your product. The CCL is organized into 10 broad categories (numbered 0 through 9) based on the type of product, and each category is further divided into 5 product groups (lettered A through E).
The ECCN Structure: An ECCN is a five-character alphanumeric code (e.g., 3A001). The first digit is the CCL Category, the letter is the Product Group, and the last three digits identify the specific item within that group.
Use the Interactive CCL Tool: BIS provides a powerful online tool to assist with classification: the Interactive Commerce Control List. You can use this tool to search for your item by keyword or to browse by category and product group. When you find a potential ECCN, you must expand the entry and carefully read the detailed technical specifications to ensure your item meets the control parameters described.
Request a Formal Classification from BIS: If, after a thorough review, you’re still unable to determine the correct ECCN for your item, you can submit a formal commodity classification request to BIS. This is done through the Simplified Network Application Process–Redesign (SNAP-R) system. BIS will review your request and issue an official classification determination, known as a CCATS (Commodity Classification Automated Tracking System) number.
Understanding EAR99
If your item is subject to the EAR but isn’t specifically described by any ECCN on the entire Commerce Control List, it receives the classification of EAR99. This is a broad “basket” category that covers a wide range of items, typically low-technology consumer goods and products that don’t have sensitive dual-use capabilities, such as basic office supplies, clothing, or household furniture.
It’s crucial to understand that EAR99 isn’t a synonym for “No License Required.” While most EAR99 items can be exported to most destinations without a license, a license is still required if you’re exporting an EAR99 item to a U.S.-sanctioned or embargoed country, to a prohibited party on one of the government’s screening lists, or if you know the item will be used in a prohibited end-use (such as the development of WMD).
This is one of the most common and dangerous misconceptions in export compliance.
| Category Number | Category Description |
|---|---|
| 0 | Nuclear Materials, Facilities & Equipment (and Miscellaneous Items) |
| 1 | Materials, Chemicals, Microorganisms, and Toxins |
| 2 | Materials Processing |
| 3 | Electronics |
| 4 | Computers |
| 5 | Telecommunications and Information Security |
| 6 | Sensors and Lasers |
| 7 | Navigation and Avionics |
| 8 | Marine |
| 9 | Aerospace and Propulsion |
Factor 2: Where is it going? (Destination)
Once you have your item’s classification (either an ECCN or EAR99), the next step is to check the country of ultimate destination. For EAR99 items, you must ensure the destination isn’t an embargoed or sanctioned country (e.g., Cuba, Iran, North Korea, Syria).
For items with a specific ECCN, you must use the Commerce Country Chart.
Using the Commerce Country Chart
Identify the “Reason for Control” for Your ECCN: Look at the ECCN entry on the Commerce Control List. Below the heading, you’ll find a “License Requirements” section that lists one or more “Reasons for Control.” These are abbreviated codes, such as NS (National Security), AT (Anti-Terrorism), MT (Missile Technology), or CC (Crime Control).
Cross-Reference with the Commerce Country Chart: The Commerce Country Chart (found in Supplement No. 1 to Part 738 of the EAR) is a large table that lists all countries along its horizontal axis and the various Reasons for Control along its vertical axis.
Find the “X” to Determine a License Requirement: The easiest way to perform this check is with the Interactive Commerce Country Chart tool on the BIS website. Select your destination country from the dropdown list. The tool will then display the relevant columns from the chart for that country.
Find the column that corresponds to the Reason for Control for your ECCN. If there’s an “X” in the box where your item’s Reason for Control and the destination country intersect, a license is required for that transaction, unless you can find and qualify for a License Exception.
Factor 3: Who is receiving it? (End-User)
Regardless of the item or destination, U.S. export regulations prohibit you from conducting business with certain individuals, companies, and organizations. As the exporter, you have a legal obligation to screen all parties to your transaction, including the purchaser, the intermediate consignee (like a freight forwarder), and the ultimate consignee (the final recipient).
Screening Against the Consolidated Screening List
What is the CSL? The U.S. government maintains several lists of “restricted parties.” To simplify the screening process, these lists have been combined into a single, searchable database called the Consolidated Screening List (CSL).
The CSL includes critical lists from the Department of Commerce (e.g., the Denied Persons List, the Entity List, the Unverified List), the Department of State (e.g., ITAR Debarred List), and the Department of the Treasury (e.g., Specially Designated Nationals List).
Use the CSL Search Tool: The International Trade Administration provides a free, public CSL search engine. You can search by an individual or company name, country, and address.
Perform Due Diligence on Potential Matches: The CSL search tool includes a “fuzzy name” feature that uses algorithms to find close or potential matches, accounting for spelling variations or transliterations. If your search returns a potential match, this is considered a “Red Flag.”
You cannot proceed with the transaction until you’ve performed additional due diligence to determine if your party is the same as the party on the list. This may require checking the official source list on the relevant agency’s website for more details.
A confirmed match with a party on certain lists, such as the Denied Persons List or the Specially Designated Nationals List, generally prohibits any transaction without specific authorization from the government.
Factor 4: What is the end-use? (Application)
The final factor in the EAR analysis is the item’s ultimate end-use. Even if the item is EAR99, the destination isn’t sanctioned, and the end-user isn’t on a restricted list, a license requirement can be triggered by the intended application of the product.
Part 744 of the EAR establishes broad end-use and end-user controls. These regulations prohibit an exporter from proceeding with a transaction, even without a license, if they “know” that the item will be used in connection with certain prohibited activities:
- The design, development, production, or use of nuclear, chemical, or biological weapons (WMD)
- The design, development, production, or use of missile systems capable of delivering WMD
- Certain prohibited military end-uses in specific countries like China, Russia, or Venezuela
The legal standard of “know” is broad. It includes not only positive knowledge but also an awareness of a high probability that a prohibited activity is occurring. Willfully ignoring warning signs, or “Red Flags,” doesn’t provide a defense.
If a customer is vague about the product’s end-use, if their business doesn’t align with the product’s capabilities, or if they request unusual shipping or payment terms, you’re legally obligated to resolve these red flags before proceeding with the export.
License Exceptions: A Potential Alternative
If your four-factor analysis concludes that an export license is required, there’s one final step before you begin the application process: determining if a License Exception is available for your transaction.
A License Exception is a specific authorization described in Part 740 of the EAR that allows you to export or reexport an item subject to the EAR that would otherwise require a license, provided you meet all of the stated conditions of that exception.
However, these exceptions aren’t a simple workaround. They represent a significant compliance choice. While a license application involves the government reviewing the facts and granting permission, using a License Exception is a form of self-certification.
The exporter, without any pre-approval from BIS, is attesting that their transaction meticulously meets every single criterion of the chosen exception. This means the recordkeeping and due diligence burden for using a License Exception can be even higher than for a licensed export.
An incorrect or undocumented use of a License Exception is a violation. For example, License Exception TSR (Technology and Software Under Restriction) requires the exporter to obtain a formal written assurance letter from the consignee before the export occurs. License Exception LVS (Shipments of Limited Value) has strict rules prohibiting the splitting of a single order into multiple shipments to stay under the value limit.
Therefore, while powerful, License Exceptions should be viewed as an advanced compliance tool that requires its own rigorous internal process to justify and document its use in the event of a future government audit.
Not all transactions are eligible. Part 740.2 of the EAR outlines general restrictions on the use of all License Exceptions. For example, they’re generally not available for exports to embargoed destinations or for most items controlled for missile technology (MT) reasons.
| Exception Symbol | Exception Name | Brief Description/Common Use |
|---|---|---|
| LVS | Shipments of Limited Value | Authorizes the export of eligible commodities in a single order that is below a specific dollar value limit listed in the ECCN entry |
| GBS | Shipments to Country Group B Countries | Authorizes exports of certain items controlled only for National Security (NS) reasons to a specific list of allied countries (Country Group B) |
| CIV | Civil End-Users | Authorizes exports of certain National Security-controlled items to civil end-users for civil end-uses in Country Group D:1 (excluding North Korea) |
| TMP | Temporary Imports, Exports, Reexports, and Transfers | Authorizes various temporary exports, such as for tools of trade carried by an employee, items for exhibition or demonstration, or items for repair/replacement |
| RPL | Servicing and Replacement of Parts and Equipment | Authorizes the export of one-for-one replacement parts for previously exported equipment, or for the return of items repaired in the U.S. |
| TSU | Technology and Software Unrestricted | Authorizes the export of certain operational technology and software, software updates (bug fixes), and publicly available encryption source code |
| STA | Strategic Trade Authorization | Authorizes exports of certain items to a group of 36 closely allied countries, but requires the exporter to provide the consignee with the ECCN and receive a prior consignee statement |
Applying for a License
If your analysis confirms that a license is required and no License Exception applies, you must formally apply for and receive the license before proceeding with the export. This process, along with diligent recordkeeping, forms the final phase of export compliance.
EAR License Applications via SNAP-R
For items controlled under the EAR, license applications are submitted to BIS through its online portal, the Simplified Network Application Process–Redesign (SNAP-R) system.
The application process involves several key steps:
Register for an Account: Before you can submit an application, your company must obtain a Company Identification Number (CIN) from BIS and each individual user must register for a personal account on the SNAP-R portal.
Create a Work Item: The application itself is referred to as a “work item.” You will initiate a new work item and fill out the required information fields electronically.
Provide Detailed Information: The application form is extensive and requires precise details about the transaction. You must identify all parties (applicant, purchaser, ultimate consignee, etc.), provide the ECCN and technical specifications for the item, and describe in detail the specific end-use of the product. Vague or incomplete descriptions are a common reason for delays or rejection.
Submit Supporting Documents: Most applications require you to attach supporting documentation. This can include technical specification sheets for the product, a letter of explanation from the applicant, a purchase order from the customer, and, in some cases, a formal end-user statement or import certificate from the foreign party.
Await Review and Approval: Once submitted, the application enters a review process. BIS licensing officers will review the case, and depending on the item and destination, they may refer it to other government agencies for consultation, such as the Departments of Defense, State, and Energy.
This interagency review process can take anywhere from a few weeks to several months. You can track the status of your application using BIS’s System for Tracking Export License Applications (STELA).
Recordkeeping Requirements
Meticulous recordkeeping is the foundation of a defensible compliance program. Both the EAR and the ITAR mandate that exporters retain records of all export-related activities for a period of five years from the completion of the transaction.
These records must be made available to the government for inspection upon request. The types of documents you must retain include, but aren’t limited to:
- All export license applications, whether approved or denied
- The export licenses themselves and any associated provisos or conditions
- All documentation related to the use of a License Exception, including any required consignee statements or written assurances
- Commercial invoices, packing lists, and transportation documents like airway bills or bills of lading
- Any correspondence with parties to the transaction related to the export
- Records of your screening of parties against the Consolidated Screening List
Failure to maintain adequate records is itself a violation of the regulations and can result in significant penalties.
Penalties for Violations
The consequences for violating U.S. export control laws are severe and can be imposed on both the company and the individuals responsible for the violations, including managers and compliance officers. The penalties are designed to be a powerful deterrent, reflecting the serious national security implications of illicit trade.
EAR Violations (Administered by BIS)
Violations of the Export Administration Regulations can result in both criminal and administrative penalties, which are authorized under the Export Control Reform Act of 2018.
Criminal Penalties: For willful or knowing violations, penalties can include fines of up to $1 million per violation and/or imprisonment for up to 20 years.
Civil/Administrative Penalties: These penalties don’t require proof of willful intent. Fines can reach up to $300,000 per violation or twice the value of the transaction, whichever is greater. This maximum is periodically adjusted for inflation.
Denial of Export Privileges: In addition to monetary fines, BIS can issue a Denial of Export Privileges, which prohibits a company or individual from participating in any transaction subject to the EAR. It’s also illegal for other parties to do business with a denied person.
ITAR Violations (Administered by DDTC)
Violations of the International Traffic in Arms Regulations also carry steep penalties, enforced by the DDTC (civil) and the Department of Justice (criminal).
Criminal Penalties: Willful violations can result in fines of up to $1 million per violation and/or imprisonment for up to 20 years.
Civil Penalties: Fines can be up to $1,200,000 per violation (this amount is adjusted for inflation).
Debarment and Other Sanctions: The DDTC can debar a company from participating in the export of defense articles, a sanction that can effectively shut down a defense-related business. Other consequences include the seizure and forfeiture of the goods involved and the revocation of existing licenses.
| Regulation | Penalty Type | Maximum Fine (per violation) | Maximum Imprisonment |
|---|---|---|---|
| EAR | Criminal | $1 million or twice the transaction value | 20 years |
| EAR | Civil/Administrative | ~$350,000 (adjusted for inflation) or twice the transaction value | N/A |
| ITAR | Criminal | $1 million | 20 years |
| ITAR | Civil/Administrative | ~$1.2 million (adjusted for inflation) | N/A |
Note: Penalty amounts are subject to change and periodic inflation adjustments by the respective agencies.
Getting Started with Export Compliance
Understanding whether your product needs an export license is the first step in a comprehensive compliance program. The process requires systematic analysis, careful documentation, and ongoing vigilance as both products and regulations evolve.
For businesses new to export controls, the key is to start with the fundamentals: correctly identifying which regulatory regime applies to your products, understanding the four-factor analysis for EAR items, and implementing robust procedures for screening customers and destinations.
The complexity of export controls reflects the seriousness with which the U.S. government views the protection of sensitive technologies. While the learning curve can be steep, the investment in proper compliance procedures protects both national security interests and your business from potentially devastating penalties.
Whether you’re exporting sophisticated defense equipment under ITAR or commercial products under the EAR, the foundation of successful compliance is the same: thorough understanding of the regulations, systematic application of the requirements, and meticulous documentation of every decision and transaction.
Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.
