The IT Law Wiki


Export controls

limit access in other countries to technologies and products that could be valuable for military purposes. The control process, which varies by type of product, involves a list of controlled items and an administrative structure for enforcing controls on the export of listed items. Controlled exports do not mean no exports. Rather, these exports are controlled in terms of destination and, in some cases, volume or end use, with restrictions specified as part of the export license.[1]

Historical background[]

On September 5, 1774, the First Continental Congress convened in Carpenter's Hall in Philadelphia and the following December, Congress declared the importation of British goods to be illegal. Twelve months later the Congress outlawed the export of goods to Great Britain, thus establishing the first American export controls. Since then, the United States has imposed export controls for a variety of reasons through legislation such as the Embargo Act, Trading with the Enemy Act, the Neutrality Act, and the Export Control Act of 1949.

The Export Control Act of 1949 gave the U.S. Department of Commerce primary responsibility for administering and enforcing export controls on dual-use items, and for the first time defined three reasons for the imposition of these controls — national security, foreign policy, and short supply. Upon the expiration of the Export Control Act, the Export Administration Act (EAA) of 1969 took effect on January 1, 1970. The EAA was reestablished in 1979,[2] and amended several times since.

Because unilateral export controls are less effective than controls enforced by many nations, the United States joined forces with other countries to help further its national security and foreign policy interest. This included the Coordinating Committee for Multilateral Export Controls (CoCom).

Currently, the United States is a member of the Nuclear Suppliers Group, the Australia Group, the Missile Technology Control Regime, and the Wassenaar Arrangement.


The U.S. government controls the export of defense-related goods and services by companies — as well as the export of information associated with their design, production, and use — to help ensure they are consistent with national security and foreign policy interests. The applicable export controls depending on whether the item to be exported is military in nature, or is "dual-use" — having both civilian and military uses.


U.S. export and reexport controls apply to technical data and software exported physically as well as via the Internet, e-mail, foreign access to host computers, and any other electronic means of transferring data or software. For example, exports of cryptographic modules implementing the Digital Signature Standard and technical data regarding it must comply with these Federal regulations. Both the Department of Commerce ("DOC") and Department of State ("DOS") export control regulations must be considered in designing an export controls provision.

The DOC administers the Export Administration Regulations ("EAR"). Most commercial products are under the jurisdiction of the EAR. All U.S. exports require a general or validated license prior to export under the EAR. A general license is self-executing. A validated license is a specific license obtained by application to the DOC. Export control classifications for products, including software, indicate whether a general license is available and any destination restrictions. Most mass-market software may be exported under a general license to key market countries.


Under existing export control regulations, transfers of U.S. export-controlled information to foreign nationals within the United States are also considered to be an export to the home country of the foreign national[3] and thus may require an export license. These transfers are commonly referred to as "deemed" exports. The Department of Commerce’s export control regulations[4] specifically utilizes the term "deemed export" to describe these transfers. While the ITAR does not use a precise corresponding term, State Department officials indicate that the concept of a "deemed" export is covered under the ITAR's general definition of an export — i.e., an export means "[d]isclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad,"[5] and the ITAR requirements for the export of unclassified technical data which state "a license is required for the oral, visual, or documentary disclosure of technical data by U.S. persons to foreign persons . . . regardless of the manner in which the technical data is transmitted (e.g., in person, by telephone, correspondence, electronic means, etc.)."[6] The State Department also refer to these transfers as "deemed exports."

Department of Commerce[]

The Department of Commerce, through its Bureau of Industry and Security (BIS), controls the export of dual-use items and information primarily through implementation of the Export Administration Act of 1979. Commerce’s Export Administration Regulations (EAR)[7] establish the Commerce Control List, which generally contains detailed controls for dual-use items.

Department of State[]

In consultation with the Department of Defense, the U.S. Department of State's Directorate of Defense Trade Controls (DDTC) (formerly the Office of Munitions Control), regulates exports of defense items and information under the authority of the Arms Export Control Act of 1976. State's International Traffic in Arms Regulations (ITAR)[8] provides controls over defense articles and services, which are identified in broad categories on the U.S. Munitions List (USML). DDTC works to implement and enforce these laws and regulations using three key offices: Licensing, Compliance, and Policy.

Generally, items regulated by State require an export license, while items regulated by Commerce do not necessarily require an export license. Whether an export license is required depends on multiple factors including the item being exported, country of ultimate destination, individual parties involved in the export, parties’ involvement in proliferation activities, and the technical characteristics and planned end use of the item. Any person or company in the United States that engages in manufacturing, exporting, or importing U.S. Munitions List items must register with the Department of State.[9] Under EAR, release of CCL “technology” to foreign nationals within the United States is considered to be an export to the home country of the foreign national and thus may require an export license.[10]

The Office of Licensing is responsible for reviewing license applications and addressing correspondence from exporters, such as providing advice on questions to businesses, known as advisory opinions. The Office of Compliance checks for company violations of the export regulations and conducts end-use checks on exports and company visits to achieve this goal. The Policy Office provides training through a third-party organization, and outreach to companies on the export regulations.

Requirements for exporters[]

Commerce and State require exporters to identify items that are on the CCL and U.S. Munitions List and, if required, obtain license authorization from the appropriate department to export these items unless an exemption applies. Exporters are responsible for complying with export-control laws and regulations.

When shipping a sensitive dual-use or military item that requires a license, exporters are required to electronically notify DHS’s Customs and Border Protection (CBP) officials at the port where the item will be exported, including information on the quantity and value of the shipment, the issued export license number, or an indication that the item is exempt from licensing requirements.

Export enforcement agencies including CBP, ICE, the Federal Bureau of Investigation (FBI), Commerce's Office of Export Enforcement (OEE), U.S. Attorney's Office and the Defense Criminal Investigative Service, are involved with inspecting items to be shipped, investigating potential violations of export-control laws, and punishing export-control violators.

U.S. regulations are designed to keep specific military and dual-use items from being diverted to improper end-users. However, current regulations focus on the export of these items and do not address the domestic sales of these items. The seller of a U.S. Munitions List item or a CCL item may legally sell the item within the United States, and is under no legal duty to perform any type of due diligence on a buyer. However, if the seller of an item knows or has reason to know that the buyer is representing a foreign government or intends to export the item, then the seller may be liable.[11]

Department of Defense[]

The Defense Technology Security Administration (DTSA) represents DOD on export control issues and administers development and implementation of technology security policies for the international transfers of defense-related goods, services and technologies, which DOD oversees. DTSA serves an advisory role in State’s and Commerce’s export license review processes and offers technical reviews on licenses for national security concerns. DTSA may also provide guidance regarding commodity jurisdiction requests from State, and DTSA often issues advice regarding advisory opinions submitted to both State and Commerce. The agency is responsible for maintaining contact with industry regarding changes in technologies and licensing initiatives. DTSA plays a significant role in coordinating any proposed changes to the ITAR or EAR, with DTSA’s opinion serving as the final DOD position regarding such matters.


  1. Computers at Risk: Safe Computing in the Information Age, at 173.
  2. See' Export Administration Act of 1979.
  3. For export control purposes, the term foreign national includes any person who is not a U.S. citizen or lawful permanent resident.
  4. 15 C.F.R. §734.2(b)(2)(ii).
  5. See 22 C.F.R. §120.17.
  6. See 22 C.F.R. §125.2(a), (c).
  7. 15 C.F.R. §§730-74.
  8. 22 C.F.R. §§120-30.
  9. Export often involves the actual shipment of goods or technology out of the United States. Under ITAR, transfers of Munitions List "technical data" to foreign persons within the United States is also considered to be an export. 22 C.F.R. §120.17(a)(4).
  10. 15 C.F.R. §734.2(b).
  11. An otherwise legal transaction is prohibited if the seller knows an export violation will occur, pursuant to 15 C.F.R. §736.2(b)(1) for CCL items and 22 C.F.R. §127.1(2) for U.S. Munitions List items. Criminal liability may attach under 50 U.S.C. app. §2410, 50 U.S.C. § 1705, 22 U.S.C. §2778(c), or general statutes such as 18 U.S.C. §371.

See also[]