I work for a printed circuit board manufacturing company. Much of our work falls under ITAR restrictions. We are required to forward CAD data to upstream contract manufacturers for assembly, etc. Does the data have to be encrypted during transfer even though the CM's are eligible to access this data? Most of our transfers are just email attachments.
The ITAR does not require that your encrypt emails. If you decide to do it, that would be a good practice. It is up to you since it is not required.
We've always believed that integrating a Commerce-controlled item (e.g., a weather radar, AT-controlled only) into a category VIII(a) aircraft would be considered a defense service and any modification made to the item for such integration would cause that item, as modified to be controlled potentially at a higher level. Is that integration truly a defense service? Also, based on the definition of specially designed in the EAR, would the hardware be classified as 3A611.x?
This is an open ended question that cannot be answered without the details. The answer depends on what is involved in what you do.
For example, merely plugging an EAR controlled item into a defense article is not automatically a defense service. If, however, in the course of installing the EAR item I have to modify something else that is a defense article, that would be a defense service. Installing an unmodified EAR weather radar into a defense article does not change the classification of the unmodified EAR weather radar. If you modify a weather radar for use in a defense article, that might change the classification of the weather radar. Whether the classification changes depends on the specific modifications you make.
Are the rules the same to export 9xxxx.y? For example, look at the controls for the ECCN 9xxxxxx, then go to the Country Chart, etc.?
The license requirement rules for 9x6xx.y are based both on the standard "reason for control column identifiers" and the Country Chart, and on the special military end-use and military end-user controls in EAR 744.21(a)(2).
Is an EAR license required for employees (non-US persons) using EAR items in their daily jobs while meeting the EAR definition of "use"? Is a license required for the “use” of an EAR item if the person is performing all of the following: Operation, Installation (including on-site installation), Maintenance, Repair, Overhaul,
The issue is what technical data or technology (information) the foreign person will obtain and whether that technical data or technology is controlled by an ECCN or USML Category that would require a license for that person's country. EAR export controls are not based on a person just using an item. EAR controls and restrictions would apply if during the course of using the item the person obtains controlled EAR technology or software source code.
We are moving our manufacturing to a Mexico maquiladora type facility and one of the products has an ECCN of 9A991D. Does this type of product require an export license if it is built in Mexico and shipped to a customer in the US?
9A991 does not require an export license for Mexico or the US.
We are a sourcing company that does a lot of importing from China and other places. A customer wants us to quote parts but the parts require "ITAR Controlled factories" per the customer. What exactly does that mean? Can I help my factory in China get ITAR Certified?
There is no regulatory, legal or official US Government definition of "ITAR Controlled factories" or "ITAR Certified" so you should ask the person who used those terms what they meant by them. Regardless of what those terms mean, it is unlikely that a manufacturer in China will be eligible for ITAR related activities.
It is risky to enter into the ITAR compliance world with little or no understanding of the ITAR. One of the most basic ITAR issues is that China is nearly always not eligible to be involved in ITAR regulated activities.
What are the obligations when a company sends some ITAR information to another company? Maybe you have some documents explaining the difference between the licences? It's really hard to find something clear on the Internet.
I do not suggest that a person use free Internet resources to comply with burdensome regulations when violations of the rules could, in the worst case, make it impossible for the person to do business with US companies and impossible to do business involving US items.
I was told that our email needs to meet ITAR specs when dealing with our international customers. Please advise.
If you want to transfer ITAR controlled technical data to a location outside of the United States or to a foreign person in the United States, you must comply with the ITAR. This includes, but is not limited to, electronic, tangible, oral, visual, or other transfers. The ITAR requirements are burdensome, numerous and complex and depend on the facts of the situation. I recommend you do not just make your best guess at the requirements but that you learn and understand the ITAR.
What is the difference between the DSP-5 and the TAA?
There are many differences. The DSP-5 is an export license that may authorize exports of a wide range of hardware as well as specific technical data. The DSP-5 normally does not authorize exports of defense services except in some cases DDTC will authorize minor defense services on a DSP-5. The TAA authorizes a wide range of defense services and technical data.
What are the obligations when a company sends some ITAR information to another company?
There are a wide range of obligations depending on all of the facts. The short answer is you must comply with all applicable aspects of the ITAR and it is hard to give more specific advice because your question is too general.
May I just clarify something with regards to the APR exception — can this exception be used for 600 series products?
You asked a good question that points to a fundamental element of analyzing EAR license exceptions: In all cases before using an EAR license exception, you want to check EAR 740.2 which contains restrictions on license exceptions. Often times these restrictions are not repeated in the text of the actual license exceptions even though the restrictions may effectively cancel out the available of the license exception you are considering.
EAR 740.2(a)(13) states:
“600 series” items that are controlled for missile technology (MT) reasons may not be exported, reexported, or transferred (in-country) under License Exception STA (§ 740.20 of the EAR). Items controlled under ECCNs 9D610.b, 9D619.b, 9E610.b, or 9E619.b or .c are not eligible for license exceptions except for License Exception GOV (§ 740.11(b)(2) of the EAR).
Only the following license exceptions may be used to export “600 series” items to destinations other than those identified in Country Group D:5 (see Supplement No.1 to part 740 of the EAR):
(i) License Exception LVS (§ 740.3 of the EAR);
(ii) License Exception TMP (§ 740.9 of the EAR);
(iii) License Exception RPL (§ 740.10 of the EAR);
(iv) License Exception TSU (§ 740.13(a), (b), (f) and (g) of the EAR);
(v) License Exception GOV (§ 740.11(b) or (c) of the EAR);
(vi) License Exception BAG (§ 740.14); and
(vii) License Exception STA under § 740.20(c)(1) of the EAR, provided all of the applicable terms and conditions, including...
Since APR is not listed in 740.2()(13) (i) - (vii), you may not use APR for 600 series items.
We are one machine shop based in Singapore. Do we have to be ITAR registered?
The only time the ITAR requires registration for a company in Singapore is when the Singapore company is a broker as defined in the ITAR. If a Singapore company is only manufacturing and machining ITAR controlled items, the ITAR does not require registration.
Do stickers (a pressure sensitive label or film that has adhesive on the back that can be applied to a variety of different materials) need an ECCN or ITAR number?
That sticker is most likely classified as EAR99 unless it contains technical data/technology/information that is classified in a different way.
A particular software capability has been approved for export and has received an EAR 99 classification. If modifications are made to the software does it have to be reviewed again? If so, at what level? Does going from version 2.0 to 2.1 require a re-look? What about going from version 2.0 to 3.0? At what point does the updated software require a re-certification?
The changes in version numbers are not important. What is important is any change in functions, performance or capability of the software. You have to look at all of those changes and determine if they cause the export classification to change.
My Mexico based research center, which does not have overseas facilities and not owned or controlled by a US person, uses a simulation software made by US company “USCo” called Simulator with ECCN 5D992. It also comes with an electrical analysis add-on to the Simulator software under EAR99. We use this software in our facility in Mexico, and all our researchers are based in Mexico, but may come from other countries, though none are from the E1 countries Cuba, Iran, North Korea, Sudan and Syria.
Q1: Since the software does not exit Mexico, can we interpret that the usage of the USCo software by our multinational researchers does not constitute re-export?
A1: The usage of the software in Mexico by foreign nationals does not constitute reexport or a deemed reexport under US rules.
Q2: Deemed re-export pertains to technical data and source code and not software in object code, is this correct? What about Simulator software? Would the results of the Simulator software be considered technical data?
A2: Yes, deemed reexport applies to the release of technical data and software source code to foreign nationals. If they use the software simulation tools in Mexico to do simulations, the technical data that is created in Mexico as a result of that activity is not considered to be US origin data. In addition, it would not be controlled merely because you used the US software tools you mentioned to create the technical data.
Q3: Hypothetically speaking, let’s say we have a researcher in our employment who is an Iranian national, (who is not a denied person and is not a Mexico Permanent Resident). Will using the Simulator software in our facility in Mexico be considered deemed re-export? If not, is it violating any form of export control rule?
A3: Hypothetically speaking, it is not a deemed reexport to allow an Iranian national to use US origin software in your facility in Mexico. It would be a deemed reexport if you gave the Iranian national US origin source code. If you company is not a US person, US rules do not prohibit the activity you described.
Q4: In the notes in the ECTI EAR seminar manual, it states to “use the most recent country of permanent residence/citizenship to determine a person’s nationality.” Thus, is it true that if this said Iranian national had obtained Mexico Permanent Resident status, that in the case of US Export Control Rules, that he can now be treated as a Mexico national instead?
A4: You are correct. Once any Iranian or other nationality (except US nationality, of course) obtains Mexico Permanent Resident (or citizenship) status, US export/reexport control rules treat that person as a national of Mexico for EAR purposes.
Do "600 series" parts require a license to go into Mexico?
Certain 600 series items require an export license for Mexico while others do not. The export license requirements for Mexico depend on the ECCN and paragraph.
I am working on a project that requires ITAR compliance. I would like to employ a few Canadians who are in the US on a NAFTA TN Visa. Am I able to do this and still comply with ITAR?
If they will have access to ITAR controlled technical data you need to get export licenses for them. Alternatively, you can put in place procedures to prevent their access to ITAR technical data.
I understand that an export can include the physical, technological and informational aspects of a product. Regarding the informational aspect, how do you determine what information is considered an export and what information is appropriate to discuss or share? For example, would manuals (installation, maintenance, calibration, and parts) for the physical product be considered an export?
Export controls apply to the release to a foreign person in the US or abroad and to sending out of the US technical data or technology. The ITAR has a definition of the "technical data" it controls and the EAR has a definition of the "technology" it controls. So, first you have to determine if the ITAR or EAR applies to the information you are looking at and then go to the applicable regulations to see the definition. The definitions are conceptually similar but there are some nuance differences.
We have always understood that demonstrations (rather than static displays) of ITAR-controlled hardware to non-US persons at public trade shows would be a disclosure of ITAR-controlled technical data which would require USG authorization, whether that trade show occurs in the US or abroad. However, could we call that data "publically available" and rely on the carve out from the defnition of technical data under the ITAR?
Public domain requires that the information be published. To me that means it has to be on a piece of paper or on an electronic media. If the information released through a public demo at a trade show in the US is the same as information that is published and released at a show in the US or otherwise made public domain, it certainly is public domain. If the information released during the demonstration is not published and available via one of the methods listed in the definition of public domain, you are not on solid ground, although there have been no enforcement cases in recent memory for demonstrations at trade shows.
We are an Italian company that produces components for semiconductors. We have many customers ITAR registered, that give us only commercial business because we are not ITAR. Is there any possibility for an Italian manufacturing company such as ours to have ITAR certification?
There is no ITAR registration required for companies outside of the United States. There is no ITAR registration available for companies outside of the United States. Apparently the US companies you are talking to do not want to go through the process of getting US export licenses to export controlled technical data and items to you.
Is it an ITAR violation if you are stating a company's specification for manufacturing in an email, which is available on the Internet and world wide web? (i.e. Coat per ABCS 1525 as a hypothetical example?) There are mixed messages from many companies...
The ITAR controls emails that contain ITAR technical data when those emails are sent to a foreign person or a foreign location.
The ITAR does not control information that is publicly available. If, for example, I take detailed specification that are ITAR controlled and put them in a brochure that I make available to everybody at an open trade show in the United States. that brochure is now publicly available. There are no ITAR restrictions on publicly available information so it is not a violation to send that brochure to China. Prior to December 1984, the ITAR required that a person get US Government authorization prior to making something publicly available. The ITAR no longer requires prior US Government authorization.
Is there a situation where a document should be marked both ITAR and EAR? We are receiving such documents from our NASA customer and have flagged this as problematic due to the different handling approaches. NASA says that this is fine since there is both ITAR and EAR information in the document. I would think that the ITAR should be the only marking used. Is this correct?
It is acceptable to mark a document as containing both ITAR and EAR controlled information. I think an even better approach is to mark the document with the applicable USML Category and paragraph and the applicable ECCN and paragraph.
What is the correct method of destruction for ITAR information (paper copy) or on CD? Please provide a detailed explanation. i.e., for paper: cross shredder, then disposed of within normal recycling. For CD: shredded to particles finer than 2mm x 6mm and then disposed of in normal refuse.
The ITAR does not have any rules that tell you how to destroy technical data so it is up to each person to come up with a reasonable approach. Your approach sounds reasonable.
We are trying to develop a log that will be used to capture exported defense services. What would I need to ensure I capture in this log related to defense services?
ITAR 123.26 says that for all exports under exemptions you must keep these records:
Description of the defense article, including technical data, or defense service;
Name & address of end-user and other available contact information (e.g., telephone number, email address);
Name of natural person responsible for the transaction;
Stated end-use of the defense article or defense service;
Date of the transaction;
EEI Internal Transaction Number (ITN) if required;
Method of transmission.
I am the security manager for an international cooperative program and currently developing a Project Security Instruction as directed in our EM&D MOU. Where can I find in the ITAR (if this is still correct) "once a U.S. Person applies, technical know-how, the data becomes the property of the U.S. (i.e. Country X provides U.S. Lab missile firing data for analysis. The lab now wants to export the analysis back to country X for a meeting. Is this now U.S. property?)
"US property" is not ITAR terminology. The ITAR controls US and non-US origin items depending on the circumstances. To answer your question we need to know what ITAR authorization was used to export the technical data from the USA, what each party involved did with the technical data and the location of each party.
We are a company that manufactures US defense articles in Europe based on a number of MLA's. We utilize local suppliers in the production process, called sublicensees, listed on our ITAR agreements. Can we remove those suppliers from the list of foreign sublicensees (via amendment initiated by US applicant) who provide us with EAR 600 series parts? (it used to be ITAR - controlled parts before ECR). If so, what kind of authorization would we need to share with these 'suppliers' the EAR 600 tech data?
Do you plan to retransfer any US technical data to the sub-licensees in question? If yes, what is the US export control ITAR or EAR classification of the technical data?
If I received an ITAR classified item in the EU and once received under a DSP-5 this item is reclassified to EAR600. Does this reclassification affects the item received or this item is still subject to ITAR legislation?
The item is no longer controlled by the ITAR. The item is not controlled by the EAR. To give you some flexibility, the US Government has announced that you may continue to use any retransfer approval that the DSP-5 provides for the items you received under the DSP-5.
Is Singapore under Section 126.1 of the ITAR? Can you ship to Singapore?
Singapore is not in ITAR 126.1.
If the ITAR item imported to the US under the exemption 123.4, can it be shipped just through a regular carrier like FedEx?
The ITAR does not prohibit you from using FedEx. Just make sure you make all the proper arrangements so the export is cleared properly.
How are defense services for EAR 600 Series items authorized since there is no EAR equivalent to a TAA? If our US company wants to provide design services to an EU company for 600 Series items, do we only need an EAR license for the related tech data transfer?
The ITAR controls defense service even in cases where during the course of providing the service you do not export ITAR controlled technical data.
The EAR controls exports of technical data. If you do a service specific to a 600 series item and do not export technical data while doing so, you are not engaged in an EAR controlled activity. Certain 600 series items do not need licenses for certain countries in certain cases. If you are exporting technical data, then whether an export license is required is based on the standard factors of the ECCN paragraph level classification, country, parties, activities, etc. involved in the transaction.
Part 1: Are US citizens prohibited from owning significant military equipment category XII a) b) or c)?
Part 2: If the origin/manufacturer of the category XII item is outside the US, can a US citizen purchase or own the item?
Part 1) No.
Part 2) You may not purchase such items from ITAR 126.1 countries or, in most cases, from parties on US export and trade control prohibited parties lists.
My company makes aerospace parts and components. We are stuck on the "specially designed" definition of the ITAR with regards to a new assembly--the (b)(3) release statement in particular.
We have a new assembly design that incorporates two existing parts. These parts, separately, are EAR-controlled--we make them all the time and they are (separately) in other applications that are subject only to the EAR. However, when combined in this new assembly which has performance characteristics that exceed any of our EAR offerings it makes the assembly truly unique in terms of its performance capability. In reviewing the ITAR definition of "specially designed" (because that's where we are on the Order of Review after determining how this assembly could be classified), based on the information above and assuming we answer "no" to all other release statements, would that make this assembly "specially designed" on the ITAR?
You ask about an assembly with the unique ITAR application. If there is a non-ITAR assembly with the same function and performance and equivalent form and fit, the assembly would not be caught as ITAR specially designed. In your case, you said your assembly with the unique ITAR application has a different performance than the non-ITAR similar items, which means you are not released by (b)(3).
We work with a Chinese rubber polymer manufacturer; they will not have an ECCN code. We import their product and sell to distributors in the USA. We do not export. We do, however, send prints to the Chinese manufacturer for quotes. Would sending a print (often times we have no idea where this rubber part goes in a component, truck, car, computer etc.) constitute needing an ECCN code?
Sending the print to China is most likely an export of technical data. You must comply with applicable export regulations, most likely the Export Administration Regulations or the International Traffic in Arms Regulations. If the EAR is applicable, you need to know the ECCN for the print, so you can determine the applicable export licensing requirements.
We are a small machine shop--ITAR registered. Our customer is a Prime for guidance systems for aerospace, military & commercial use. The customer has always in the past supplied the castings for us to machine. The casting supplier is in Canada. Now, they want to impose the purchase of the casting down to us. Since this casting had already been supplied to the Prime, must we file for licenses and approvals for technical data transfers and the importing of the casting in order to purchase the materials? I am under pressure to release a purchase order to the Canadian supplier for product already here on the Customers receiving dock, as well as releasing other casting in Canada, which would be directly delivered to our facility.
Assuming the Canadian company will use ITAR-controlled technical data to make the casting, it sounds like you need to get an Offshore Procurement Agreement DSP-5 approved and then put in place an Offshore Procurement Agreement prior to getting the castings form Canada. See ITAR 124.13.
I would like some clarity on ITAR regulations for manufacturing ITAR regulated components in Mexico? For an export approval, how difficult are they to get and also, what if it is a U.S. company operating as a U.S. company in Mexico?
Many export licenses are approved to authorize the manufacture of ITAR controlled items in Mexico. The likelihood of a license being approved depends on many factors including the technology and items involved and the ownership of the Mexican company. A company in Mexico that manufactures ITAR controlled item should have compliance procedures in place to prevent exposing itself to significant penalties for violating the ITAR.
I am interested in gaining experience in international trade law compliance. I have experience in compliance analysis (described below). Can you offer advice for how an intelligent, young, eager California Attorney can get his foot in the door in international trade compliance?
Since admission to the California Bar in 2011, I have been working as a compliance analyst. In September of 2013, I was comfortable enough with my practice to start my own compliance business. I assist local government agencies in complying with contractual obligations and US federal securities law relating to the public debt they issue.
International trade law compliance is a broad term. Our specialty is with the International Traffic in Arms Regulations, the Export Administration Regulations, the Foreign Trade Regulations and the rules administered by the Office of Foreign Assets Control.
The best approach is a combination of training and work. We believe we offer the best training here at the Export Compliance Training Institute including live in-person seminars, live webinars and electronic recorded e-seminars.
There always are exporting companies, consulting firms and law firms looking to hire employees to do export compliance work. Once you get experience and develop competence in the field, you will have a valuable and marketable skill.
I'm a USA citizen by birth and semi-retired from the military industrial complex. I do consulting to supplement retirement income. My wife is Mexican and living in Mexico awaiting our youngest child to graduate. I have a home office in the home in Mexico from which I have performed consulting work via telephone/internet/computer. A new task has popped up that is US military "Unclassified" for an unmanned underwater vehicle upgrade. I deal only with data and do not have anybody either in Mexico or USA that I share with other than the USA clients. Before taking on this task I want to make sure we do not violate ITAR. It is my understanding that the client that exports data to me to do work will require a license and may have to file reports on export of data. But do I need to have a license and file reports
If the other obtains an ITAR export license and you do only what the license authorizes you to do, you will be in compliance with the ITAR for that issue.