Many companies assume that just because they’re not physically shipping something to another country, they aren’t exporting and don’t need to worry about the regulations that go along with exporting. After all, the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) don’t apply to activities occurring solely in the U.S. (anyone can see that it’s even in the names of the regulations themselves). Or do they?
Under the U.S. export regulation framework, there are many situations that fall under the definition of an export, and only one is the actual
cross-border shipment of goods. Failure to recognize and treat these situations as exports can result in inadvertently failing to comply with one or more export control provisions, thereby violating the law. Here are five situations that might trip your company up:
-
Releasing or transferring "technology" (including technical data and trade secrets) or software (source code) to a foreign person, even in the United States. Under U.S. export laws, "foreign persons" include any person who is not a U.S. citizen or permanent U.S. resident (e.g., a green card holder). Thus, providing source code or technical information, such as blueprints, engineering drawings, plans, or the like, to your employees who are non-U.S. citizens is referred to as a "deemed export." If your technology is provided on the United States Munitions List (USML), even enabling a foreign person to see the technology or item while in the United States, such as during a facility tour, constitutes an export.
-
Providing access to "technology" to business partners (including other private companies or university researchers). Providing access to source code or technical information, such as blueprints, engineering drawings, plans, or the like, to your business partners can be considered an export if that information is accessed by a foreign person in their employ or if the company is incorporated under the laws of a country other than the United States. Be sure you know who will have access to your information, and include export control compliance language in your agreements to ensure that your business partners have appropriate precautions in place.
-
Providing "defense services" to a foreign person, even in the United States. Under ITAR, providing or furnishing assistance or training in, for example, the design, engineering, manufacture, assembly, testing, repair, maintenance, operation, destruction, or use of defense articles (the list is lengthy and dense) to a foreign person constitutes an export.
-
Failing to consider the company or organization as a possible "foreign person." The definition of "foreign persons" also includes organizations that are incorporated under the laws of a country other than the United States. Thus, providing technical information, software, or defense services to a company that is owned by a parent company that is organized under the laws of another country can constitute an export.
-
Taking "technology" or source code to a foreign country. With many companies having armed their employees with the ability to work remotely, those employees can now access company information from just about anywhere in the world or download company information onto a device that they can freely take with them outside of the U.S. Although provisions for the license-free export of data and technology in these types of situations exist, security precautions and record keeping requirements still apply.
By familiarizing yourself and your employees with the basics of export control, you can identify potential problems before they arise and take the steps necessary to avoid
violations, including implementing security policies, establishing record keeping processes, and obtaining any necessary licenses. Establishing a technology control plan and providing training to your employees on the plan can help identify risks in advance and enable your organization to remain in compliance.
PDF
