Is Your Business ITAR Compliant?
The ITAR articles affect the sale, distribution, and manufacture of products covered under the USML in most technology and security companies. Ensure that your business is ITAR compliant by being aware of the qualifications of compliance, the products and services included under both the USML and ITAR, and the violations for businesses that are found to be non-compliant.
If you own a company or a contractor who does business with the U.S. government, you are most likely aware if you are subject to a number of broad regulatory requirements under International Traffic in Arms Regulations (ITAR) articles that are in place to control and prevent information and technology from falling into the wrong foreign hands.
The U.S. Government requires ITAR compliance from all manufacturers, exporters, and brokers of defense articles, defense services or related technical data. Your company and members of your company’s supply chain must be ITAR certified or ITAR compliant if they’re involved in the manufacture, sale or distribution of either goods or services covered under the United States Munitions List (USML) or a component supplier to goods covered under the USML.
ITAR was originally established to regulate military products and services, but it was later expanded to cover many products that are commercial in nature. Many items developed for military use have evolved into mainstream commercial products in the security, electronic, navigation, maritime, and aviation industries. It can be difficult to determine if a product is subject to ITAR, which presents a challenge for many business owners, because aligning a product with the guidelines is hard to pinpoint. However, it is important to understand this distinction, especially if your firm (or your firm’s vendors) provides products and services to government customers.
At the core of the ITAR is the USML list of products, which names a wide variety of products, software, technical data and services subject to regulation. Companies with products and services regulated under ITAR are subject to registration requirements, restrictions on transfer of regulated software and technical data, or restrictions on the performance of defense services for foreign parties, are required to obtain export licenses and must meet specific record-keeping requirements.
The stipulation to be ITAR certified (compliant) means that the company must be registered with the State Department’s Directorate of Defense Trade Controls (DDTC) and the company must understand and abide by ITAR as it applies to their USML linked goods or services. By registering, the company is certifying that they operate in accordance with ITAR when they agree to be a supplier for a USML prime exporter.
Increasingly, companies are requiring that ITAR compliance language be included in contracts, on purchase orders and requests for proposals. Nowhere in ITAR regulations is it spelled out what “ITAR certified” actually means, but generally ITAR compliance regarding technology and security companies affects the manufacture, sale, and distribution of technology and the control access to specific types of technology and associated data. In effect, the government is trying to prevent the disclosure or transfer of sensitive information to a foreign national.
As a result, ITAR can pose challenges for global corporations, since data related to specific technologies may need to be transferred over the Internet or stored outside of the United States in order to make business processes flow smoothly. The responsibility lies with the manufacturer or exporter to take the necessary precautions and steps to certify that they are, in fact, meeting ITAR compliance requirements.
Violations can result in criminal liability for a company discovered to be non-compliant, which means imprisonment for the company’s owners and employees.
The USML contains 21 broad categories of products, ranging from firearms and military vehicles to computers, security and communications equipment, including:
- Electronic systems and computers designed, modified or configured for intelligence, security or military purposes;
- Military training services and equipment;
- Command, control and communication systems including radios (transceivers) and identification equipment;
- Navigation systems;
- Protective personnel equipment and shelters;
- Naval vessels and related equipment, parts, technologies and software;
- Flight control products, software and technologies;
- Satellites, launch vehicles and ground control equipment, including parts, technologies and software;
- Classified products, technical data and software;
For companies that develop products or services for a U.S. military customer, the product, technical data, software or service should be on the USML, thus subject to ITAR. If an item is listed on the USML, then software required to run that item is most often also covered on the USML. The same goes for technical data related to the item – information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of items listed on the USML.
Products, technology or software developed originally using U.S. defense research funding are often considered to be military products, so the products and related technical data, software and services go on the USML.
Companies offering products, software, technical data or services that are on the USML may be subject to one or more of the following:
- Registration – the company must register with the U.S. State Department, even if it does not export any of its products;
- Transfer of technical data and software to foreign nationals – companies are prohibited from transferring software or technical data listed on the USML to foreign nationals, either in the U.S. or abroad without an export license;
- Defense services – companies are prohibited from performing services for foreign parties related to items on the USML, either in the U.S. or abroad, without obtaining a State Department authorization called a Technical Assistance Agreement (“TAA”);
- Export license – companies are prohibited from exporting products listed on the USML without obtaining an export license;
- Temporary imports – companies are prohibited from importing defense items listed on the U.S. Munitions List in temporary import transactions without obtaining a temporary import license;
- Record-keeping requirement – companies are required to maintain records in accordance with the ITAR recordkeeping requirements;
- Brokering – companies are prohibited from brokering the sale of defense items without complying with the DDTC brokering requirements;
- Reports for payments of sales commission, fees and political contributions – companies are subject to restrictions on the payment of sales commissions, fees and political contributions made in connection with defense transactions;
- Transactions with debarred parties – companies are prohibited from entering transactions subject to ITAR regulation with certain debarred parties identified on the State Department’s two Debarred Party Lists.
ITAR regulates more than just exports; the regulations also include a variety of activities that involve domestic commercial businesses.
Companies that ignore or violate ITAR regulations can face severe criminal and civil penalties, including imprisonment of up to ten years and fines of up to $1,000,000 per violation. Criminal sanctions can be imposed on company owners as well as officers, directors and employees in their personal capacities.
Companies found in violation can also be barred from selling products and services to the federal government. This is often the most severe sanction for a government-contracting firm. Other sanctions include denial of export privileges and seizure of goods being transferred in violation of ITAR requirements. If sanctions are imposed, the DDTC usually issues a press release announcing the violation and posts a notice on its website.
Find out more about ITAR compliance and whether your company should be registered by visiting the U.S. Department of State Directorate of Defense Trade Controls website.
For ITAR compliant visitor management systems, refer to Veristream.com.