What is ITAR (International Traffic in Arms Regulations)?
ITAR regulates the export of defense articles and services with the objective to keep materials out of the hands of foreign nationals. These regulations apply for both government contractors and subcontractors, and the articles and services covered by these regulations are outlined in the United States Munitions List (USML). The legislation seeks to control access to specific types of technology and the associated data. Its goal is to prevent the disclosure or transfer of sensitive information to a foreign national.
The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML).
Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”.
ITAR mandates that access to physical materials or technical data related to defense and military technologies is restricted to US citizens only.
Who Needs To Follow ITAR Compliance?
Any company that handles, manufactures, designs, sells, or distributes items on the USML must be ITAR compliant. The State Department’s Directorate of Defense Trade Controls (DDTC) manages the list of companies who can deal in USML goods and services, and it is up to each company to establish policies to comply with ITAR regulations.
- Computer Software/ Hardware vendors
- Third-party suppliers
Every company in the supply chain needs to be ITAR compliant. If company A sells a part to company B and then company B sells the same part to a foreign power, company A is also in violation of ITAR.
Example of ITAR Supplier Compliance Letter
How is compliance achieved?
To be ITAR or EAR compliant, a manufacturer or exporter whose articles or services appear on the USML or CCL lists must register with the U.S. State Department’s Directorate of Defense Trade Controls (DDTC). ITAR and EAR compliance can be problematic for a global corporation because the data related to a specific type of technology may need to be transferred over the Internet or stored locally outside the United States to make business processes flow smoothly. It is the responsibility of the manufacturer or exporter to take the necessary steps to certify that they are in compliance with the regulations.
What does ITAR flowdown to suppliers mean?
A flow down clause is a contractual provision where a contracting party (prime contractor) legally binds another party (subcontractor) to the terms and conditions of contract (the prime contract) between the prime contractor and a third party (client).
When a prime contractor binds the subcontractor to all the terms and conditions of the prime contract, we call that a “back-to-back” flow down arrangement.
When only parts of the prime contract obligations are passed through to the subcontractor, when we have a partial flow down.
Example of a flowdown document
Source: What Is A Flow Down Clause (Legal Definition And Examples) (incorporated.zone)
What ITAR Exceptions Exist?
The State Department can issue exemptions to that one rule, and there are existing exemptions established for specific purposes. There are certain countries that currently have standing agreements with the U.S. that apply to ITAR – Australia, Canada, and the U.K., for example. The US government requires having in place and implementing a documented ITAR compliance program, which should include tracking, monitoring and auditing of technical data. With technical data, it’s also a good idea to tag each page with an ITAR notice or marker so employees don’t accidentally share controlled information with unauthorized users.
ITAR exists to track military and defense sensitive material and to keep that material out of the hands of U.S. enemies. Noncompliance can result in heavy fines along with significant brand and reputation damage — not to mention the potential loss of business to a compliant competitor.
Penalties for ITAR Compliance Violations
Export control laws provide for substantial penalties. Failure to comply with ITAR can result in civil fines and criminal penalties with fines per violation.
- Civil fines up to $500,000 per violation
- Criminal fines of up to $1 million and/or 10 years imprisonment per violation
In April of 2018, the State Department fined FLIR Systems, Inc $30 million in civil penalties for transferring USML data to dual national employees. Part of the penalty requires that FLIR implement better compliance measures and hire an outside official to oversee their agreement with the State Department.
In 2007 ITT took at $100 million fine to the face for exporting night-vision technology illegally. ITT thought they could workaround the restrictions, the Government didn’t agree with their interpretation of the rules.
Types of Defense Articles
There are 21 categories of Defense Articles in the USML. A defense article is anything on this long and oddly specific list.
- Firearms, Close Assault Weapons and Combat Shotguns
- Guns and Armament
- Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets, Torpedoes, Bombs and Mines
- Explosives and Energetic Materials, Propellants, Incendiary Agents and Their Constituents
- Surface Vessels of War and Special Naval Equipment
- Ground Vehicles
- Aircraft and Related Articles
- Military Training Equipment and Training
- Personal Protective Equipment
- Military Electronics
- Fire Control, Laser, Imaging and Guidance Equipment
- Materials and Miscellaneous Articles
- Toxicological Agents, Including Chemical Agents, Biological Agents and Associated Equipment
- Spacecraft and Related Articles
- Nuclear Weapons Related Articles
- Classified Articles, Technical Data and Defense Services Not Otherwise Enumerated
- Directed Energy Weapons
- Gas Turbine Engines and Associated Equipment
- Submersible Vessels and Related Articles
- Articles, Technical Data and Defense Services Not Otherwise Enumerated
Source: What is ITAR Compliance? Definition and Regulations (varonis.com)
Examples of ITAR CUI (Data)
- DDTC license applications
- certain algorithms
- electronic export information filings
- destination declarations
- delivery verifications
- applications for registration
- purchase orders (Page 531)
- foreign import certificates
- non-transfer and use certificates
- shipping documents that contains information relevant to the export of a defense article
Source: Information Security Oversight Office, NARA § 2002.1 and o365_data_guidance_and_encryption_instructions.pdf (nasa.gov)
What is the difference between ITAR and EAR?
The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are two important United States export control laws that affect the manufacturing, sales and distribution of technology. ITAR is for defense goods and services whereas EAR is for commercial goods and services.
|ITAR [22 CFR 120-130]||EAR [15 CFR 730-774]|
Covers military items or defense articles.
Regulates goods and technology designed to kill or defend against death in a military setting.
Includes space related technology because of application to missile technology.
Includes technical data related to defense articles and services.
Strict regulatory licensing – does not address commercial or research objectives.
Regulates items designed for commercial purpose which could have military applications such as computers or software.
Covers both the goods and the technology.
Licensing addresses competing interests and foreign availability.
Combines commercial and research objectives with national security.