Are You ITAR Compliant? Guide to ITAR Compliance & Regulations

Posted by Chris Kaczor

in Military Asset Tracking / UID

Updated August 9th, 2023

Table of Contents

Export regulations are an important consideration for any U.S. business that ships goods internationally. For those companies who are working in defense-related industries and military applications, the need for proper oversight and control is even greater. There have been many strides in recent years to evolve regulations to better protect the public and companies from doing business with questionable entities. One of the biggest impacts has been the implementation of the International Traffic in Arms Regulations (ITAR). These guidelines were dramatically expanded at the start of the 21st century as global trade became more complex and the need to safely control the transport of defense-related goods rose.

The ITAR regulations include a number of articles penned by many related organizations. One example is EAR (Export Administration Regulations), maintained by the U.S. Department of Commerce, which applies to shipments of all controlled items. They are less strict and less specific than ITAR but still dictate export regulations that must be considered.

Understanding how all these regulations are intended to work and what you must do to ensure compliance can be intimidating. In addition, since ITAR regulations apply to the entire supply chain for any designated controlled items, it is possible to overlook some aspects of control. This guide will provide you with an overview of what ITAR is and how it is intended to work, as well as some important considerations to make to guarantee that your organization can maintain full compliance. Download our ITAR Compliance Checklist for a breakdown of all the essential steps to achieving and maintaining ITAR compliance.

For more information on ITAR compliance, jump to:

• What is ITAR?
• ITAR Regulations
• Who Needs to Be ITAR Compliant?
• Understanding ITAR Certification
• Best Practices for ITAR Compliance
• Additional Resources on ITAR Compliance

What is ITAR?

ITAR is a set of export control requirements (22 CFR 120-130) that were created to protect the movement, sale, or transfer of defense-related technology and prevent it from getting into the hands of foreign countries or parties who could use it for malicious purposes. These government rules are administered by the Directorate of Defense Trade Controls (DDTC) at the State Department. The initial directive for these controls on the export and temporary import of military-related property was created as the Arms Export Control Act (AECA).

The scope of the ITAR is covered by the services, articles, and technology intended for military use listed on the U.S. Munitions List (USML). Any organization or entity that controls an item that is listed on the USML must be compliant with ITAR and stay informed of any future changes to requirements. The primary control in place is through export licenses that grant permission from the U.S. government to transport or sell these goods to foreign entities or parties.

Given the seriousness of these regulations, potential fines and further penalties upon discovery of breaches are possible. The ITAR is available on the U.S. Department of State website as an electronic publication and an updated hard-copy print is also released each year. The guide provides an overview of ITAR and some important operational considerations.

ITAR Regulations

The USML contains 21 categories of articles and services that are defined as part of the AECA. Please note that this list is not limited to specific goods but also includes related technical data such as designs and blueprints. Reviewing it is an important initial step in familiarizing yourself with the process of restricting necessary access and maintaining proper controls.

The items that garner the most control are referred to as Significant Military Equipment (SME) and include such items as tanks, explosives, and others with an obvious military usage. The USML highlights these items that require extra attention for any entity working with them.

All manufacturers, suppliers, importers, exporters, and brokers who deal in any articles and services listed in the USML are required to register with the DDTC. The registration process itself does not determine compliance – which is, ultimately, your responsibility to control – but it is a requirement to obtain certain licenses or approvals for the movement of controlled goods.

Export License (DSP-5) – This form is the first step in arranging for the export or temporary import of controlled items listed the USML in ITAR. This license grants basic rights to export goods and also acts as a vehicle to process the following agreements through the DDTC. An important check done as part of DSP-5 application is to screen applicants based on any business with sanctioned or embargoed countries. The U.S government provides a Consolidated Screening List of restricted countries that compiles one listing from the separate lists maintained by the State, Treasury, and Commerce Departments, among others. It acts as a good reference to do a quick check, but it is the responsibility of the applicant to review the individual lists in detail. If an application is submitted intending interaction with one of these entities, it will almost certainly be denied.

Technical Assistance Agreement (TAA) – This agreement covers the exchange of any technical information or knowledge related to an ITAR-controlled item. Examples can include instructions for servicing an item, repair, or modification. The scope of this technical exchange requiring a TAA is understood to be proprietary and beyond normal marketing and public information already available. Your organization is responsible for ensuring that all individuals related to the controlled item(s) are informed of the ITAR regulations, including any sub-contractors or consultants.

Manufacturing License Agreement (MLA) – This document allows a foreign company to provide manufacturing related to an item controlled under ITAR. This agreement also covers the export of technical data as related to manufacturing as required for the controlled items.

Warehouse and Distribution Agreement (WDA) – The WDA serves as the primary means to create a warehouse or distribution center in a foreign country for an ITAR controlled item to be exported from the U.S. The regions for intended sale are very important in this case to ensure that items to do not end up in sanctioned/embargoed areas.

Who Needs to Be ITAR Compliant?

As mentioned previously, ITAR applies to all companies that do business of any kind related to controlled items listed on the USML. This includes the articles themselves, as well as any services or data related to them. The entire supply chain for the article must be considered, in addition to any supporting third-party contractors and consultants. Additionally, the scope of ITAR applies beyond military and government entities and applies to individual organizations doing business in these controlled areas.

Understanding and ensuring ITAR compliance is a core responsibility for any organization involved in the supply of these controlled items. There are potentially serious penalties imposed for any ITAR violations, including civil fines up to $500,000, criminal fines up to $1,000,000, and jail time of up to 10 years per instance. Even worse, the U.S. government has the power to ban your company from any related future import and export activity.

Understanding ITAR Certification

First and foremost, the DDTC does not recognize ITAR certifications of any kind. While there are consultants and entities that provide certification services, having a certification does not provide any benefit to your company. That being said, there could be a clear benefit to utilizing the services of a third-party to help your team navigate the often-complex regulations and help ensure a clear path to compliance.

Instead of focusing on a certification itself, it is recommended to fully review regulations and specific areas of compliance expected of your operation. Once you have a clear scope of the affected articles based on the USML and types of activities (manufacturing, service, export, etc.) that your company and related partners will be performing, you can make any necessary changes and seek DDTC registration and obtain proper approvals to ensure compliance.

Best Practices for ITAR Compliance

Based on the articles 22 CFR 120-130 that outline ITAR regulations, there are a number of areas that must be reviewed to ensure compliance. Here are a few of the best practices for meeting the requirements:

Handling of Technical Data – The technical data related to controlled articles listed in the USML can be far-reaching and involve such information as research results, manufacturing information, designs, and specifications. Due to this, you should designate which information is of a sensitive and proprietary nature and set up proper restrictions for access to it through encryption, firewalls, etc. Also important to consider is any media that contains sensitive data and any virtual hosting providers you use. Remember, it is the responsibility of your organization to achieve ITAR compliance for data control.

Export Management System (EMS) – One of the most useful actions you can take before seeking approvals to export any controlled articles is to create an EMS or, if you already have one, to ensure that it meets the specific ITAR requirements. This system will give you one place for managing and tracking all of these export requirements and align your team to the proper documentation, training, and awareness needed to avoid mistakes. Having a thorough knowledge of what your products are, how they are classified, and where they will be shipped is essential to achieving compliance.

Managing Controlled Articles – Apart from properly tracking technical data and information, it is also critical to have a full understanding of the handling, movement, and storage of your physical items. Since the entire supply chain for any controlled article is affected you want to have a clear understanding of each and every part that is involved and maintain proper access controls in your buildings, such as badge access for restricted areas and adequate physical security measures. In addition, you should maintain clear and durable labeling throughout your facility and especially on any ITAR articles themselves.

In today’s defense industry, one common solution for marking controlled items are UID (Unique Identification) labels. UID labels provide a secure and durable marker that meets ITAR requirements and can remain readable throughout the expected lifespan of the item. How you organize your warehouse, offices, and manufacturing is especially critical when it comes to ITAR-controlled items.

Avoid DSP-5 Export License Application Errors – When submitting an initial DSP-5 application, the correct information must be entered to avoid processing delays or rejections. An application can take anywhere from a month or two to process under normal circumstances, but delays can last much longer. One common error is including references to non-U.S. regulations or laws. Since the document applies only to U.S. export interests, you should cover any international regulations in separate agreements directly with those parties. Another frequent issue is failing to correctly identify all the relevant foreign and domestic end users and any sub-licensees in the correct portion of the form. This is an especially critical piece of information, as the end use destinations for any controlled item will be scrutinized.

The ITAR expectations are highly organized. With a clear understanding of your responsibilities as a related organization, you can ensure compliance across all areas. Review of the USML and registration with the DDTC, if required, are vital first steps that can help clarify exactly what needs to be done. Working with third-party consultants and contractors who are fully knowledgeable of ITAR can help you create a robust action plan for setting up an EMS and making fully compliant exports. And setting up a tracking system with DoD-approved UID labels, compliant with regulations such as MIL-STD-130 and STANAG 2290, helps you maintain tighter control by tracking managing controlled assets throughout the supply chain.

Achieving compliance is critical, and maintaining it is even more important. Staying on top of best practices and training is a great way to ensure your employees remain vigilant and committed to the process. Your sensitive information is especially important and having necessary controls in place for asset location and data access is crucial. An ITAR-compliant operation does not have to be overly complicated and if you focus your efforts on the right areas, you can create a streamlined and efficient set of controls for your organization. Download our easy-to-follow ITAR Compliance Checklist for a step-by-step breakdown of everything you need to do to achieve and maintain ITAR compliance.

Additional Resources on ITAR Compliance

For more information on ITAR compliance and related subjects, visit the following resources:

• Five Tips to Avoid Costly ITAR Violations
• What is ITAR Compliance?
• Guidelines for ITAR, EAR, DFARS Compliance Requirements
• 4 Tips for ITAR Compliance Training
• 5 Ways Your Company Can Prevent ITAR Technology Transfer Slips
• NEI ITAR 101 Webinar for Novice and Experienced Practitioners
• What is ITAR and its Role in Manufacturing?
• ERP Helping Defense Manufacturers Meet ITAR Compliance
• ITAR Regulations You Need to Know
• ITAR Fines Can Cripple Your Business