What Are Export Control Violations and Why Do They Matter to Corporations?

Regulators identify violations through customs inspections, third-party complaints, undercover operations, and internal corporate disclosures during audits or voluntary compliance reviews. From a practitioner's perspective, many enforcement actions begin when a company or its distributor fails to file required documentation or when U.S. Customs and Border Protection flags an anomalous shipment during routine screening. The Commerce Department, State Department, and Treasury Department's Office of Foreign Assets Control (OFAC) coordinate enforcement, and each agency may pursue parallel investigations based on the same transaction. Detection often hinges on whether export documentation is complete and consistent with shipping records; incomplete or contradictory paperwork frequently triggers secondary examination that can uncover broader compliance gaps.

Intent matters significantly in distinguishing civil from criminal liability, though the regulatory framework penalizes both negligent and willful conduct. Civil violations under the EAR can result from strict liability—meaning a company may face penalties even without knowledge of the violation—while criminal prosecution typically requires proof of knowing violation or reckless disregard for licensing requirements. Courts have held that a company's failure to implement reasonable compliance procedures, despite access to regulatory guidance, can support an inference of recklessness sufficient for criminal charges. The distinction between inadvertent error and willful blindness often becomes the central contested issue in enforcement proceedings.

Civil penalties under the EAR can reach up to $300,000 per violation or twice the value of the controlled item, whichever is greater, while ITAR violations may result in civil penalties of up to $500,000 per violation. Criminal violations carry fines up to $1 million and imprisonment terms up to 20 years for individuals, and felony convictions can trigger debarment from federal contracts, loss of export privileges, and mandatory inclusion on the Commerce Department's denied parties list. Beyond direct penalties, a corporation may face asset freezes, injunctions against future exports, and operational restrictions that can persist for years after settlement. The reputational consequences—including media coverage, customer notification obligations, and potential shareholder litigation—often exceed the direct financial penalties in long-term business impact.

A violation finding or criminal conviction can result in denial or revocation of export licenses, placement on the denied parties list, and suspension of federal procurement eligibility. Companies operating in defense, technology, or aerospace sectors face particular operational vulnerability because export licenses are often prerequisites for contract performance. An enforcement action can freeze pending shipments, halt customer relationships in restricted jurisdictions, and trigger contract termination clauses with government and private customers. In New York federal courts, where many trade enforcement cases proceed, the evidentiary standards for demonstrating willful violation often turn on whether the company maintained documented compliance training, internal controls, and timely license applications; delayed or missing internal compliance records frequently become admissible evidence of indifference to regulatory requirements.

The Export Administration Regulations (EAR), administered by the Commerce Department's Bureau of Industry and Security, govern dual-use items (goods and technology with both civilian and military applications), while the International Traffic in Arms Regulations (ITAR), administered by the State Department's Directorate of Defense Trade Controls, govern defense articles and technical data on the U.S. Munitions List. Dual-use items are classified on the Commerce Control List (CCL) using alphanumeric codes that determine licensing thresholds based on destination, end-use, and end-user; ITAR items are subject to stricter licensing requirements and broader restrictions on foreign nationals' access to technical data. The two regimes overlap in certain technology areas, creating compliance complexity where a single product may implicate both EAR and ITAR requirements. Misclassification between the two regimes—or failure to recognize that an item requires licensing under either—is a frequent source of corporate liability.

Licensing requirements depend not only on what is being exported but to whom and for what purpose. The EAR imposes Country Groups and End-Use Codes that restrict exports to certain destinations, such as countries subject to U.S. .anctions or embargoes, and end-uses, such as nuclear weapons development or military applications. ITAR similarly restricts exports to most foreign governments and their nationals, with limited exceptions for NATO allies and other designated countries. End-use screening requires exporters to verify that the customer is not a denied party, not engaged in sanctioned activity, and not planning to divert the item to a prohibited end-user or end-use. Corporate liability often arises when a company ships to a customer without conducting adequate due diligence on that customer's identity, financial condition, or stated end-use, or when a company ignores red flags suggesting diversion risk.

Effective compliance programs include maintaining a controlled items inventory, conducting regular classification reviews of products against the CCL and ITAR list, implementing customer due diligence procedures, and documenting license applications and denials. A comprehensive export control law compliance framework should assign clear responsibility for license determinations, establish approval workflows that prevent unauthorized shipments, and maintain audit trails showing how classification and licensing decisions were made. Training for sales, engineering, and logistics personnel on export controlled goods requirements reduces the risk that employees will inadvertently initiate unauthorized transactions. Documentation of compliance efforts is critical because it demonstrates good faith and can mitigate penalties in civil enforcement or support a defense against criminal willfulness allegations.

If a company discovers a potential violation, prompt internal investigation and evaluation of voluntary disclosure options are essential. The Commerce Department and State Department each maintain voluntary disclosure programs that may result in reduced or waived penalties if a company self-reports the violation, cooperates fully, and implements corrective measures. Voluntary disclosure requires the company to notify the relevant agency in writing, describe the violation in detail, and provide all relevant documentation; the agency then determines whether to accept the disclosure and what penalty, if any, will apply. A company that discovers a violation but delays disclosure or attempts to conceal it faces substantially higher penalties and increased criminal prosecution risk. Timing is critical: agencies typically require disclosure before the government has detected the violation independently, so early identification and notification can significantly alter the enforcement outcome.

Corporate exposure to export control violations reflects the intersection of technical classification challenges, customer due diligence obligations, and overlapping regulatory jurisdictions. The procedural risk extends beyond the initial investigation: enforcement agencies coordinate findings, penalties accumulate across civil and criminal tracks, and collateral consequences (debarment, license revocation, reputational harm) often persist longer than the direct penalty period. A corporation facing export control scrutiny should prioritize early internal investigation, documentation of compliance procedures and any remedial steps, and evaluation of whether voluntary disclosure or negotiated resolution is feasible before enforcement escalates. Forward-looking compliance strategy should focus on formalizing product classification procedures in writing, maintaining records of due diligence on customers and end-uses, and establishing clear approval workflows so that licensing decisions are documented and defensible under regulatory scrutiny.