1. Regulatory Framework and Licensing Requirements
The U.S. .overnment controls exports through two primary regimes: the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). Items subject to export control fall into categories based on their technical specifications, end-use, and destination. Many businesses underestimate the scope of these rules because "export" includes not only physical shipments abroad but also transfers of technical data, software, and intangible information to foreign nationals, even within U.S. .orders.
Ear and Itar Scope
The Commerce Department administers the EAR, which covers dual-use items, encryption, semiconductors, and certain chemicals. The State Department administers ITAR, which restricts defense articles and technical data. Determining which regime applies depends on the item's technical characteristics and the destination country. From a practitioner's perspective, many export violations arise not from intentional misconduct but from misclassification of products or failure to recognize that a transaction triggers licensing requirements. A company shipping industrial machinery to a customer in Canada may not realize that certain components require a license, or that sharing technical specifications with a foreign engineer constitutes a deemed export.
License Exceptions and Compliance Pathways
Not every export requires a license. The regulations provide exceptions for certain low-risk transactions, such as general scientific information or items destined for certain allied nations. However, relying on a license exception without careful analysis creates substantial risk. Our experience shows that companies often assume an exception applies without verifying all conditions. License exceptions have strict eligibility criteria, and noncompliance can transform what appeared to be a compliant transaction into a violation. Proper classification and documentation at the outset prevents costly disputes later.
2. Deemed Exports and Foreign National Restrictions
A critical and frequently misunderstood concept is the "deemed export." Under both EAR and ITAR, sharing controlled technical data or source code with a foreign national in the United States is treated as an export to that person's country of origin, even though no physical shipment occurs. This rule applies to employees, contractors, consultants, and visitors. Many technology companies and research institutions encounter deemed export issues when they hire foreign talent or collaborate with international partners.
Foreign National Access Controls
Your compliance obligations require identifying which employees or contractors have access to controlled information and determining whether that access requires authorization. If a software engineer with Chinese citizenship receives access to proprietary encryption algorithms, that access may constitute a deemed export to China, triggering licensing requirements or outright prohibitions depending on the item and destination country. Documentation and access logs are critical. Courts and enforcement agencies examine whether your company maintained reasonable controls to prevent unauthorized access.
New York Export Control Enforcement and Administrative Review
The Commerce Department's Bureau of Industry and Security (BIS) and the State Department's Directorate of Defense Trade Controls (DDTC) investigate violations through administrative proceedings, often coordinated with federal prosecutors in the Southern District of New York and the Eastern District of New York. Administrative enforcement can result in denial orders (which bar a company from exporting for extended periods), substantial civil penalties, and criminal referrals. Unlike litigation in federal district court, administrative proceedings before BIS or DDTC follow agency procedures where the burden of proof and evidentiary standards differ. Understanding these procedural distinctions is important because early engagement with counsel can shape how your company responds to a government inquiry and may influence the severity of enforcement action.
3. Enforcement Risk and Penalties
Violations of export control laws carry severe consequences. Civil penalties under EAR can reach $300,000 per violation, and ITAR violations carry similar exposure. Criminal prosecution is possible for knowing violations, with penalties including imprisonment up to 20 years and fines exceeding $1 million. The government does not need to prove intent to harm national security; it only needs to show that you knew or should have known that the item was controlled and that you failed to obtain required authorization.
Common Violation Scenarios
In practice, these cases are rarely as clean as the statute suggests. A company may ship products to a distributor in a permitted destination, unaware that the distributor will resell them to a sanctioned entity. Alternatively, a subsidiary or business partner may obtain controlled items without proper documentation or may misrepresent end-use. The company's liability depends on whether it knew or had reason to know of the violation. The government often pursues "red flag" cases where circumstances suggest the company should have questioned the transaction. Consider a manufacturer that receives an unusually large order from a new customer in a sensitive region, at a steep discount, with payment through informal channels. These facts might trigger a red flag warning that the transaction warrants additional diligence before proceeding.
Audit and Self-Disclosure
If your company discovers a potential violation, self-disclosure to the relevant agency may reduce penalties significantly. However, self-disclosure must be voluntary, timely, and complete. Once the government initiates an inquiry or investigation, disclosure is no longer voluntary and does not receive the same penalty mitigation. Early counsel engagement helps your company evaluate whether disclosure is strategically advantageous and how to structure it.
4. Compliance Strategy and Due Diligence
Effective export control compliance requires a systematic approach. Your organization should conduct a commodity classification review to identify which products and technical data are subject to control. Implement access controls for foreign nationals, maintain detailed transaction records, and establish approval workflows for international sales. Educate employees and contractors about deemed exports and licensing requirements. Many violations stem from gaps in training rather than deliberate misconduct.
| Compliance Element | Key Action |
| Commodity Classification | Obtain authoritative determination from BIS or DDTC; document basis for classification |
| Customer Due Diligence | Screen against denied parties lists; verify end-use and end-user; document findings |
| Foreign National Access | Identify controlled data; implement need-to-know restrictions; maintain access logs |
| Export Documentation | Obtain licenses where required; retain shipping documents, invoices, and export declarations |
For businesses engaged in export and import operations, integrating export control compliance into your supply chain and sales processes is not optional. Similarly, companies in consumer goods and retail sectors must verify that imported components and finished goods do not contain controlled items subject to re-export restrictions. Noncompliance can disrupt your business, result in denial orders that prevent future exports, and expose executives and the company to criminal liability. The regulatory landscape continues to evolve, particularly regarding emerging technologies, sanctioned jurisdictions, and end-use controls. Engaging experienced counsel early in your export planning allows you to structure transactions defensibly and identify compliance gaps before they become enforcement problems.
06 Feb, 2026
