This part one of a three-part article series that analyzes considerations for government contractors looking to commercialize and protect their innovations developed in conjunction with the U.S. government imposed by statues and regulations.

The U.S. government is now prioritizing the enforcement of export controls and economic sanctions in unprecedented ways. Agencies responsible for enforcement are increasing staffing and there are joint efforts occurring among agencies.1

In 2023, California resident Jonathan Yet Wing Soong pled guilty to violating export control laws. Soong's employer was an association contracted with NASA to license and distribute U.S. Army flight control software.2 Soong was responsible for vetting customers to confirm they did not appear on restricted lists. But, he willingly exported and facilitated the sale and transfer of that software to Beihang University, an organization on the Department of Commerce's Entity List.3

The entity list comprises names of foreign persons, businesses, research institutions, government organizations, and private organizations that the U.S. government has identified as subject to licensing requirements and policies. Soong pled guilty to a violation that carries a maximum of 20 years in prison and a $1,000,000 fine. He is awaiting sentencing.

While many violations are not as obvious and intentional as Soong's, the U.S. government enforces its export controls under a strict liability standard, making compliance and due diligence efforts important. But even more important, export control laws apply in a variety of situations, some of which may not be obvious.

As with export controls, there are a number of legal considerations for individuals and companies who do business with the U.S. government.

Why is understanding export controls important?

Export control laws have a far reach that impact sanctions, international shipments and commerce, financial transactions, international travel, and the exchange of information. U.S. export control laws impose a strict liability standard, meaning a company is liable regardless of whether they intend to violate the law or even knew conduct could violate the rules. In the past, the Department of Commerce's Bureau of Industry and Security (BIS) has imposed civil penalties against companies that fail to comply with export control laws.

What happens if one is non-compliant? Companies can face civil penalties of up to $1 million and possible imprisonment. Under both the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), voluntary disclosure of non-compliance may lead to penalty mitigation, especially as enforcement continues at a rapid pace.4

What is an export control?

Export controls are the U.S. laws and regulations that govern the transfer of certain goods, services, materials, technologies, and information outside the United States or to a "foreign person."5 A non-U.S. person is anyone who is not a U.S. citizen or permanent resident, and who has not been granted political asylum or other protected status.

Due to the complex and changing nature of export controls, it can be difficult to determine when export controls apply. Information regulated for export is generally known as "controlled information."

What types of information or activities are covered by export controls?

A surprisingly wide variety of information can be considered "controlled information" and a variety of activities may be subject to export control regulations:

  • Information used in the development of intellectual property or in the course of innovation can be controlled for export as proprietary information that is not in the public domain. However, information in the public domain is under the jurisdiction of the Patent and Trademark Office such as published patents, and their application file history.
  • Release of the controlled information to a foreign national employee could be viewed as sending information to a person in a foreign country even if that person is located in the United States.
  • Work conducted for an agency of the federal government remains subject to export controls. Sponsorship or contracts with the U.S. government does not mitigate or supersede a company's responsibility to adhere to export control laws.
  • Use of sharing applications, such as SharePoint, that allows certain users to have access to export-controlled information is subject to export control laws.
  • Taking tangible and intangible items outside the United States without the proper documentation is also subject to export control laws. Everything that crosses a U.S. border is an export, and the law applies to both tangible and intangible items, such as software. U.S. persons travelling internationally should screen for institutions they are visiting to confirm they are not restricted parties and to confirm they are not traveling to embargoed or sanctioned countries. Sometimes, such travel may require an export license to bring certain data or items across a U.S. border.
  • Access by an individual with a dual citizenship, where the most recently obtained citizenship was not the United States. The last citizenship obtained governs and is viewed as the individual's country of citizenship for export control purposes.6
  • Foreign-made and produced items. Foreign-made products with more than a defined amount of U.S. origin products may be subject to the EAR.7 Under the EAR, foreign commercial items that are commingled with U.S. origin parts or technologies over a de minimis8 level (25% or less of the total value of the foreign made item) are subject to the EAR. For defense articles, there is no de minimis rule. The EAR's foreign direct product rules capture foreign-produced Items under U.S. export controls when the foreign Items are 1) a "direct product" of certain controlled U.S. Technology or software; or 2) produced by a plant or "major component" of a plant that itself is a direct product of specified U.S. Technology or software. In recent years the EAR's foreign direct product rules have been expanded and can apply differently depending on the potential destination, end-user, or end-use of the Item.
  • Certain businesses and industries are regulated more heavily, due to national security and economy concerns. For example, in the semiconductor manufacturing business, equipment including the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of the equipment is subject to specialized export controls, many of which requires licenses to export from the United States. This includes information such as blueprints and drawings, as well as any software that may be involved in the operation of the equipment.
  • Shipping products to a restricted entity on BIS's Entity List without a license. Shippers may be subject to government inspection or review in the same way that companies are and are required to have an export declaration for products. However, relying on a shipper to handle the proper paperwork and procedures is not a recommended fallback, as companies remain responsible for their activities. Even when screening procedures are in place, they may not prevent errors from occurring. For example, a screening procedure used by a logistic company to prevent exports to restricted parties failed because the procedure did not flag an abbreviated name for a university in China.
  • Conducting tours for visitors or prospective foreign buyers to U.S. facilities. Companies must screen all foreign nationals, visitors, potential employees before giving access.
  • Shipping to friendly/allied countries (like Canada) could require an export license, so one should conduct due diligence before exporting from the U.S. Using a freight forwarder does not alleviate responsibility, as your company remains the exporter of record, and thus remains liable for compliance.

What is an export license and how do you get one?

An export license may be issued by BIS or DDTC after a careful review of the facts regarding an export transaction. While many export transactions do not require a license, it is up to an exporter to determine whether their due diligence process would require a license.

Where do the export control laws originate?

The U.S. participates in a multilateral export control regulation system. The current export control regulation system involves two sets of regulations — the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).

The ITAR is under the jurisdiction of the Department of State and is administered by the Directorate of Defense Trade Controls (DDTC).9 ITAR regulations support the control of defense-related articles that could be used for military purposes.

The EAR is under the jurisdiction of the Department of Commerce and is administered by BIS.10 EAR regulations support the control of commercial and dual-use products and items.

The EAR regulates exports and reexports of certain commodities, software and technology. An export includes a shipment or transmission outside of the U.S. and the disclosure or transfer of technology or source code to a foreign person within the United States (known as a deemed export). A reexport refers to a shipment from one foreign country to another foreign country.11

What can a company do to address export controls?

The Bureau of Industry and Security recommends that organizations maintain compliance programs to ensure they are following export regulations. The elements of an effective compliance program may include conducting risk assessment for your organization, keeping records for a minimum of five years, conducting training for employees and management, auditing compliance measures, handling potential export violations, and taking corrective actions if necessary.

Companies should assess their risk and compliance programs to ensure they are prepared for these changes. Companies may want to consider designing and implementing export compliance programs to efficiently assess potential hurdles related to export controls and monitor regulations effectively.

Companies may consider using access and data protection policies based on user and file attributes. Once the compliance programs are established, companies should also regularly assess the program to validate its effectiveness and eliminate compliance gaps.

If a company determines that the release of controlled information must occur, then they must obtain a deemed export license from BIS before allowing the release to occur. Failure to comply could result in civil penalties. Effective due diligence and compliance can mitigate risk and allow companies to respond to allegations of noncompliance.

Footnotes

1. https://tinyurl.com/mr3wtbwr

2. https://tinyurl.com/yyfmzjkt

3. https://tinyurl.com/bdzxamv7

4. https://tinyurl.com/3krbf6py

5. See Part 772 of the Export Administration Regulations.

6. https://tinyurl.com/4mmkfwwe

7. 15 C.F.R. § 734.3.

8. See 15 CFR 734.4 for a complete description of the de minimis content regulations.

9. https://tinyurl.com/r95upkse

10. https://tinyurl.com/5x3vkufu

11. 15 C.F.R. §§ 734.13-14.

Originally Published by Westlaw Today

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.