Deemed Exports Compliance Requirements

Deemed exports compliance sits at the intersection of technology transfer law and national security regulation, requiring US-based organizations to treat the release of controlled technical data or source code to foreign nationals inside the United States as though that information were being physically shipped abroad. The Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR) both impose deemed export obligations that carry criminal and civil penalties for violations. Understanding which transactions trigger these rules, which classification schemes apply, and how to document decisions correctly is essential for universities, defense contractors, semiconductor firms, and any enterprise that employs foreign nationals in technical roles.

Definition and scope

A deemed export occurs when controlled technology, technical data, or source code is released — through visual inspection, oral briefing, or electronic transmission — to a foreign national on US soil (Bureau of Industry and Security, EAR 15 CFR § 734.13). The release is "deemed" an export to the foreign national's country or countries of nationality, not merely to the individual. This legal fiction means a single conversation in a US laboratory can constitute multiple simultaneous exports to the countries on a foreign national's passport.

Scope under the EAR covers items on the Commerce Control List (CCL), administered by the Bureau of Industry and Security (BIS) within the Department of Commerce. Scope under ITAR covers items on the US Munitions List (USML), administered by the Directorate of Defense Trade Controls (DDTC) within the Department of State (22 CFR § 120.17). Items subject to ITAR are governed by an ITAR deemed export rule — sometimes called a "deemed reexport" when the release occurs in a third country — and carry stricter controls than most EAR-controlled items.

The distinction between EAR and ITAR coverage is not always obvious. An item that has been specifically designed, modified, or configured for military application will typically land on the USML. Dual-use items with commercial and military applications generally fall under EAR and the CCL. Where both regimes overlap, ITAR takes precedence (DDTC guidance on jurisdiction).

How it works

Deemed exports compliance operates through a structured classification and authorization workflow:

1. Item classification — The organization determines whether the controlled technology or data falls under the EAR (CCL Export Control Classification Number, or ECCN) or the ITAR (USML category). Items not on either list may be EAR99, which carries the fewest restrictions.
2. Nationality screening — The foreign national's country or countries of citizenship are identified. Dual nationals require analysis against both countries' control status.
3. License determination — BIS or DDTC rules are applied to establish whether a license exception is available (e.g., EAR License Exception TMP, CIV, or the Technology and Software Unrestricted exception) or whether a specific license must be obtained before disclosure.
4. License application or exception documentation — If no exception covers the release, the employer files a deemed export license application with BIS or an export license with DDTC. Processing times at BIS averaged 26 days for EAR applications in fiscal year 2022 (BIS Annual Report to Congress, FY2022).
5. Recordkeeping — All license determinations, technology control plans (TCPs), and related correspondence must be retained. EAR recordkeeping obligations run five years from the date of the transaction (15 CFR § 762.6). ITAR requires a minimum five-year record retention period as well.

Organizations with recurring foreign national access to controlled technology typically implement a Technology Control Plan — a written document governing physical access, network segmentation, and training requirements for each controlled project.

Full details on the broader export compliance requirements framework explain how deemed export obligations fit within an enterprise-wide export program, and denied party screening requirements interact directly with deemed export license decisions.

Common scenarios

Academic research environments — Universities routinely employ foreign graduate students and postdoctoral researchers in physics, engineering, and materials science laboratories. The "fundamental research exclusion" under EAR (15 CFR § 734.8) exempts basic and applied research published without proprietary restrictions, but sponsored research with publication restrictions or export-controlled deliverables falls outside that exclusion and requires TCP implementation.

Defense contractor engineering teams — Engineers working on USML-controlled hardware or technical data — radar systems, cryptographic equipment, satellite components — require individual ITAR authorizations before foreign national employees can access design specifications. An ITAR violation carries civil penalties up to $1,393,832 per violation (as adjusted under the Federal Civil Penalties Inflation Adjustment Act; see DDTC Civil Penalty Information).

Semiconductor and software firms — Source code for encryption or advanced manufacturing tools can carry ECCN designations such as 5E002 (encryption) or 3E001 (microelectronics technology). Releasing such code to a foreign national employee without a license exception constitutes a deemed export.

Decision boundaries

The two primary classification boundaries are EAR versus ITAR jurisdiction and controlled versus uncontrolled technology. A second critical boundary distinguishes US persons from foreign nationals: US citizens, lawful permanent residents, protected individuals under 8 USC § 1324b, and persons granted asylum or refugee status are treated as US persons under EAR and ITAR and are not subject to deemed export licensing.

A third boundary separates license-required releases from license-exception-eligible releases. EAR License Exception CIV, for example, covers release of certain controlled items to civil end users in specific countries — but it is unavailable for items controlled for national security reasons to destinations in Country Group D:1. ITAR carries no equivalent general exception for foreign nationals in the United States; each release requires either a license or a specific treaty-based authorization.

Compliance risk assessment methodology and voluntary self-disclosure procedures are both relevant when an organization discovers an undocumented deemed export release that may constitute a violation.

References

• Bureau of Industry and Security (BIS), US Department of Commerce
• Export Administration Regulations (EAR), 15 CFR Parts 730–774 — eCFR
• Directorate of Defense Trade Controls (DDTC), US Department of State
• International Traffic in Arms Regulations (ITAR), 22 CFR Parts 120–130 — eCFR
• BIS Annual Report to Congress, FY2022
• EAR Fundamental Research Exclusion, 15 CFR § 734.8 — eCFR
• EAR Recordkeeping Requirements, 15 CFR § 762.6 — eCFR

📜 1 regulatory citation referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log