ITAR Compliance: What It Is, Who Needs It, and the Penalties for Ignoring It

If your company is involved in exporting any defense products, services, or related technical data, you’re probably already familiar with the International Traffic in Arms Regulations (ITAR). And if not, you need to be! These export control laws are designed to prevent unauthorized foreign nationals from procuring any sensitive information. This article reviews what ITAR compliance means, who needs it, and the penalties for ignoring it.

What is ITAR compliance?

At its most basic, being ITAR compliant means following all of the requirements of the International Traffic in Arms Regulations (ITAR). The tricky thing is that there is no strict definition of ITAR compliance, other than adhering to the law. Here are the general steps:

  • Register with the U.S. State Department’s Directorate of Defense Trade Controls. There is a non-refundable fee associated with registration.
  • Obtain the proper licenses for the things you plan to export.
  • Ensure your policies and procedures are compliant with ITAR requirements.
  • Make sure someone at your facility is educated about ITAR and trained in how to keep your policies and procedures compliant.

If that sounds somewhat vague, well, it is! What it comes down to is that you’re responsible for making sure that you’re following all relevant ITAR guidelines. There’s no such thing as third-party certification for ITAR compliance — you must set up your systems appropriately and then make sure the rules are followed. One aspect of ITAR compliance is verifying the citizenship of anyone who has access to sensitive information. That’s where a visitor management system comes in. With a visitor management system, you can not only ask for verification of citizenship status, but also print that status directly on each visitor’s badge. That means you’ll always be able to see at a glance who’s in your facility. You can also use a visitor management system to capture signatures on any required legal agreements, like NDAs and technology control plans, as well as to keep a record of everyone who visits your facility. Learn more about these and other visitor management system features. For other common ITAR compliance issues, refer to this checklist from the law offices of Williams Mullen.

Do you need to be ITAR compliant?

All manufacturers, exporters, and brokers of defense articles, defense services, and related technical data must be ITAR compliant. But what does that mean? Here are some useful definitions.

Defense articles

A defense article is anything on the United States Munitions List. The list includes, but isn’t limited to, items in the following categories:

  • Firearms, close assault weapons, and combat shotguns
  • Guns and armament
  • Ammunition/ordnance
  • Launch vehicles, guided missiles, ballistic missiles, rockets, torpedoes, bombs, and mines
  • Explosives and energetic materials, propellants, incendiary agents, and their constituents
  • Surface vessels of war and special naval equipment
  • Ground vehicles
  • Aircraft and related articles
  • Military training equipment and training
  • Personal protective equipment
  • Military electronics
  • Fire control, laser, imaging, and guidance equipment
  • Materials and miscellaneous articles
  • Toxicological agents, including chemical agents, biological agents, and associated equipment
  • Spacecraft and related articles
  • Nuclear weapons related articles
  • Classified articles, technical data, and defense services not otherwise enumerated
  • Directed energy weapons
  • Gas turbine engines and associated equipment
  • Submersible vessels and related articles
  • Articles, technical data, and defense services not otherwise enumerated

Defense services

Defense services fall into three main categories:

  • Providing assistance, including training, to foreign persons on anything related to defense articles. This includes design, development, manufacturing, maintenance, and so on.
  • Providing foreign persons with controlled technical data (see below).
  • Military training of foreign units and forces.

Technical data

Finally, there are three main types of technical data:

  • Information other than software for the design, development, manufacturing, and so on of defense articles. This includes blueprints, drawings, documentation, and more.
  • Classified information about the defense articles and defense services listed above.
  • Software directly related to defense articles.

Any information in the public domain or commonly taught in schools is not considered controlled technical data. Neither is marketing information or general descriptions of defense articles. To help you decide if ITAR applies specifically to you, see this guide from the Directorate of Defense Trade Controls: Getting Started with Defense Trade.

What are the penalties for ignoring ITAR compliance?

Last, but not least, what happens if you don’t comply with ITAR? We guarantee this is a situation you’d rather avoid. ITAR violations can result in fines of $1 million or more per violation, as well as jail time and debarment (meaning you lose your export license). Simply put, whatever the hassle of becoming ITAR compliant, it’s considerably smaller than the consequences of not doing it! You can get started on your compliance journey today by implementing a visitor management system in your facility. Sign up here for your 14-day free trial of The Receptionist for iPad.

Share this Post