January 8, 2007

Trends in U.S. Export Control Policy – How Do They Affect Your Company?

Holland & Knight Alert
Jonathan M. Epstein

The landscape of export control regulation and policy in the United States is constantly changing. These changes include not only new published regulations, but also more general trends, both in the types of new restrictions that are coming out, and in how existing laws and regulations are interpreted and enforced.

We can identify the primary goals of U.S. export policy − to protect the United States’ technological advantage vis-à-vis countries that are potential military threats − and to prevent technology usable in weapons of mass destruction from getting into the hands of terrorists or countries that would use them against the United States. However, it appears that rather than focusing on specific critical technologies, the U.S. Government often takes a “shotgun” approach that imposes additional controls and administrative burdens on a wide range of exports. Further, the overall trend appears to expand restrictions. And it is rare to see a downgrade of restrictions even for technologies that are decades old and far from cutting edge.

For defense articles, technical data, and defense services controlled under the International Traffic in Arms Regulations (ITAR), the trends are similar. The State Department Directorate of Defense Trade Controls (DDTC) is increasing restrictions on exports both through rule changes and interpretative guidance. This, coupled with delays in license processing, has led, for example, the European commercial satellite industry to develop its own “U.S. content free” products.

This article examines several significant trends in export controls, and suggests practical strategies for companies to utilize in addressing these changes.

Where Is the Line Between the ITAR/EAR (Military/Civilian) Products and Technology?

There is an increasingly gray division between items controlled under the ITAR versus those controlled under the Export Administration Regulations (EAR). This can be a trap for companies that primarily focus on commercial products, as they enter the field of defense contracting. For example:

ABC Company receives a purchase order to build a printed-circuit board to a defense contractor’s specifications. Since the board is no more sophisticated than the typical commercial board, ABC Company classifies it as “EAR99” and sends the specifications off to its foreign subcontractor for production. If this board was designed for a military application, the export of the specifications, without a license, would violate the ITAR, whether or not ABC Company was informed by the defense contractor that this was ITAR-controlled.

Compliance Tips

Some important things to remember about the difference between the ITAR and the EAR:

  • Under the EAR, an item is generally classified based on the whole unit, without reference to its component parts (i.e., products are treated as “black boxes”). In contrast, if you place a single ITAR-controlled component in an otherwise commercial product, the commercial product becomes ITAR-controlled (i.e., DDTC “looks through” a final product at its component parts). Recent high profile cases highlight how the ITAR “look through” thinking can affect otherwise commercial goods.
  • While Commerce Control List (CCL) entries typically have performance criteria, ITAR entries often do not. For example, even obsolete and non-functional defense articles may remain under ITAR control. The critical question in determining whether an item is controlled under the ITAR is whether the item was designed or developed in any respect for a military application. For example:

The U.S. Government orders standard coaxial cable with standard commercial connectors, but specifies the length/type of cable and specific connectors for use in a military application, thus converting an otherwise EAR99 product into an ITAR-controlled one, because the product was specifically modified for a military application.

  • While in theory the classification of an item under the ITAR versus the EAR should not depend on the specific end-use or end-user, the distinction between classification and end-use often gets blurred. An example of this gray area is when a U.S. company provides commercial off-the-shelf (COTS) telecommunications products to a foreign military and then helps with training and integration. Is the training/integration a defense service subject to the ITAR?

Barred Entity Lists and End-Use/End-User Restrictions: How Much Due Diligence Is Enough?

The BIS proposal of the “China Military Catch-all” rule highlights another trend and compliance challenge. The China Military Catch-all would restrict certain exports where an exporter knows, or has reason to know, that the product will be used in a military end-use in China. If implemented, this restriction would be added to a long list of other specific end-use/end-user restrictions. These include not only affirmative lists to check (e.g., the Specially Designated Nationals List, Denied Persons List, etc.), but less clear-cut ones as well (e.g., sales to a third country where the U.S. exporter knows, or has reason to know, that products may be sold or transferred to an embargoed country or diverted to an unlawful destination). This raises the question of how much due diligence is enough.

Tailor Reasonable Due Diligence Steps Based on Risk

No system of checks is foolproof, and a set of practical due diligence checks that are followed 100 percent of the time is better than complex due diligence requirements that are ignored by rank and file employees because they are too difficult. For example, in one case an electronics distributor had a detailed check-sheet of steps a sales agent would have to take to export a product, including entry of the specific Export Control Classification Number (ECCN) for that product. However, because ECCNs for the products were not readily available, some sales personnel simply filled in “EAR99” as a default.

The Growing Deemed Export Issue

In May 2006, the Department of Commerce Bureau of Industry and Security (BIS) withdrew a highly controversial rulemaking dealing with deemed exports that would have, among other things, looked at the country of birth in addition to the citizenship of a foreign national for licensing purposes. However, the recent creation of the Deemed Export Advisory Committee is an indication that some of these issues are not closed. Rather, it appears that there is continued pressure on BIS by DoD and the State Department to institute controls similar to those under the ITAR.

Dual Nationals Under the ITAR

Currently under the ITAR, one must now consider all countries in which a foreign person holds citizenship for deemed export purposes and for actual exports of technical data or defense services. For example, an export to a UK company would also be considered an export to India, if the UK company had a dual UK/Indian citizen who would have access to the technical data or defense services. Further, DDTC uses the term “foreign national” and not “foreign citizen.” It is clear that DDTC would like to expand the interpretation of “nationality” to include a person’s country of birth. Aside from the legal and diplomatic problems this type of rule would create, such a rule would be extremely difficult to implement.

Compliance Tips

While many companies producing only commercial products may believe the “deemed” export issue does not apply to them, this is changing. Enforcement of “deemed export” rules is growing. For example, some universities have been visited by the FBI making inquiries about foreign students from certain countries. Every company therefore should do the following:

  • assess whether and what kind of steps it should take to avoid “deemed export” violations, taking into consideration the classification of the products and technology it holds, its facilities and its relationship with foreign entities (e.g., affiliated companies and partners)
  • develop a technology control plan or procedures tailored for that company’s needs
  • before taking any action such as hiring, firing, or even screening employees based on race, creed, national origin, or alienage, consider the implications not only under export control regulations but also under Title VII of the Civil Rights Act and the Immigration Reform and Control Act (IRCA) (IRCA provides protections to persons based on their citizenship status)

Export Controls Bleeding Into Government Contracting Requirements

Another trend is the increasing use and sometimes misuse of export control provisions in government contracts. In fact, there is currently a DoD proposed regulation that will expand and clarify these requirements. Problems arise because government contracting officers often do not know the nature of the technology (i.e., whether it is controlled or how), and may simply put in a prophylactic standard clause. Further, the prime contractor may, as a matter of practice, “flow down” to subcontractors those clauses without regard to whether a particular subcontractor would actually deal with export controlled technology. For example, the following appeared as a clause incorporated by reference as a flow down provision to a university undertaking research:

Equipment and technical data generated or delivered under this contract are controlled by the International Traffic in Arms Regulation (ITAR . . . . An export license is required before . . . granting access to foreign persons to any equipment and technical data generated or delivered during performance . . . . The Contractor shall . . . obtain written approval of the Contracting Officer prior to assigning or granting access to . . . foreign persons or their representatives. The notification shall include the name and country of origin of the foreign person . . . and whether the foreign person is cleared to have access to technical data (DoD 5220. 22-M, National Industrial Security Program Operating Manual (NISPOM)).

This clause raises a myriad of issues. It may be that none, some, or all of the technology generated by a contractor will be ITAR-controlled. This clause appears to place a contractual obligation on the contractor to treat all technology as ITAR-controlled, whether marked as such or not.

In addition, the term foreign persons or their representatives, particularly in conjunction with a reference to the NISPOM (which governs classified information), is troubling, as a U.S. citizen or even U.S. company owned or controlled by a foreign person could be construed as a representative of a foreign person.

To avoid potential problems, subcontractors unfamiliar with DoD procurement need to review FAR/DFAR clauses incorporated by reference. Not all “flow down” clauses are mandatory, and there may be some room to seek removal or modification of an onerous clause.

Problems With Commercial Export Control Contract Clauses

As a consequence of increased scrutiny over export controls, there is an increasing use of detailed export control language in commercial contracts. While more specificity can be helpful, such contractual language must clearly reflect the intent of the parties. Adding “standard” clauses without reviewing the effect on liability is a recipe for disaster.

A common misconception is that legal verbiage in a contract will relieve a company of liability if the company violates U.S. export laws. While “destination control statements” and end-use certificates are required in certain circumstances, broad and general export control language is unlikely to be given much weight by enforcement officers.

Language to Watch Out For

Problematic export control clauses include provisions that:

  • attempt to shift liability for exports violations for actions that the other party may commit
  • broadly state that all products are subject to ITAR controls
  • impose unreasonable due diligence requirements on one party
  • fail to properly allocate responsibility to both parties

Tips for Crafting Export Control Clauses

In crafting export control clauses consider the following:

  • While it is useful to put the other party on notice that your products are subject to export controls, you need to be as specific as possible about the nature of the controls for the other party to understand and take heed of the requirements – particularly when dealing with foreign entities.
  • When dealing with a subcontractor/contractor, manufacturer/distributor, or manufacturer/exporter relationship, it is useful to spell out the responsibilities of each party. In particular, set forth which party is responsible for export licensing and clearance, specify when title passes, and place an affirmative obligation on the manufacturer or prime-contractor to provide accurate classification information so that the other party can comply with the law.
  • Recognize that no one but the lawyers may read the contract, therefore it is important to mark or otherwise identify controlled technology or products properly.

Understanding how current export policy is affecting practices will help companies meet the compliance challenges posed by these policies.

Related Insights