The US Department of State (DOS), The Directorate of Defence Trade Controls (DDTC) through the The Arms Export Control Act (AECA) controls the export of defense articles and services via the International Traffic in Arms Regulations (ITAR) – 22 CFR Parts 120-130. The ITAR embraces articles and services as listed in the US Munitions List (USML).
The ITAR defines a “defence article” as any hardware, software or technical data that is identified on the USML. The DDTC has the authority to also designate an item as a defence article if it is not listed in the USML. A more common reason for the DDTC to to so is when the use of the item needs to be protected for national security reasons. The latter is similar to the EU Catch-All controls, which also allow the authorities to deem an article as controlled even though the article is not listed in the Munitions List or the dual-use list (in the US referred to as the CCL). If an article is specifically designed, developed, configured or modified for a military application and eithe 1) does not have predominant civil applications; or 2) has significant military or intelligence applicability, then it is relevant to visit the USML. If the article is not listed or there is doubt about whether an item is listed or not, you should request a Commodity Jurisdiction (CJ) from the DDTC. The DDTC has the authority to take jurisdiction of virtually any product – even when a product is under US Department of Commerce (DOC) jurisdiction, DDTC may overtake such jurisdiction if deemed necessary.
If or when a product has been determined to be a defence article, the “owner” of the product is committed to protect the article (or Software / technical information / service) via implentation of a Technology Control Plan (TCP). The term “technical information” is basically any information that describes the design, development, configuration or modification of a defence article in addition to descriptions of how to manufacture, assemble, operate, repair, test or service such an article.
The aim of the TCP is to prevent that the defence article or technical information about it is exported directly or exported to a foreign person within the US (i.e., the demmed export rules). Technical information may be exported inadvertently by means of, for instance, email, cloud computing, telephone conversations, inappropriate destruction of documentation, or social networking. The TCP needs to take both the obvious and the less salient types of export into consideration, and all personnel needs to receive approppriate and mandatory training unless such personnel is isolated from accessing the defence article and any technical information pertaining to it.
Isolation of personnel is particularly important in companies handling defence articles when foreign persons are employed in the company or the company is under Foreign Ownership, Control or Influence (FOCI). Such companies may need to draw up a Technical Assistance Agreement (TAA) to contractually commit the foreign personnel or foreign owner to not seek unauthorised access to a defence service. The term “Defence service” is quite broad in that it includes but is not limited to design, development, manufacture, assembly, repair, testing, modification, operation, destruction, processing and use of defence articles or technical data.
Other companies may need a Manufacturing License Agreement (MLA), which authorises the company to produce defence articles and permits release of knowhow in relation to the manufacturing. An MLA can also cover conditions pertaining to assembly or repair of articles abroad without any actual manufacturing.
The US has established policies and embargoes for a number of countries, which are listed on the Department of State Country Policies and Embargoes webpage. Please note that the list contain countries, which are embargoed for US policy reasons as opposed to via UN mandated embargoes.