Understanding US Export Controls
16 December 2019
The US Congress has authorised the president to control the export of a range of commodities, technology and services and impose economic sanctions. Two US government agencies – the Department of State and the Department of Commerce (DOC) – play primary roles in this process.
The Department of State’s Directorate of Defense Trade Controls (DDTC) is responsible for licensing exports of defence articles and services and maintains the US Munitions List (USML) under the Arms Export Control Act. The DOC’s Bureau of Industry and Security (BIS) is responsible for licensing “dual use” goods and technology as well as certain other items listed on the Commerce Control List (CCL) in the Export Administration Regulations (EAR).
The EAR – “Dual Use” Items
BIS is responsible for implementing and enforcing the EAR, which regulates the export, re-export and transfer (in-country) of so-called “dual use” items – i.e. those that have both commercial and military applications. This covers the following activities and items:
- Exports, re-exports and transfers (in-country) of items subject to the EAR. An export is an actual shipment or transmission of items from the US to a foreign country. It can include physical, electronic, verbal or visual shipments or transmissions. Exports include items such as hardware, software and technology. A re-export is a shipment or transmission of items subject to the EAR from one foreign location to another, and a transfer is a change in end-use or end-user within the same foreign country.
- “Deemed exports” of US-origin technology and source code. The term “deemed export” refers to the release of technology or source code from a US national to a foreign person, whether in the US or abroad. A “release” is deemed to be an export to the individual’s home country. A “foreign person” is defined as any individual who is not a US citizen or national, a lawful permanent resident, an asylee or a refugee.
- US persons’ assistance related to nuclear explosive devices, chemical or biological weapons, or missile technology, as described in Section 744.6 of the EAR.
- Commodities, software and technology physically located in the US (including items in transit through the US and items located in foreign-trade zones).
- All US-origin commodities, software and technology, wherever they are located in the world.
- US-origin parts, components, materials incorporated abroad or commingled abroad with foreign software/technology where the US-origin controlled content exceeds de minimis levels.
- Certain foreign-made direct products of US-origin technology or software controlled for national security reasons.
Five factors are used to determine an exporter’s obligations under the EAR:
1. What is it? The item’s classification under the CCL.
2. Where is it going? The country of ultimate destination for an export or re-export specified on the commercial invoice where the ultimate consignee or end-user will receive the items as an export.
3. Who will receive it? The ultimate end-user of the item cannot be a prohibited end-user. The term “end-user” is defined as the person abroad that receives and ultimately uses the exported or re-exported items. The end-user is not a forwarding agent or intermediary but may be the purchaser or ultimate consignee (“ultimate consignee” means the principal party in interest located abroad who receives the exported or re-exported items).
4. What will they do with it? The ultimate end-use of the item cannot be a prohibited end-use. Certain military end-uses are prohibited, as well as end-uses in support of nuclear, biological, chemical weapons or missile technology.
5. What else do they do? Conduct by the end-user such as contracting, financing and freight forwarding in support of a proliferation project may prevent a US exporter from dealing with that end-user.
A key determinant of whether an export licence is needed from BIS is if the item to be exported has a specific Export Control Classification Number (ECCN), which is an alpha-numeric code that describes a particular item or type of item and indicates the export controls placed on that item. All ECCNs are listed in the CCL. The CCL is divided into 10 broad categories, each of which is further sub-divided into five product groups.
0 = Nuclear materials, facilities and equipment (and miscellaneous items)
1 = Materials, chemicals, microorganisms and toxins
2 = Materials processing
3 = Electronics design development and production
4 = Computers
5 = Telecommunications (Part 1) and information security (Part 2)
6 = Sensors and lasers
7 = Navigation and avionics
8 = Marine
9 = Aerospace and propulsion
Five Product Groups
A. Systems, equipment and components
B. Test, inspection and production equipment
For items subject to the EAR but not listed on the CCL, the proper classification is EAR99. This number is a “basket” category for items not specified under any CCL entry and appears at the end of each category on the CCL.
Each item has only one correct ECCN. The exporter, re-exporter or transferor is responsible for correctly classifying the items in a transaction, which may involve submitting a classification request to BIS. Failure to classify the item correctly does not relieve the person of the obligation to obtain a licence when one is required by the EAR.
If an item has an ECCN, the next step is to use the information contained in the licence requirements section of that ECCN, in combination with the Commerce Country Chart (CCC), to decide whether a licence is required under General Prohibition One (exports and re-exports), General Prohibition Two (parts and components re-exports) or General Prohibition Three (foreign-produced direct product re-exports) to a particular destination.
The CCL and the CCC are taken together to define these licence requirements. The applicable ECCN will indicate the reason for control for items within that ECCN (e.g. NS for national security, AT for anti-terrorism, CC for crime control, etc) For example, ECCN 6A007 is controlled for national security (NS), missile technology (MT) and anti-terrorism (AT) reasons.
With each of the applicable CCC column identifiers noted in the correct ECCN, the CCC must then be consulted to locate the country of ultimate destination and the correct column identifier. If an “X” is marked in the cell next to the destination in question and a licence exception is not available, then a licence is required. Licence exceptions may be listed under the ECCN or in Part 740 of the EAR. Part 742 of the EAR sets out the licence requirements and licensing policy for most reasons for control.
Although a relatively small percentage of US exports and re-exports require a BIS licence, virtually all exports and many re-exports to embargoed destinations and countries designated as supporting terrorist activities require a licence. Countries and regions currently subject to general embargoes or comprehensive sanctions are Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine.
BIS also controls the export and re-export of items to countries under United Nations Security Council arms embargoes – the Central African Republic, the Democratic Republic of the Congo, Eritrea, Iran, Iraq, Lebanon, Libya, North Korea, Somalia and Sudan.
In addition, the US maintains embargoes on exports of defence articles and services to various destinations, including mainland China, and has imposed certain sanctions on Russia (as well as on the Crimea region of Ukraine) for its involvement in the Ukrainian conflict.
When it comes to the recipients, the US government has the authority to both prohibit specific individuals and entities from receiving US exports, and establish licensing and other requirements for exports to certain parties, even regarding items that do not normally require a licence. The prohibition or restriction will depend on the individual and the type of transaction. Such restrictions are typically carried out through one of BIS’s four lists of Parties of Concern: the Entity List (EL), the Unverified List (UVL), the Denied Persons List (DPL), and the Treasury Department’s Specially Designated Nationals and Blocked Persons List (SDNL). These are explained below:
EL: this is a list of entities which BIS has reasonable cause to believe have been involved, are involved, or pose a significant risk of being or becoming involved in activities that are contrary to the national security or foreign policy interests of the US. It specifies the licence requirements on each listed person and those licence requirements are independent of, and in addition to, licence requirements imposed elsewhere in the EAR. Depending on the item, a company may be required to obtain a licence to export to an organisation on the Entity List even if one is not otherwise required. At the end of June 2019, the Entity List included 148 entities in mainland China and 90 entities in Hong Kong, including Huawei Technologies Co. Ltd and 68 of its non-US affiliates.
UVL: this is a list of firms for which BIS was unable to complete an end-use check, such as a pre-licence check or a post-shipment verification. There are occasions where, for a number of reasons, end-use checks cannot be completed. For example, BIS sometimes initiates end-use checks and cannot find a foreign party at the address indicated on export documents and cannot locate the party by telephone or email.
BIS may also be unable to verify the bona fides (i.e. the legitimacy and reliability relating to the end-use and end-user of items subject to the EAR) if, during the conduct of an end-use check, a recipient of items subject to the EAR is unable to produce the items that are the subject of the end-use check for visual inspection, or to provide sufficient documentation or other evidence to confirm the disposition of the items.
There are instances where BIS does not have sufficient information to establish that certain individuals are involved in activities described in Parts 744 or 746 of the EAR, preventing the placement of such individuals on the Entity List. In such circumstances, they may be added to the UVL instead.
Firms on the UVL present a “red flag” that exporters have a duty to inquire about before making an export. Moreover, parties listed on the UVL are ineligible to receive items subject to the EAR by means of a licence exception. Exporters must file an Automated Export System record for all exports to parties listed on the UVL and obtain a statement from them prior to exporting, re-exporting, or transferring any item subject to the EAR which is not subject to a licence requirement.
At the end of June 2019, the UVL included 41 entities in mainland China and 64 entities in Hong Kong. On that date, BIS removed eight entities from mainland China from the list after the agency was able to verify their bona fides via an end-use check.
DPL: US exporters may not participate in an export or re-export transaction subject to the EAR with a person whose export privileges have been denied by BIS. Export privileges are defined by written order published in the Federal Register. A copy of the DPL is available here. Some of those denied export privileges are in fact located within the US.
SDNL: The Treasury Department’s Office of Foreign Assets Control (OFAC) publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups and entities, such as terrorists and narcotics traffickers, designated under programmes that are not country-specific. Collectively, such individuals and companies are known as “specially designated nationals”, or SDNs. A copy of this list is available here.
Since 20 November 2014, a web-based Consolidated Screening List (CSL), has been put in place to help US companies search against a streamlined collection of 11 different “screening lists” compiled by the US departments of Commerce, State and the Treasury. The CSL contains the names of more than 8,000 individuals and companies with whom a US company may not be allowed to do business due to US export regulations, sanctions or other restrictions. It is extremely important for US businesses to consult the CSL before conducting business with a foreign entity to ensure it is not flagged on any of the agency lists.
Regarding end-use, Part 744 of the EAR contains prohibitions against exports, re-exports and selected transfers to certain end-users and end-uses, as introduced under General Prohibition Five (end-use/end-users) and General Prohibition Nine (orders, terms and conditions). For example, Sections 744.2, 744.3 and 744.4 of the EAR prohibit exports, re-exports and transfers (in-country) of items subject to the EAR to defined nuclear, missile and chemical and biological proliferation activities. Section 744.5 prohibits exports, re-exports and transfers (in-country) of items subject to the EAR to defined nuclear maritime end-uses. Section 744.6 prohibits certain activities by US individuals in support of certain nuclear, missile, chemical or biological end-uses, while Section 744.7 prohibits exports and re-exports of certain items for certain aircraft and vessels.
Applying for an Export Licence
Only a person in the US may apply for a licence to export items from the US. The applicant must be the exporter, who is the US principal party in interest with the authority to determine and control the sending of items out of the US. The US or foreign principal party in interest, or the duly authorised US agent of the foreign principal party in interest, may apply for a licence to re-export controlled items from one country to another. Before submitting an application, an agent that applies for a licence on behalf of a foreign principal party in interest must obtain a power-of-attorney or other written authorisation from the foreign principal party in interest, unless there is a pre-existing relationship by ownership, control, position of responsibility or affiliation.
The following parties may be entered on the licence application: (i) the applicant; (ii) another party authorised to receive the licence; (iii) the purchaser; (iv) an intermediate consignee; (v) the ultimate consignee; and (vi) the end-user. Parties wishing to apply for an export licence should review the requirements of Part 748 of the EAR, including the general instructions for filling out licence applications in Supplement No. 1. An exporter may apply for a licence online.
Licence applications may be approved in whole or in part, denied in whole or in part, or returned without action (RWA). However, the applicant may specifically request that the licence application be considered as a whole and either approved or denied in its entirety. If the application is approved, the exporter will be given a licence number and expiration date to use on export documents.
Licences involving the export or re-export of items will generally have a four-year validity period. Exceptions from the four-year validity period include licence applications for items controlled for short supply reasons, which will be limited to a 12-month validity period, as well as licence applications reviewed and approved as an “emergency”.
Exports of Dual-Use Goods and Technology to Mainland China
On 19 June 2007, BIS issued a final rule revising and clarifying US licensing requirements and licensing policy on exports and re-exports to mainland China of certain high-tech dual-use goods. The rule revised the export licensing review policy for items controlled on the CCL for reasons of national security, including a new control based on knowledge of a military end-use on exports to mainland China of certain CCL items that otherwise do not require a licence to mainland China.
The rule requires exporters to obtain an End-User Statement from China’s Ministry of Commerce (MOFCOM) for certain licenced exports. It also officially created the validated end-user (VEU) programme, which allows qualifying companies to receive certain US-controlled items without individual export licences. Sectors benefiting from this programme include electronics, semiconductor equipment and chemicals. Items controlled under the EAR for missile technology and crime control reasons may not be exported or re-exported under this authorisation.
The regulations simplify the procedures for companies to apply for VEU authorisation, making them similar to those in effect for other special DOC licences or authorisations. End-users in mainland China may apply directly or exporters may initiate the application process on their behalf. Requests for authorisation must be submitted in the form of an advisory opinion request and should include a list of items identified by ECCN that exporters or re-exporters intend to export, re-export or transfer to the end-user.
The initial BIS list of approved VEUs issued in October 2007 included only five companies. That list has been gradually expanded and by the end of June 2019, it included 11 authorised companies and 46 eligible facilities.
BIS amended the VEU programme in January 2013 by: (i) adding a requirement for those exporting, re-exporting or transferring (in-country) under this programme to send written notification to the recipient VEU with details about their shipment; and (ii) clarifying that VEUs who are subject to item-specific conditions and have received items subject to such conditions under VEU authorisation will no longer be bound by the conditions associated with the items if the items no longer require a licence for export or re-export to the VEU’s authorised location or become eligible for shipment under a licence exception to the destination.
According to BIS, no new licence requirement will be triggered if VEU authorisation is denied to an end-user. In addition, being denied VEU authorisation will not impact a company’s future ability to receive export licences from the DOC. BIS also says that if a VEU is approved to receive specific eligible technology under the VEU authorisation, its mainland Chinese employees are authorised to receive the same technology, including through a transfer inside the US (i.e. a deemed export).
Additional information on these requirements is available here.
Exports of US Export-Controlled Items Through Hong Kong
On 19 April 2017, BIS put new support documentation requirements in place on exports of specific controlled items to or through Hong Kong. BIS expects that in nearly all instances this rule will only require that a party in Hong Kong obtain a licence that is already required under Hong Kong law. In those instances, those re-exporting from Hong Kong need take no further action. However, the rule requires companies to establish new processes for obtaining a copy of a Hong Kong import licence before shipping controlled items to Hong Kong.
Under the new regulation, exporters or re-exporters must first obtain a copy of a valid Hong Kong import licence (or a written statement from the Hong Kong government that an import licence is not required, which may come in the form of a “no licence required” notification) before exporting or re-exporting to Hong Kong any item subject to the EAR and controlled on the CCL for national security, missile technology, nuclear non-proliferation, or chemical and biological weapons reasons.
In addition, re-exporters in Hong Kong must first obtain a Hong Kong export licence (or a statement from the Hong Kong government that an export licence is not required) before re-exporting from Hong Kong any item subject to the EAR and controlled for NS, MT, NP column 1 or CB reasons.
According to BIS, a statement posted by the Hong Kong Trade and Industry Department (TID) on its website constitutes written guidance from the government of the Hong Kong Special Administrative Region to importers that no import licence is required for imports of intangible technology into Hong Kong.
If an item is merely transiting Hong Kong on its way to another destination and there is no consignee in Hong Kong, the item is considered to be an export or re-export to that destination. Hong Kong law may require the procurement of an import or export licence for transit shipments but the US requirement to get a copy of that licence prior to shipment would not apply.
Additional information on these requirements is available here.
OFAC Economic Sanctions
OFAC administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the US.
OFAC sanctions may include comprehensive bans, blocking of assets, and restrictions on trade and financial transactions. Targets include individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups and entities, such as terrorists and narcotics traffickers, designated under programmes that are not country-specific.
OFAC sanctions have broad reach. They may target US citizens and lawful permanent residents wherever they are located, any individual (including foreign nationals) physically located in the US, entities organised under the laws of a US jurisdiction and foreign branches of US companies, US-owned or controlled foreign entities, and entities physically located in the US (including the representative offices of foreign corporations).
Under the OFAC 50 Percent Rule, any entity owned in the aggregate, directly or indirectly, 50% or more by one or more blocked or restricted persons is itself considered to be blocked or restricted. This rule only applies to the OFAC restricted party lists such as the SDN list.
Additional information is available on the OFAC website.
Potential Export Controls on Emerging and Foundational Technologies
BIS launched a process in November 2018 that is set to result in export controls on emerging technologies. The agency has said that it is not seeking to expand jurisdiction over technologies not currently subject to the EAR nor to alter existing controls on technology already specifically described on the CCL.
The Export Control Reform Act (ECRA) of 2018 authorised BIS to establish appropriate controls on the export, re-export or transfer (in-country) of emerging and foundational technologies. The general categories of technology under review include the following:
- biotechnology (e.g. nanobiology, synthetic biology, genomic and genetic engineering, and neurotech)
- artificial intelligence and machine learning technology (e.g. neural networks and deep learning, evolution and genetic computation, computer vision, planning, etc)
- position, navigation and timing technology
- microprocessor technology (e.g. systems-on-chip or stacked memory on chip)
- advanced computing technology (e.g. memory-centric logic)
- data analytics technology (e.g. visualisation, automated analysis algorithms or context-aware computing)
- quantum information and sensing technology (e.g. quantum computing, encryption or sensing)
- logistics technology (e.g. total asset visibility or distribution-based logistics systems)
- additive manufacturing (e.g. 3D printing)
- robotics (e.g. micro-drone and micro-robotic systems, swarming technology, self-assembling robots and molecular robotics)
- brain-computer interfaces
- hypersonics (e.g. flight control algorithms, propulsion technologies and specialised materials)
- advanced materials (e.g. adaptive camouflage, functional textiles or biomaterials)
- advanced surveillance technologies (e.g. faceprint and voiceprint technologies)
In identifying emerging technologies within these categories that are essential to US national security, BIS must consider: (i) the development of such technologies in foreign countries; (ii) the effect export controls may have on the development of such technologies in the US; and (iii) the effectiveness of export controls on limiting the proliferation of such technologies in foreign countries.
As a result, BIS sought input from the public on: (i) how to define emerging technology to assist in the identification of such technology in the future; (ii) criteria to apply to determine whether there are specific technologies within the above categories that are important to US national security; (iii) sources to identify such technologies; (iv) other general technology categories that warrant review; (v) the status of development of these technologies in the US and other countries; (vi) the impact specific emerging technology controls would have on US technological leadership; and (vii) any other approaches to the issue of identifying emerging technologies important to US national security, including the stage of development or maturity level of an emerging technology that would warrant consideration for export control.
The input submitted was intended to inform an inter-agency process expected to result in proposed rules for new ECCNs on the CCL. BIS indicated that in determining the appropriate level of export controls for identified technologies it must consider the potential end-uses and end-users of the technology as well as the countries to which exports from the US are restricted or embargoed. While BIS has some discretion over the level of export controls it can set, at a minimum it must require a licence for the export of emerging technologies to countries subject to US embargoes.
In a similar vein, President Trump issued an executive order on 15 May 2019 declaring a national emergency due to the threat of foreign adversaries using information and communications technology (ICT) and services for economic and industrial espionage. The order also asserts that the unrestricted acquisition or use in the US of ICT or services designed, developed, manufactured or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries increases the ability of foreign adversaries to create and exploit vulnerabilities in ICT or services, with potentially catastrophic effects.
To deal with this threat, the order authorises the DOC to prohibit imports and other transactions that involve ICT (or services)  designed, developed, manufactured or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary and: (i) pose an undue risk of sabotage to or subversion of ICT in the US; (ii) pose an undue risk of catastrophic effects on the security or resiliency of US critical infrastructure or the digital economy of the US; or (iii) otherwise pose an unacceptable risk to US national security.
In consultation with the departments of Treasury, State, Defense, Homeland Security and Justice, as well as the Office of the US Trade Representative (USTR) and certain other agencies, the DOC proposed on 27 November 2019 rules or regulations implementing the order. Such rules and regulations may, among other things:
- determine that particular countries or persons are foreign adversaries;
- identify persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries;
- identify particular technologies or countries with respect to which transactions involving ICT or services warrant particular scrutiny;
- establish procedures to licence transactions otherwise prohibited in accordance with the executive order;
- establish criteria by which particular technologies or particular participants in the market for ICT or services may be recognised as categorically included in or as categorically excluded from the prohibitions established by the order; and
- identify a mechanism and relevant factors for the negotiation of agreements to mitigate US concerns.
Recommendations for Companies
EAR violations may be subject to both criminal and administrative penalties. Under the terms of the ECRA, penalties can include up to 20 years imprisonment, as well as fines of up to US$1 million for every violation. Administrative monetary penalties can be as high as US$300,000 per violation or twice the value of the transaction, whichever is the greater. The maximum, administrative monetary penalty maximum is also adjusted in line with inflation on an annual basis.
Transgressors may also be subject to denial of export privileges, which prohibits them from any participation in any transaction within the remit of the EAR. Furthermore, it is unlawful for other businesses and individuals to participate in any way in an export transaction subject to the EAR in association with a company whose export privileges have been revoked.
To avoid becoming involved in potential violations, companies should consider focusing on a few key factors when assessing US export controls and economic sanctions risks.
They should screen transaction partners through a private Restricted Party List (RPL) screening service or the CSL. Significant transactions or dealings with parties subject to US export controls and economic sanctions present a risk that the company could itself become the subject of US sanctions. These types of designations are often referred to as “secondary sanctions”, applied to companies in third countries or territories that are not the primary focus of the controls effort but are seen as undermining the primary effort. Generally, significant dealings in the following areas may present a risk of secondary sanctions:
- dealings with or in support of Iran, including the automotive, oil and petrochemical sectors, and dealings in support of Iranian SDNs, including the Islamic Revolutionary Guard Corps or any of its sub-entities
- significant dealings with sanctioned companies in Russia’s defence or intelligence sectors
- transactions with other SDNs or a country or region subject to a comprehensive US embargo (e.g. North Korea or the Crimea region of Ukraine).
Companies should also review and understand whether their traded items (commodities, software and technology) are subject to US jurisdiction. Foreign-made items that are not made in the US or of US origin (e.g. produced, refurbished, assembled or upgraded in the US) may still be subject to the EAR by nature of the de minimis or direct product rules. A non-US-made item, for example, may be subject to the EAR when more than 25% of its value consists of “controlled” US-origin content or when the item has been made from US-origin technology controlled for national security reasons. Items subject to the EAR may not be transferred to prohibited destinations or prohibited end-users and are subject to end-use controls.
Specifically, items subject to the EAR may not be transferred to Iran or North Korea, nor is it permitted to transfer such items to any mainland Chinese companies on the Entity List or the SDN list. Prohibited end-uses, meanwhile, include incorporation into chemical or biological weapons, as well as certain nuclear-related applications. Additionally, items subject to US jurisdiction may not be used in or to support certain Chinese rocket systems (e.g. ballistic missiles, space launch vehicles and sounding rockets) and unmanned aerial vehicles (e.g. cruise missiles, target drones and reconnaissance drones) in the case of the mainland China.
 “Foreign adversaries” are defined in the executive order as any foreign government or non-government entity engaged in a long-term pattern or serious instances of conduct significantly adverse to US national security or the security and safety of US persons. The term “information and communications technology or services” is defined as any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval or communication by electronic means, including transmission, storage and display.
- North America
- Mainland China
- Hong Kong