Skip to main content

Import and Export Controls

Updated Jan 30, 2024 ·

Overview

Many countries regulate the flow of information and goods across borders.

  • EU’s GDPR protects personal data within its jurisdiction
  • U.S. Export Controls restrict sensitive military and scientific information

Countries of Concern

U.S. firms can generally export high-performance computing systems without prior government approval. However, there are exceptions for countries designated by the Department of Commerce’s Bureau of Industry and Security (BIS).

These countries pose a threat due to nuclear proliferation or support for terrorism:

  • Cuba
  • Iran
  • North Korea
  • Syria

ITAR

The International Traffic in Arms Regulations (ITAR) controls defense-related exports and imports listed on the U.S. Munitions List (USML).

  • Regulates defense articles, including firearms and ammunition
  • Controls defense-related technical data
  • Controls defense-related services

It requires registration with Directorate of Defense Trade Controls (DDTC) for:

  • Manufacturers
  • Exporters
  • Brokers

EAR

The Export Administration Regulations (EAR) govern exports of commercial items, dual-use goods, and certain less sensitive military items.

  • Classify based on sensitivity and potential dual-use applications
  • Licensing required for specific countries and certain end uses

Exporters must also identify the Export Control Classification Number (ECCN) of their products to ensure proper licensing and compliance.

Wassenaar Arrangement

The Wassenaar Arrangement is a global agreement among numerous countries (currently 42 signatories) to control the export of certain types of sensitive items and technologies to agreed-upon “terrorist countries” (countries identified by the signatories as having connections with terrorist groups and activities)

  • Controls dual-use items
  • Regulates certain cybersecurity tools
  • Helps keep advanced tech away from harmful use
  • Supports consistent export rules across participating countries

This arrangement guides how organizations review, classify, and export technology so they can avoid violations and keep security risks under control.

  • Covers tools that can be both civilian and military
  • Includes encryption items and intrusion software
  • Requires checking if a product needs an export license
  • Affects companies that sell or share security software across borders

OFAC

The Office of Foreign Assets Control (OFAC) enforces U.S. economic and trade sanctions.

  • Administers sanctions programs targeting:

    • Countries
    • Entities
    • Individuals

  • Prohibits transactions with:

    • Sanctioned countries
    • Sanctioned parties
    • Terrorism-related actors

  • Requires compliance from:

    • Financial institutions
    • Exporters
    • Individuals conducting international business