ITAR Registration Explained
The International Traffic in Arms Regulations (ITAR) is a regulation created by the United State which controls the manufacture, sale, and distribution of defense and space-related articles.
Besides military applications, the list also restricts the plans, drawings, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”.
ITAR mandates that access to physical materials or technical data associated with defense and military technologies is limited to US citizens only. How can a company ensure that only US citizens have and can access that data on a network and are ITAR compliant? Restricting access to the physical materials is straightforward; limiting access to digital data is more complex.
Who needs to be ITAR compliant?
Any organization that handles, manufactures, designs, sells, or distributes items on the United States Munitions List (USML) must be ITAR compliant. The State Department’s Directorate of Defense Trade Controls (DDTC) manages the list of companies who can deal in USML goods and services, and it is up to each company to establish policies to comply with ITAR regulations.
- Computer Software/ Hardware vendors
- Third-party suppliers
All organizations involved in the supply chain needs to be ITAR compliant. If a company sells a part to another company and then that company sells the same part to a foreign power, the original company is also in violation of ITAR.
What ITAR Regulations are my organization expected to follow?
ITAR regulations are generally simple and only U.S. citizens can access items on the USML list.
ITAR’s rules can present a challenge for many US companies. A US-based company with overseas operations is prohibited from sharing ITAR technical data with employees locally hired, unless they gain State Dept. authorization. The same principle applies when US companies work with non-US subcontractors.
The State Department may issue exemptions to that one rule, and there are existing exemptions established for specific purposes. There are certain countries that currently have standing agreements with the U.S. that apply to ITAR – Australia, Canada, and the U.K., for example.
The US government requires those who are registered or compliant in ITAR produce and implement a ITAR compliance program. This should include tracking, monitoring and auditing of technical data. Along with the technical data, it’s also a good idea to label each page with an ITAR notice or marker so employees don’t inadvertently share controlled information with unauthorized users.
ITAR exists to track military and defense sensitive material and to keep that material out of the hands of those that might seek harm to the US. Failure to comply can result in heavy fines along with significant brand and reputation damage — not to mention the potential loss of business to a compliant competitor.