On May 26, 2015, the U.S. Department of State, Directorate of Defense Trade Controls (DDTC) released a proposed rule to amend the International Traffic in Arms Regulations (ITAR) with respect to the provision of defense services by U.S. persons working for or on behalf of non-U.S. entities, including non-U.S. affiliates of U.S. companies.
The proposed rule reflects DDTC’s effort to clarify and codify a position that the agency has adopted in practice over the past several years, but has not previously addressed clearly in its regulations. The proposed rule would require U.S. “natural persons,” a newly defined term in the proposed rule, who provide defense services while employed by non-U.S. employers to register with DDTC and subsequently obtain ITAR authorization, subject to certain limited exemptions proposed by the agency. These requirements would apply even when the U.S. natural person’s non-U.S. employer is an approved party on an ITAR authorization (e.g., TAA, MLA).
Non-U.S. entities employing U.S. person employees in military or defense-related roles, as well as U.S. companies affiliated with such entities, should review the proposed rule and consider providing comments to DDTC prior to the July 27, 2015, deadline.
The Proposed Rule
The proposed rule sets forth several significant requirements and clarifications of DDTC’s position.
A. Individual Registration Requirement
DDTC’s proposed rule would revise the ITAR to include an explicit statement that U.S. persons (including natural persons), wherever located, who furnish defense services must register with DDTC. The proposed rule suggests that the coverage applies to U.S. person employees of non-U.S. person employers, whether abroad or in the United States. However, the draft regulatory language, as currently formulated, could apply more broadly, including with respect to U.S. individual contractors who are not employees.
DDTC proposes only one exemption to this rule in its current proposal where an individual registration is not required: a covered U.S. person employee of a non-U.S. company is deemed to be registered if the non-U.S. employer is listed on the ITAR registration of a U.S. parent or other U.S.-affiliate entity. Consequently, U.S. person employees directly employed by a non-U.S. subsidiary or affiliate controlled by a U.S. registrant may not be required to have an independent registration. However, this proposed exemption contains limitations as it is currently worded. For instance, joint ventures, consortia and minority-owned assets of the U.S. registrant may not fit within the exemption because applicability of the registration exemption would turn on whether there is “control.” DDTC views control on a fact-specific basis, but presumes control where the registrant owns at least 25 percent of the voting securities and no other party controls an equal or greater share.
Even where no control is clearly present, DDTC has proposed a path for U.S. registrants to “establish a control relationship” by written agreement with foreign parties. While DDTC does not define with specificity its expectations for such an agreement, its definition of control suggests a requirement that the agreement establish the U.S. registrant’s “authority or ability to establish or direct the policies or operations of the [non-U.S.] firm with respect to compliance with [the ITAR].” Particularly outside the non-U.S. subsidiary context (e.g., in commercial, arm’s-length dealings between a U.S. registrant and a non-U.S. employer), both the U.S. registrant and the non-U.S. employer should consider the implications of these proposed requirements carefully in assessing both whether to rely on the exemption and whether to submit comments prior to the July 27 deadline.
Affected parties should also consider U.S. natural persons who work for their non-U.S. subsidiaries and affiliates, but who may not be “directly employed” for purposes of the exemption. Careful consideration should be given to secondment arrangements, contractor relationships and other service arrangements that may fall outside the scope of the current exemption as proposed by DDTC.
In addition, non-U.S. person employers who are not controlled by, or otherwise affiliated with, a U.S. entity will note that DDTC has not extended the possible benefits of the exemption to their U.S. person employees, even where the non-U.S. employer has received and is acting under an ITAR approval (e.g., a TAA or MLA). This is likely to impact trusted non-U.S. companies who have been vetted by DDTC and rely on U.S. person employees in the conduct of their operations. Both U.S. registrants and their non-U.S. partners employing significant numbers of U.S. personnel in the provision of defense services should give careful consideration to the proposed rule and the possible strategies for addressing it with DDTC and their U.S. personnel.
B. Authorization/Licensing Requirement
Separate from the issue of registration, the proposed rule clarifies DDTC’s expectations regarding when a U.S. person employee must obtain specific authorization from the agency before providing defense services to a non-U.S. party and when the employee can rely on an authorization provided to the U.S. registrant or that registrant’s affiliate. It is important to remember that registration is a prerequisite to authorization, including the use of the ITAR exemptions described below.
Unless exempt from the licensing requirement, the proposed rule sets forth the following possibilities under which a U.S. person can perform defense services while employed by a non-U.S. person:
- Authorization through an individual DSP-5 license. This will require individual filing by, and in the name of, the U.S. person employee and regular maintenance of the DSP-5.
- Authorization through a U.S. registrant’s ITAR agreement. DDTC proposes that a covered U.S. person employee can be authorized through an ITAR agreement (e.g., a TAA or MLA) between a registered U.S. company and a non-U.S. employer under two conditions. First, the non-U.S. employer must be listed on the U.S. company’s ITAR registration as a subsidiary or affiliate as described above. Second, DDTC requires that the U.S. company “accepts responsibility for, and demonstrates ability to ensure, the natural U.S. person’s compliance” with the ITAR.
Notably, the language of the proposed rule does not preclude other possible structures or avenues for authorization. Indeed, DDTC has, in practice, been willing to consider and approve of other possible approaches to licensing in connection with this issue.
As discussed below, DDTC proposes two possible exemptions from this licensing requirement. However, non-U.S. employers, U.S. registrants and the affected U.S. person employees should carefully consider certain conditions and limitations before relying on either licensing exemption.
1. License Exemption for U.S. Person Employees of NATO/EU+4 Countries
Under the proposed rule, U.S. person employees of non-U.S. person employers located in one of the following countries may qualify for a new proposed licensing exemption: any NATO or EU member state, Australia, Japan, New Zealand or Switzerland (“NATO/EU+4”). However, non-U.S. employers, U.S. registrants and the affected U.S. person employees must be aware of certain conditions and limitations before relying on this licensing exemption.
In particular, this licensing exemption applies only where all of the following are met:
- the end-user(s) of any associated defense articles (as well as the non-U.S. employer) are located in a NATO/EU+4 country
- the defense services are provided within only these countries
- the employee does not provide U.S.-origin defense articles, including technical data, to his/her employer without separate authorization
- the employee does not transfer any technical data that is classified, identified as Significant Military Equipment (SME), or subject to Missile Technology controls pursuant to the Missile Technology Control Regime, even if separately authorized
- the employee maintains records of his/her activities and complies with the ITAR’s registration requirements, as applicable.
2. License Exemption for Certain FMS-Related Activities
The proposed rule introduces another potential licensing exemption for U.S. natural persons providing defense services in support of an active Foreign Military Sales (FMS) Program under 22 CFR §126.6, subject to all of the following conditions:
- The defense services are provided in support of an active FMS contract and are identified in an executed Letter of Offer and Acceptance.
- The employee does not provide U.S.-origin defense articles to his/her employer without separate authorization.
- The defense services are not provided to a proscribed country (as identified in Section 126.1 of the ITAR).
- The employee does not provide technical data that is classified or identified as SME to his/her employer, even if separately authorized.
- The employee maintains records of his/her activities and complies with the ITAR’s registration requirements, as applicable.
C. Practical Considerations
Affected parties (including non-U.S. employers, U.S. corporate registrants under the ITAR and U.S. person employees) should consider carefully whether reliance on the proposed registration and licensing exemptions would be practical, and they should consider protocols that may be necessary for managing compliance with the proposed rule if it is finalized as currently drafted.
In addition to the practical issues with the registration requirement discussed above, there are a number of issues with the proposed grounds for licensing and their exemptions. For example, in practice, individual U.S. person employees may work across both FMS and non-FMS programs so that the FMS exemption may be useful for an employee with respect to only part of his/her duties. Similarly, before relying on the NATO/EU+4 exemption, parties should be aware of, and consider, appropriate controls to manage the inherent limitations of that exemption, as it is currently worded, including limitations regarding certain kinds of technical data that fall outside the scope of the exemption, as well as regarding where and to whom the services may be provided.
Consideration should also be given to a host of practical issues for seeking authorization where the licensing exemption does not apply. For example, individuals who seek authorization through a DSP-5 will need to establish a D-Trade account, purchase a digital certificate, and separately apply for and maintain/renew a DSP-5 license–tasks that have typically been the purview of corporate registrants and that will likely be unfamiliar territory for most U.S. person employees.
The State Department has opened a comment period on the proposed rule until July 27, 2015. We encourage affected parties (including U.S. registrants with affiliates abroad and non-U.S. employers) to consider submitting comments to DDTC and implementing internal controls to ensure compliance in light of DDTC’s position on this issue as reflected in its recent practice, as well as its current proposal. The State Department is specifically interested in comments from “foreign persons who currently employ or are contemplating engaging U.S. persons as regular employees or independent contractors, as well as from current or future employees and contractors themselves.” All comments will be published by DDTC, but the agency will also accept comments submitted through coalitions, as well as anonymously through a dedicated comment channel.