The nature and characteristics of the information in defense projects have implications for how contractors should manage export activities that go far beyond confidentiality commitments. In a typical non-disclosure agreement trade secrets, private or secret processes, methods and ideas, customer lists and other confidential information concerning the products, services, training methods, development, technical information, marketing activities and procedures, credit and financial data concerning either party is deemed as the proprietary information and should be kept confidential. In light of the highly complicated nature of the industry securing the confidential information is not enough to mitigate the risk in defense contracts.
There are two primary challenges for defense contractors in their efforts to secure and to control the information. First, most contractors still unable to formulate the criteria for confidential and classified information which should be relevant, essential and in some cases may subject to a regulation to the execution of the contract. Second, local perspective can create struggles and big troubles when the information subject to non-disclosure agreement is subject to export regulations. In most cases, contract officers ignore to classify the information and do not conduct export control check of the information. This can easily dampen both parties’ enthusiasm during the execution of a defense contract and may result with disputes as to many non-disclosure agreements do not refer to obligation of notice for export-controlled information. The question then is how parties should know whether the information is subject to export control regulation or not. The simple answer is: Compliance
In most non-disclosure agreements undersigned or negotiated for a U.S. linked defense project in Turkey, we experienced that authorities or contractors do not mind being responsible for the deemed export activities. The main concern is export license and many of those do not consider the effects of foreign laws under Export Administration Regulations (“EAR”) of the U.S. Yet, U.S.’s EAR describes that any person who complies with any of the license or other requirements of the EAR is not relieved of the responsibility of complying with applicable foreign laws and regulations. Conversely, any person who complies with the license or other requirements of a foreign law or regulation is not relieved of the responsibility of complying with U.S. laws and regulations, including the EAR. This shows compliance and drafting of a non-disclosure agreement in defense projects to secure export control related responsibilities is essential as to export activities are not limited to actual shipment under such regulations.
Deemed export basically means releasing or otherwise transferring “technology” subject to the EAR to a foreign person of a country other than the foreign country where the release or transfer takes place. Any release to a foreign person also in the United States is a deemed export to the foreign person's most recent country of citizenship or permanent residency. The export of an item that will transit through a country or countries to a destination identified in the EAR is deemed to be an export to that destination as well.
These definitions demonstrate how struggling and costly negligent practices in non-disclosure agreements can be. Before or in the course of the execution of the contract any of the parties’ employees, agents, shareholders, managers, consultants may have access to the confidential information which contains subject to EAR information, and this may be deemed as export control. Likewise, such people or any of the parties to the non-disclosure agreement shall be transferred it in any way. Similarly, either party may be requested or required by legal process to disclose any information subject to EAR and hold responsible for failure in export control regulations.
Below are some considerations to ensure export control compliant non-disclosure agreements:
Need to Know: In many non-disclosure agreements this “need to know” principle is referred as limitation to disclose however in an export control compliant non-disclosure agreement this should also refer to purpose of the agreement and connection with the information to be kept confidential and/or disclosed. This is crucial to highlight and limit the borders of information exchange and enable parties to defend themselves by means of any export control failure.
Classify the Information: This is not only related to sensitive information as generally referred under defense projects. Before entering to a non-disclosure agreement each party shall be responsible to notice each other if there is any subject to export control information would be exchanged, or any information becomes subject to export control and what they are about.
Data Protection: Exchange of private and subjective data of a group of people or a person may be required to avoid deemed export activities. Another words; drafting a data protection clause in a non-disclosure agreement referring that personal data shall also be deemed as confidential information would not serve to the benefits on export control basis.
Protection Does Not Mean Security: Parties agree to seek and maintain a comprehensive security procedure that contains appropriate security measures to safeguard the subject to EAR information to avoid deemed export activities.
No Consent to Transfer: Authorization to release and transfer internally should be subject to policies and parties should be aware of each other’s policies which should be treated as annex of the non-disclosure agreement.
Right to Request: Parties should agree on that due to export control requirements where applicable, both parties may have the right to request any type of information from each other and to submit it to competent authorities and this does not constitute the breach of the non-disclosure agreement unless disclosed information is deemed export.
Due Care: In non-disclosure agreement parties should agree that both parties shall employ the degree of care that would be exercised by a prudent manager in discharging obligations and show their best efforts to perform their obligations and rights in a professional manner, with due care and compliant with applicable export control regulations.
Compelled Disclosure: Rights and liabilities of both parties in a form of policy in case of compelled disclosure to legal or administrative authorities shall be described to avoid any breach of export control regulations.
Remedies: It is obvious that money damages would not be a sufficient remedy for any breach by means of export control regulations. Parties are suggested to seek specific performance and to draft remedy clauses accordingly.
As stated above, export control is not a contract linked matter. It originates in technology and information owned and controlled in a different jurisdiction. While parties assume that non-disclosure agreements by and between themselves are enough to secure the confidentiality, any tolerance or ignorance of export control perspective may ultimately result with crippling conflicts.