The deemed export rules create a dizzying maze of challenges for businesses seeking to hire and retain the best and brightest from around the world. Normal business operations require companies to provide proprietary information to employees, foreign national or not, on how their products are produced, and this information is often controlled, thus requiring a license before the information can be divulged to the foreign nationals that need access to it. While classifying the products produced, classifying related technical data, and getting required licenses causes enough headaches, U.S. manufacturers often overlook another area of concern –access to manufacturing and laboratory hardware. This article seeks to highlight the compliance concerns while suggesting a solution to this tricky problem.
How is Information Controlled Under the ITAR and EAR?
Under the ITAR, 22 CFR § 125.2(a) establishes the requirement that a license be obtained for the export of technical data, including in the case of “plant visits.” §125.2(b) further requires a license be obtained for oral, visual, or documentary disclosures of technical data by U.S. persons to foreign persons. §120.10(a)(1) defines technical data to include “information…which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles. “
Under the EAR, “Technical Data” is not a broad umbrella term as it is used in the ITAR, but rather a subset of “Technology,” which is defined at 15 CFR § 772.1 as “specific information necessary for the “development,” “production” or “use” of a product. Under the EAR, “Technical Data” is the various forms that this information can come in, including “blueprints, plans, diagrams, models, formulae, tables, engineering designs…” etc. Significantly, the EAR then provides a very restrictive definition of the term “use,” defining the term at § 772.1 as “operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing.” The “and” is crucial, as it signifies that all six elements must be present for information to be considered “use” information.
According to § 734.2(3), a “release” of technology occurs through:
- Visual inspection by foreign nationals of U.S.-origin equipment and facilities;
- Oral exchanges of information in the U.S. or abroad; or
- The application to situations abroad of personal knowledge or technical experience acquired in the U.S.
Both sets of regulations clarify that this information does not include data concerning general scientific, mathematical or engineering principles commonly taught in schools, colleges and universities or that which is in the public domain.
Both the ITAR and EAR are trying to control information, but have conceptualized that information differently, leading to incongruous definitions. The incongruity between the definitions suggests they are trying to control different things. In practice, the ITAR is interpreted more restrictively than the EAR for several reasons. First, the ITAR is generally considered to be a higher stakes set of regulations. That is, theoretically, the items controlled under the ITAR pose a greater threat to U.S. national security and violations are enforced more rigorously. Second, the EAR has added layers to the concepts utilized to control information, and these layers seem to narrow the range of controlled information (i.e. the definition of “use”). Therefore, we suggest that companies producing ITAR controlled technology act very conservatively when conducting technical data transfers, while companies with EAR controlled technology may act with more flexibility.
Is Access to Controlled Hardware a “Deemed Export?”
Under the ITAR, it is generally understood that access to controlled hardware by a foreign national is an export. DDTC has a history of bringing cases against businesses that allow foreign nationals visual access to ITAR controlled hardware. Whatever the actual merits of these enforcement actions may be, we suggest that any possible visual exposure a foreign national will have to controlled hardware be preceded by a license application to DDTC.
On the other hand, it is unclear under the EAR whether visual access to a controlled hardware item would qualify as a deemed export. For a deemed export to occur there must be a release of technology as defined under the EAR. This would be a “visual inspection” of “specific information necessary for the ‘development, production, or use.’” Of these three areas, “use” seems to be the most broad, but the EAR later defines “use” as containing six elements (operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing), greatly reducing its amplitude. It is unlikely that visual access to an item would allow one to conduct all six elements. In general, we suggest that companies identify the departments, or areas of the company, where exposure to controlled hardware is most likely, and then seek , licenses for those employees working with the controlled hardware. However, this suggestion depends heavily on the level of controls of the hardware in a given facility, the level of access to that hardware, the nature of the industry that a manufacturer is in, a manufacturer’s tolerance for risk, and a variety of other factors.
Controlling Access to Controlled Hardware
The uncertainty and difficulty arising from interpreting and complying with these regulations poses a particular challenge for companies involved in manufacturing controlled technology. These manufacturers draw scientists and skilled labor from around the globe and need to share information in order to manufacture their products. For scientists and employees working in research and development and manufacturing, there are two major areas of concern: 1) technical data regarding products and 2) technical data regarding facility hardware.
An I-129 application will require an employer to certify that the proposed employee will not have access to controlled technology or technical data without obtaining any required licenses. This not only requires the employee to not have unauthorized access to the products produced, but also to not have unauthorized access to the items kept at the facility that may or may not have been produced by the manufacturer. This includes controlled production equipment and testing equipment. The best way to account for these hardware items is to create an inventory of all equipment used in the production and testing of all products and classify the equipment in that inventory. It is important for all equipment to be classified because production and testing equipment does not need to be used for producing controlled technology for that equipment to be controlled itself. The benefit of this system is that it simplifies the process of applying for an I-129 for an employee, as a manufacturer could determine whether an employee will be exposed to controlled technology simply by reviewing whether the employee has access to any equipment in the classification database. Adopting such a database would increase compliance in addition to saving companies money and time when hiring and licensing foreign nationals.