Effective July 21, 2008, the U.S. Department of Defense (“DoD”) issued an interim rule amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to address requirements for complying with export control laws and regulations when performing DoD contracts. The major impact of the rule is that it will now contractually obligate defense contractors to comply with U.S. export regulations. While defense contractors have always been required to follow U.S. export laws and regulations, the interim rule now imposes additional risks and liabilities on contractors because a violation of these requirements can also result in a breach of your government contract.  

Unfortunately, because of the complexity and scope of U.S. export requirements, many companies inadvertently violate these laws and regulations. Thus, adding a breach of contract claim to those violations requires defense contractors to understand and adhere to this new rule and the existing export regulations much more diligently.  

Three primary enforcement regimes govern U.S. exports:  

  • The International Traffic in Arms Regulations (“ITAR”) administered by the U.S. Department of State, Directorate of Defense Trade Controls (“DDTC”)
  • The Export Administration Regulations (“EAR”), administered by the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”)
  • The sanction and embargo regulations issued by the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”)  

Items and technology specifically developed for military or space applications are generally controlled by the ITAR. While the description brings weapons such as missiles and tanks to mind, the ITAR actually controls a much broader range of items than one might expect. For example, circuitry or software, which has been modified specifically for a use with a military item, may also be considered a military item for purposes of the ITAR. In addition, an item need not be developed under a DoD contract to fall under the controls of the ITAR. Generally, exports and transfers of any defense article or technical data to a foreign person or country will require a license from DDTC. Contractors should be aware that a transfer of controlled technology to a non-U.S. person who may be employed by the contractor may also require a license. This is true even if the transfer occurs inside the United States to an employee or subcontractor. Finally, the manufacturers of ITAR-controlled items are also required to register with the State Department, even if they are not exporting those products.  

The EAR covers most commercial products and technologies that are created in the U.S. or by U.S. persons, as well as foreign products that move in commerce through the United States, or those that are created from U.S. technology. While the scope of products and technologies covered by the EAR is vast, the requirement for an export license tends to be more limited. A large number of products and technologies can be exported either without a license or under a broadly applicable general license. Other items can be exported under license exceptions based on the use, the destination, and other factors. Whether or not a product requires a license or can be shipped under a license exception is done on a case-by-case basis and is a factual determination. In each case, an exporter must evaluate the item or technology, where it is going, who will receive it, and, for what it will be used.  

OFAC enforces various sanctions and embargoes by the United States (such as Cuba or Iran). As a general rule, the EAR and ITAR will govern the export of items and technology, while OFAC tends to control the transaction itself. Here too, licenses are sometimes available in extremely narrow circumstances for controlled transactions.  

The New Rule

In Section 890(a) of the National Defense Authorization Act for Fiscal Year 2008 (Pub. L. 110–181), Congress directed DoD to issue new regulations to ensure compliance with U.S. export laws. According to those regulations, “it is in the interest of both the Government and the contractor to have a common understanding of export controlled items expected to be involved in contract performance.”  

Congress sought three outcomes by implementing these changes. First, Congress wanted to increase compliance by U.S. defense contractors with U.S. export regulations. Second, Congress wanted to improve DoD’s efforts in alerting contractors that they may be dealing with restricted technologies. In order to do so, Congress directed DoD, the Department of State, and the Department of Commerce to make available additional resources to train defense contractors with regard to their obligations under U.S. export laws. Finally, Congress wanted a report from DoD regarding the utility of additional governmental oversight activities to ensure export compliance. Examples of the type of reporting Congress requested are: defense contractors reporting periodically on their export compliance efforts, periodic audits of defense contractors, and comprehensive export training programs.  

Below are the actual provisions the interim rule has added to the DFARS:  

  • The first clause, DFARS 252.204-7008, Requirements for Contracts Involving Export-Controlled Items, will be incorporated in any contract that is expected to involve export-controlled items or technology. Because of the expansive nature of the EAR and the wide range of items and technology covered under its provisions, it is hard to imagine a DoD contract without this provision. The provision will do two primary things:  

It will require the contractor to comply with existing export laws under the EAR and ITAR.  

It will require the contractor to flow-down the compliance requirement to all subcontracts that are expected to involve export-controlled items.

  • The second clause, DFARS 252.204-7009, Requirements Regarding Potential Access to Export-Controlled Items, will be incorporated in any research and development contract that is not expected to involve any development beyond fundamental research, or any contract where DoD is unable to determine whether export-controlled technologies may be included within the scope.  

Steps for Defense Contractors

While the new clauses required by the DFARS are certain to be present in most DoD contracts going forward, only time will tell if they have much impact. The initial implication is that these new requirements serve to put defense contractors on notice that the DoD and Congress want stricter adherence to U.S. export regulations. While defense contractors are already required by law to follow these laws, the addition to the DFARS of these new clauses does increase the government’s ability to impose liability. Because of the additional liability and additional focus, defense contractors should consider some steps to increase their compliance efforts.  

Compliance Programs

Contractors should develop comprehensive export compliance programs of their own, if they do not already have one in place. Although the new provisions do not yet require them, the Congressional mandate hints at their being required in the future. Additionally, BIS and DDTC already strongly recommend such programs for exporters, and they are an important mitigating factor in the event an inadvertent violation occurs. Implementing a compliance program with dedicated staff is the best way for contractors to manage their product and technology exports.  


It is important to note that the clause at DFARS 252.204-7008 includes a mandatory flow-down provision for subcontractors under DoD contracts. While contractors should require strict export compliance from their subcontractors, this provision may cause real issues for smaller, less sophisticated companies and the prime contractors that work with them. If the prime contractor does not already require export compliance from its subcontractors, the prime should begin to do so now. Additionally, they should look at their current subcontractors to ensure they are compliant.  

The DoD is taking export compliance as seriously as ever. In light of this new rule, we are cautioning our clients to do the same. Instituting comprehensive compliance programs and mandating that subcontractors do the same are the easy steps to shield oneself from the additional liability this new rule brings. Despite taking those initial steps, additional compliance measures may be necessary. Please do not hesitate contact Leigh Hansson or any of the lawyers with our Global Regulatory Enforcement Group if you have questions about these issues.