The U.S. Citizenship and Immigration Services recently modified some of the forms used by employers to petition for employment authorization on behalf of foreign nationals. One modification is the addition of a certification requirement to Form I-129. Since this requirement became effective a couple of months ago, employers seeking to employ foreign nationals in the H-1B, L-1 or O-1A categories have had to contend with complex clearance procedures under the Export Administration Regulations ("EAR") and the International Traffic in Arms Regulations ("ITAR"). The purpose of the certification requirement is to prevent the unauthorized release to foreign nationals of sensitive technology, technical data and software that could have national security and foreign policy implications.
Under the EAR, providing foreign nationals with access to sensitive technology or technical data in the United States is "deemed" to be an export of such goods to the person's country of nationality, which may require a license before release. Similarly, ITAR imposes a licensing requirement on the release of controlled defense articles or technical data included on its munitions list.
The new certification requires a company to attest that it has reviewed the EAR and ITAR and determined that either (i) a license is not required to release technology or technical data, or (ii) a license is required for such release but the company will prevent access by a foreign national to such information until a license is secured. The consequences of not complying with export laws can be severe, including civil fines of up to $500,000 per violation, criminal penalties of up to $1 million per violation and up to 10 years in prison, denial of export privileges, and debarment from U.S. government contracts.
The analysis required to execute an informed certification can be complicated and burdensome. It begins with a determination of the type of technology or technical data to which the foreign national will likely be given access. This determination requires consultation with company officials who understand product design and uses and with information technology personnel who are familiar with software applications.
Next, the company must determine how that technology or technical data will be classified for export purposes. The first consideration is whether the product is on the Commerce Control List ("CCL") administered by the U.S. Department of Commerce's Bureau of Industry and Security. The technical characteristics and functions of the product determine whether it falls within one of the 10 categories of controlled items listed on the CCL (e.g., Information Security is one of the categories) and whether the product has an Export Control Classification Number, which describes the technical characteristics of controlled products and any related export restrictions. If a product is on the CCL, then the company must consider the nationality of the foreign worker. This information is necessary to access the Commerce Country Chart to determine whether a license is required to export the item.
The U.S. Department of State's Directorate of Defense Trade Controls administers the ITAR U.S. Munitions List of technologies designated as controlled defense articles.
Although most technology is not controlled for export, the company should nevertheless conduct an analysis to be sure an export license is not required to release certain information to foreign nationals. Situations that should be closely examined include the release of technology, technical data or software to foreign workers involved in research and development, and foreign students and scholars involved in research. Technologies that require licensing for transfer to foreign nationals are often "dual-use" (i.e., have both civil and military applications) and relate to critical control areas, such as national security, nuclear proliferation, missile technology, or chemical and biological warfare.
Finally, technologies that are "publicly available" are not subject to EAR and ITAR licensing controls. These include publicly available technology and software (other than software and technology controlled as encryption items) that are already published or will be published.