EAR vs ITAR — Which Export Regulations Apply to Your Business?
The Fast Answer
EAR (Export Administration Regulations) governs commercial and dual-use items. Managed by the Bureau of Industry and Security (BIS), part of the Commerce Department. Think electronics, software, machinery, chemicals with potential military applications.
ITAR (International Traffic in Arms Regulations) governs defense and military articles. Managed by the Directorate of Defense Trade Controls (DDTC), part of the State Department. Think weapons, military vehicles, satellite components, and anything specifically designed for a defense platform.
The two regimes are mutually exclusive — your product falls under one or the other. If your product or technology appears on the U.S. Munitions List (USML), it is ITAR. Everything else is subject to EAR.
Getting this wrong is how companies end up paying eight-figure penalties. Let's make sure you know which applies.
How to Determine Which Regime Applies
Step 1: Check if ITAR applies first
ITAR has no "de minimis" threshold. If an article, component, or piece of technical data was designed for a defense application, ITAR applies regardless of its commercial value or end user.
Ask yourself:
- Does the item appear in the USML Categories I–XXI?
- Was it developed under a U.S. defense contract, DoD grant, or DARPA program?
- Is it specifically designed for a military platform — submarine, fighter jet, radar system?
If yes to any of these, treat it as ITAR-controlled until you receive a formal commodity jurisdiction (CJ) determination from DDTC.
One critical nuance: sharing ITAR-controlled technical data with a foreign national — even on U.S. soil — constitutes a deemed export that requires State Department authorization.
Step 2: Classify under EAR if ITAR does not apply
If ITAR does not apply, your item is subject to EAR. The next question is: what ECCN (Export Control Classification Number) does your product carry?
ECCNs are five-character alphanumeric codes organized by category. You find your ECCN by matching your item's technical specifications against the Commerce Control List (CCL) at 15 C.F.R. Part 774.
If your item is not listed on the CCL, it defaults to EAR99 — the lowest-sensitivity category. EAR99 items generally don't require an export license, but they're still subject to denied party screening. "EAR99" does not mean "unregulated."
EAR vs ITAR at a Glance
| EAR | ITAR | |
|---|---|---|
| Governing body | BIS (Commerce Dept.) | DDTC (State Dept.) |
| Item types | Commercial, dual-use goods | Defense articles and services |
| Classification system | ECCN | USML Categories (I–XXI) |
| Registration required | No | Yes — mandatory for all manufacturers |
| Civil penalties | Up to $364,992/violation | Up to $1.3M/violation |
| Criminal penalties | Up to 20 years + $1M/violation | Up to 20 years + $1M/violation |
One difference worth highlighting: ITAR requires exporters to register with DDTC before making any exports. Failure to register is itself a violation, separate from whether any exports occurred. EAR has no blanket registration requirement.
What Happens When You Get It Wrong
EAR enforcement: Cadence Design Systems — $140M
In 2023, BIS finalized a $140 million settlement with Cadence Design Systems after the company exported integrated circuits and software to Huawei entities without the required licenses. The violations continued for years despite Cadence having an internal compliance team.
The lesson: a compliance program that doesn't keep pace with regulatory changes is worse than nothing — it creates false confidence.
ITAR enforcement: L3 Technologies — $1.8M
In 2020, DDTC assessed L3 Technologies $1.8 million in civil penalties for exporting defense-related technical data to foreign nationals without required authorizations and failing to maintain proper records. The violations included items the company had misclassified as EAR-controlled when they were, in fact, ITAR-controlled.
The lesson: misclassifying an ITAR item as EAR is not a technicality — it is a federal violation.
The Requirement Both Regimes Share: Denied Party Screening
Here is where EAR and ITAR converge: both require you to screen every customer, vendor, and partner against denied party lists before every transaction.
Under EAR, the key lists are:
- BIS Entity List
- BIS Denied Persons List (DPL)
- Unverified List (UVL)
- Military End User (MEU) List
- OFAC SDN List
Under ITAR, the primary list is:
- DDTC Debarred Parties (22 C.F.R. Part 127)
- Plus OFAC, which cuts across both regimes
The practical problem: these lists update constantly. A vendor you screened at onboarding may be added to a restricted list before your next shipment. Checking once is not compliance — it is a false sense of security.
The Right Approach
Whether your products fall under EAR or ITAR:
- Classify your products — ECCN or USML category, documented in writing
- Screen every counterparty — customers, vendors, freight forwarders, end users
- Re-screen on every transaction — not just at onboarding
- Document everything — screening results with timestamps are your audit trail
ScreenShield screens against the full U.S. Consolidated Screening List — covering BIS Entity List, Denied Persons List, Unverified List, MEU List, OFAC SDN, and more — in under a second.
Screen your first name free — takes 10 seconds
Further Reading