A frequently asked compliance question among government contracts firms is whether they are required to register under the International Traffic In Arms Regulations (ITAR). It is important to note that even parties that engage solely in domestic manufacturing of defense articles that do not engage in any exporting or importing are required to become registered.

What is ITAR?

International Traffic in Arms Regulations (ITAR) is a set of regulations administered by the State Department to control the export and import of defense and military related technologies on the United States Munitions List (USML). In order to be ITAR compliant, companies must be able to track ITAR data at all times, know what data is being protected under ITAR, where that data is located, and who has access to the data. When data is transferred, organizations must also be able to record who the data is transferred to, as well as details of any further transferals from there.

The Department of State is responsible for the export and temporary import of defense articles and services governed by 22 U.S.C. 2778 of the Arms Export Control Act and Executive Order 13637.

ITAR implements the AECA. Articles specifically designed or otherwise intended for military end-use are enumerated on the United States Munitions List or the Missile Technology Control Regime Annex and therefore controlled by International Traffic in Arms Regulations which is administered by the Directorate of Defense Trade Controls (DDTC) at the State Department.

Who is Required?

Companies that frequently are required to register under ITAR include:

  • Federal contractors involved in defense, intelligence, security, homeland security and energy contracts;

  • Subcontractors and second- or third-tier suppliers of parts, components, subsystems, accessories and attachments used in such contracts;

  • IT, computer, software, data security and similar firms involved in defense applications;

  • Companies engaged in the repair, refurbishment and maintenance of defense products and systems, and logistics activities related to such items;

  • Companies that perform military training or provide military advice;

  • Manufacturers of firearms, ordinance and related equipment, gunsmiths;[2]

  • Firms involved in engineering and technical services related to defense projects.

How to Stay ITAR Compliant

The following checklist represents some of the key issues companies should look at when developing their ITAR compliance programs.

  • Ensure that the information or products you are sharing are on the US Munitions List (USML) and are subject to ITAR

  • If the information is subject to ITAR, avoid challenging and burdensome export controls by using end-to-end encrypted email and file sharing to protect USML data.

  • Make sure your encryption provider uses key management practices that ensure only the user has access to their private key.

  • Manage data access through expirations

  • Make sure you have granular access to files through Read only and View only capabilities

  • Ensure that you have log management so you can see who has accessed files.

Training at Apex Quality Assurance in ITAR can help prevent your company from any penalties. Within the ITAR training, topics that are covered are listed below:

  • ITAR Overview

  • Company Commitment

  • Program Responsibilities

  • Document Control

  • Human Resources

  • Internal Audit

  • Vendor Control

  • Work Environment

  • Record Control

  • Submission Requirements

Contact Us

There is so much information when it comes to ITAR and isn’t always easy to understand. We can make it simple through our private courses. Contact our expert team who will be your guide and help enable you to reach your goals.