By Brian A. Bannon,
Barbara D. Linney
& David A. Leib
Most federal government contractors are familiar with the scores of standard clauses incorporated by reference into their contracts and subcontracts as mandated by the Federal Acquisition Regulations (FAR) and the departmental supplements such as the DFARS. Although most contracts include close to 100 standard clauses addressing a panoply of regulatory requirements, there are no standard clauses addressing compliance with the export control laws. For this reason, it is not uncommon for corporate contract administrators and purchasing agents to believe that the export control laws are synonymous with industrial security requirements and that as long as technical data to be provided to subcontractors is not classified as Confidential, Secret or Top Secret there are no restrictions on disclosure. To the contrary, the export control regulations and the National Industrial Security Program Operating Manual (NISPOM) regulation are entirely separate regimes and compliance with the NISPOM does not ensure compliance with the export control regulations.
Another common misconception is that items that are not "MIL SPEC" are not controlled, but many "COTS" or "commercial-off-the-shelf" items are in fact subject to the export control regulations. Moreover, every year many government contractors and subcontractors find themselves caught in the snare of the so-called "deemed export rule" under which a release or disclosure of controlled technical data to foreign nationals in the United States constitutes an export that requires prior authorization from the applicable export control agency.
Savvy prime contractors include customized clauses requiring their subcontractors to comply with all applicable export control laws and to flow down such requirements to their subcontractors, with the result that violation of the export control laws will expose the subcontractor to contractual claims in addition to agency enforcement action. However, obtaining warranties and representations that the subcontractor will abide by the export control laws will not shield the prime contractor from agency enforcement action if it has failed to undertake the proper due diligence. In order to avoid exposure, contractors should be familiar with the export control regime and establish compliance programs designed to ensure protection of both classified and unclassified items and technical data from unauthorized transfer to foreign persons.
The primary sources of export control regulations affecting federal government contractors are the Arms Export Control Act, as implemented by the International Traffic in Arms Regulations (commonly referred to as the "ITAR"), and the Export Administration Regulations ("EAR"). The ITAR regulates the export of defense articles, defense services, and technical data listed on the United States Munitions List ("USML"), while the EAR regulate various commercial items, primarily those that are critical to national security or can be diverted for uses contrary to national security or in support of terrorism. The EAR contain a comprehensive list of items subject to national security and other controls (known as the Commerce Control List or "CCL"), as well as a number of important end use and end user restrictions. The ITAR are administered by the U.S. Department of State's Directorate of Defense Trade Controls ("DDTC"); the EAR are administered by the U.S. Department of Commerce's Bureau of Industry and Security ("BIS"). Contractors who fail to familiarize themselves with the USML and the CCL risk running afoul of their export control obligations.
While the CCL contains a very specific list of controlled items and related software and technology (including items falling under the Navigation and Avionic, Marine, and Propulsion System categories), the USML is expressed in more general terms, with the result that contractors frequently assume that the "COTS" products they are supplying are not controlled. For example, Category VI of the USML covers, among other things, "Vessels of War" - defined to include not only combatants, but also non-combatant auxiliary vessels and support ships and service and miscellaneous vessels, as well as Coast Guard cutters and patrol craft. Category VI(f) controls "all specifically designed or modified components, parts, accessories, attachments, and associated equipment" for such vessels, while Category VI(g) controls technical data (including software) and defense services directly related to such vessels and components. Any modification to what may appear at first glance to be a standard commercial component or part could subject the contractor to ITAR jurisdiction.
Furthermore, even if the component itself is not controlled, technical data regarding the vessel itself may be controlled, and controlled technical data (whether related to the vessel or controlled components) may not be released to foreign nationals even in the United States without prior authorization from DDTC. Such release constitutes a controlled defense service, as does the furnishing to foreign persons of assistance (including training) in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing or use of defense articles. Likewise, release of EAR controlled software or technology to foreign nationals requires the prior authorization of BIS.
As a result, the export regulations have important implications for hiring practices and offshore procurement. If a subcontractor will require access to controlled technical data or require his subcontractors and their personnel to attend meetings at which such data is discussed, the prime contractor has an affirmative obligation to assure compliance with the export control laws. At a minimum, this entails determining whether offshore subcontractors or U.S. based personnel who are not United States citizens or green card holders will be assigned to the subcontract and have access to controlled technical data. Foreign suppliers and personnel who are not United States citizens or green card holders may not be provided controlled information unless and until an appropriate export license and/or Technical Assistance Agreement has been approved by DDTC or BIS. For DDTC purposes, all countries of nationality and permanent residence must be considered; for BIS purposes, under current regulations, the country of most recent citizenship or permanent residency prevails. If the subcontract contains a clause giving the prime contractor the right to approve lower-tiered subcontracts, it is incumbent upon the prime contractor to make certain that the subcontractor has flowed-down the requirement to comply with the export control regulations. In addition, controlled technical data should be marked appropriately to make clear that it is subject to export controls.
Unlike the EAR, the ITAR require U.S. companies to register with DDTC if they are in the business of manufacturing or exporting defense articles (which, as defined, includes technical data) or furnishing defense services. Registration is a prerequisite to applying for licenses or other approvals or relying on various exemptions from licensing requirements, so it is important for contractors to be aware of their obligation to register and keep their registrations current in order to avoid delays when authorizations are required.
Planning ahead to determine whether foreign national employees or offshore suppliers who may be involved in a project involving controlled data or defense services are subject to embargoes or policies of denial also can help contractors avoid costly delays. For example, exports to countries like China, Libya and Iran (and several others) will not receive DDTC approval, and "deemed exports" to nationals of such countries likewise are prohibited. BIS also has license denial policies in place for several countries, depending upon the controlled item in question and the reason for control. Many contractors waste valuable time planning to partner with or employ such entities or individuals. Another area in which advance planning is critical is the bid phase. Contractors who team with offshore partners and suppliers to prepare bids may need to provide export controlled data or controlled defense services in the process of preparing their bids, and failure to plan for necessary export authorizations may result in lost opportunities.
Contractors who ignore the ITAR and EAR do so at their peril. Penalties for export violations can be severe. Criminal penalties for willful violations of ITAR may include fines of up to $1 million per violation for corporations and up to ten years imprisonment for individuals. Civil penalties may also be assessed up to $500,000 per violation, and multiple violations can arise from the same program or project. In recent years, DDTC has assessed several civil penalties for related violations amounting in the aggregate to tens of millions of dollars. Furthermore, defense articles exported from the United States in violation of ITAR, and any vessel, vehicle or aircraft involved in such attempt, are subject to seizure, forfeiture and disposition. Under the EAR, fines for criminal activities can range to $250,000 per violation for individuals and the greater of $1,000,000 or five times the value of the exports involved for companies, and civil penalties can include fines of up to $10,000 per violation and seizure of the regulated items. Companies found to have violated ITAR or EAR can have their export privileges suspended and may also be suspended and/or debarred from contracting with the United States government
for up to three years. Contractors should plan to mitigate these risks by implementing effective export compliance programs.
About the Authors
Brian A. Bannon is a Partner in the Washington DC office of Blank Rome LLP, and focuses his practice on Public Contracts. Ms. Linney, also a partner in the Washington DC office, practices in the area of international trade and transactions, and regularly advises both U.S. and foreign clients regarding U.S. export controls and international economic sanctions, defense trade and security regulations, and other international trade and business issues, including mergers, acquisitions and financings. She represents clients before various federal agencies, including the Department of State, Department of Commerce, and Office of Foreign Assets Control. David A. Leib is an Associate in the Maritime, International Trade and Public Contracts Practice Group at Blank Rome LLP and focuses his practice on Public Contracts.
The article reflects developments through May 11, 2005, the date of submission for publication. The views expressed herein are those of the authors, do not necessarily reflect the opinion of the firm or other members of the firm, and should not be construed as legal advice or opinion or a substitute for the advice of counsel.