International Traffic in Arms Regulations (ITAR)
What Does the ITAR Control?
22 CFR §§ 120-130 are promulgated and implemented by the the Directorate of Defense Trade Controls (DDTC) in the Department of State (DoS) and regulate:
- Defense articles (as defined in §120.31),
- Significant military equipment (as defined in §120.36),
- Major defense equipment (as defined in §120.37),
- Defense services (as defined in §120.32), and
- Technical data and software (as defined in §120.33)
United States Munitions List (USML)
Regulated items are identified on the USML by categories.
Quick Facts
- If an United States Military List (USML) article is incorporated into a larger article, then the larger article becomes controlled under ITAR.
- ITAR is article based: NO article on the USML can be exported without a license or exemption.
- Arms Embargo: NO article on the USML may be exported under a license or license exemption to countries proscribed in 22 CFR § 126.1.
- Additional restrictions apply to other countries, whenever an export would not otherwise be in furtherance of world peace and the security and foreign policy of the United States – as proscribed further in 22 CFR § 126.1
- Full versions of the ITAR and USML
Fundamental Research Under the ITAR
Review Fundamental Research Overview
Using ITAR Controlled Items, Technical Data, Software in Research
In some areas of research, USML items may be used. These items are highly restricted and access by non-U.S. persons is prohibited without an export license or documented license exception even if it is being used in the conduct of Fundamental Research.
Research that is NOT Fundamental Research and Research on behalf of a Foreign Entity/Person
Any research that is NOT Fundamental Research and any research that is conducted on behalf of a foreign entity or person must be reviewed by the Export Control Compliance team to determine if the outcomes would be creating a Defense Article or providing a Defense Service. Policy on Designating and Determining Defense Articles and Services (22 CFR § 120.3)
Key Definitions and Terms
(a)Defense article means any item or technical data designated in § 121.1 of this subchapter and includes: (1) Technical data recorded or stored in any physical form, models, mockups or other
items that reveal technical data directly relating to items designated in § 121.1
of this subchapter; and (2) Forgings, castings, and other unfinished products, such as extrusions and machined
bodies, that have reached a stage in manufacturing where they are clearly identifiable
by mechanical properties, material composition, geometry, or function as defense articles. (b) It does not include basic marketing information on function or purpose or general
system descriptions. (c) The policy described in § 120.3 is applicable to designations of additional items. (a) Significant military equipment means articles for which special export controls
are warranted because of their capacity for substantial military utility or capability. (b) Significant military equipment includes: (1) Items in § 121.1 of this subchapter that are preceded by an asterisk; and (2) All classified articles enumerated in § 121.1 of this subchapter. (1) The furnishing of assistance (including training) to foreign persons, whether
in the United States or abroad in the design, development, engineering, manufacture,
production, assembly, testing, repair, maintenance, modification, operation, demilitarization,
destruction, processing or use of defense articles; (2) The furnishing to foreign persons of any technical data controlled under this
subchapter, whether in the United States or abroad; or (3) Military training of foreign units and forces, regular and irregular, including
formal or informal instruction of foreign persons in the United States or abroad or
by correspondence courses, technical, educational, or information publications and
media of all kinds, training aid, orientation, training exercise, and military advice. (a) for purposes of this subchapter: (1) Information, other than software as defined in §120.40(g), which is required for
the design, development, production, manufacture, assembly, operation, repair, testing,
maintenance or modification of defense articles. This includes information in the
form of blueprints, drawings, photographs, plans, instructions or documentation. (2) Classified information relating to defense articles and defense services on the
U.S. Munitions List and 600-series items controlled by the Commerce Control List; (3) Information covered by an invention secrecy order; or (4) Software (see §120.40(g)) directly related to defense articles. (b) The definition in paragraph (a) of this section does not include information concerning
general scientific, mathematical, or engineering principles commonly taught in schools,
colleges, and universities, or information in the public domain as defined in §120.34
or telemetry data as defined in note 3 to Category XV(f) of part 121.1 of this subchapter.
It also does not include basic marketing information on function or purpose or general
system descriptions of defense articles. (a) Export, except as set forth in § 120.54 or § 126.16 or § 126.17 of this subchapter,
means: (1) An actual shipment or transmission out of the United States, including the sending
or taking of a defense article out of the United States in any manner; (2) Releasing or otherwise transferring technical data to a foreign person in the
United States (a deemed export); (3) Transferring registration, control, or ownership of any aircraft, vessel, or satellite
subject to this subchapter by a U.S. person to a foreign person; (4) Releasing or otherwise transferring a defense article to an embassy or to any
of its agencies or subdivisions, such as a diplomatic mission or consulate, in the
United States; (5) Performing a defense service on behalf of, or for the benefit of, a foreign person,
whether in the United States or abroad; or (6) The release of previously encrypted technical data as described in § 120.56(a)(3)
and (4). (b) Any release in the United States of technical data to a foreign person is deemed
to be an export to all countries in which the foreign person has held or holds citizenship
or holds permanent residency. (a) Reexport, except as set forth in §120.54, §126.16 or §126.17, of this subchapter
means: (1) An actual shipment or transmission of a defense article from one foreign country
to another foreign country, including the sending or taking of a defense article to
or from such countries in any manner; (2) Releasing or otherwise transferring technical data to a foreign person who is
a citizen or permanent resident of a country other than the foreign country where
the release or transfer takes place (a “deemed reexport”) (3) Transferring registration, control, or ownership of any aircraft, vessel, or satellite
subject to this subchapter between foreign persons. (b) Any release outside the U.S. of technical data to a foreign person is deemed to
be a reexport to all countries in which the foreign person has held or holds citizenship
or holds permanent residency. (a) Release. Technical data is released through: (1) Visual or other inspection by foreign persons of a defense article that reveals
technical data to a foreign person; or (2) Oral or written exchanges with foreign persons of technical data in the U.S.
or abroad. (3) The use of access information to cause or enable a foreign person, including yourself,
to access, view, or possess unencrypted technical data; or (4) The use of access information to cause technical data outside of the United States
to be in unencrypted form. (b) Provision of access information. Authorization for a release of technical data
to a foreign person is required to provide access information to that foreign person,
if that access information can cause or enable access, viewing, or possession of the
unencrypted technical data. (a) The following activities are not exports, reexports, retransfers, or temporary
imports: (1) Launching a spacecraft, launch vehicle, payload, or other item into space. (2) Transmitting or otherwise transferring technical data to a U.S. person in the
United States from a person in the United States. (3) Transmitting or otherwise transferring within the same foreign country technical
data between or among only U.S. persons, so long as the transmission or transfer does
not result in a release to a foreign person or transfer to a person prohibited from
receiving the technical data. (4) Shipping, moving, or transferring defense articles between or among the United
States as defined in §120.60. (5) Sending, taking, or storing technical data that is: (i) Unclassified; (ii) Secured using end-to-end encryption; (iii) Secured using cryptographic modules (hardware or software) compliant with the
Federal Information Processing Standards Publication 140-2 (FIPS 140-2) or its successors,
supplemented by software implementation, cryptographic key management, and other procedures
and controls that are in accordance with guidance provided in current U.S. National
Institute for Standards and Technology (NIST) publications, or by other cryptographic
means that provide security strength that is at least comparable to the minimum 128
bits of security strength achieved by the Advanced Encryption Standard (AES-128);
and (iv) Not intentionally sent to a person in or stored in a country proscribed in §126.1
of this subchapter or the Russian Federation; and Note to paragraph (a)(5)(iv): Data in-transit via the internet is not deemed to be
stored. (v) Not sent from a country proscribed in §126.1 of this subchapter or the Russian
Federation. (b)(1) For purposes of this section, end-to-end encryption is defined as: (i) The provision of cryptographic protection of data, such that the data is not in
an unencrypted form, between an originator (or the originator's in-country security
boundary) and an intended recipient (or the recipient's in-country security boundary);
and (ii) The means of decryption are not provided to any third party. (2) The originator and the intended recipient may be the same person. The intended
recipient must be the originator, a U.S. person in the United States, or a person
otherwise authorized to receive the technical data, such as by a license or other
approval pursuant to this subchapter. (c) The ability to access technical data in encrypted form that satisfies the criteria
set forth in paragraph (a)(5) of this section does not constitute the release or export
of such technical data. (a) The following activities are not exports, reexports, retransfers, or temporary
imports: (1) Launching a spacecraft, launch vehicle, payload, or other item into space. (2) Transmitting or otherwise transferring technical data to a U.S. person in the
United States from a person in the United States. (3) Transmitting or otherwise transferring within the same foreign country technical
data between or among only U.S. persons, so long as the transmission or transfer does
not result in a release to a foreign person or transfer to a person prohibited from
receiving the technical data. (4) Shipping, moving, or transferring defense articles between or among the United
States as defined in §120.60. (5) Sending, taking, or storing technical data that is: (i) Unclassified; (ii) Secured using end-to-end encryption; (iii) Secured using cryptographic modules (hardware or software) compliant with the
Federal Information Processing Standards Publication 140-2 (FIPS 140-2) or its successors,
supplemented by software implementation, cryptographic key management, and other procedures
and controls that are in accordance with guidance provided in current U.S. National
Institute for Standards and Technology (NIST) publications, or by other cryptographic
means that provide security strength that is at least comparable to the minimum 128
bits of security strength achieved by the Advanced Encryption Standard (AES-128);
and (iv) Not intentionally sent to a person in or stored in a country proscribed in §126.1
of this subchapter or the Russian Federation; and Note to paragraph (a)(5)(iv): Data in-transit via the internet is not deemed to be
stored. (v) Not sent from a country proscribed in §126.1 of this subchapter or the Russian
Federation. (b)(1) For purposes of this section, end-to-end encryption is defined as: (i) The provision of cryptographic protection of data, such that the data is not in
an unencrypted form, between an originator (or the originator's in-country security
boundary) and an intended recipient (or the recipient's in-country security boundary);
and (ii) The means of decryption are not provided to any third party. (2) The originator and the intended recipient may be the same person. The intended
recipient must be the originator, a U.S. person in the United States, or a person
otherwise authorized to receive the technical data, such as by a license or other
approval pursuant to this subchapter. (c) The ability to access technical data in encrypted form that satisfies the criteria
set forth in paragraph (a)(5) of this section does not constitute the release or export
of such technical data.