International Traffic in Arms Regulations (ITAR)


What Does the ITAR Control?

22 CFR §§ 120-130 are promulgated and implemented by the the Directorate of Defense Trade Controls (DDTC) in the Department of State (DoS) and regulate:

  • Defense articles (as defined in §120.31),
  • Significant military equipment (as defined in §120.36),
  • Major defense equipment (as defined in §120.37),
  • Defense services (as defined in §120.32), and
  • Technical data and software (as defined in §120.33)

United States Munitions List (USML)

Regulated items are identified on the USML by categories. 

  • Category I-Firearms, Close Assault Weapons, and Combat Shotguns
  • Category II-Guns and Armament
  • Category III-Ammunition/Ordnance
  • Category IV-Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets, Torpedoes, Bombs, and Mines
  • Category V-Explosives and Energetic Materials, Propellants, Incendiary Agents, and Their Constituents
  • Category VI-Surface Vessels of War and Special Naval Equipment
  • Category VII-Ground Vehicles
  • Category VIII-Aircraft and Related Articles
  • Category IX-Military Training Equipment and Training
  • Category X-Personal Protective Equipment
  • Category XI-Military Electronics
  • Category XII-Fire Control, Range Finder, Optical and Guidance and Control Equipment
  • Category XIII-Materials and Miscellaneous Articles
  • Category XIV-Toxicological Agents, Including Chemical Agents, Biological Agents,  and Associated Equipment
  • Category XV-Spacecraft and Related Articles
  • Category XVI-Nuclear Weapons Related Items
  • Category XVII-Classified Articles, Technical Data and Defense Services Not Otherwise Enumerated
  • Category XVIII-Directed Energy Weapons
  • Category XIX-Gas Turbine Engines and Associated Equipment
  • Category XX-Submersible Vessels and Related Articles
  • Category XXI-Articles, Technical Data, and Defense Services Not Otherwise Enumerated


Quick Facts

  • If an United States Military List (USML) article is incorporated into a larger article, then the larger article becomes controlled under ITAR.
  • ITAR is article based:  NO article on the USML can be exported without a license or exemption.
  • Arms Embargo:  NO article on the USML may be exported under a license or license exemption to countries proscribed in 22 CFR § 126.1.  
  • Additional restrictions apply to other countries, whenever an export would not otherwise be in furtherance of world peace and the security and foreign policy of the United States – as proscribed further in 22 CFR § 126.1
  • Full versions of the ITAR and USML

Fundamental Research Under the ITAR

Review Fundamental Research Overview 


Using ITAR Controlled Items, Technical Data, Software in Research 

In some areas of research, USML items may be used.  These items are highly restricted and access by non-U.S. persons is prohibited without an export license or documented license exception even if it is being used in the conduct of Fundamental Research.

There is a bonafide full time employee exception (limited to certain countries of origin) but there is specific paperwork that needs to be completed and signed by all parties. Contact the Export Control Compliance team for review and approval prior to relying on this license exception.

  • Using night vision goggles originally developed for military use to be able to see a reaction in the laboratory under nighttime conditions.
  • Using an infrared camera originally developed for military use to be able to take nighttime pictures in the field.
  • Using a controlled chemical or biological agent in a research project.
  • Using a drone originally developed for military use to be able to take aerial pictures in the field. 


Research that is NOT Fundamental Research and Research on behalf of a Foreign Entity/Person

Any research that is NOT Fundamental Research and any research that is conducted on behalf of a foreign entity or person must be reviewed by the Export Control Compliance team to determine if the outcomes would be creating a Defense Article or providing a Defense Service.  Policy on Designating and Determining Defense Articles and Services (22 CFR § 120.3)


Key Definitions and Terms

(a)Defense article means any item or technical data designated in § 121.1 of this subchapter and includes:

(1) Technical data recorded or stored in any physical form, models, mockups or other items that reveal technical data directly relating to items designated in § 121.1 of this subchapter; and

(2) Forgings, castings, and other unfinished products, such as extrusions and machined bodies, that have reached a stage in manufacturing where they are clearly identifiable by mechanical properties, material composition, geometry, or function as defense articles.

(b) It does not include basic marketing information on function or purpose or general system descriptions.

(c) The policy described in § 120.3 is applicable to designations of additional items.

(a) Significant military equipment means articles for which special export controls are warranted because of their capacity for substantial military utility or capability.

(b) Significant military equipment includes: 

(1) Items in § 121.1 of this subchapter  that are preceded by an asterisk; and

(2) All classified articles enumerated in § 121.1 of this subchapter.

Major defense equipment, pursuant to section 47(6) of the Arms Export Control Act (22 U.S.C. 2794(6)), means any item of significant military equipment on the U.S. Munitions List having a nonrecurring research and development cost of more than $50,000,000 or a total production cost of more than $200,000,000.

(1) The furnishing of assistance (including training) to foreign persons, whether in the United States or abroad in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing or use of defense articles;

(2) The furnishing to foreign persons of any technical data controlled under this subchapter, whether in the United States or abroad; or

(3) Military training of foreign units and forces, regular and irregular, including formal or informal instruction of foreign persons in the United States or abroad or by correspondence courses, technical, educational, or information publications and media of all kinds, training aid, orientation, training exercise, and military advice.

(a) for purposes of this subchapter:

(1) Information, other than software as defined in §120.40(g), which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions or documentation.

(2) Classified information relating to defense articles and defense services on the U.S. Munitions List and 600-series items controlled by the Commerce Control List;

(3) Information covered by an invention secrecy order; or

(4) Software (see §120.40(g)) directly related to defense articles.

(b) The definition in paragraph (a) of this section does not include information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities, or information in the public domain as defined in §120.34  or telemetry data as defined in note 3 to Category XV(f) of part 121.1 of this subchapter. It also does not include basic marketing information on function or purpose or general system descriptions of defense articles.

(a) Export, except as set forth in § 120.54 or § 126.16 or § 126.17 of this subchapter, means:

(1) An actual shipment or transmission out of the United States, including the sending or taking of a defense article out of the United States in any manner;

(2) Releasing or otherwise transferring technical data to a foreign person in the United States (a deemed export);

(3) Transferring registration, control, or ownership of any aircraft, vessel, or satellite subject to this subchapter by a U.S. person to a foreign person;

(4) Releasing or otherwise transferring a defense article to an embassy or to any of its agencies or subdivisions, such as a diplomatic mission or consulate, in the United States;

(5) Performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad; or

(6) The release of previously encrypted technical data as described in § 120.56(a)(3) and (4).

(b) Any release in the United States of technical data to a foreign person is deemed to be an export to all countries in which the foreign person has held or holds citizenship or holds permanent residency.

(a) Reexport, except as set forth in §120.54, §126.16 or §126.17,  of this subchapter means:

(1) An actual shipment or transmission of a defense article from one foreign country to another foreign country, including the sending or taking of a defense article to or from such countries in any manner;

(2) Releasing or otherwise transferring technical data to a foreign person who is a citizen or permanent resident of a country other than the foreign country where the release or transfer takes place (a “deemed reexport”)

(3) Transferring registration, control, or ownership of any aircraft, vessel, or satellite subject to this subchapter between foreign persons.

(b) Any release outside the U.S. of technical data to a foreign person is deemed to be a reexport to all countries in which the foreign person has held or holds citizenship or holds permanent residency. 

(a) Release. Technical data is released through:

 (1) Visual or other inspection by foreign persons of a defense article that reveals technical data to a foreign person; or

 (2) Oral or written exchanges with foreign persons of technical data in the U.S. or abroad.

(3) The use of access information to cause or enable a foreign person, including yourself, to access, view, or possess unencrypted technical data; or

(4) The use of access information to cause technical data outside of the United States to be in unencrypted form.

(b) Provision of access information. Authorization for a release of technical data to a foreign person is required to provide access information to that foreign person, if that access information can cause or enable access, viewing, or possession of the unencrypted technical data.

Access information is information that allows access to encrypted technical data subject to this subchapter in an unencrypted form. Examples include decryption keys, network access codes, and passwords.

(a) The following activities are not exports, reexports, retransfers, or temporary imports:

(1) Launching a spacecraft, launch vehicle, payload, or other item into space.

(2) Transmitting or otherwise transferring technical data to a U.S. person in the United States from a person in the United States.

(3) Transmitting or otherwise transferring within the same foreign country technical data between or among only U.S. persons, so long as the transmission or transfer does not result in a release to a foreign person or transfer to a person prohibited from receiving the technical data.

(4) Shipping, moving, or transferring defense articles between or among the United States as defined in §120.60.

(5) Sending, taking, or storing technical data that is:

(i) Unclassified;

(ii) Secured using end-to-end encryption;

(iii) Secured using cryptographic modules (hardware or software) compliant with the Federal Information Processing Standards Publication 140-2 (FIPS 140-2) or its successors, supplemented by software implementation, cryptographic key management, and other procedures and controls that are in accordance with guidance provided in current U.S. National Institute for Standards and Technology (NIST) publications, or by other cryptographic means that provide security strength that is at least comparable to the minimum 128 bits of security strength achieved by the Advanced Encryption Standard (AES-128); and

(iv) Not intentionally sent to a person in or stored in a country proscribed in §126.1 of this subchapter or the Russian Federation; and

Note to paragraph (a)(5)(iv): Data in-transit via the internet is not deemed to be stored.

(v) Not sent from a country proscribed in §126.1 of this subchapter or the Russian Federation.

(b)(1) For purposes of this section, end-to-end encryption is defined as:

(i) The provision of cryptographic protection of data, such that the data is not in an unencrypted form, between an originator (or the originator's in-country security boundary) and an intended recipient (or the recipient's in-country security boundary); and

(ii) The means of decryption are not provided to any third party.

(2) The originator and the intended recipient may be the same person. The intended recipient must be the originator, a U.S. person in the United States, or a person otherwise authorized to receive the technical data, such as by a license or other approval pursuant to this subchapter.

(c) The ability to access technical data in encrypted form that satisfies the criteria set forth in paragraph (a)(5) of this section does not constitute the release or export of such technical data.

(a) The following activities are not exports, reexports, retransfers, or temporary imports:

(1) Launching a spacecraft, launch vehicle, payload, or other item into space.

(2) Transmitting or otherwise transferring technical data to a U.S. person in the United States from a person in the United States.

(3) Transmitting or otherwise transferring within the same foreign country technical data between or among only U.S. persons, so long as the transmission or transfer does not result in a release to a foreign person or transfer to a person prohibited from receiving the technical data.

(4) Shipping, moving, or transferring defense articles between or among the United States as defined in §120.60.

(5) Sending, taking, or storing technical data that is:

(i) Unclassified;

(ii) Secured using end-to-end encryption;

(iii) Secured using cryptographic modules (hardware or software) compliant with the Federal Information Processing Standards Publication 140-2 (FIPS 140-2) or its successors, supplemented by software implementation, cryptographic key management, and other procedures and controls that are in accordance with guidance provided in current U.S. National Institute for Standards and Technology (NIST) publications, or by other cryptographic means that provide security strength that is at least comparable to the minimum 128 bits of security strength achieved by the Advanced Encryption Standard (AES-128); and

(iv) Not intentionally sent to a person in or stored in a country proscribed in §126.1 of this subchapter or the Russian Federation; and

Note to paragraph (a)(5)(iv): Data in-transit via the internet is not deemed to be stored.

(v) Not sent from a country proscribed in §126.1 of this subchapter or the Russian Federation.

(b)(1) For purposes of this section, end-to-end encryption is defined as:

(i) The provision of cryptographic protection of data, such that the data is not in an unencrypted form, between an originator (or the originator's in-country security boundary) and an intended recipient (or the recipient's in-country security boundary); and

(ii) The means of decryption are not provided to any third party.

(2) The originator and the intended recipient may be the same person. The intended recipient must be the originator, a U.S. person in the United States, or a person otherwise authorized to receive the technical data, such as by a license or other approval pursuant to this subchapter.

(c) The ability to access technical data in encrypted form that satisfies the criteria set forth in paragraph (a)(5) of this section does not constitute the release or export of such technical data.


Quick Links to Additional Export Control Laws and Regulation