/Office for Research and Innovation
Research Security

 

Export Control Compliance

Stony Brook University (SBU) is committed to complying with federal export control laws and regulations that pertain to the conduct and dissemination of our research and ot the export of tangible items such as equipment, components, or materials.  The Research Security Program is responsible for SBU's export control compliance program.

SBU Export Control Policy

Attend an Export Control or Research Security Webinar - View the Schedule

What are export control regulations? 

Export controls are a body of U.S. federal laws and regulations that regulate: 

  • Disclosure, shipment, use, transfer, or transmission of items, commodities, materials, technical information, technology, software, or encrypted software to foreign persons or entities wherever located. 
  • Transactions and services involving prohibited countries, persons, or entities.
  • Certain transactions with people or entities on federal restricted parties lists.  

Quick Link -  Campus Compliance & Export Control Laws & Regulations

Where can you get assistance with export control compliance? 

The Export Control Compliance team can provide support with any of the following issues:

  • Engaging in international collaborations
  • Attending conferences, meetings, and seminars in foreign countries      
  • Working with and handling controlled information
  • Shipping or hand-carrying items to international locations
  • Traveling to embargoed/sanctioned countries 
  • Purchasing controlled equipment
  • Screening for restricted parties 
  • Inviting foreign visitors to campus
  • Hiring international employees
  • Engaging with foreign militaries and military organizations
  • ...and more

Quick Link - Review SBU's How to Comply Guidance Documents 

Schedule a Meeting with an Export Control Professional

How can you request an export control review?

The Research Security Program team has created forms for easy submission of review requests. 

REQUEST AN EXPORT CONTROL REVIEW

Are there training requirements for export control compliance? 

Export control training is not required for faculty, staff, and students that are not involved in export controlled projects or activities.  The Export Control Compliance team highly recommends completion of online export control training in Collaborative Institutional Training Institute (CITI) . 

Faculty, staff, and students can choose from:  Introduction to Export Compliance or any of the focused topical areas - Researchers, Biosafety, International and Foreign Waters, When Using Technology in Research, U.S. Sanctions Programs, Collaborations, Distance Education, Shipping, Purchasing.   

*CITI is available to all SBU faculty, staff and students - Use the Log In Through My Organization option and use your NetID and password. Directions: Select "Add a Course", then "I want to complete the Research Security Course at this time", then "Research Security Training", select "Next". You will then have the option of viewing any or all four modules, completion of the modules will be recorded in CITI.

Resources and Guidance for Export Control Compliance 

Export Controls Overview, Concepts and Guidance

Below is an overview of export controls along with general information, concepts and links to additional information, training, and resources.  Faculty, staff, and students who conduct or participate in international activities must be familiar with the information provided in these pages. Contact the Export Controls Compliance team 

Campus Activities & Export Controls Overview

The Campus Community (see below) must comply with SBU's Export Control Policy.

The Campus Community has an obligation to review the information provided on these pages and must contact the Exports Controls Compliance team when conducting activities that may require an export license or documented license exception. Campus Compliance Overview

The Export Control Policy applies to the Campus Community. 

The Campus Community includes but is not limited to all faculty (including voluntary, lecturers, and adjuncts); research personnel (including research staff, post-doctoral fellows, research associates); visiting scientists and scholars, graduate and undergraduate students involved in research activities; visiting scholars, consultants or other volunteers involved in research activities; non-research staff in departments, centers, institutes, colleges, administrative offices that are involved with transactions covered under this Policy.

University includes all schools, centers, institutes, and administrative offices within the State University of New York at Stony Brook, the Research Foundation for State University of New York as it relates to Stony Brook University, Stony Brook Medicine (including University Hospital), and the Long Island State Veterans Home.

SBU's Export Control Policy applies to the conduct of any Activity:

  • On University controlled premises, or
  • On behalf of the University at any domestic location, or 
  • On behalf of the University at any foreign location.

Note: Activity is defined as research, education, service & scholarship or business purpose.

Even though most research conducted at SBU is  Fundamental Research (meaning that there are no foreign national or publication restrictions), there are many situations where export controls apply to SBU research activities.

Examples of potential export control areas:

  • Receipt of Third-Party Confidential Information
  • International Activities (both in the U.S. and abroad)
  • Export controlled materials, equipment or information
  • Research that is not Fundamental
  • Research (funded or unfunded) for the benefit of an international entity

Review the Research and Export Controls Overview

Even though most courses offered at SBU qualify for exclusions from export control regulations (courses commonly taught at universities and part of the course catalog), there are situations where export controls apply to SBU educational activities.

Examples of potential export control areas: 

  • Senior design classes 
  • Teaching abroad 
  • Online courses 
  • Software 

Review the Education and Export Controls Overview.

Even though most service and scholarship activities would not be subject to export control regulations, there are situations where export controls apply to SBU service and scholarship activities.

Examples of potential export control areas: 

  • Unfunded research for the benefit of an international entity 
  • Travel to, or collection of data from, an embargoed/sanctioned country
  • International partnerships/visitors

Review the Service and Scholarship and Export Control Overview.

SBU interacts with international entities, persons, and partners through many different avenues.

Operational offices (supporting SBU's mission) can be:

  • Export control compliance checkpoints and/or 
  • Areas of risk for export control compliance

Examples of potential export control areas: 

  • Payment to an international party
  • Purchase of export controlled items 
  • Agreements with an international partners
  • International Shipments

Review Business and Export Controls Overview

Export Control Laws and Regulations

The Campus Community should be familiar with export control laws and regulations as it relates to their SBU activities.  The below information and related links are meant to provide a basic understanding of export control regulations and laws.  Federal Export Control Laws and Regulations Overview

There are many defined terms and key concepts to understand with export controls laws and regulations. 

Export Control Terms and Definitions 

  • Disclosure, shipment, use, transfer, or transmission of any item, commodity, material, technical information, technology, software, or encrypted software for the benefit of a foreign person or foreign entity anywhere (including the transfer of controlled information within the U.S. “deemed export”);   Types of Exports Overview

  • Transactions and the provision of services involving prohibited countries, persons or entities based on trade sanctions, embargoes and travel restrictions;  Embargo and Sanction Programs Overview

and 

  • Certain transactions with persons or entities designated on a federal restricted parties lists.  Restricted Party Overview

See What Do You Want to Do? on this page for guidance on common SBU activities. 

Highly Controlled  - all destinations and to non-U.S. persons in the U.S.

Administered by the Directorate of Defense Trade Controls (DDTC) in the Department of State, the International Traffic in Arms Regulations regulate defense articles,  significant military equipment, major defense equipment, defense services, and technical data and software. 

International Traffic in Arms Regulations Overview

Different levels of control that vary by  item and destination.  Access by non-U.S. persons in the U.S. depends on multiple factors.  

Administered by the Bureau of Industry and Security (BIS) in the Department of Commerce  - Export Administration Regulations regulate commercial and dual use (commercial and military/security applications) items, including encrypted software.

Export Administration Regulations Overview

Highly Controlled -specialized regulations with a narrow scope.

Administered by:

  • Department of Energy the Assistance to Foreign Atomic Energy Activities regulates technology and services related to direct or indirect production of Special Nuclear Materials.
  • Nuclear Regulatory Commission regulates the export and import of nuclear equipment and material.

Federal Export Control Laws and Regulations Overview

Highly Controlled - country and/or activity based

Office of Foreign Asset Controls (OFAC) in the Department of Treasury, administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.

Embargo and Sanction Programs Overview

The U.S. government regulations in general require: 

  • Any paperwork detailing:  internal export control assessments, including any documentation regarding the applicability of any licensing exemptions, license determinations, license submissions, post-license management, negotiations in connection with an export regardless of whether the export or re-export actually occurs are required to be kept for five (5) years from the last activity or expiration date. 
  • Records must be kept in a manner in which facilitates the ability to retrieve the records for any purpose and to review the records during internal or U.S. Government audits.

The penalties for violating export control laws can be significant and may result in criminal sanctions and/or fines against the individual and/or the University, loss of exporting privileges for the University, and/or loss of federal funds.
Export Classification of Items, Technology, and Software

Classification is determining which body of export control regulations an item,  technology, or software falls under.   This is important because classification determines how an item, technology, or software is controlled and any licensing requirements. 

Design intent and any number of features can alter the way in which any item, technology, or software is controlled under the export control regulations.  Classification Overview

The export control regulations have an "Order of Review" to determine classification of items, technology, and software.   

This includes all physical items and non-public information and software! 

Classification Overview 

When receiving an item, technology, or software from another party that may be export controlled it is important to request the export classification. 

Classification Overview 

Depending on what you have created (e.g. information vs prototypes) you may or may not be dealing with something that is export controlled.

Classification Overview 

Software and encryption is a complex area of export control laws and regulations. For both research and non-research developed software, review the Guidance for Stony Brook Developed Software (NetID and password required)
Elevated Export Control Compliance Risks

Some individuals, institutions, businesses, governments, and countries have been identified by the U.S. government as presenting elevated concerns.  Interactions may be prohibited, require an export license or documented exception, or present other risks to the individual or SBU. 

Below is information on each of these areas.  All of the activities described below must be reviewed by the Export Control Compliance team.

A Restricted Party is any person or entity that is listed on a U.S. government denial list.

Restricted Parties Overview

How to conduct a restricted party screening using Descartes Visual Compliance software

Each set of export control regulations addresses sharing of controlled items, technology, and software under its control with specified countries. 

In addition, the Department of Defense identified:

  • China, Iran, North Korea and Russia as Countries of Concern. 

"Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education" (June 2023) 

Embargoes and sanctions are unique to the country/group that is being targeted by the embargo/sanction.

Particularly relevant to the campus community are programs against Cuba , Iran, and Russia.  

  • Many activities with individuals in, or ordinarily resident in, Iran may require an export license even though there is no export. 
  • Activities in Cuba require a documented license exception. 

Embargoes and Sanctions Overview

The International Traffic in Arms Regulations (ITAR) also regulates Defense Services which is the training of foreign military units and forces by U.S. persons 

Defense Services Overview

Note: Defense services may occur even if the activity includes only publicly available information. 

Related Federal Regulations

In addition to the laws and regulations discussed above,  many other laws and regulations touch upon export control compliance.

SBU does not conduct research that would create or accept Controlled Unclassified Information (CUI).  

Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies but is not classified under Executive Order 13556 “Classified National Security Information” or the Atomic Energy Act, as amended.

Controlled Unclassified Information Overview

Contact the Research Security Program if you have questions regarding CUI for research. 

SBU does not conduct Classified Research or accept Classified Information. 

Classified national security information is information created or received by an agency of the federal government or a government contractor that would damage national security if improperly released. The President of the U.S. manages the system of classifying information by executive order (E.O.); the most recent order concerning classified national security information is E.O. 13526, signed by President Obama on December 29, 2009.

Classified Information Overview

Contact the Research Security Program if you have questions regarding Classified Information for research. 

Stony Brook University's DD2345 expires in August 2024. 

The Military Critical Technical Data Agreement (DD2345) is the institutional form the University fills out to register in the Joint Certification Program (JCP). Through the JCP, U.S. and Canadian defense contractors to apply for access to U.S. Department of Defense (DoD) or Canadian Department of National Defense (DND) unclassified export controlled technical data/critical technology on an equally favorable basis. The Joint Certification Office is staffed by DoD and DND staff that review and certify contractor applications submitted on the DD2345.

Military Critical Technology Data Agreement Overview

Contact the Research Security Program if you have questions regarding a DD2345 for research. 

Anti-bribery provisions of the Foreign Corrupt Practices Act make it unlawful to bribe a foreign official for the purposes of obtaining or retaining business.

Anti-Boycott regulations:

  • Prohibit U.S. businesses (including SBU) from taking actions in support of unsanctioned foreign boycotts, including the Arab League’s boycott of Israel.
  • Prevent U.S. persons from conducting business under terms that would restrict a person’s ability to do business with other countries under a boycott not recognized by the United States. 

Anti-Boycott laws are administered and enforced by the Department of Commerce, Bureau of Industry Security, under the “Restrictive Trade Practices and Boycotts” of the EAR (15 CFR Part 760) and by the Department of Treasury under the “Ribicoff Amendment” to the Tax Reform Act of 1976 adding §999 to the Internal Revenue Code. 

Research Security

Export control compliance is one element of a Research Security Program and in some cases there is overlap of concerns and reviews. 

In addition to export control compliance information provided on these pages, faculty, staff and students should review and understand the information provided on the Research Security Program website

U.S. Government Articles of Interest

Learn More 

Awareness and Training Resources/Materials

Awareness and training resources to assist SBU faculty, staff, and students in understanding how to comply with export control laws and regulations. 

 

 

What Do You Want To Do? 

Common Activities that Require an Export Review 

Full List of Guidance Documents

Below is general guidance for faculty, staff, and students for complying with export control laws and regulations when engaging in university activities.

magnify1
Restricted Party Screening 

Restricted Party Screening

All non-U.S. persons and all entities (foreign and domestic) must be screened for inclusion on any of the U.S. government's restricted party list prior to engaging in activities.  How to conduct a restricted party screening.

 
Attend, Host, or Present at a Conference, Meeting, or Seminar

Conference, Meetings, and Seminars Export Reviews

Sharing non-public information (export-controlled, proprietary, or restricted by the U.S. government) may require an export license or documented license exception.  Additional risks may be associated with Countries of Concern. 

 professional activities

Deemed Export
Share Information with a Foreign National Employee

Foreign National Employee Export Review

Sharing non-public information (export-controlled, proprietary, or restricted by the U.S. government or sponsor) and access to some equipment, materials, and/or software may require an export license or documented license exception.
Store Export Controlled Information or Items

Store Export Controlled Information or Items

Export controlled information and items must be properly secured based upon their level of control and security needs.  Explore campus resources.

store controlled information

collaborations
Conduct Research with an International Partner

International Collaborations Export Review 

Exchange of non-public information and shipment of any items may require an export license or documented license exception. Additional risks may be associated with  embargoed/sanctioned countries or Countries of Concern. 
Host an International Visitor

International Visitor Export Review

Sharing non-public information (export-controlled, proprietary, or restricted by the U.S. government or sponsor) and access to some equipment, materials, and/or software may require an export license or documented license exception.

 visitors
oversea
Send a Shipment, Hand-Carry, or Electronically Transmit Internationally

International Shipments and Hand-Carry Export Review 

An export license, documented license exception, or no license required determination is required whenever hand-carrying/shipping for one's own use in an international location or shipping to a third-party.  For hand-carry of electronic devices additional information - Tools of the Trade Guidance Document
Travel Internationally

International Travel Export Review 

International travel and export control compliance depends upon many factors, including international activity, the destination, and what is being hand-carried/shipped. 
purchasing
Purchase Export Controlled Items (e.g.,  Equipment, Materials, Software)  

Procurement Export Review 

Receiving and understanding the export classification of purchases  (i.e., equipment, materials, chemicals, biologics, technology, software).  End-use agreement. Export controlled purchases often need enhanced security.  

Questions? 

View the FAQ page 

Contact Export Controls Compliance team 

Request an Export Control Review (NetID login required)

Report Export Compliance Concerns 

If after reviewing the information provided on this website or any other export control compliance resources it is believed that an export violation may have occurred use the below resources: 

  • EthicsPoint: Reports may be submitted via SBU's secure third-party confidential reporting system by web and mobile devices or telephone (see information provided below).  Select the "Export Control/Research Security Concern" type. Reports may be submitted anonymously.  Mobile & Web Report is available or you may report by phone at (833) 223-7024 

OR 

  • You may e-mail or call (631-632-1954) the Director of Research Security.