At the time of writing this article, heightened global tensions are escalating across many regions of the world. Various COVID-driven lockdowns and mandates have created pressure and growth of mistrust in government leaders. Adding to the unrest, worsening inflation fueled by continued supply chain breakdowns is adding stress to an increasingly challenging business environment. Given these circumstances, it is reasonable to assume bad-actor states will increase espionage efforts, particularly when it comes to the trade in arms. Now is a great time for enterprises in the Aerospace and Defense (A&D) sector to refresh their awareness and knowledge of ITAR compliance.
ITAR, or the International Trafficking of Arms Regulations, is often perceived to be just about export control of arms and munitions, but it goes much further. Much of the regulatory nature of ITAR is about controlling the actual transfer of hardware and systems to foreign entities to ensure that only governments friendly to and partnered with the United States have access.
Cybersecurity is a closely related topic to regulatory compliance – learn more about how Aerospace Manufacturing Cybersecurity is More than Classified Design Information
ITAR compliance covers much more than just the transfer of hardware and system. Part 125 specifies restrictions of the export of technical data and classified defense articles (read more here). This means that much of the information associated with defense technology is subject to being evaluated for ITAR compliance.
Here are three important factors to consider about ITAR compliance that companies operating in the A&D value chain must keep in mind.
1. ITAR Covers All Information (Not Just Classified)
Section 125.2 deals explicitly with unclassified technical data since classified information is already covered by regulations that specify how classified information is handled. All classified information transfer is handled as specified by the Defense Counterintelligence and Security Agency which also references ITAR. For unclassified information, ITAR part 125.2 specifies that a license is required for disclosures of any information other than that which is required for foreign patent filings, which must comply with the appropriate PTO rules. When dealing with the transfer of classified information, Section 125.3 applies and there are specific procedures and exemptions which must be applied.
2. Technical Data is More Than Design Information
Sometimes there is confusion as to what information is included in ITAR regulations, which is more than just design data. ITAR defines technical data as:
- Information, other than software as defined in § 120.10(a)(4), which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles; this includes information in the form of blueprints, drawings, photographs, plans, instructions, or documentation.
- Classified information relating to defense articles and defense services on the U.S. Munitions List and 600-series items controlled by the Commerce Control List.
- Information covered by an invention secrecy order.
- Software (see § 120.45(f)) directly related to defense articles.
While fundamental design information is obviously covered by ITAR, there are three other types of information that ITAR also regulates:
- Design Methodology – These are the engineering methods and design philosophy utilized, the underlying design rationale, and the associated design factors such as safety, component life predictions, and failure analysis criteria, among other data points that establish the operational requirements such as performance, mechanical, electrical, electronic, reliability, and maintainability data of a defense article.
- Engineering Analysis – These are the analytical methods and tools used to design or evaluate a defense article’s performance against the operational requirements and include the computer models and simulations.
- Manufacturing Know-how – This is the information that provides detailed manufacturing processes and techniques needed to translate a detailed design into a qualified, finished item.
These categories of information are eligible for transfer under ITAR, but only as licensed.
3. ITAR Compliance Also Regulates Services
ITAR also regulates the delivery of services including training, testing, operation, maintenance, and repair services. For example, if your business is providing MRO services, then you are still likely required to maintain ITAR compliance.
Products Not Covered by ITAR May Still be Covered by EAR
While ITAR covers the export of technology related to defense items, some dual-use technology that may not be explicitly covered by ITAR might be covered by another set of rules: EAR – Export Administration Regulations. If your products are covered under ITAR, you will be dealing with the Department of State while for products that fall under EAR you will be dealing with the Department of Commerce. Make sure you know which regulations apply to your products.
Dan Miklovic is the founder and principal analyst at Lean Manufacturing Research, LLC. He has a wealth of experience as an end-user, software vendor, consultant, and market research analyst. He led a plant applications development and implementation team at Weyerhaeuser, was a process system engineer at Scott Paper, led the network design team at a large engineering firm serving the pulp & paper and mining industries. His industry analyst experience includes roles at Gartner, Sustainable Collaborations Group, and LNS Research. He is currently a member of The Analyst Syndicate. He has authored dozens of articles, contributed to several engineering handbooks, authored a text on industrial networking, and was a co-host of World Business Review, a TV program seen on public television, CNBC, and other outlets.
You may contact Dan at [email protected].