# ITAR/EAR Export Compliance Program Manual > Draft company-specific export compliance program manuals under ITAR and EAR. Covers organizational structure, product classification, license determination, screening procedures, Technology Control Plans, training, recordkeeping, and audit procedures for defense contractors and technology companies. Tags: Export Compliance, ITAR, EAR, Defense, Compliance Program, US Regulation, Sanctions, OFAC, Deemed Export, Technology Control Plan ## Example Prompts - Create an ITAR compliance program manual for a defense electronics company - Draft a Technology Control Plan for a facility with foreign national employees - Write EAR screening and license determination procedures for a dual-use technology firm - Prepare export compliance training and audit procedures for a DDTC audit URL: https://rakenne.app/skills/itar-ear-compliance/index.md Try this skill: https://rakenne.app/a/?skill=itar-ear-compliance ## Overview An export compliance program manual is the foundational document for any company that manufactures, exports, or handles defense articles (ITAR) or dual-use technologies (EAR). Unlike a generic policy template, the manual must reflect the company's specific products, USML categories or ECCNs, export destinations, foreign national employees, and organizational structure — a generic template can expose companies to criminal liability (up to $1M and 20 years per violation for ITAR; same for EAR). This skill produces a company-tailored compliance manual covering organizational structure, product classification, license determination, restricted party screening (including the OFAC 50% Rule), Technology Control Plans for deemed exports, antiboycott compliance, training, recordkeeping, audit procedures, and voluntary self-disclosure processes. ## What It Covers - **Organizational structure** — Empowered Official (ITAR requirement), Export Compliance Officer, departmental responsibilities, succession planning - **Product classification** — USML/CCL jurisdiction determination, classification decision tree, CJ/CCATS request procedures, 600-series ECCN awareness - **License determination** — ITAR license types (DSP-5, DSP-73, TAA, MLA), EAR license exceptions, ITAR exemptions (22 CFR 123.16, 125.4, 126.4, 126.6), internal approval chain - **Screening procedures** — All OFAC, BIS, and DDTC denied parties lists; OFAC 50% Rule ownership analysis; red flag indicators; end-use/end-user certificates - **Technology Control Plan** — Physical access, network segmentation, deemed export controls, cloud storage compliance, visitor procedures, conference/publication review - **Training, recordkeeping & audit** — Role-specific training, 5-year retention requirements with correct CFR citations, Blue Lantern/BIS end-use check response procedures - **Incident response & VSD** — Voluntary self-disclosure procedures for both DDTC and BIS, antiboycott reporting, Russia/Belarus control compliance ## Example Conversation > **You:** We're a defense electronics company — about 200 employees in Huntsville, Alabama. We manufacture electronic warfare subsystems under USML Categories XI and XII, and we also make some dual-use radar components that fall under ECCN 7A003. We need a complete export compliance manual from scratch — we have a DDTC audit coming up in six months. > **Agent:** I'll build a dual-regime compliance manual covering both ITAR and EAR. Given your USML Category XI (Military Electronics) and XII (Fire Control, Laser, Imaging, and Guidance Equipment) items, plus ECCN 7A003 (radar), you need comprehensive coverage. Let me start with some critical questions: > > 1. Who is your designated **Empowered Official**? This is an ITAR legal requirement (22 CFR 120.25) — they must be a US person with authority to sign license applications. > 2. Do you have any **foreign national employees or regular foreign visitors**? This triggers deemed export requirements. > 3. What countries do you export to? Any exports to Russia, Belarus, China, Iran, or other sanctioned/embargoed destinations? > 4. Is your DDTC registration current, and when does it expire? > **You:** Our VP of Operations, Mark Sullivan, is the Empowered Official. We have 3 foreign national employees — two from South Korea and one from the UK, all with Secret clearances through our FSO. We export primarily to NATO allies, plus Australia, Japan, and South Korea. No exports to embargoed countries. DDTC registration is current through next April. > **Agent:** Good — Mark Sullivan as Empowered Official, and your three foreign nationals are from allied countries with security clearances, which simplifies the deemed export analysis. Let me create `output/export-compliance-manual.md` and start with the policy statement and organizational structure. > > For the **deemed export** section, even though your foreign nationals have security clearances, ITAR still requires an analysis of what technical data they access. Security clearances issued under the NISPOM operate under a different legal framework than ITAR export authorizations — a clearance doesn't automatically satisfy ITAR deemed export requirements. I'll draft the TCP section to document the specific ITAR exemption or license that authorizes each person's access. > > For **restricted party screening**, I'll set up procedures covering all required lists. Important question: do you use an automated screening tool (Visual Compliance, Descartes, etc.) or are you screening manually? > **You:** We use Visual Compliance for automated screening. Run it at transaction initiation and before shipment. For ongoing relationships, we re-screen quarterly. > **Agent:** Good — automated screening with Visual Compliance at initiation and shipment, plus quarterly re-screening for ongoing relationships. I'll document that in the screening procedures chapter. I'm also adding the **OFAC 50% Rule** — entities owned 50% or more by an SDN are blocked even if not individually named on the SDN list. Visual Compliance should catch most of these, but I'll include a manual ownership verification step for any counterparty with apparent ties to sanctioned jurisdictions. > > For the classification section, I'm building a product classification register with your known items: > > | Product | Jurisdiction | Classification | > |---------|-------------|----------------| > | EW subsystem Type A | ITAR | USML Cat. XI | > | EW subsystem Type B | ITAR | USML Cat. XII | > | Radar component Model RC-400 | EAR | ECCN 7A003 | > > Are there other products or technologies I should add? Also — do any of your products use encryption that might trigger EAR ECCN 5A002/5D002 or the related ITAR Category XIII(b) issues? ## Output Excerpt After the agent completes all chapters, the output is a company-specific compliance manual ready for internal review and DDTC audit preparation. Here is a representative excerpt showing the classification decision tree, screening procedures, and Technology Control Plan: ```markdown # Sullivan Defense Systems — Export Compliance Program Manual **Effective Date:** 1 March 2026 **Version:** 1.0 **Classification:** Company Confidential — Export Controlled **Approved by:** James Morrison, President & CEO **Empowered Official:** Mark Sullivan, VP of Operations --- ## 3. Product Classification and Jurisdiction ### 3.1 Jurisdiction Determination Process Item/Technology/Service to be exported │ ▼ Is it on the USML? │ │ YES NO │ │ ▼ ▼ ITAR Is it on the CCL? (DDTC) │ │ YES NO │ │ ▼ ▼ EAR/ECCN EAR99 (BIS) (minimal controls) ### 3.2 Company Product Classifications | Product/Technology | Jurisdiction | Classification | Reason for Control | Date | Classified By | |-------------------|-------------|----------------|-------------------|------|---------------| | EW Subsystem Type A (ALQ-series) | ITAR | USML Cat. XI(a)(4) | Defense article — electronic countermeasures | 15 Jan 2024 | M. Sullivan | | EW Subsystem Type B (fire control) | ITAR | USML Cat. XII(d) | Defense article — laser/IR countermeasures | 15 Jan 2024 | M. Sullivan | | Radar Component RC-400 | EAR | ECCN 7A003.b | Radar systems, NS/MT/AT | 22 Mar 2024 | R. Chen | | Test Equipment Model TE-200 | EAR | ECCN 7B003 | Test equipment for 7A, NS/AT | 22 Mar 2024 | R. Chen | | Engineering workstation software | EAR | EAR99 | General-purpose, no specific ECCN | 05 Apr 2024 | R. Chen | --- ## 5. Screening Procedures ### 5.1 Restricted Party Screening **Frequency:** Every transaction screened at initiation and prior to shipment. All ongoing business relationships re-screened quarterly. **Lists Screened (via Visual Compliance):** - [x] OFAC Specially Designated Nationals (SDN) - [x] OFAC Sectoral Sanctions Identifications (SSI) - [x] OFAC Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) - [x] OFAC Foreign Sanctions Evaders (FSE) - [x] BIS Entity List - [x] BIS Denied Persons List - [x] BIS Unverified List - [x] DDTC Debarred Parties - [x] State Department Nonproliferation Sanctions Lists - [x] OFAC 50% Rule ownership review (for counterparties with apparent ties to sanctioned jurisdictions) ### 5.3 Red Flag Indicators Stop the transaction and consult the ECO if any of the following occur: - Customer reluctant to provide end-use or end-user information - Product capabilities do not match customer's stated business - Customer declines installation, training, or maintenance services - Delivery to a freight forwarder rather than the end-user - Customer willing to pay cash for high-value defense articles - Unusual shipping routes through third countries - Order for quantities inconsistent with customer's stated needs - Customer has a military address or is known to be affiliated with a foreign military not covered by an existing FMS case or LOA --- ## 6. Technology Control Plan (TCP) ### 6.4 Deemed Export Controls | Foreign National | Nationality | Role | Technology Access | Authorization | |-----------------|-------------|------|-------------------|---------------| | Dr. Min-Jun Park | South Korea | RF Engineer | USML Cat. XI technical data; ECCN 7A003 technology | ITAR: 22 CFR 125.4(b)(9) (NATO + major non-NATO ally); EAR: License Exception STA | | Seo-Yeon Kim | South Korea | Systems Engineer | USML Cat. XII technical data | ITAR: 22 CFR 125.4(b)(9) | | Dr. James Whitfield | United Kingdom | Program Manager | USML Cat. XI, XII technical data | ITAR: 22 CFR 126.4 (US govt program support) | **Procedures:** 1. HR identifies foreign national status at hiring and annually thereafter; notifies ECO within 5 business days of any change 2. ECO determines applicable ITAR exemption or EAR license exception for each foreign national based on nationality and technology access 3. If no exemption/exception applies → deemed export license application submitted to DDTC (ITAR) or BIS (EAR) before access is granted 4. Quarterly review of foreign national access authorizations 5. Access limited to scope of documented authorization — no "general access" to all controlled data ``` The manual includes all sections required for DDTC audit readiness: policy statement, organizational structure with the Empowered Official, classification procedures, license determination flowcharts, complete screening procedures with all OFAC/BIS/DDTC lists, a Technology Control Plan with foreign national access documentation, training program, recordkeeping with correct regulatory citations, audit procedures with Blue Lantern response protocols, and voluntary self-disclosure procedures. ## Getting Started Add your company's product information, organizational charts, and any existing compliance documentation to the project workspace, then activate the *ITAR/EAR Export Compliance Program Manual* skill. The agent will determine your regulatory scope (ITAR, EAR, or both), collect your product classifications and export activities, and build a company-specific compliance manual ready for internal review or DDTC/BIS audit preparation. --- Back to [Skill Library](https://rakenne.app/skills/index.md)