What is ITAR and when does it apply?

The International Traffic in Arms Regulations (ITAR) controls the export of defense articles, defense services, and technical data on the U.S. Munitions List (USML). ITAR applies when sharing any USML-listed items or related technical data with foreign persons, including foreign nationals in the U.S. (deemed exports).

Who qualifies as a U.S. Person under ITAR?

Under ITAR, a U.S. Person includes: U.S. citizens, lawful permanent residents (green card holders), protected individuals (refugees/asylees), and any corporation, business, or organization incorporated in the U.S. Foreign nationals, even if working at a U.S. company, are not U.S. persons.

What are the penalties for ITAR violations?

ITAR violations can result in civil penalties up to $1,213,644 per violation, criminal penalties up to $1,000,000 and 20 years imprisonment, debarment from government contracts, and loss of export privileges. Even inadvertent disclosures can trigger penalties.

Can I share ITAR-controlled information with a foreign-owned company in the U.S.?

Sharing with a U.S. subsidiary of a foreign company requires careful analysis. While the subsidiary may be a U.S. person, access by foreign parent company employees or foreign nationals at the subsidiary constitutes an export requiring authorization. A Technology Control Plan is typically required.

ITAR-Compliant NDA | Defense Export Controls

🇺🇸 Who is a "U.S. Person" Under ITAR?

ITAR-controlled information may only be shared with U.S. Persons. Your NDA must verify recipient status.

✅ Qualifies as U.S. Person

U.S. citizens (including dual citizens)
Lawful permanent residents (green card holders)
Protected individuals (refugees, asylees)
U.S. corporations, partnerships, organizations
U.S. government entities

❌ NOT a U.S. Person

Foreign nationals (any visa type, including H-1B)
Foreign corporations, even if U.S. subsidiary
Foreign governments and their representatives
International organizations
Non-resident aliens

🚧 Understanding "Deemed Exports"

A "deemed export" occurs when ITAR-controlled technical data is released to a foreign person within the United States. This includes:

Allowing a foreign national employee to access technical data
Sharing information during meetings with foreign visitors
Email or file sharing with foreign national colleagues
Visual access to controlled hardware or drawings

Your NDA must require Technology Control Plans (TCPs) to prevent inadvertent deemed exports.

Essential ITAR NDA Provisions

🇺🇸

U.S. Person Certification

Critical

Requires the receiving party to certify U.S. Person status and acknowledge restrictions on further disclosure.

Receiving Party hereby certifies that it is a "U.S. Person" as defined in 22 C.F.R. § 120.62, and that all individuals who will have access to the Technical Data disclosed hereunder are U.S. Persons. Receiving Party acknowledges that the Technical Data may not be disclosed to any non-U.S. Person without prior written authorization from the U.S. Department of State, Directorate of Defense Trade Controls (DDTC).

🔒

Export Control Acknowledgment

Critical

Explicit acknowledgment that information is subject to ITAR and cannot be exported without authorization.

Receiving Party acknowledges that the Technical Data and/or Defense Articles disclosed pursuant to this Agreement are controlled by the International Traffic in Arms Regulations (ITAR), 22 C.F.R. Parts 120-130, and may not be exported, re-exported, or transferred to any foreign person, foreign country, or foreign entity without prior written authorization from DDTC. Receiving Party agrees to comply with all applicable export control laws and regulations.

📄

USML Category Identification

Required

Identifies the specific U.S. Munitions List categories applicable to the disclosed information.

The Technical Data disclosed hereunder relates to defense articles described in Category [___] of the United States Munitions List (USML), 22 C.F.R. § 121.1. Receiving Party shall mark all materials containing such Technical Data with appropriate export control warnings and maintain such markings on all copies or derivatives.

💻

Technology Control Plan Requirement

Required

Requires implementation of a Technology Control Plan to prevent inadvertent disclosure to foreign persons.

Prior to receiving any Technical Data, Receiving Party shall implement a Technology Control Plan (TCP) adequate to prevent access by non-U.S. Persons, including: (i) physical access controls; (ii) electronic access restrictions; (iii) marking and handling procedures; and (iv) employee training on ITAR requirements. Upon request, Receiving Party shall provide evidence of TCP implementation.

🚨

Violation Reporting

Required

Mandatory reporting of any actual or suspected ITAR violations or unauthorized disclosures.

Receiving Party shall immediately notify Disclosing Party (within 24 hours) of any actual or suspected unauthorized disclosure of Technical Data, any access by non-U.S. Persons, or any other potential ITAR violation. Such notification shall not relieve Receiving Party of its obligation to file a voluntary disclosure with DDTC as required by 22 C.F.R. § 127.12.

Common USML Categories

The U.S. Munitions List contains 21 categories of defense articles. Common categories in NDA scenarios include:

Category I Firearms, Close Assault Weapons

Category IV Launch Vehicles, Guided Missiles, Ballistic Missiles

Category VIII Aircraft and Related Articles

Category XI Military Electronics

Category XII Fire Control, Laser, Imaging

Category XV Spacecraft and Related Articles

See 22 C.F.R. § 121.1 for the complete U.S. Munitions List.

Generate Your ITAR-Compliant NDA

Customize provisions based on your specific USML categories and disclosure requirements.

Generate ITAR NDA →

⚖️ Critical: Consult Export Control Counsel

ITAR compliance requires specialized legal expertise. This template provides a foundation, but you must consult with counsel experienced in export control law before sharing any potentially ITAR-controlled technical data. Violations can result in criminal prosecution, substantial fines, and debarment. Request a consultation.

ITAR-Compliant NDA

⚠️ CRITICAL: ITAR Violations Carry Severe Penalties

🇺🇸 Who is a "U.S. Person" Under ITAR?

✅ Qualifies as U.S. Person

❌ NOT a U.S. Person

🚧 Understanding "Deemed Exports"

Essential ITAR NDA Provisions

U.S. Person Certification

Export Control Acknowledgment

USML Category Identification

Technology Control Plan Requirement

Violation Reporting

Common USML Categories

Generate Your ITAR-Compliant NDA

⚖️ Critical: Consult Export Control Counsel