ITAR: International Traffic in Arms Regulation

International Traffic in Arms Regulation (ITAR) governs information related to products and services on the US Munitions List (USML). This is a Department of State program that requires both initial registration and annual renewals for companies involved with specified practices. Program information and regulations related to ITAR are located at URL: and the USML is available at:

The following are key requirements for handling information listed in the US Munitions List.

122.1 Registration Requirements

Any person who engages in the United States in the business of manufacturing or exporting or temporarily importing defense articles, or furnishing defense services, is required to register with the Directorate of Defense Trade Controls under § 122.2. For the purpose of this subchapter, engaging in such a business requires only one occasion of manufacturing or exporting or temporarily importing a defense article or furnishing a defense service. A manufacturer who does not engage in exporting must nevertheless register.

It is important to note that the acronym ITAR or the US Munitions List are not synonymous with Defense or the Department of Defense. The US Munitions List includes 21 Categories of items. “In this part, articles, services, and related technical data are designated as defense articles or defense services pursuant to sections 38 and 47(7) of the Arms Export Control Act and constitute the U.S. Munitions List (USML).”

Items, parts may not be specifically identified as being ITAR. A print may specify – Export Control or access to information may be via a controlled web site such as cFolders within the DIBBS portal.

Even if the information is not marked, the expectation is that the contractor will take the appropriate steps to safeguard the information. This includes a duty to self-report violations of ITAR.

Most regulations list definitions. However, this regulation has a significant number of definitions and even though the terms may seem familiar, the definitions should be thoughtfully read to ensure that the user fully understands what the requirements.

Why is fully understanding these definitions so important? Currently, if a contractor who is handling either FCI or CUI has a cyber incident, there may be contractual ramifications. At this time, the language used implies that there is to an extent an understanding that cyber incidents will occur. In contrast, a US Person who violates ITAR possibly by the export of a specific defense article or defense service subject to The ITAR without a license may face civil and or criminal penalties. Criminal penalties can exceed $1.00 million dollar fine and possibly a 20 year prison sentence.

Key Definitions

In the above paragraph the terms –  Person, Defense Article, Defense Service and export are used.

These terms have common everyday definitions. However, and more importantly, these terms are precisely defined in 22 CFR Part 120 Purpose and Definitions.

As an example, to understand the term US Person, the reader must first review and understand the definition of Person.

As can be seen in the below definition, the term Person may refer to one of several entities which include –

  • A natural person
  • A corporation
  • A business association
  • A partnership
  • A society
  • A trust
  • Or any other entity, organization or group, including governmental entities

Additionally, as stated in the last sentence of § 120.14 Person (below), the use of the term Person may refer to either a US Person or a foreign person which is defined in § 120.16 Foreign person.

120.14 Person.

Person means a natural person as well as a corporation, business association, partnership, society, trust, or any other entity, organization or group, including governmental entities. If a provision in this subchapter does not refer exclusively to a foreign person (§ 120.16) or U.S. person (§ 120.15), then it refers to both.

120.16 Foreign person.

Foreign person means any natural person who is not a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20) or who is not a protected individual as defined by 8 U.S.C. 1324b(a)(3). It also means any foreign corporation, business association, partnership, trust, society or any other entity or group that is not incorporated or organized to do business in the United States, as well as international organizations, foreign governments and any agency or subdivision of foreign governments (e.g., diplomatic missions).

Why is this important?

As a note: the following is a very basic overview of ITAR requirements. All transactions that may qualify under these regulations should be thoroughly researched and when necessary advice sought from appropriate and qualified sources.

Regulations, in general, define activities that are both permissible and those which are not. Under ITAR Part 127.1 defines the term Violation. This part states the following –

127.1 Violations.

(a)Without first obtaining the required license or other written approval from the Directorate of Defense Trade Controls, it is unlawful:

(1)To export or attempt to export from the United States any defense article or technical data or to furnish or attempt to furnish any defense service for which a license or written approval is required by this subchapter;

(partial copy)

As shown by the underlined portions, this portion of Part 127.1 requires additional analysis and research to gain a better understanding of the requirements.

  • What defines the term export?
  • What is a defense article?
  • What is technical data?
  • What is required for a license?
  • What is meant by “other written approval?”
  • What forms and/or data are required?
  • Which office in the Directorate of Defense Trade Controls is authorized to issue licenses or other written approval?
  • At what point is it deemed that an applicant has obtained a license or other written approval?
  • How does a US Person document that the approvals were obtained first?

As an example, the following is provided to answer the first question – What defines the term export? requires review of the definitions, specifically 120.17 which 120.17 (2) states –

Releasing or otherwise transferring technical data to a foreign person in the United States (a “deemed export”); ”

Which adds to the list of terms to review.

120.50 Release.

(a)Technical data is released through:

(1)Visual or other inspection by foreign persons of a defense article that reveals technical data to a foreign person;

(2)Oral or written exchanges with foreign persons of technical data in the United States or abroad;

120.6 Defense article.

Defense article means any item or technical data designated in § 121.1 of this subchapter. The policy described in § 120.3 is applicable to designations of additional items. This term includes technical data recorded or stored in any physical form, models, mockups or other items that reveal technical data directly relating to items designated in § 121.1 of this subchapter. It also includes forgings, castings, and other unfinished products, such as extrusions and machined bodies, that have reached a stage in manufacturing where they are clearly identifiable by mechanical properties, material composition, geometry, or function as defense articles. It does not include basic marketing information on function or purpose or general system descriptions.

120.10 Technical data.

(a)Technical data means, for purposes of this subchapter:

(1)Information, other than software as defined in § 120.10(a)(4), which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions or documentation.

It is easy to use a common definitions or our own definition of terms in attempting to understand a requirement. However, it is important to note that for many government programs, each term has a specific definition and to understand the broader requirements requires full understanding of each term used.

A term such as Export has an everyday common definition which is generally understood and accepted. However, as can be seen by these definitions, Export as defined within ITAR is significantly different.

These programs are important from a National Security standpoint. They address serious issues and concerns. It is unlikely that there are few if any acceptable excuses for not understanding the requirements.

Joint Certification Program (JCP)

The Joint Certification Program is a US Canada program which is managed by DLA.

The JCP established in 1985 to allow United States (U.S.)/Canadian contractors to apply for access to Department of Defense/Department of National Defence (DOD/DND) unclassified export controlled technical data/critical technology on an equally favorable basis in accordance with DODD 5320.25 “Withholding of Unclassified Technical Data and Technology from Public Disclosure”, and Canadian Technical Data Control Regulations. (

To access JCP information businesses must complete DLA’s requirements for Export Controlled Data Access – The following is copied from this site.

The above elements define eligibility requirements for access to and use of JCP information. However, do not overlook the Disclaimer on DLA slides 7-13 from “DLA Introduction to Proper Handling of DoD Export-Controlled Technical Data Training – see link above. The following is the Disclaimer text:

“DISCLAIMER: This training is for introductory awareness only and does not take precedence over the regulatory requirements, instructions or directions proscribed by the Department of State or Department of Commerce. Where information is unclear, conflicts or further clarification is required, individuals taking this training should consult the Directorate of Defense Trade Controls at: for ITAR related inquiries or the Bureau of Industry and Security at: for inquires related to the EAR.”