Aerospace is governed by complex global supply chains, dual-use components, and evolving export rules. Overlooking a detail, however minor, can have severe consequences.
This blog will discuss, what the differences between International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR), the real-world implications of non-compliance and the five most common blind spots we’ve found when talking to aerospace organizations when it comes to ITAR and EAR compliance.
Key Takeaways
- ITAR and EAR have critical differences that aerospace firms must grasp. ITAR governs military and defense items with stricter controls and mandatory registration, while EAR covers dual-use and commercial items with different thresholds and licensing requirements. Confusing them can trigger severe compliance failures.
- Non-compliance carries severe penalties and can lead to business disruption. Recent cases show that violations can lead to multimillion dollar fines, denial orders, and reputational damage that can halt operations or restrict access to key markets.
- Companies often underestimate risks in areas like supplier oversight, inconsistent global processes, incomplete screening of intermediaries, jurisdiction misunderstandings, and poor documentation practices.
- Even non-U.S. firms are subject to ITAR and EAR if their products or supply chains involve U.S.-origin components, technology, or software especially with re-exports and cloud collaboration.
- Robust systems and processes are essential to prove compliance. Compliance requires auditable, automated processes for screening, classification, and recordkeeping to demonstrate to regulators that every step was properly executed.
Differences between ITAR and EAR
ITAR and EAR often apply simultaneously in aerospace, but understanding their differences is critical. While ITAR and EAR are both U.S. export control regimes, they govern different types of items and are administered by separate authorities. In the aerospace and defense industries, it’s common for both to apply at different stages of a project, sometimes simultaneously. Misunderstanding these frameworks can lead to serious compliance failures. The table below highlights the distinctions every compliance professional should be aware of.
| Category | ITAR | EAR |
| Scope | Military/defense articles, tech, and services [United States Munitions List (USML)] | Dual-use and commercial tech [Commerce Control List (CCL) and EAR99] |
| Regulator | U.S. Department of State [Directorate of Defense Trade Controls (DDTC)] | U.S. Department of Commerce [Bureau of Industry and Security (BIS)] |
| Control List | U.S. Munitions List (USML) | Commerce Control List (CCL), EAR99 |
| Jurisdiction | Global, no de minimis threshold, applies to U.S. persons and items | Global, with de minimis thresholds and foreign direct product rules |
| Access Controls | U.S. Persons only; strict nationality-based restrictions | Deemed exports based on end-user’s home country; some flexibility |
| Registration | Mandatory for manufacturers/ exporters of defense articles | Not required unless handling certain encryption items |
| Penalties | Fines up to $1M/violation, jail, debarment | Similar fines; denial orders; placement on Entity List possible |
| Applies to Non-U.S. | Yes — foreign companies using ITAR tech need licenses for retransfers | Yes — if using/exporting U.S.-origin tech above de minimis thresholds |
ITAR/ EAR Export Control Decision Flow
This flowchart illustrates the steps involved in determining export control requirements, from identifying the item to classifying it under the appropriate regulation and obtaining necessary licenses.
ITAR and EAR Real-World Implications
There are real-world risks of ITAR and EAR violations. Many companies have paid a steep price for getting export controls wrong. From enormous financial penalties to reputational fallout and business-halting restrictions, the consequences of non-compliance can be devastating. Below are three high-profile examples that demonstrate just how seriously export authorities enforce these regulations.
| Case | Violation | Consequence | Lesson |
| Data Storage Company | EAR – Unauthorized exports to Chinese telecoms company | $300M fine | Misunderstanding de minimis rules is costly |
| Aerospace Corporation | ITAR – Improper disclosures and intermediaries | $10M + Consent Agreement | Damage to reputation + closer DDTC scrutiny |
| Telecommunication Technology Company | EAR – Illegal exports + false statements | $1.19B fine + denial order | Non-compliance can halt business entirely |
5 ITAR and EAR Blind Spots Even Experienced Teams Miss
Even the most experienced aerospace and defense companies aren’t immune to compliance risk. That is because compliance failures often stem not from, what we know is risky, but from what we assume is safe. It’s not the obvious risks that catch most companies off guard but factors that are overlooked because they seem routine or exempt.
1. Supplier Screening Assumptions
Many aerospace Original Equipment Manufacturers (OEMs) and Tier 1 contractors delegate compliance responsibilities to their supply chains. But very few can confidently say their Tier 2 or Tier 3 suppliers are consistently screening every transaction and every partner against every relevant list.
The risk is U.S. export authorities don’t just fine the supplier. They pursue the entity at the top of the chain, especially if there’s a failure to supervise.
To mitigate this, companies need more than signed agreements. They need auditable, up to date supplier screening tools and oversight mechanisms to maintain compliance throughout the supply chain.
2. Fragmented Global Execution
While export control policy may be centralized, but that doesn’t mean it’s consistently applied. In some cases, business units in different geographies might use different tools, processes, or interpretations of what “compliant” means.
Inconsistent execution across sites leads to uneven risk exposure especially in an industry such as aerospace, where fast-moving environments like component assembly or maintenance, repair, and operations (MRO) heighten the stakes.
Compliance teams are investing in platform-level controls that unify classification, screening, and auditing globally, regardless of location or business unit.
3. Incomplete Screening Scope
Compliance extends beyond customers and end-users. Intermediaries such as freight forwarders, logistics partners, and routing destinations must also be screened. Even if your customer is deemed compliant, transiting through a sanctioned country or using a restricted partner can still trigger an enforcement action.
Trade compliance teams need to adopt a comprehensive screening approach that includes screening all parties in the transaction chain and not just the front-facing entities.
4. Misunderstanding Jurisdictional Reach
A common misconception is that non-U.S. companies are only subject to local regulations. In reality, ITAR and EAR apply extraterritorially especially when U.S.-origin components, technology, or software are involved.
You may be subject to U.S. controls even if the final product is assembled in another geographic location, particularly in cases involving re-exports or cloud-based engineering collaboration.
This is where accurate Export Control Classification Number (ECCN) classification and jurisdictional awareness become critical because they determine whether your company is operating legally or risking potential enforcement and supply chain disruption.
5. Documentation Gaps in Audit Scenarios
Many teams believe they’re compliant because processes are being followed. However, unless you can demonstrate who was screened, when, how, and what the result was, it’s just an assumption.
In the eyes of regulators, no documentation often means no compliance, regardless of intent. Regulators require evidence of who was screened, when, how, and the results of screening.
That’s why modern compliance teams prioritise automated recordkeeping, timestamped logs, and exception tracking especially under increased audit scrutiny from Directorate of Defense Trade Controls (DDTC) and Bureau of Industry and Security (BIS).
In Summary
Strong compliance isn’t just about knowing the rules, it’s about closing the gaps between policy and execution. In the aerospace sector, compliance with ITAR and EAR is not optional, it’s essential.
If any of these blind spots feel familiar, it may be time to re-evaluate your current tools, processes, and risk assumptions. By implementing comprehensive screening processes, ensuring consistent global execution, and maintaining thorough documentation, companies can navigate the complexities of export control regulations effectively. Descartes Visual Compliance™ helps aerospace firms streamline screening, classification, and audit readiness from one platform.
