IDC Names Securiti a Worldwide Leader in Data Privacy


ITAR Exemptions: Navigating the Regulations to Avoid Penalties

By Securiti Research Team
Published June 2, 2023

Listen to the content

Treading the path of international defense articles or services trading is fairly challenging due to stringent arms regulations. The International Traffic in Arms Regulations (ITAR) is one such comprehensive and complex set of provisions in the United States that regulates the trade (export and import) of defense-related articles, services, and even sensitive data.

Businesses that are engaged in defense-related goods and data have to go through a strict set of requirements for ITAR compliance and be eligible for defense export. For instance, ITAR-covered businesses must get registered with the regulatory authority, obtain export or import permits, and keep a record of all ITAR-related activities, to name a few.

Under all those intricate webs of requirements exists an elbow room that can make the compliance process significantly faster and smoother for certain items or services. This leeway is called the ITAR exemption.

Remember, ITAR applies not only to businesses that directly deal in defense-related articles, such as manufacturers or sellers of military arms, equipment, software, and data, it also applies to vendors, suppliers, etc. Therefore, it is critical for any business engaged in defense-related articles, either directly or indirectly, to understand the requirements and exemptions of ITAR-covered transactions to make compliance seamless and streamline defense commerce.

What is an ITAR Exemption?

The International Traffic in Arms Regulation (ITAR) is governed, overseen, and enforced by the Directorate of Defense Trade Controls (DDTC) at the US Department of State. The regulation is established to govern the export or temporary import of sensitive military-grade items, services, and data for the national security of the country.

ITAR applies to a specific list of military or government-level arms, equipment, software, services, or data covered under the United States Munition List (USML). The list carries up to 21 categories of items that include fully-assembled items to spare parts, patents, blueprints, technical documents, and software. However, not every item on the list demands ITAR-covered businesses to apply for and obtain export permits.

Businesses are often quick to jump when it comes to obtaining licenses which is a fairly laborious and time-consuming process. Instead, businesses must first consider the exemptions provided on certain USML-covered items.

So, what exactly does an exemption mean under ITAR? By definition, an ITAR exemption refers to specific situations where businesses can undertake the export, reexport, retransfer, temporary import, or brokering of a specific defense article or defense service without a license or other written authorization.

The government has allowed the exemptions to relax the regulations on certain items that it believes are safe to export and don’t harm the US national security. That being said, there is a wide range of exemptions under ITAR that facilitate some limited transactions without the need for an export or temporary import license by the DDTC.

Types of ITAR Exemptions & Eligibility

Exemptions can be found in varying Parts under the ITAR provisions. Let’s take a quick look at those ITAR exemptions and the related eligibility requirements.

Exemptions in Part 123 - Export or Temporary Import of Defense Articles

Part 123.4 outlines the exemptions for the temporary import of defense articles that are to be imported for servicing purposes, such as repairing, testing, overhauling, and upgrading of the article or exhibition for marketing in the United States. The exemption applies to only unclassified items that are of US-origins.

Similarly, Part 123.16 lists the exemptions for exporting unclassified defense articles or components that are less than $500 in value. The items listed in this section must not be shipped to a distributor but only to a previously approved and authorized entity. The exporter must not make more than 24 shipments per year.

It is also to be noted that ITAR-covered entities must only be exported to embargoed or sanctioned destinations. Further, exemptions can be nullified with a congressional notification requirement.

To use the exemption, the businesses must meet the eligibility criteria mentioned under Part 123.16 for approvals of export or temporary imports. Moreover, as general criteria for all exemptions, the covered entities are required to file an Electronic Export Information (EEI). In this case, the EEI must have the consignee's name on it, which should be the same as the end-user.

Exemptions in Part 124 - Defense Services (Training & Military Service)

This part mandates seeking approval from the DDTC by way of submitting a proposed agreement before furnishing defense services. However, the provision of training in the basic operation and maintenance of defense articles lawfully exported or authorized for export to the same recipient is exempt from this requirement. Similarly, no permits or licenses are required for training or military services for NATO countries, including Australia, Japan, and Sweden. Furthermore, NATO foreign persons are also allowed to receive technical data or maintenance training without fulfilling the requirements under this part.

Exemptions in Part 125 - Export of Technical Data

As per the exemptions provided under this part, a covered entity doesn’t require a license or a permit for sharing technical data (classified or unclassified) with US persons. However, the exemption applies not for export authorization but to further an agreement containing scope and limitation. It is also important to note that the exempted technical data doesn’t include data that is associated with the development or production of a defense article.

Apart from that, there are certain other restrictions related to the export exemption of technical data provided under part 125.4(9). For instance, the exported, reexported, or retransferred data can only be possessed by a US person or any unauthorized foreign person. Classified data, which is transferred outside the US, must be in accordance with the guidelines provided by the Department of Defense National Industrial Security Program Operating Manual. Lastly, unclassified technical data is also exempted from any licensing requirements and can be exported to NATO nationals, such as in Australia, Sweden, or Japan.

Exemptions in Part 126 - USG & Country-Specific Exemptions

Part 126 of ITAR covers exemptions associated with the United States Government (USG) agencies and some sanctioned countries. For instance, export or import licenses are not required for defense-related items or services when the request is made by a department or agency or a person of the US Government. However, for export clearance, it is essential to file an EEI to the U.S. Customs and Border Protection.

Similarly, Part 126 further lists exemptions related to certain countries like Canada, the United Kingdom, Australia, and some NATO nations. These exemptions allow permanent or temporary export of defense-related goods, services, as well as data.

The processes and eligibility requirements in ITAR exemptions vary greatly, depending on the specific exemption. Therefore, it is necessary for businesses to thoroughly go through the specifications in each provision to make the best use of the exemption they are seeking.

Speed Up & Streamline ITAR Compliance with Securiti

Securiti DataControls Cloud helps businesses derive sensitive data insights across their corporate data landscape to streamline their privacy operations. Speed up ITAR compliance by getting visibility of your ITAR data, what regulations and exemptions apply to it, and how you can automate compliance.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend