What is ITAR? Compliance Overview & FAQs

If your organization deals with defense-related items or information, you may need to follow the International Traffic in Arms Regulations (ITAR). Here’s an overview of what ITAR is, who it applies to, and what it means to be ITAR compliant.

What is ITAR?

The International Traffic in Arms Regulations (ITAR) is a United States regulation that controls the export and import of defense articles and services on the United States Munitions List (USML). This includes the actual products on the USML, defense services, and the plans or documentation used to build or support them (“technical data”). Examples of technical data include part drawings, photos, software, and other classified information related to the defense articles or services.

The purpose of the ITAR is to prevent military and defense-related items and information from falling into the wrong hands and to protect against national security threats. The ITAR states that only U.S. citizens and U.S. Green Card holders can access items on the USML, unless otherwise authorized.

Who does ITAR apply to?

All manufacturers, exporters, temporary importers, brokers, or providers of defense articles, services, or technical data listed on the USML need to comply with the ITAR. If you’re working with subcontractors, vendors, or other companies in your supply chain during the transaction or handling of ITAR-controlled items, verify that they are also complying with the regulations.

How can my business comply with ITAR?

The ITAR is purposefully vague in order to give the government more flexibility and control over defense-related items. At a high level, if your business is subject to ITAR, you need to:

1. Register with the State Department’s Directorate of Defense Trade Controls (DDTC). This is required for all businesses that are subject to ITAR, and is generally a prerequisite for obtaining any further export licenses or approvals.
   
   
2. Understand how ITAR applies to your USML goods, services, or data, and make sure you are meeting ITAR requirements.

It’s up to each organization to develop, implement, and maintain their own policies to meet these requirements. There is no official ITAR certification, only registration with the DDTC and the responsibility of being compliant.

Here are the basic steps you can take to follow ITAR requirements:

1. Determine whether ITAR applies to your organization
   
   
2. Read and understand the ITAR
   
   
3. Register with the DDTC
   
   
4. Implement an ITAR/export compliance program across your organization
   
   
5. Comply with reporting and recordkeeping requirements
   
   
6. Obtain the necessary export/import licenses, manufacturing agreement approvals, and authorization for defense services
   
   
7. Ensure other organizations in your supply chain are ITAR compliant
   
   
8. Understand whether any exemptions apply to your organization
   
   
9. Report any ITAR violations that occur

What happens if I don't comply with ITAR?

Penalties for violating ITAR requirements include:

• Civil or criminal fines up to $1,000,000 per violation
• 20 years imprisonment per violation for criminal charges
• Debarment from participating in ITAR-controlled transactions

A company that doesn’t comply with ITAR could also suffer damage to its reputation and potential loss of business as a result. 

Becoming ITAR registered and compliant can create new opportunities for small manufacturers and open the door for new customers who want to produce ITAR-controlled parts. Get our free ITAR requirements guide & checklist to learn more about ITAR and what you can do to be compliant.

Download free ITAR requirements checklist

Resources: Visit the DDTC’s website to view the full ITAR and learn more about the regulation.