Skip to main content

FAQ

U.S. export controls are federal regulations designed to protect national security and support foreign policy objectives. Most university activities fall under one of two frameworks: the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). Understanding which one applies to your work is the first step in ensuring compliance.

ITAR

ITAR applies to items and information that are specifically designed, developed, or modified for military use. These are not general-use technologies—they are tied directly to defense systems and national security. In practice, this includes military equipment, components, and the technical data required to build, use, or maintain them. Certain space technologies are also included because of their connection to missile systems.

ITAR is intentionally restrictive. It does not weigh academic benefit or commercial value—its purpose is to control access. As a result, sharing ITAR-controlled information, including in a research setting, may require prior U.S. government authorization, particularly when foreign persons are involved.

The U.S. Munitions List covers items specifically designed, developed, or modified for military use.

If something appears on the U.S. Munitions List (USML), it falls under ITAR. This includes:

  • Weapons systems, munitions, and military vehicles
  • Military electronics, sensors, and guidance systems
  • Certain spacecraft and defense-related technologies
  • Related technical data and defense services

Items on the USML are subject to strict controls and typically require prior authorization for export or access by foreign persons.

EAR 

EAR applies to items that are primarily developed for commercial use but could also have military or strategic applications.  This includes a wide range of technologies commonly encountered in research environments—such as advanced computing systems, certain engineering components, and some biological materials. Unlike ITAR, EAR operates on a tiered, risk-based framework. Whether a license is required depends on multiple factors, including the item itself, where it is going, who will use it, and how it will be used. This means EAR allows for more flexibility, but it also requires more case-by-case judgment. The Commerce Control List covers “dual-use” items—technologies developed for commercial purposes that may also have military or strategic applications.

This includes:

  • Advanced computing and electronics
  • Telecommunications and information security systems
  • Sensors, lasers, and navigation equipment
  • Certain biological, chemical, and materials technologies

Items on the CCL are assigned an Export Control Classification Number (ECCN), which determines licensing requirements based on destination, end user, and end use.

Academic Context: Fundamental Research

In a university setting, most research is not subject to export controls if it qualifies as the Fundamental Research Exclusion (FRE). This applies when:

  • Research is conducted at an accredited U.S. institution
  • Results are intended for broad publication
  • There are no restrictions on participation or dissemination

Important: The FRE may not apply if:

  • A sponsor restricts publication
  • Access to the project is limited based on citizenship
  • Additional confidentiality or access controls are imposed

When to Contact Research Compliance

You do not need to classify items yourself, but you should recognize when classification may be required. Export control review may be needed if your work involves:

  • Specialized equipment, prototypes, or components
  • Proprietary or restricted technical data
  • Software or systems with encryption, security, or advanced processing capabilities
  • Biological, chemical, or materials research with potential dual-use applications

Contact Research Compliance before proceeding if you are:

  • Accepting restrictions on publication or participation
  • Shipping equipment, materials, or samples internationally
  • Collaborating internationally, especially with restricted or sanctioned regions
  • Providing access to controlled technology, labs, or data to foreign nationals
  • Traveling internationally with research equipment, software, or sensitive data
  • Unsure whether your work is subject to export controls
  • Sharing controlled technology with a foreign national in the U.S.

Export-controlled information cannot be shared, transferred, or accessed by unauthorized individuals without prior U.S. government authorization. This includes both international transfers and access within the United States.

Export-controlled information includes technical data, materials, software, or documentation (e.g., blueprints, schematics, source code, formulas) related to items with potential military or strategic applications. It does not include:

  • General scientific, mathematical, or engineering principles commonly taught in courses
  • Publicly available or published information
  • Basic descriptions of system function or purpose

Control is based on the nature of the information, not the intended use. Use of controlled technology in a non-military project does not remove export control obligations.

The “Deemed Export” Rule

A foreign person is anyone who is not a U.S. citizen or lawful permanent resident.

Providing export-controlled information to a foreign person within the United States is considered a deemed export and may require prior authorization.

This can occur through:

  • Visual access to equipment or materials
  • Verbal discussions
  • Access to files, systems, or secured environments

There are no role-based exceptions (including for students or visiting scholars).

In some cases, a U.S. government license may be required to allow access or collaboration. Licensing determinations are handled by Research Compliance.

Technology Control Plans 

Projects involving export-controlled information must operate under an approved Technology Control Plan (TCP)before work begins. The TCP defines how access will be restricted and how information will be secured.

Typical safeguards include:

  • Personnel Controls: Access limited to individuals authorized under the TCP
  • Physical Security: Work conducted in controlled-access spaces; materials not visible to unauthorized individuals
  • Marking: Export-controlled materials clearly labeled to indicate handling restrictions
  • Data Storage: Use of institutionally approved, access-controlled storage for both electronic and physical records
  • IT Security: Password protection, encryption, and secure network access as required
  • Equipment Control: Restricted access to controlled equipment, components, and associated documentation
  • Conversations:Discussions limited to authorized personnel and appropriate settings

Additional Considerations:

  • Do not store or transmit controlled information using personal email or unapproved cloud services
  • Do not access controlled data from unsecured or personal devices
  • Avoid discussing controlled work in open or shared environments
  • International travel or remote system access may introduce additional restrictions and should be reviewed in advance

Common Risk:

  • Third-party data: Controlled information received under an NDA or other agreement may be subject to export controls, even if the broader project is academic
  • Foreign national participation: Hiring or assigning foreign persons to controlled projects may require prior review
  • Shipping and transfers: Exporting equipment, materials, or data outside the U.S. may require authorization

When to Contact Research Compliance

Contact Research Compliance before proceeding if you are:

  • Working with controlled or restricted information
  • Negotiating agreements involving proprietary, restricted, or export-controlled data
  • Providing access to foreign nationals
  • Shipping materials, equipment, or data internationally
  • Traveling with research equipment or sensitive data
  • Unsure whether export controls apply

Export controls apply the moment you cross a U.S. border or ship an item overseas. Federal law treats a laptop in your carry-on, a biological sample in a FedEx crate, and a technical briefing at a foreign university all as "exports."

1. Traveling with Technology: The "Clean Device" Rule

Taking a university-issued device abroad is legally an export of the hardware, the software, and every file stored on it.

The Risk: If your device contains export-controlled data or proprietary research, taking it abroad may require a federal license.

VPNs & Encryption:

U.S. Law: Exporting high-level encryption software to certain countries (like China or Russia) may require a license.

Local Law: In countries like China, Iran, or the UAE, using an unauthorized VPN or having an encrypted device can lead to seizure, fines, or arrest.

 

The "Clean Device" Solution: For high-risk destinations, CITS will provide Clean Devices. These are "scrubbed" laptops or phones with a fresh OS and no research data, saved passwords, or sensitive software. This protects you from local law enforcement and protects the university from data breaches.

Shipping and Hand-Carrying

"If it leaves the U.S., it is an export." There is no legal difference between shipping an item via courier and carrying it in your checked luggage.

Physical Items: This includes prototypes, specialized sensors, instruments, and biological or chemical samples.

EEI Filing: U.S. Census Bureau regulations require an Electronic Export Information (EEI) filing for any shipment valued over $2,500 (per Schedule B number), or if an export license is required regardless of value.

Temporary Exports (TMP/BAG): If you are taking university equipment abroad (like a laptop or scientific tool) and intend to bring it back within one year, you may qualify for the TMP "Tools of Trade" exception. Personally owned items may fall under the BAG (Baggage) exception. These must be documented before you depart.

Remote Access & Information Sharing

Export controls apply to information shared abroad, not just physical items.

Remote Access: Accessing controlled technical data or proprietary systems from outside the U.S.—including through a VPN—is legally considered an export to the country you are standing in. Never assume remote access is allowed for restricted research.

Conference Presentations: You may freely share published information and general scientific principles. However, you may not share unpublished technical data or proprietary sponsor information without a prior license review.

Best Practices for High-Risk Travel

If you must travel to a country with strict surveillance or sanctions:

Assume No Privacy: Electronic communications in hotel rooms and via public Wi-Fi are often monitored by state agencies.

Don't "Hide" Encryption: Attempting to hide encrypted partitions from border officials can be interpreted as a criminal act. Use a Clean Device that has "nothing to hide."

Wipe & Reset: Upon return, have IT professionally "wipe" the device before reconnecting it to the university network, and immediately change all passwords.

When to Contact Research Compliance

Contact us at least 30 days prior to your departure or shipment if:

High-Risk Destinations: Travel involves a sanctioned or higher-risk country (e.g., Cuba, Iran, North Korea, Syria, Russia, China).

Controlled Tech: Your device contains research data, proprietary information, or technology subject to a Technology Control Plan (TCP).

Physical Exports: You are shipping or carrying equipment, materials, or samples outside the U.S.

Remote Access: You plan to access restricted university systems while abroad.

Fundamental Research and Sponsored Research

The vast majority of academic work is exempt from export controls under the Fundamental Research Exclusion (FRE). This legal framework ensures that research results can be shared openly within the scientific community without federal licenses. The exclusion is defined by how the work is conducted and shared, rather than just the sensitivity of the topic. When research is performed at an accredited U.S. institution with the intent to publish and without restrictions on participation or access, it generally falls outside the scope of ITAR and EAR regulations.

The Standard for Exemption

Research remains "fundamental" as long as it is basic or applied research in science and engineering where the resulting information is ordinarily published and shared broadly. The topic can be advanced or highly sensitive, but as long as the research environment remains open, the exclusion applies. The key issue is not the nature of the science, but whether external restrictions are introduced that interfere with the free flow of information.

When the Exclusion is Lost

A project loses its status as fundamental research when specific conditions are placed on the work, typically through sponsored agreements or external collaborations. This most often occurs when a sponsor is granted the right to review and approve publications before they are released, rather than merely reviewing them to protect patent rights. The exclusion is also vitiated if the project limits who can participate based on citizenship or national origin, or if confidentiality provisions are introduced that restrict the dissemination of research outcomes.

Sponsored Research and Industry Agreements

Collaborating with industry partners does not automatically trigger export controls, but the contractual terms are the deciding factor. Agreements that include strict confidentiality obligations or limits on dissemination can shift a project out of the fundamental research category. This is particularly relevant in projects involving collaborative development work where the university is using proprietary data or restricted technical information provided by the sponsor. In these cases, the research results might be publishable in part, but the specific technical inputs or internal activities of the project may require formal export control management.

The Role of Non-Disclosure Agreements (NDAs)

Information received under an NDA is a common entry point for export controls in an academic setting. Even if the broader project qualifies as fundamental research, the specific technical data or materials provided by a third party under an NDA may be controlled. This distinction is vital: a researcher can be engaged in fundamental research while simultaneously handling controlled "inputs" that must be protected from unauthorized access by foreign nationals.

Participation and Access Controls

Fundamental research allows for open participation by international students and collaborators without the need for federal licenses. However, once the fundamental research exclusion is lost due to contractual restrictions, the "Deemed Export" rule takes effect. This means that providing technical data to a foreign national within the U.S. is legally considered an export to that person’s home country. In such cases, the university may need to implement structured access controls or apply for federal licenses to allow foreign national participation.

Consequences of Controlled Research

If a project is subject to ITAR or EAR because it does not meet the fundamental research criteria, the university must implement specific safeguards. These include the development of a Technology Control Plan (TCP) to manage data and hardware, and potentially the use of enhanced cybersecurity protocols for "Controlled Unclassified Information" (CUI). International travel, global collaborations, and even internal lab discussions may require prior review by the Research Compliance office to ensure no unauthorized transfers of technology occur.

Engaging Research Compliance

The best time to address these considerations is during the proposal stage or before a contract is finalized. Early involvement by Research Compliance helps avoid the need to redesign a project’s scope or limit student participation after work has already begun. Review is necessary whenever a project includes sponsor-imposed restrictions, involves third-party proprietary data, or raises questions about whether the research can be conducted openly and without citizenship-based limitations.

Bottom Line

Most academic research is not controlled. The science itself rarely triggers export controls; instead, the presence of restrictions on publication, access, or data use changes the legal landscape. When those restrictions are introduced, the fundamental research exclusion ends and export control requirements begin.

Export Control Screening

When should I complete this?
Complete this screening if your project involves international activities, external sponsors, controlled technologies, or restrictions on research or participation. If you are unsure, it is always appropriate to check. If you answer “YES” to any question below, contact spena4@umassd.com for review.

  1. Controlled Items or Technology
    Does this project involve military/defense items (ITAR/USML) or dual-use items (EAR/CCL), including related equipment, materials, software, or technology?
  2. Technical Data, Software, or Assistance
    Will you share, transmit, or provide access (including verbally or electronically) to technical data, software, or know-how related to controlled items?
  3. International Activities (Travel, Shipping, or Collaboration)
    Does this project involve:
    • International travel,
    • Shipping or carrying items/data outside the U.S., or
    • Collaboration with foreign institutions or individuals?
  1. Foreign Nationals (Deemed Export Risk)
    Will foreign nationals (including students, staff, or visitors) have access to equipment, data, or research activities that may be restricted?
  2. Sanctions & Restricted Parties
    Does this project involve:
    • Sanctioned/embargoed countries (OFAC), or
    • Restricted/denied individuals or entities?
  1. Encryption or Controlled Software
    Does this project involve non-public encryption software, source code, or controlled computing technologies?
  2. Weapons or Sensitive End Use
    Could the research, materials, or data be used in military applications or the development of nuclear, chemical, or biological weapons, or their delivery systems?
  3. Restrictions on Participation or Dissemination
    Does the project include:
    • Publication or dissemination restrictions,
    • Access limitations (e.g., U.S. persons only), or
    • Sponsor-imposed confidentiality beyond standard academic practice?