The International Traffic in Arms Regulations (ITAR) is United States regulation that controls the manufacture, sale, and distribution of defense and space-related products and services as defined in the United States Munitions List (USML). Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the sale or export of plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”.
ITAR requires that ALL access to physical materials or technical data related to defense and military technologies is restricted to US persons. Notice we did not say US Citizens? There are noted exceptions where for national interest reasons, a company may be able to share technical data with a foreign national employed by the US government. Likewise, companies are prohibited from sharing ITAR data with US Citizens employed by foreign governments and businesses.
Companies working with ITAR data must ensure that only US persons have access to that data on a network. Limiting access to the physical materials is straightforward; limiting access to digital data is more complicated.
ITAR exists to track sensitive military and defense materials and to keep that material out of the hands of U.S. enemies. Noncompliance can result in heavy fines (civil and criminal), the loss of government contracts, as well as significant brand and reputation damage.
What does this mean for an SMB?
- Computer Software/Hardware vendors
- Third-party suppliers
Every company in the supply chain needs to be ITAR compliant. If company A sells a part to company B and then company B sells the same part to a foreign power, company A is also in violation of ITAR.