Skip to main contentSkip to main content
All Guides
Comprehensive Guide26 min readFebruary 2025

Space Export Control: ITAR, EAR & EU Dual-Use Guide

Comprehensive guide to export control compliance for space technology. Covers US ITAR (USML Category XV), US EAR (ECCN 9A515), EU Dual-Use Regulation, Wassenaar Arrangement, technology transfer, deemed exports, Internal Compliance Programs, and penalty avoidance.

Export control compliance is one of the most consequential — and most frequently misunderstood — regulatory obligations facing space operators and manufacturers. A single misstep in technology transfer can result in criminal prosecution, multimillion-euro fines, debarment from government contracts, and reputational destruction. This guide provides a comprehensive overview of the three major export control regimes affecting European space activities: US ITAR, US EAR, and the EU Dual-Use Regulation.

Executive Summary

Space technology sits at the intersection of commercial innovation and national security, making it one of the most heavily export-controlled sectors globally. European space operators must navigate US controls (which reach extraterritorially through ITAR and EAR), EU controls (the Dual-Use Regulation), and the multilateral Wassenaar Arrangement. Understanding which regime applies to which technology — and when a "deemed export" occurs simply by sharing information with a foreign national — is essential for every space company.

Key facts:

  • ITAR controls defense articles on the US Munitions List, including many satellite components (USML Category XV)
  • EAR controls dual-use items on the Commerce Control List, including spacecraft and components (ECCN 9A515, 9D515, 9E515)
  • EU Dual-Use Regulation (2021/821) controls items listed in Annex I, with a catch-all clause for unlisted items
  • The Wassenaar Arrangement is the multilateral framework underlying most national dual-use controls
  • "Deemed export" rules mean sharing controlled information with a foreign national in your own office is an export
  • Penalties for violations can exceed USD 1 million per violation (ITAR) or EUR 500,000+ (EU)
  • An Internal Compliance Program (ICP) is essential for any space company

Part 1: US International Traffic in Arms Regulations (ITAR)

Overview

ITAR is administered by the US Department of State, Directorate of Defense Trade Controls (DDTC). It controls defense articles and services listed on the United States Munitions List (USML).

Why ITAR Matters to European Companies ITAR has extraterritorial reach. Any item containing US-origin ITAR-controlled components, technology, or software is subject to ITAR regardless of where it is located. This means:

  • A European satellite using a US-made radiation-hardened processor may be ITAR-controlled
  • A European company that received ITAR technical data cannot re-export it without US authorization
  • Launching an ITAR-controlled satellite on a non-US launch vehicle requires a re-export license
  • Even hiring a non-US national to work on ITAR programs requires authorization

USML Category XV — Spacecraft and Related Articles

Category XV covers spacecraft systems and associated equipment:

XV(a) — Spacecraft

  • Satellites designed for intelligence collection, military communications, or navigation warfare
  • Note: Many commercial satellites have been moved to EAR jurisdiction (see ECR reform below)

XV(b) — Ground Control Systems

  • Ground equipment specifically designed for USML spacecraft
  • Command and control systems for defense spacecraft
  • Mission planning systems for military space operations

XV(c) — Launch Vehicle Items

  • Launch vehicles specifically designed for military payloads
  • Components providing unique military capability

XV(d) — Propulsion Systems

  • Rocket propulsion systems not enumerated elsewhere on the USML
  • Advanced propulsion technologies with military application

XV(e) — Parts and Components

  • Specifically designed parts for USML items
  • Radiation-hardened components above certain performance thresholds
  • Certain focal plane arrays and detectors

XV(f) — Technical Data

  • Design, development, production, and operation data for Category XV items
  • This is often the most problematic control — pure information is controlled

Export Control Reform (ECR)

The ECR initiative (2013-present) moved many commercial satellite components from ITAR to EAR jurisdiction:

What Moved to EAR

  • Most commercial communications satellites and components
  • Remote sensing satellites below certain resolution thresholds
  • Many spacecraft bus components (non-military specific)
  • Certain ground equipment for commercial satellites

What Remains on ITAR

  • Satellites with intelligence collection capabilities
  • Military-specific space systems
  • Certain radiation-hardened components above performance thresholds
  • Classified space technology
  • Items providing unique military capability

ITAR License Types

License TypePurpose | Processing Time
DSP-5Permanent export of defense articles
30-60 days | | DSP-73 | Temporary export of defense articles | 30-60 days | | DSP-85 | Retransfer or re-export | 30-60 days | | TAA | Technical Assistance Agreement (sharing technical data/services) | 60-120 days | | MLA | Manufacturing License Agreement | 60-120 days | | Congressional notification | Required for exports > USD 14M (major defense equipment > USD 25M) | Additional 30 days |

Common ITAR Pitfalls for European Companies

  1. Conference presentations: Sharing ITAR technical data at international conferences without authorization
  1. Joint ventures: Establishing partnerships that involve ITAR technology transfer without TAAs
  1. Subcontracting: Flowing ITAR-controlled work to third-country subcontractors
  1. Employee access: Allowing non-authorized foreign nationals access to ITAR data
  1. Cloud storage: Storing ITAR data on servers accessible from non-authorized countries
  1. Email: Sending ITAR-controlled information to unauthorized recipients
  1. Trade shows: Displaying ITAR-controlled hardware at international exhibitions
  1. Mergers and acquisitions: Transferring ITAR licenses during corporate restructuring

Part 2: US Export Administration Regulations (EAR)

Overview

EAR is administered by the US Department of Commerce, Bureau of Industry and Security (BIS). It controls dual-use items on the Commerce Control List (CCL) and items moved from USML under ECR.

Relevant ECCNs for Space

9A515 — Spacecraft and Related Commodities Items controlled:

  • Commercial communications satellites (moved from USML)
  • Remote sensing satellites below specified thresholds
  • Spacecraft buses and structures
  • Solar arrays and power systems for spacecraft
  • Attitude determination and control subsystems
  • On-board data handling and processing systems

9B515 — Test, Inspection, and Production Equipment

  • Spacecraft environmental test chambers
  • Antenna test ranges for spacecraft
  • Solar simulation equipment
  • Vibration and acoustic test facilities

9D515 — Software

  • Software specifically designed for items in 9A515 or 9B515
  • Spacecraft flight software
  • Ground control software for 9A515 spacecraft
  • Simulation software for controlled spacecraft

9E515 — Technology

  • Technology for development, production, or use of 9A515-9D515 items
  • Design data, manufacturing know-how, test procedures
  • This includes "fundamental research" exclusion for basic research

EAR License Types and Exceptions

License Types:

  • Individual Validated License (IVL): For specific transactions
  • Special Comprehensive License (SCL): For ongoing business relationships

Key License Exceptions:

  • STA (Strategic Trade Authorization): Allows export to 36 allied countries without individual license for many ECCNs
  • TMP (Temporary exports): For temporary export and return of items
  • RPL (Servicing and replacement): For parts and components for previously exported items
  • GOV (Government): For exports to US government agencies and their contractors
  • TSR (Technology and Software Restricted): For certain technology releases

EAR Extraterritorial Reach

EAR also has extraterritorial application through several mechanisms:

De Minimis Rule

  • Foreign-made items incorporating US-origin controlled content may be subject to EAR
  • Threshold: 25% US-controlled content (by value) for most countries
  • Threshold: 10% for countries subject to US embargo (Cuba, Iran, North Korea, Syria)
  • Calculation methodology is complex and requires careful assessment

Foreign Direct Product Rule (FDPR)

  • Products manufactured using US-origin technology or software may be subject to EAR
  • Significantly expanded in recent years (particularly regarding China)
  • Can apply even when the US-origin content is purely in the production process
  • Requires careful assessment of technology lineage in manufacturing

Part 3: EU Dual-Use Regulation (EU 2021/821)

Overview

The EU Dual-Use Regulation is the primary European export control framework. It was significantly updated in 2021 with new provisions for cyber-surveillance technology, a catch-all clause, and enhanced transparency requirements.

Structure

Annex I — Control List Organized by category, mirroring the Wassenaar Arrangement:

  • Category 0: Nuclear materials and equipment
  • Category 1: Special materials and related equipment
  • Category 2: Materials processing
  • Category 3: Electronics
  • Category 4: Computers
  • Category 5: Telecommunications and information security
  • Category 6: Sensors and lasers
  • Category 7: Navigation and avionics
  • Category 8: Marine
  • Category 9: Aerospace and propulsion (most relevant for space)

Category 9 — Aerospace and Propulsion

Key control list entries for space:

EntryDescription | Notes
9A004Space launch vehicles and spacecraft
Including sounding rockets | | 9A010 | Specially designed items for launch vehicles | Components, stages | | 9A011 | Ramjet/scramjet/pulse detonation engines | Advanced propulsion | | 9A104 | Launchers (MTCR controlled) | Missile Technology Control Regime | | 9A116 | Re-entry vehicles | Controlled under MTCR | | 9B115 | Specially designed production equipment | Launch vehicle manufacturing | | 9D001-004 | Software for Category 9 items | Design, simulation, control | | 9E001-003 | Technology for Category 9 items | Development and production |

Additional Categories Relevant to Space

Space systems incorporate technologies from multiple control list categories:

  • 3A001: Electronics (radiation-hardened components, FPGAs)
  • 3A002: General-purpose electronics at extreme performance levels
  • 5A001: Telecommunications (satellite communication systems)
  • 5A002: Information security (encryption systems)
  • 6A002: Optical sensors (star trackers, Earth observation cameras)
  • 6A004: Optical equipment (telescopes, imaging systems)
  • 7A003: Inertial navigation systems and gyroscopes

Catch-All Clause (Article 4)

The EU Regulation includes a catch-all provision for unlisted items:

  • Applies when the exporter knows (or is informed by authorities) that items are or may be intended for WMD-related end-uses
  • Extended to military end-use in embargoed countries
  • New provision for cyber-surveillance items related to human rights concerns
  • Requires exporters to exercise due diligence on end-use

Authorization Types

TypeDescription | Scope
EU General Export Authorization (EU GEA)Pre-authorized exports for specific items to specific destinations
EU001-EU009 | | National General Export Authorization | Member State-level general authorizations | Varies by country | | Global Individual Export Authorization | Per-exporter for type of item to multiple destinations | Application-based |
Individual Export AuthorizationPer-transaction | Application-based |

Member State Implementation

While the Regulation is directly applicable, implementation varies:

| Country | National Authority | Special Provisions

FranceSBDU (Ministry of Economy)
Extensive space industry experience | | Germany | BAFA | Additional national controls beyond EU list | | Italy | UAMA (Ministry of Foreign Affairs) | Strong aerospace sector controls | | Netherlands | CDIU (Customs Administration) | Transit and brokering controls | | Belgium | Regional authorities | Split competence between regions | | Luxembourg | Ministry of Economy | Streamlined processes for small items | | UK (post-Brexit) | ECJU | Own control list but aligned with Wassenaar |

Part 4: The Wassenaar Arrangement

Overview

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is the multilateral framework that underpins most national dual-use export controls.

Key facts:

  • 42 participating states
  • Annual plenary updates the control lists
  • Category 9 covers aerospace and propulsion
  • Not a treaty — implemented through national legislation
  • EU Dual-Use Regulation Annex I largely mirrors Wassenaar lists

How Wassenaar Affects Space Operators

Control List Updates

  • Annual amendments can add or remove items
  • Space-relevant changes occur regularly (e.g., resolution thresholds for sensors)
  • Operators must monitor updates and reassess product classifications

Best Practice Guidelines

  • Wassenaar publishes guidance on catch-all controls
  • End-use/end-user due diligence recommendations
  • Transit and transshipment controls
  • Intangible technology transfer guidance

MTCR (Missile Technology Control Regime)

The MTCR overlaps significantly with Wassenaar for space:

  • Controls complete rockets and UAVs capable of delivering 500+ kg to 300+ km range
  • Category I items (complete systems): strong presumption of denial
  • Category II items (components, propulsion): case-by-case evaluation
  • Space launch vehicles are inherently MTCR-relevant technology
  • Distinguishing peaceful space launch from missile capability is a core challenge

Part 5: Technology Transfer and Deemed Exports

What Constitutes a Technology Transfer

A technology transfer occurs when controlled technology (information) is made available to a foreign person. This includes:

  • Providing documents (drawings, specifications, manuals, databases)
  • Visual inspection (allowing someone to observe controlled processes or equipment)
  • Oral exchanges (briefings, conversations, presentations, training)
  • Electronic access (email, shared drives, cloud platforms, screen sharing)
  • Training and education (courses, workshops, on-the-job training)

US Deemed Export Rule

Under both ITAR and EAR, releasing controlled technology to a foreign national in the US is treated as an export to that person's home country:

ITAR (22 CFR 120.50)

  • Any disclosure of ITAR technical data to a non-US person is a defense export
  • Requires authorization (license or TAA) regardless of location
  • Applies to visual inspection, conversation, and electronic access
  • Exception: fundamental research at accredited institutions (narrow application)

EAR (15 CFR 734.13)

  • Release of technology or source code to a foreign national is a deemed export
  • Must be licensed as if exporting to the person's country of citizenship/permanent residence
  • "Release" includes visual inspection, oral exchange, and electronic access
  • Exceptions: Published information, fundamental research, educational instruction

Practical Implications for European Space Companies

Hiring

  • Before hiring a non-EU national (or even certain EU nationals for ITAR work), assess export control implications
  • Technology Control Plans (TCPs) must be in place before giving access to controlled technology
  • Background screening should include export control risk assessment

Conferences and Trade Shows

  • Presenting technical papers at international events may constitute technology transfer
  • Booth demonstrations may allow visual inspection of controlled items
  • Social conversations at events can inadvertently disclose controlled information
  • Pre-event export control review is essential

Collaboration and Joint Ventures

  • Any technical collaboration with foreign partners requires export control assessment
  • Joint development programs may need licenses from multiple jurisdictions
  • Information barriers (firewalls) may be necessary within joint ventures
  • Sublicensing provisions must be carefully structured

Cloud Computing and IT Systems

  • Storing controlled technology on cloud servers accessible from abroad is an export
  • End-to-end encryption does not necessarily satisfy export control requirements under ITAR
  • Access controls must prevent unauthorized foreign access
  • Data localization requirements may apply

Part 6: Item Classification

How to Classify Space Items

Classification is the foundational step in export control compliance. Misclassification is one of the most common causes of violations.

Step 1: Jurisdiction Determination

  • Is the item on the USML? If yes, ITAR applies.
  • If not on USML, is it on the EAR Commerce Control List? Check ECCNs.
  • Is it on the EU Dual-Use Regulation Annex I? Check category entries.
  • If not on any control list, it may still be subject to catch-all controls.

Step 2: USML Review (for US-origin or US-content items)

  • Review each USML category systematically
  • Focus on Category XV for spacecraft and components
  • Consider paragraph-level specificity (XV(a) vs XV(e))
  • Note: "specifically designed" and "specially designed" have precise legal meanings

Step 3: ECCN Classification (if not USML)

  • Identify the relevant CCL category (usually Category 9 for space)
  • Check product group (A=equipment, B=test equipment, C=materials, D=software, E=technology)
  • Review the control entry parameters (specifications, thresholds)
  • Determine reason for control (NS=national security, MT=missile technology, etc.)

Step 4: EU Control List Review

  • Annex I organized by Wassenaar categories
  • Check specific technical parameters against your item's specifications
  • Note dual-use items may be controlled even at lower specifications than USML
  • Document your classification rationale

Classification Requests

When uncertain, operators can request official classification:

RegimeRequest Type | Authority | Timeline
ITARCommodity Jurisdiction (CJ) request
DDTC | 30-60 days | | EAR | Classification request (CCATS) | BIS | 14-30 days | | EU | National authority classification | Varies | Varies (weeks-months) |

Self-Classification Best Practices

  • Document every classification determination in writing
  • Include technical specifications compared to control list parameters
  • Have classifications reviewed by qualified export control personnel
  • Re-classify when item specifications change
  • Maintain classification records for the required retention period (typically 5-7 years)

Part 7: Internal Compliance Programs (ICPs)

Why an ICP is Essential

An Internal Compliance Program is a structured set of policies, procedures, and controls to ensure export control compliance. For space companies, an ICP is:

  • Often required by export control authorities for certain license types
  • A mitigating factor in enforcement actions (significant penalty reduction)
  • Expected by customers and partners as evidence of compliance maturity
  • Essential for managing the complexity of multi-regime compliance

EU ICP Elements (EU Recommendation 2019/C 329/01)

The EU has published detailed guidance on ICP elements:

1. Top Management Commitment

  • Formal export control policy statement signed by senior management
  • Allocation of adequate resources (personnel, training, IT systems)
  • Clear reporting lines to senior management
  • Regular management review of compliance program

2. Organization and Responsibilities

  • Designated Export Control Officer (ECO) or team
  • Clear responsibilities across the organization (engineering, procurement, sales, HR, IT)
  • Authority to stop transactions that raise compliance concerns
  • Independence from commercial pressure

3. Screening Procedures

  • Transaction screening against sanctions and denied party lists
  • End-use and end-user due diligence
  • Red flag indicators and escalation procedures
  • Country risk assessment

4. Classification Procedures

  • Systematic classification methodology
  • Documentation requirements
  • Review and update processes
  • Expert resources (internal and external)

5. License Management

  • License application procedures
  • License condition tracking and compliance
  • License return and amendment processes
  • Record-keeping for all license activities

6. Physical and IT Security

  • Access controls for controlled technology
  • Secure storage for controlled items and documents
  • IT security measures (access restrictions, encryption, audit trails)
  • Visitor management procedures

7. Training and Awareness

  • Regular training for all relevant personnel
  • Role-specific training (engineers, procurement, sales)
  • New employee onboarding
  • Training records and refresher schedules

8. Audit and Reporting

  • Internal audit program (annual minimum)
  • Voluntary self-disclosure procedures for violations
  • Performance metrics and KPIs
  • Continuous improvement process

Part 8: Penalties and Enforcement

ITAR Penalties

Violation TypeCriminal Penalty | Civil Penalty
Unauthorized exportUp to USD 1 million per violation and/or 20 years imprisonment
Up to USD 1,213,116 per violation | | Conspiracy | Same as above | Same as above | | Brokering without license | Same as above | Same as above | | Failure to register | Up to USD 1 million | Administrative action |

Additional consequences:

  • Debarment from US government contracts
  • Denial of future export licenses
  • Loss of access to US technology
  • Reputational damage affecting commercial relationships

Notable ITAR enforcement actions in space:

  • Hughes/Boeing (2003): USD 32 million settlement for providing space launch technical assistance to China
  • Raytheon (2018): USD 8 million for various ITAR violations including satellite components
  • Multiple cases involving unauthorized sharing of satellite technical data

EAR Penalties

Violation TypeCriminal Penalty | Civil Penalty
Willful violationUp to USD 1 million and/or 20 years imprisonment
Up to USD 364,992 per violation or twice the transaction value | | Non-willful violation | N/A | Up to USD 364,992 per violation | | Conspiracy | Same as willful | Same as willful |

Additional consequences:

  • Denial of export privileges (effectively excluding from international business)
  • Entity List designation
  • Increased scrutiny on all future transactions

EU Penalties

Penalties vary by member state but include:

CountryMaximum Fine | Criminal Sanctions
GermanyEUR 500,000+ per violation
Up to 15 years imprisonment | | France | EUR 750,000 and/or 5 years imprisonment | Yes | | Netherlands | Category 5 fine (~EUR 103,000) | Up to 6 years imprisonment | | Italy | EUR 250,000+ | Up to 12 years imprisonment | | Belgium | EUR 500,000 | Up to 5 years imprisonment |

Voluntary Self-Disclosure

Both US regimes encourage voluntary self-disclosure of violations:

ITAR (DDTC)

  • Significant mitigating factor in penalty assessment
  • May result in no penalty for minor violations
  • Must be prompt, thorough, and include corrective actions
  • Average penalty reduction: 50-75%

EAR (BIS)

  • Similar mitigation benefits
  • Must include root cause analysis
  • Corrective actions must be documented
  • Non-disclosure is considered an aggravating factor

EU

  • Practice varies by member state
  • Generally viewed favorably by enforcement authorities
  • Demonstrates good faith and compliance culture
  • ICP existence and disclosure together provide strongest mitigation

Part 9: Practical Compliance Workflow

For New Programs/Products

  1. Classification: Classify all items, technology, and software before any international engagement
  1. Jurisdiction determination: Identify whether ITAR, EAR, or EU controls apply (or multiple)
  1. Partner screening: Screen all foreign partners, customers, and suppliers against denied party lists
  1. End-use assessment: Evaluate intended end-use and end-user for red flags
  1. License determination: Determine if licenses are required and which type
  1. License application: Apply for necessary authorizations with complete and accurate information
  1. Compliance conditions: Track and comply with all license conditions
  1. Record-keeping: Maintain complete records for the required retention period

For Ongoing Operations

  • Annual ICP audit: Review and update compliance procedures
  • Classification review: Reassess classifications when items change or control lists are updated
  • Training refresh: Annual training for all relevant personnel
  • List screening: Continuous screening against updated sanctions and denied party lists
  • Regulatory monitoring: Track changes to ITAR, EAR, EU Regulation, and Wassenaar lists
  • Incident management: Promptly investigate and address potential violations

Technology Control Plan Template

For programs involving controlled technology, a Technology Control Plan should cover:

  • Scope: What controlled items and technology are involved
  • Personnel: Who has authorized access (by name, citizenship, clearance)
  • Physical controls: Secure areas, locked storage, visitor escorts
  • IT controls: Access restrictions, encryption, audit logging
  • Communication: Approved channels for sharing controlled information
  • Travel: Procedures for international travel with controlled items or data
  • Subcontracting: Flow-down of export control requirements
  • Training: Program-specific export control training
  • Monitoring: Compliance verification activities
  • Incident response: Procedures for suspected violations

How Caelex Helps

Caelex's Export Control Compliance features support space operators navigating this complex landscape:

  • Regulatory Mapping: Identifies which export control regimes apply based on your technology profile and business relationships
  • Classification Assistance: Guided workflow for USML, ECCN, and EU Dual-Use classification with documentation
  • Partner Screening: Integration guidance for denied party list screening across US and EU regimes
  • ICP Framework: Templates and checklists for building and maintaining Internal Compliance Programs
  • License Tracking: Monitor license applications, conditions, and expiration dates
  • Training Resources: Export control training materials tailored to space industry contexts
  • Audit Support: Generate compliance reports and audit documentation
  • Regulatory Updates: Alerts when control list changes affect your classified items

Conclusion

Export control compliance is not optional — it is a fundamental obligation for every space company operating internationally. The overlapping jurisdictions of ITAR, EAR, and the EU Dual-Use Regulation create a compliance challenge that requires systematic management through a robust Internal Compliance Program. European space operators must be especially vigilant about US extraterritorial controls that can apply through components, technology, or even the production equipment used to manufacture spacecraft. The consequences of violations — from financial penalties to imprisonment to complete exclusion from the global space supply chain — make export control compliance an existential business requirement. By investing in proper classification, training, and compliance infrastructure, space companies protect not only themselves but their employees, partners, and the broader European space ecosystem.

Ready to assess your compliance?

Get your personalized regulatory profile across EU Space Act, NIS2, and national space laws in minutes.

Start Free Assessment