As a leading international research institution, UMD researchers create and have access to sensitive technologies that are controlled by US export laws due to reasons of national security, economic, and foreign policy. While UMD has a goal of promoting academic freedom and sharing of information to the greatest extent possible, researchers and administrators need to be mindful of the legal restrictions including the significant personal liability associated with handling sensitive technologies. It is the primary goal of the Export Compliance Office (ECO) to protect our researchers and support research advancement by providing the least burdensome approach to complying with US export laws.
This website will provide a very condensed overview of an extensive set of laws that impact research activities on campus. The most important thing for the researcher and administrator is to be aware of the existence of these laws and to know when to contact the ECO for more detailed training and assistance.
Export Compliance 101
The question often comes up as to why a university with a domestic campus would need to worry about export compliance. The term “export” most likely conjures up images of shipping ports and border security.
It’s true, the university is not in the business of exporting goods (although it does happen from time to time). However, the legal definition of “export” also includes the sharing of information to non-US persons. This “sharing” can take many forms such as oral and visual disclosure in classrooms and labs, sending technical data in emails to foreign collaborators, and traveling out of the US with electronically stored data on laptops or other devices. US export laws are equally concerned with these less tangible forms of export that can take place in the university environment due to our frequent access to cutting-edge technology and multi-cultural classrooms and laboratories. This sharing of technology is commonly referred to as a “deemed export.”
You will see these two acronyms used frequently in any discussion of export compliance. These terms are described in more detail on the US Export Laws tab, but in a nutshell, these terms describe the two sets of US laws that govern importing and exporting of virtually all goods and technologies. The International Traffic in Arms Regulations (ITAR) are administered by the Department of State and focus on technologies that are specifically designed for military applications. The Export Administration Regulations (EAR) are administered by the Department of Commerce and cover all other good and technologies including “dual-use” technologies that are considered to have both military and commercial applications.
The definition of “export” differs depending on which set of laws you look at (EAR or ITAR) but it generally consists of any of the following activities:
- Shipment of physical items out of the country, or in the case of certain defense articles, providing them to a foreign person, regardless of their location.
- Shipment of technical data out of the country. This can occur by email, facsimile, phone call, and even by traveling with a hard disk or document containing controlled technical data.
- Disclosure of controlled technical data to a foreign person in any location. This disclosure can include verbal, written, electronic and visual disclosure. Export laws define “foreign person” as anyone who is not a US Citizen or Permanent Resident.
You’ll see the term “controlled data” tossed around throughout this website. This is the million-dollar question and if it were easy to answer, there probably wouldn’t be a need for an Export Compliance Office. Yet, understanding what data is controlled is the key to avoiding an unauthorized "deemed export". Let’s start by looking at the definition of “technical data”. The definitions for ITAR components and EAR components are similar but the ITAR definition is the most broad: information […] which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of a defense article (22 CFR Part 120.10). Note that the items are separated by an “or” meaning that data with any one of those components could meet the definition of technical data.
So if you have data that meets the definition above, that doesn’t necessarily mean it’s controlled. There are two things to look at before we can determine if we are dealing with “controlled technical data”.
- Both the EAR and ITAR exclude data in the “public domain” from control. The ITAR provides a detailed definition of “public domain” in 22 CFR Part 120.11. Note that there are inclusions for information resulting from “fundamental research” which is a term used to described research conducted at US institutions of higher learning where the results are “ordinarily published and shared broadly within the scientific community.” Not included in this definition is research where the results are restricted by the sponsor for proprietary reasons or US Government “access and dissemination controls”. The EAR definition of “public domain” is shorter but similar to the ITAR: see 15 CFR Part 772.1. If the technology is “public domain” as described above, we can assume it is not “controlled technical data”. If not, we need to proceed to step two to figure out whether the technology is actually controlled by either the ITAR or EAR.
- The ITAR and EAR contain special lists of all technology that is controlled. The ITAR list is called the US Munitions List (USML) and can be found at 22 CFR Part 121.1 THE EAR list is called the Commerce Control List (CCL) and can be found at 15 CFR Part 774.1. The ECO will provide assistance to any department or researcher attempting to determine whether their technology is controlled. Generally, the first place we would look is to the source of the data which could be a sponsor or a vendor to see if they can confirm the classification of the data. When this is not possible, the ECO has a subscription index of the USML and CCL and will work with the department to “self-classify” the data. In some cases, it may even be necessary to submit a request to either the Department of State or the Department of Commerce to get an official determination on the classification of the technology.
Occasionally, it is necessary for researchers to access controlled data. The rules for handling controlled data vary depending on what category of ITAR or CCL the item falls within. The ECO will work with the researcher to identify the applicable set of rules and set up a Technology Control Plan (TCP) to insure the technology is properly handled. Generally, a TCP will identify the individual researchers who are allowed access, how the data will be stored, and how the researchers will access and use the data. The ECO will provide training to each individual included in the TCP.
It is common for our labs to have hardware that is controlled under the CCL and generally not an issue for our foreign students and researchers to access this hardware. On the other hand, if the hardware is ITAR controlled, access needs to be restricted to US persons in order to prevent a “deemed export”. The ECO needs to be notified prior to bringing any ITAR hardware on campus. The ECO will work with the PI to determine whether it is possible to handle this hardware in a manner that is compliant with ITAR rules.
Anytime material is shipped out of country (including by hand carry) it is considered an export. Depending on the nature of the item, an export license may be required to ship to certain locations. The ECO will assist departments that need to ship material to foreign locations for research purposes. The International Shipping tab contains further instructions. Keep in mind, export licenses can take several months so it is critical to provide the ECO with as much advanced notice as possible to prevent project delays.
- I need to ship items internationally.
- I need to travel to Cuba, Iran, N. Korea, Syria, or Sudan.
- I want to collaborate with a researcher or an institution from outside the United States.
- My sponsor has requested that my research results be kept proprietary or has requested to review my results prior to publication.
- My sponsor has requested that only US persons work on the project, or, has requested the name and citizenship status of my researchers.
- I have received or need to receive export-controlled data from a sponsor, collaborator, or vendor.
- I have received or plan to receive hardware that the sponsor or vendor has designated “ITAR”.
- I have invented a new technology having an obvious military application.