Citation Hook: Under 22 C.F.R. § 120.69, an ITAR Empowered Official must be a U.S. person, employed by the registrant, and possess the authority to bind the organization legally — making them one of the most consequential compliance appointments a defense contractor can make.
If your company manufactures, exports, or brokers defense articles or defense services controlled under the International Traffic in Arms Regulations (ITAR), appointing a qualified Empowered Official (EO) is not optional — it is a federal regulatory requirement. Yet in my 8+ years of working with defense contractors, manufacturers, and technology companies, the Empowered Official role remains one of the most misunderstood, under-resourced, and incorrectly staffed positions in export compliance.
This pillar guide breaks down everything you need to know: who qualifies, what the EO is legally responsible for, how the role fits within a broader compliance program, and the most common mistakes that put organizations — and individuals — at serious legal risk.
What Is an ITAR Empowered Official?
The term "Empowered Official" is defined under 22 C.F.R. § 120.69 of the International Traffic in Arms Regulations. An Empowered Official is a U.S. person who:
- Is directly employed by the ITAR registrant (the company);
- Is legally empowered in writing by the company to sign license applications, other requests for approval, and export documentation on behalf of the organization;
- Understands the provisions and requirements of the ITAR, the Export Administration Regulations (EAR), and any other export control laws relevant to the transaction; and
- Has the authority to inquire into any aspect of a proposed export or temporary import, and to refuse to sign a license application or other export authorization if they believe the transaction may violate U.S. law.
That last point is critical. The Empowered Official is not a rubber stamp. The role carries personal, independent authority — and personal legal exposure.
Why the Empowered Official Role Matters
The stakes for getting this wrong are severe. The Directorate of Defense Trade Controls (DDTC) can impose civil penalties of up to $1,308,326 per violation (as adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act), and criminal penalties under the Arms Export Control Act (AECA) can reach $1 million per violation and 20 years imprisonment.
According to DDTC enforcement statistics, the most common root causes of ITAR violations include unauthorized exports, inadequate employee training, and — critically — failures in the authorization and approval chain. A poorly structured or inadequately empowered EO function sits directly in that chain.
Citation Hook: The Arms Export Control Act (AECA), codified at 22 U.S.C. § 2778, authorizes criminal penalties of up to $1 million and 20 years imprisonment per violation, placing the Empowered Official's signature at the center of the most consequential authorization decisions in U.S. export law.
Companies that invest in properly structured, trained, and supported EO roles are significantly better positioned during DDTC audits, consent agreements, and Voluntary Disclosure reviews. At Certify Consulting, every one of our 200+ clients has passed their first-time compliance audits — and a well-functioning EO structure is a cornerstone of that track record.
Who Qualifies to Be an Empowered Official?
Eligibility Requirements
Under 22 C.F.R. § 120.69, the Empowered Official must:
- Be a U.S. person (U.S. citizen, lawful permanent resident, or U.S. entity as defined under 22 C.F.R. § 120.62);
- Be directly employed by the registrant — third-party contractors, consultants, or agents do not qualify as Empowered Officials, though they may support the EO function;
- Be legally empowered in writing by the company to sign on its behalf.
There is no specific educational degree or professional certification mandated by the regulation. However, practical knowledge of the ITAR, the U.S. Munitions List (USML), and export licensing procedures is functionally required to perform the role lawfully.
Who Typically Holds This Role
In practice, the EO is often one of the following:
| Title | Typical Org Size | Considerations |
|---|---|---|
| Chief Compliance Officer (CCO) | Large enterprise | High legal authority, dedicated compliance staff |
| Export Compliance Manager | Mid-size | Common assignment; ensure sufficient authority |
| General Counsel / Deputy GC | Mid to large | Strong legal background; may lack operational export knowledge |
| VP of Operations | Small contractor | Authority present; compliance training critical |
| Owner / President | Small business | Authority clear; bandwidth and expertise are risk factors |
The regulation does not restrict the number of Empowered Officials a company may designate. Most companies of any meaningful scale should have at least two EOs — a primary and a backup — to prevent authorization bottlenecks during absences, transitions, or emergencies.
Core Responsibilities of an ITAR Empowered Official
1. Signing License Applications and Export Authorizations
The most visible EO duty is signing DDTC license applications submitted through the D-Trade system. The EO's signature is a legal certification that:
- The information in the application is accurate and complete;
- The proposed transaction complies with ITAR requirements; and
- The EO has reviewed the transaction and believes it is lawful.
This signature is not a formality. The EO is personally certifying compliance. Signing a fraudulent or inaccurate application — even if the EO relied on incorrect information provided by others — can expose the individual to personal liability.
2. Reviewing Proposed Exports, Re-Exports, and Temporary Imports
Before any authorization is signed, the EO must conduct — or supervise — a meaningful review of the proposed transaction. This includes:
- Verifying the commodity's classification under the USML;
- Confirming the end-user's identity and screening against denied parties lists (DDTC Debarred List, BIS Entity List, OFAC SDN List);
- Reviewing the end-use and ensuring it aligns with the stated license purpose;
- Assessing whether a license exception or exemption applies (e.g., exemptions under 22 C.F.R. Part 126);
- Confirming country eligibility under the applicable license or authorization.
3. Refusing to Sign When a Violation Is Suspected
This is perhaps the most important — and least discussed — EO responsibility. The regulation explicitly grants the EO the right and obligation to refuse to sign any license or export document if they have reason to believe the transaction may violate U.S. export laws.
This is an independent authority. No supervisor, business unit leader, executive, or board member can legally compel an EO to sign a document they believe violates the law. Creating organizational pressure to override an EO's refusal is itself a compliance red flag.
Citation Hook: An Empowered Official who signs an export authorization under organizational pressure, despite having reason to believe the transaction violates U.S. law, may be held personally liable under 22 U.S.C. § 2778, regardless of seniority or corporate instruction.
4. Maintaining Knowledge of Applicable Regulations
The EO must maintain current, working knowledge of:
- The full ITAR (22 C.F.R. Parts 120–130);
- The U.S. Munitions List (22 C.F.R. Part 121);
- Relevant license conditions and provisos;
- DDTC policy guidance and advisory opinions;
- Related regulations including EAR (15 C.F.R. Parts 730–774) and OFAC sanctions where applicable.
Regulatory knowledge is not static. DDTC amends the USML and ITAR on a rolling basis, and EOs must stay current. This is one reason I strongly recommend EOs participate in structured, documented training at least annually — and more frequently when significant regulatory changes occur.
5. Supporting Voluntary Disclosures and Corrective Actions
When a potential ITAR violation is discovered, the EO typically plays a central role in determining whether to file a Voluntary Disclosure with DDTC. Under 22 C.F.R. § 127.12, a timely, complete, and accurate Voluntary Disclosure can substantially mitigate penalties and demonstrate good faith. The EO must understand this process, coordinate with legal counsel, and ensure remedial measures are implemented.
Building a Compliant Empowered Official Structure
Written Designation and Delegation of Authority
Every EO must be formally designated in writing. This typically takes the form of a board resolution, a delegation of authority (DOA) letter signed by an officer with corporate authority, or a documented policy. The written designation should:
- Identify the individual by name and title;
- Explicitly confer authority to sign ITAR license applications and export documents;
- Confer authority to inquire into and refuse transactions;
- Be retained in company records and updated when EOs change.
Integrating the EO into the Export Compliance Program
An Empowered Official operating in isolation is a compliance failure waiting to happen. The EO function must be integrated into a broader Export Management and Compliance Program (EMCP) that includes:
- Transaction screening procedures — documented processes for classifying items, screening parties, and reviewing end-use;
- Recordkeeping systems — ITAR requires export records to be retained for five years per 22 C.F.R. § 122.5;
- Training programs — documented training for the EO and all personnel involved in export transactions;
- Audit and monitoring mechanisms — internal audits to identify gaps before DDTC does;
- Escalation and refusal procedures — clear policies for how the EO exercises the refusal authority.
Comparison: Empowered Official vs. Export Compliance Officer
Many organizations confuse or conflate the Empowered Official with the Export Compliance Officer (ECO) or Export Control Manager. Here's how they differ:
| Attribute | Empowered Official (EO) | Export Compliance Officer (ECO) |
|---|---|---|
| Defined by regulation? | Yes — 22 C.F.R. § 120.69 | No — internal designation |
| Must be U.S. person? | Yes — mandatory | Typically yes, by practice |
| Signing authority? | Yes — required | No — advisory role |
| Personal legal exposure? | Yes — for signed documents | Generally limited to policy failures |
| Can refuse transactions? | Yes — explicit regulatory right | Advisory capacity only |
| Required for DDTC registration? | Yes | No |
| Can be outsourced? | No — must be direct employee | Yes — consulting support permitted |
In smaller organizations, one individual may hold both roles. In larger enterprises, separating them strengthens the compliance structure and reduces individual risk concentration.
Common Mistakes That Create EO Liability
In my work auditing and building compliance programs for defense contractors, these are the EO-related failures I encounter most frequently:
1. Treating the EO as a Administrative Signing Role
The EO's signature is a legal certification — not an administrative act. Companies that route license applications to the EO for signature without providing full transaction documentation are creating both a regulatory violation and personal liability exposure.
2. Appointing an EO Without Adequate Authority
If the designated EO does not actually have the organizational authority to refuse a transaction — because their role doesn't carry that power in practice — the designation is deficient. Authority must be real, not nominal.
3. No Backup EO
A single-EO structure creates operational risk. License submissions, TAA approvals, and commodity jurisdiction requests cannot proceed if the sole EO is unavailable. DDTC processing timelines are unforgiving.
4. Insufficient or Undocumented Training
DDTC expects EOs to demonstrate regulatory competence. Companies with no training records for their EO are exposed in both audits and enforcement proceedings.
5. Failing to Update EO Designations
When an EO leaves the company, retires, or changes roles, many companies fail to formally revoke the prior designation and establish a new one. An outdated delegation of authority document is a compliance gap — and potentially a liability for the former employee.
6. EO Signing Under Pressure
Organizational culture that pressures EOs to approve transactions without adequate review — or overrides EO concerns — is the recipe for criminal liability. EOs who feel pressured should document their concerns in writing and seek legal counsel immediately.
How Certify Consulting Supports Your Empowered Official Program
At Certify Consulting, I work directly with companies to assess, build, and validate their Empowered Official structures as part of a comprehensive ITAR compliance program. This includes:
- EO role assessment — evaluating whether current designees meet regulatory requirements and have genuine organizational authority;
- Delegation of authority drafting — creating legally sound written designations;
- EO-specific training — practical, regulation-grounded training tailored to your commodity classifications and transaction types;
- EMCP development — building the surrounding compliance program that makes the EO function effective;
- Mock DDTC audits — testing your EO structure before regulators do.
Whether you're a first-time ITAR registrant trying to understand what your EO needs to do, or an established defense contractor looking to tighten your compliance posture after a near-miss, Certify Consulting brings 8+ years of hands-on experience and a 100% first-time audit pass rate to your program.
Learn more about our ITAR compliance consulting services or contact us for a program assessment.
Empowered Official Requirements at a Glance
| Requirement | Regulatory Source | Key Detail |
|---|---|---|
| Must be U.S. person | 22 C.F.R. § 120.69 | Citizenship or LPR status required |
| Must be direct employee | 22 C.F.R. § 120.69 | Consultants cannot serve as EO |
| Written empowerment required | 22 C.F.R. § 120.69 | Board resolution or DOA letter |
| Must understand applicable laws | 22 C.F.R. § 120.69 | ITAR, EAR, and related regs |
| Authority to refuse transactions | 22 C.F.R. § 120.69 | Independent, cannot be overridden |
| Personal signing certification | AECA, 22 U.S.C. § 2778 | Criminal/civil exposure per signature |
| Recordkeeping obligation | 22 C.F.R. § 122.5 | 5-year retention minimum |
Frequently Asked Questions About the ITAR Empowered Official
Can a consultant or third-party serve as my company's Empowered Official?
No. The ITAR explicitly requires the Empowered Official to be directly employed by the ITAR registrant. External consultants — including export compliance firms — cannot serve as your company's EO, though they can train, advise, and support the EO in their role.
How many Empowered Officials does a company need?
The ITAR does not set a minimum number beyond one, but best practice strongly recommends designating at least two EOs — a primary and an alternate — to ensure operational continuity. Large enterprises with multiple divisions or high transaction volumes often designate additional EOs by business unit.
Does the Empowered Official need a specific degree or certification?
No specific academic degree or professional certification is required by regulation. However, the EO must demonstrate sufficient knowledge of the ITAR and related export laws to understand the legal effect of their signature. Documented training, participation in industry programs (such as NCBFAA or ITAR compliance courses), and ongoing regulatory education are strongly recommended.
What happens if an Empowered Official signs a fraudulent application?
Personal criminal liability under the AECA (22 U.S.C. § 2778) — including fines up to $1 million and imprisonment up to 20 years per violation — applies to individuals who knowingly or willfully violate the ITAR. Civil penalties can also be assessed against individuals, not just corporate entities.
Can the EO also serve as the Export Compliance Officer?
Yes. In smaller organizations, one person frequently holds both roles. However, this concentrates significant risk and workload on a single individual. As companies grow or transaction volumes increase, separating these functions strengthens the compliance structure and reduces individual exposure.
Last updated: 2026-03-22
Jared Clark, JD, MBA, PMP, CMQ-OE, CPGP, CFSQA, RAC is the Principal Consultant at Certify Consulting. With 8+ years of experience and 200+ clients served, Jared helps defense contractors and technology companies build ITAR compliance programs that pass audits and withstand scrutiny. Learn more at certify.consulting.
Jared Clark
Principal Consultant, Certify Consulting
Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.