Last updated: 2026-04-07
If you've spent any time working in defense manufacturing, aerospace, or government contracting, you already know that ITAR comes with its own language. Misunderstanding even a single term — "export," "U.S. person," "defense service" — can expose your company to criminal penalties, debarment, and reputational damage that takes years to recover from.
This glossary is the reference I wish had existed when I started working in ITAR compliance over eight years ago. Whether you're a compliance officer building your first program, a program manager onboarding new suppliers, or a defense contractor navigating a State Department registration, these definitions will give you a rock-solid foundation.
Why ITAR Terminology Matters More Than You Think
The International Traffic in Arms Regulations (ITAR), codified at 22 CFR Parts 120–130, is notoriously precise in its language. The difference between a "defense article" and a "commercial item," or between an "export" and a "reexport," can mean the difference between a routine transaction and a federal violation. According to the U.S. Department of State, ITAR civil penalties can reach $1,308,326 per violation, with criminal penalties of up to $1,000,000 per violation and 20 years imprisonment — making definitional precision not just academic, but existential for your business.
Over the course of working with 200+ defense contractor clients, I've seen more compliance failures trace back to misunderstood terminology than to any other root cause. This glossary is organized to reflect the way compliance professionals actually use these terms — in registration, licensing, technology transfer, and day-to-day program management.
The Foundational Framework: What ITAR Governs
Before diving into individual definitions, it helps to understand ITAR's three-part scope: it governs (1) defense articles, (2) defense services, and (3) technical data. Every term in the ITAR universe connects back to one of these three categories.
Core ITAR Terms and Definitions
Defense Article
Definition (22 CFR § 120.31): Any item or technical data designated on the United States Munitions List (USML). This includes items specifically designed, developed, configured, adapted, or modified for military application.
Why it matters: If your product is a defense article, you cannot export it — physically or electronically — without a license or applicable exemption. "Designed for" and "modified for" are operative phrases. A commercial bearing modified for a missile guidance system becomes a defense article.
Defense Service
Definition (22 CFR § 120.32): The furnishing of assistance (including training) to foreign persons, whether in the United States or abroad, in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing, or use of defense articles.
Why it matters: Defense services are one of the most frequently violated ITAR categories. Providing technical assistance, training a foreign national employee, or conducting a design review with an overseas partner can all constitute a defense service requiring authorization.
Technical Data
Definition (22 CFR § 120.33): Information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles. This includes blueprints, drawings, photographs, plans, instructions, documentation, and software directly related to defense articles.
What it does NOT include: General scientific, mathematical, or engineering principles in the public domain; basic marketing information; or information covered by the EAR's publicly available standard.
United States Munitions List (USML)
Definition: The list of defense articles and defense services subject to ITAR export controls, codified at 22 CFR Part 121. The USML is organized into 21 categories (Categories I–XXI), ranging from firearms (Category I) to nuclear weapons (Category XVI) to spacecraft systems (Category XV).
| USML Category | Description |
|---|---|
| I | Firearms, Close Assault Weapons, Combat Shotguns |
| II | Guns and Armament |
| III | Ammunition/Ordnance |
| IV | Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets |
| VI | Vessels of War and Special Naval Equipment |
| VII | Tanks and Military Vehicles |
| VIII | Aircraft and Associated Equipment |
| XI | Military Electronics |
| XIII | Auxiliary Military Equipment |
| XV | Spacecraft Systems and Associated Equipment |
| XVI | Nuclear Weapons, Special Nuclear Material |
| XXI | Miscellaneous Articles |
Citation hook: The USML contains 21 categories of controlled defense articles and services, and any item specifically designed or modified for a military end-use is presumed subject to ITAR jurisdiction unless affirmatively determined otherwise.
U.S. Person
Definition (22 CFR § 120.62): A U.S. person includes: - U.S. citizens - U.S. nationals - Lawful permanent residents (green card holders) - Refugees and asylees admitted under specific statutes - Corporations, business associations, partnerships, societies, trusts, and other organizations incorporated or organized under U.S. law
Why it matters: Only U.S. persons can receive ITAR-controlled technical data or defense articles without an export license (with limited exceptions). This distinction drives your hiring compliance, subcontractor screening, and facility access controls.
Foreign Person
Definition (22 CFR § 120.63): Any natural person who is not a U.S. person, and any foreign corporation, business association, partnership, trust, society, or any other entity or group not incorporated or organized to do business in the United States.
Export
Definition (22 CFR § 120.50): An export includes: 1. Sending or taking a defense article out of the United States in any manner 2. Transferring registration, control, or ownership to a foreign person, even within the United States (this is the "deemed export" concept) 3. Disclosing technical data to a foreign person, whether in the United States or abroad 4. Performing a defense service for or on behalf of a foreign person
Citation hook: Under ITAR, physically handing a controlled document to a foreign national employee in your own facility constitutes an export and requires prior authorization.
Deemed Export
Definition: The release of ITAR-controlled technical data or technology to a foreign national within the United States. This is treated as an export to that individual's home country. Deemed exports are one of the top causes of inadvertent ITAR violations in U.S. defense companies with diverse workforces.
Reexport / Retransfer
Definition (22 CFR § 120.52 / § 120.53): - Reexport: The transfer of a U.S.-origin defense article from one foreign country to another. - Retransfer: The change in end-use or end-user of a defense article within the same foreign country.
Both generally require prior U.S. government authorization.
Temporary Import
Definition (22 CFR § 123.4): The temporary importation of unclassified defense articles from abroad is generally exempt from licensing requirements, but must comply with U.S. Customs regulations and applicable conditions.
Licensing and Authorization Terms
State Department / Directorate of Defense Trade Controls (DDTC)
The Directorate of Defense Trade Controls (DDTC), within the U.S. Department of State's Bureau of Political-Military Affairs, is the primary ITAR regulatory authority. DDTC manages registrations, licenses, agreements, and enforcement actions under 22 CFR Parts 120–130.
ITAR Registration
Definition (22 CFR § 122.1): Any person who engages in the United States in the business of manufacturing, exporting, temporarily importing, or brokering defense articles, or furnishing defense services, is required to register with DDTC. Registration is a prerequisite for applying for export licenses — it does not itself authorize any export.
Key fact: DDTC charges a registration fee based on the number of license applications submitted in the prior year, with a minimum annual fee of $2,250 for registrants submitting fewer than 10 applications.
Export License
Definition (22 CFR Part 123): Prior written approval from DDTC authorizing the export, reexport, or retransfer of a specific defense article, defense service, or technical data to a specific foreign end-user for a specific end-use. A license is transaction-specific and time-limited.
DSP-5 (Application for Permanent Export License)
The standard license application form for permanent exports of unclassified defense articles and related technical data. DSP-5 licenses are typically valid for four years from the date of approval.
DSP-73 (Application for Temporary Export License)
Used for defense articles exported temporarily and intended to be returned to the United States (e.g., for trade shows, demonstrations, testing, or repair).
DSP-6 (Import Certificate / End-User Certificate)
A certificate used to assure the U.S. government of the bona fide nature of the import and that the foreign government certifies the articles will not be reexported without U.S. approval.
Agreement (TAA / MLA)
Technical Assistance Agreement (TAA) — 22 CFR § 124.1: A contract for the performance of a defense service or the disclosure of technical data to a foreign person. TAAs are used when ongoing technical collaboration or knowledge transfer is involved, as opposed to a one-time hardware sale.
Manufacturing License Agreement (MLA) — 22 CFR § 124.1: An agreement that authorizes a foreign person to manufacture defense articles abroad. MLAs are required when a foreign partner will produce ITAR-controlled hardware.
Key distinction: TAAs cover services and data; MLAs cover manufacturing rights. Many defense partnerships require both.
Exemptions
Definition (22 CFR Parts 123–126): Certain ITAR transactions are exempt from the license requirement. Common exemptions include:
| Exemption | Regulatory Cite | Description |
|---|---|---|
| Canadian Exemption | 22 CFR § 126.5 | Exports to Canada for specified categories |
| Government-to-Government | 22 CFR § 126.6 | Exports under U.S. government contracts |
| NATO/Australia/Japan/Korea/UK | 22 CFR § 126.7 | Specific exemptions for close allies |
| Personal/Household Effects | 22 CFR § 123.17 | Uncontrolled personal effects |
| Press/Media | 22 CFR § 125.4(b)(3) | Publicly released information |
| Intra-Company | 22 CFR § 125.4 | Technical data to U.S. persons abroad |
Warning: Exemptions are not self-executing "free passes." Each exemption carries specific eligibility conditions, documentation requirements, and product scope limitations. Misapplying an exemption is a violation.
Commodity Classification and Jurisdiction Terms
Commodity Jurisdiction (CJ) Determination
Definition (22 CFR § 120.4): A formal determination by DDTC of whether a specific article, service, or data is subject to ITAR jurisdiction or falls under the Export Administration Regulations (EAR) administered by the Department of Commerce (BIS). CJ requests are submitted using Form DS-4076.
When to request a CJ: When you are uncertain whether your product is on the USML or the Commerce Control List (CCL), or when you have received conflicting guidance from customers or partners.
Export Control Reform (ECR)
A major regulatory initiative completed between 2010 and 2018 that transferred hundreds of items from the USML to the Commerce Control List (CCL) under EAR. ECR introduced the current tiered USML structure with precise "positive list" descriptions and created the "600 series" EAR export control classification numbers (ECCNs) for items moved from ITAR to EAR.
Citation hook: Export Control Reform transferred thousands of defense-related items from ITAR to EAR between 2010 and 2018, but items that remain on the USML are still subject to the full weight of ITAR enforcement, including its criminal penalty provisions.
Export Control Classification Number (ECCN)
Definition: A five-character alphanumeric classification under the EAR (not ITAR) used to identify items on the Commerce Control List (CCL). ECCNs determine licensing requirements based on destination, end-user, and end-use. Understanding ECCNs is critical because many dual-use items that were once ITAR-controlled are now classified under the EAR with a 600-series ECCN.
EAR99
Items subject to the EAR but not listed on the CCL are designated EAR99. These items generally do not require a license for export unless going to an embargoed country or prohibited end-user. Items cannot be EAR99 and ITAR-controlled simultaneously — they are distinct regimes.
Dual-Use Item
An item that has both commercial and military applications. Dual-use items are generally regulated by the EAR (not ITAR), though the line between dual-use and defense article is frequently contested and often requires a CJ determination to resolve.
Enforcement and Compliance Terms
Voluntary Disclosure (VD)
Definition (22 CFR § 127.12): A self-initiated report to DDTC disclosing a potential ITAR violation discovered by the registrant. Voluntary disclosure is a significant mitigating factor in penalty determinations and can reduce or eliminate civil penalties.
Best practice: VDs should be filed promptly, be comprehensive, include a root cause analysis, and propose corrective actions. I consistently recommend that any company discovering a potential ITAR violation immediately engage qualified legal counsel before filing.
Consent Agreement
A negotiated resolution between DDTC and a registrant following an ITAR violation. Consent agreements typically include a fine, compliance program requirements, external auditing, and a period of enhanced oversight. Historic consent agreements have ranged from $1 million to over $400 million in penalties for major defense contractors.
Debarment
Definition (22 CFR § 127.7): The temporary or permanent prohibition of a person from participating in ITAR-regulated activities, including exporting defense articles or services. Debarment is one of the most serious ITAR enforcement outcomes and can effectively put a defense contractor out of business.
Technology Control Plan (TCP)
An internal compliance document — not explicitly required by ITAR but strongly recommended and often contractually required by prime contractors and the DoD — that describes how a company controls access to ITAR-controlled technical data and hardware, particularly with respect to foreign national employees, visitors, and subcontractors.
Empowered Official (EO)
Definition (22 CFR § 120.69): A U.S. person who is an employee of a registered company with the authority and responsibility to sign license applications, TAAs, MLAs, and other ITAR-related documents. The EO must understand the relevant export control laws and have the authority to inquire into transactions and halt shipments if necessary. An organization may have multiple EOs but each must be individually qualified.
End-Use Certificate / End-User Statement
A document provided by the foreign end-user certifying the intended end-use of exported articles and committing not to reexport or retransfer without prior U.S. government authorization. Required as a condition of many DDTC-issued licenses.
Broker and Third-Party Terms
ITAR Broker
Definition (22 CFR § 129.2): Any person who acts as an agent or intermediary in brokering activities related to the import or export of defense articles or defense services. Brokers must register with DDTC separately from manufacturers and exporters and may be subject to prior approval requirements for certain brokering activities.
Third-Party Transfer
The transfer of ITAR-controlled articles or technical data to a party not specified in the original license or agreement. Third-party transfers generally require prior DDTC approval and are a frequent area of enforcement scrutiny in supply chain transactions.
Key ITAR Acronyms Quick Reference
| Acronym | Full Term |
|---|---|
| ITAR | International Traffic in Arms Regulations |
| USML | United States Munitions List |
| DDTC | Directorate of Defense Trade Controls |
| EAR | Export Administration Regulations |
| BIS | Bureau of Industry and Security (Commerce) |
| CCL | Commerce Control List |
| ECCN | Export Control Classification Number |
| CJ | Commodity Jurisdiction |
| TAA | Technical Assistance Agreement |
| MLA | Manufacturing License Agreement |
| TCP | Technology Control Plan |
| EO | Empowered Official |
| VD | Voluntary Disclosure |
| ECR | Export Control Reform |
| DSP | Defense Supplier Program (license form prefix) |
| AES | Automated Export System (now AESDirect) |
| OFAC | Office of Foreign Assets Control |
| AECA | Arms Export Control Act |
| FMS | Foreign Military Sales |
| DCS | Direct Commercial Sales |
ITAR vs. EAR: The Critical Distinction
One of the most practically important distinctions in export control is understanding when ITAR applies versus when EAR applies. Both regimes control exports, but they operate differently and carry different consequences.
| Factor | ITAR (22 CFR Parts 120–130) | EAR (15 CFR Parts 730–774) |
|---|---|---|
| Governing Agency | Dept. of State (DDTC) | Dept. of Commerce (BIS) |
| Controlled Items | Defense articles (USML) | Dual-use & commercial items (CCL + EAR99) |
| Registration Required? | Yes, mandatory | No general registration requirement |
| Max Civil Penalty | $1,308,326 per violation | $368,136 per violation (or 2x transaction value) |
| Max Criminal Penalty | $1M / 20 years | $1M / 20 years |
| License Validity | Typically 4 years | Typically 4 years |
| "Deemed Export" Rule | Yes (foreign nationals) | Yes (foreign nationals) |
| Self-Classification Allowed? | Yes, but CJ available | Yes, ECCN self-classification common |
The fundamental rule: If your item is on the USML, ITAR applies exclusively — you cannot choose EAR for a USML-listed item. If your item has been moved to the CCL via ECR, EAR applies and you need an ECCN.
Building Your ITAR Compliance Program Around These Terms
Understanding terminology is the foundation, but it's only the beginning. A defensible ITAR compliance program operationalizes these definitions through:
- Jurisdiction screening: Every product, service, and data package should be formally classified as ITAR, EAR, or neither — documented and reviewed annually.
- Empowered Official designation: Your EO must be trained, empowered, and actively engaged — not just a name on a registration form.
- Technology Control Plan: A written TCP that addresses physical security, IT controls, foreign visitor access, hiring screening, and subcontractor flow-downs.
- License tracking: A license management system that tracks conditions, expiration dates, shipped quantities, and authorized parties.
- Voluntary disclosure protocol: A clear internal procedure for identifying, escalating, and (when warranted) disclosing potential violations before they become enforcement actions.
At Certify Consulting, our clients have achieved a 100% first-time audit pass rate using structured compliance programs built on these exact foundations. Understanding what the terms mean is the first step — building systems to operationalize them is what keeps you out of trouble.
Frequently Asked Questions About ITAR Terminology
What is the difference between an export license and a Technical Assistance Agreement under ITAR?
A DSP-5 export license authorizes the physical export of a specific defense article to a specific end-user. A Technical Assistance Agreement (TAA) authorizes the ongoing disclosure of technical data or the performance of defense services for a foreign person. Hardware transactions typically require a license; technical collaboration typically requires a TAA — though many programs need both.
Does ITAR apply to U.S. companies operating entirely within the United States?
Yes. The "deemed export" rule means that disclosing ITAR-controlled technical data to a foreign national employee or visitor inside a U.S. facility constitutes an export. Additionally, any company manufacturing defense articles must register with DDTC regardless of whether it exports anything.
What does it mean to be "ITAR registered" versus "ITAR compliant"?
ITAR registration (22 CFR § 122.1) is the mandatory administrative act of enrolling with DDTC as a manufacturer, exporter, or broker of defense articles. Registration does not confer any export authority — it simply establishes your company's regulatory standing. ITAR compliance, by contrast, means actively meeting all ongoing obligations: proper licensing, technology controls, record-keeping, training, and reporting. You can be registered but not compliant.
What is a Commodity Jurisdiction (CJ) determination and when should I request one?
A CJ is a formal DDTC ruling on whether a specific item or service falls under ITAR or EAR jurisdiction. You should request a CJ when: (a) your item has both commercial and military applications; (b) your product line was affected by Export Control Reform and you are unsure of its current status; (c) a customer, partner, or auditor has challenged your jurisdiction determination; or (d) you are considering acquiring or licensing a technology and need certainty before proceeding.
Can a foreign subsidiary of a U.S. company receive ITAR technical data without a license?
Generally, no. A foreign subsidiary — even one wholly owned by a U.S. parent — is a "foreign person" under ITAR. Disclosing ITAR technical data to a foreign subsidiary typically requires a license or TAA. The § 126.3 exemption for government contractors and certain § 125.4 intra-company exemptions may apply in limited circumstances, but these require careful analysis on a case-by-case basis.
For expert guidance on ITAR registration, compliance program development, or voluntary disclosure support, visit itarconsultant.us or explore our ITAR compliance services.
Last updated: 2026-04-07
Jared Clark
Principal Consultant, Certify Consulting
Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.