A deemed export occurs under ITAR when ITAR-controlled technical data or defense services are released to a foreign person within the United States. Under 22 CFR 120.17, this release is treated as an export to the foreign person’s country of nationality — even though no data physically crosses a border. This means allowing a foreign national employee, contractor, or visitor to view controlled blueprints, access defense-related software, or observe manufacturing processes can require the same export authorization as shipping hardware overseas.
22 CFR 120.17
Under the International Traffic in Arms Regulations, an “export” is not limited to physically shipping goods across borders. 22 CFR 120.17 defines export to include the release of technical data or defense services to a foreign person, regardless of location. When this release happens within the United States, it is called a deemed export — the data is “deemed” to have been exported to the foreign person’s country of nationality.
This has profound implications for any defense contractor employing foreign nationals, hosting foreign visitors, or collaborating with international partners on U.S. soil. The deemed export rule means that your hiring decisions, facility access policies, meeting room configurations, and IT access controls all carry export compliance implications. A foreign national engineer sitting at a workstation with access to controlled technical data is receiving a deemed export every time they log in — and without proper authorization, each access is a potential violation.
Visual Access = Deemed Export
A common misconception is that deemed exports require a physical handoff of documents or data. In reality, visual access alone is sufficient. If a foreign national can see a controlled drawing on a monitor, observe a controlled manufacturing process through a window, or view defense articles on a factory floor, a deemed export has occurred. Your Technology Control Plan must address both physical and visual access.
Compliance Controls
Managing deemed export risk requires two complementary systems: screening procedures to identify foreign nationals and Technology Control Plans to restrict their access to controlled items.
Every person who may have access to ITAR-controlled technical data or defense articles must be screened to determine their citizenship or immigration status. This applies to employees, contractors, consultants, temporary workers, interns, and visitors. Screening should occur at the point of hire (or engagement) and be documented in personnel files.
U.S. Persons (No Restriction)
U.S. citizens, permanent residents (green card holders), persons granted asylum, refugees admitted under 8 U.S.C. 1157
Foreign Persons (Controls Required)
H-1B, L-1, F-1/OPT, J-1, TN, O-1, and all other non-immigrant visa holders; undocumented persons; all non-U.S. persons
Foreign visitors present a particularly acute deemed export risk because they may encounter controlled materials during facility tours, meetings, or vendor visits. Your compliance program must include visitor screening procedures that determine nationality before granting access to any area where controlled items or data are present.
When your organization employs or hosts foreign nationals who will have access to ITAR-controlled items, your Technology Control Plan must include specific provisions addressing that access. These provisions go beyond general security measures to create a controlled environment where foreign national access is limited to what is specifically authorized.
Exemptions & Exceptions
Not every interaction with a foreign national triggers a deemed export obligation. ITAR provides several exemptions and exclusions, but they are narrow and fact-specific. Misapplying an exemption carries the same penalty risk as failing to obtain a license. Always document your exemption analysis and retain it for the 5-year record-keeping period.
Under 22 CFR 120.15, “U.S. persons” include U.S. citizens, lawful permanent residents (green card holders), persons admitted as refugees, and persons granted asylum. Sharing ITAR data with U.S. persons does not constitute an export of any kind.
Always verify status with documentation. A foreign accent or name is never sufficient basis for restriction or assumption.
Under 22 CFR 120.34, technical data that is already in the public domain — published in books, presented at open conferences, available in patent applications, or released through proper government channels — is not subject to ITAR controls. However, the data must have been intentionally placed in the public domain; accidental disclosure does not create a public domain exception.
Company proprietary data shared at a trade show is NOT automatically public domain unless properly released.
Basic and applied research conducted at accredited institutions of higher learning where results are ordinarily published and shared broadly within the scientific community qualifies as fundamental research under 22 CFR 120.34(a)(8). This exclusion does not apply to research that is restricted by the sponsor or subject to access, dissemination, or publication controls.
Sponsored research with publication restrictions likely does not qualify for this exclusion.
When a foreign national’s access to controlled data is authorized under a Technical Assistance Agreement (TAA) or other export license, the deemed export is properly authorized — provided the access stays within the scope, parties, and provisos of the agreement. The TAA must specifically name or cover the individuals and the data categories involved.
Exceeding the scope of a TAA is itself a violation, even if the TAA covers the general subject area.
Compliance Pitfalls
Deemed export violations are among the most common ITAR compliance failures because they involve everyday workplace interactions rather than obvious export transactions. These are the mistakes we see most frequently — and each one carries the same penalty exposure as shipping controlled hardware to an embargoed destination.
Failing to verify citizenship or immigration status during onboarding. Many companies assume I-9 verification is sufficient — it is not. I-9 confirms work authorization, not export control status.
Granting all employees identical network access without role-based controls that restrict foreign nationals from ITAR data repositories, shared drives, or engineering databases.
Allowing foreign visitors to tour production areas where controlled defense articles or technical data are visible, without pre-screening nationality or implementing visual barriers.
Applying EAR deemed export rules to ITAR-controlled items. EAR and ITAR have different definitions, different exemptions, and different licensing requirements for deemed exports.
Failing to identify and address dual nationals or third-country nationals. A person holding passports from two foreign countries may trigger deemed export requirements to both countries.
Hallway conversations, whiteboard sessions, and casual mentoring that involve controlled technical data with foreign national colleagues — these are deemed exports even if nothing is written down.
Expert Deemed Export Guidance
Our deemed export compliance services include foreign national screening program design, Technology Control Plan development, TAA preparation and submission, exemption analysis, and employee training. We help you build practical controls that protect your organization without disrupting your operations.
About the Author
Jared Clark is the founder of Certify Consulting and has guided 200+ organizations through regulatory compliance engagements spanning ITAR, ISO, FDA, and GMP requirements. With a Juris Doctor providing legal framework expertise, an MBA for compliance strategy, PMP for structured implementation, and CMQ-OE for organizational excellence, Jared brings a uniquely comprehensive perspective to ITAR compliance challenges.
His ITAR practice focuses on deemed export compliance, Technology Control Plan development, foreign national screening programs, DDTC registration, export licensing, and training for defense contractors across the U.S. defense industrial base.
Common Questions
Answers to the most common questions about ITAR deemed exports. See full ITAR FAQ →
Schedule a free 30-minute consultation. We will assess your foreign national exposure, review your current controls, and recommend practical steps to ensure deemed export compliance — no obligation, no pressure.
Or email us at [email protected]