Know when software falls under export control regime.

• Author: Richardson, Jeffrey

The International Traffic in Arms Regulations, or ITAR, control the export of software classified as a "defense article."

The United States munitions list [USMR] contains items regulated by the ITAR, including a range of products from tanks to fighter aircraft.

However, defense articles also include items like complex military cryptographic software and rudimentary diagnostic software designed to assist in the repair of other defense articles.

In collaboratively developing or licensing software, a company may violate the ITAR by improperly disclosing or transferring software as an unauthorized export. The risks of infringing ITAR include civil fines of up to $500,000 per violation, as well as suspension or debarment from government contracts, seizure and forfeiture of the defense article, and revocation of export privileges, while potential criminal liability may include fines up to $1 million per violation and 10 years imprisonment.

An ITAR violation for improperly exporting controlled software may occur by disclosing or otherwise transferring controlled software to a foreign person, whether in the United States or abroad, or a foreign government.

Software exports may include the disclosure of source code to a foreign person through both oral and written means. Moreover, an ITAR violation may occur by using the software to perform a defense service for a foreign person. A defense service is defined broadly enough to include everything from the design and development at the beginning of a defense article's life cycle, to normal repair and maintenance during an item's life cycle, from managing the end of the article's life cycle through the actual demilitarization or destruction of the item.

The first step to determining whether software is a defense article is to understand how ITAR applies to software. The regulations apply to both software specifically listed on the USML, such as military cryptographic software, and software not specifically listed on the munitions list, but otherwise classified as ITAR technical data.

The ITAR definition of a defense article includes any item or technical data designated on the munitions list, defined to include "information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles, as well as software directly related to defense articles."

Software, as defined by ITAR includes, "system functional design, logic...