Cross-border defense and dual-use technology in US procurement: the four-filter gate plus the ITAR-EAR architecture.

The cross-border defense and dual-use archetype.

The archetype is specific and recurring across the major non-US defense and dual-use corridors. The Tel Aviv archetype is an Israeli defense-tech or dual-use technology firm in cyber, EW, sensors, autonomous, missile-defense, C4ISR, or space, anchored on Unit 8200, Talpiot, 9900, MAFAT, or IDF technology-tree alumni, with national-defense customer reference at IDF and Israeli-government scale, NATO partner-state references where applicable, and a home-government export-control posture inside the Israeli Ministry of Defence's Defense Export Controls Agency (DECA). The Stockholm archetype is a Swedish defense or dual-use firm in the Saab supply tree, in radar, sensors, ground-systems, naval, EW, or autonomous, with home-government reference at Försvarsmakten and FMV. The Seoul archetype is a Korean defense firm in the Hanwha, KAI, LIG Nex1, or Hyundai Rotem operating tree, in ground-systems, missile, naval, sensors, or autonomous. The London archetype is a UK defense firm in the BAE Systems, Babcock, Rolls-Royce-Defence, or QinetiQ operating tree, with MOD reference and Five Eyes adjacency. The Prague archetype is a Czech defense firm in the Aero Vodochody, Česká zbrojovka, Tatra, or Excalibur Army operating tree, with Czech MOD reference and NATO partner-state references. The Warsaw archetype is a Polish defense firm in the Polska Grupa Zbrojeniowa or WB Group operating tree, with Polish MOD reference and rapidly growing US-prime adjacency. The Helsinki archetype is a Finnish defense firm in the Patria operating tree. The Oslo archetype is a Norwegian defense firm in the Kongsberg or Nammo operating tree. The Tokyo archetype is a Japanese defense or dual-use firm in the Mitsubishi Heavy Industries, Kawasaki Heavy Industries, IHI, or NEC operating tree, working under the Japanese Ministry of Defense's controlled framework. The Paris archetype is a French defense firm in the Thales, Dassault, Safran, MBDA, Naval Group, or Nexter operating tree.

The home-market track record is real. The firm has typically delivered to its home-government defense customer at programme scale, has typically delivered to one or more partner-state defense customers, and where applicable has delivered to NATO programmes through the home-government's NATO procurement architecture. The technical depth is calibrated to the home-government and partner-state defense reader. The home-government export-control posture is intact and the firm operates under the home-country export-control authority (Israeli DECA, French DGA, Swedish ISP, UK ECJU, Korean DAPA, Czech MOD, Polish MON, Finnish MOD, Norwegian MOD, Japanese METI export-control framework).

The firm arrives at US DOD, US federal, or US-prime-contractor procurement, the technical conversation goes well, the foreign-government and NATO references are noted, and the procurement decision does not advance at the rate the home and NATO reading would predict. The internal explanation is that US defense procurement is slow, that the US DOD acquisition cycle is long, that ITAR is opaque, and that the firm needs a US sales lead with prime-contractor relationships. Each is partially true. None is the structural cause. The structural cause is that the US-facing commercial frame leads with home-government and NATO track record and technical depth rather than with the four-filter baseline plus the defense-specific overlay the US prime-contractor and US DOD procurement reader is filtering on.

The four-filter gate as baseline.

The four-filter US procurement gate, detailed at the US procurement four-filter framework pillar, is the necessary baseline for any cross-border firm entering US procurement. The four filters cover US procurement category, US past-performance, US peer-set, and US-procurement risk architecture. A cross-border defense or dual-use firm that arrives with any of the four baseline filters incomplete is not yet US-procurement-ready at any tier, including commercial-only US-prime adjacency.

Procurement category. The US prime-contractor and US DOD procurement reader filters on category vocabulary that is highly specific. Cyber sub-categories follow the cyber procurement reader's vocabulary detailed in the cross-border cyber and AI/ML pillar. Sensors sub-categories cover EO/IR, radar (S-band, X-band, Ka-band, mmWave), SIGINT, COMINT, MASINT, hyperspectral, and acoustic. Autonomous sub-categories cover unmanned aerial systems, unmanned ground systems, unmanned underwater systems, and counter-UAS. Materials sub-categories cover composites, ceramics, propellants, energetics, additive manufacturing, and high-temperature materials. Systems integration sub-categories cover C4ISR, mission systems, weapons systems, and platform integration. EW (electronic warfare) sub-categories cover offensive EW, defensive EW, and EW management. Space-systems sub-categories cover satellite buses, satellite payloads, ground systems, and launch services. Naval sub-categories cover surface combatants, submarines, autonomous maritime, and naval mission systems. Missile sub-categories cover air-to-air, air-to-ground, surface-to-surface, anti-ship, and missile defense. Ground-vehicles sub-categories cover armoured platforms, light tactical, medium tactical, heavy tactical, and combat support.

Past-performance. US DOD past-performance is the second filter and the one most often misread by cross-border firms whose past-performance is anchored on home-government and NATO partner-state references. US peer-set. The US prime-contractor and US DOD procurement reader is filtering against the US-recognised alternative the buyer is also evaluating. Risk architecture. US-procurement risk covers FOCI mitigation, ITAR/EAR posture, US security clearance posture, CMMC-Level posture, US-side liability, US-side governing law, and US-side service-level commitments calibrated to US-prime-contractor and US-DOD vocabulary.

The defense-specific overlay: ITAR-EAR architecture.

ITAR (International Traffic in Arms Regulations) governs defense articles and defense services on the United States Munitions List, administered by the State Department's Directorate of Defense Trade Controls. EAR (Export Administration Regulations) governs dual-use commercial items on the Commerce Control List, administered by the Bureau of Industry and Security inside the Department of Commerce. The architecture matters in US-prime-contractor and US-DOD procurement vocabulary because the US prime contractor and the US DOD programme office cannot integrate cross-border defense and dual-use components, software, or systems without a clean ITAR/EAR posture covering the firm, the firm's US affiliate, the technology transfer between them, the deemed-export-control architecture for non-US national employees, and the US-side compliance documentation.

The architecture covers several named objects. ITAR registration where the firm or its US affiliate is brokering or manufacturing defense articles. EAR classification of dual-use items by ECCN and licence-exception applicability. Technology-transfer-control architecture between the home entity and the US affiliate. Technical Assistance Agreements (TAAs) and Manufacturing License Agreements (MLAs) with US prime contractors. Deemed-export controls for non-US national employees in the US, which apply when a non-US-national engineer at the US affiliate accesses ITAR-controlled or EAR-controlled technical data. Export-control compliance documentation for US prime-contractor security and compliance reading. FOCI (Foreign Ownership, Control or Influence) mitigation architecture, which is the US-cleared facility's procurement reading on whether and how the foreign parent's ownership, control, or influence is mitigated through governance, security, and operating architecture acceptable to DCSA, the Defense Counterintelligence and Security Agency.

The architecture work belongs with US specialist export-control counsel, US specialist national-security counsel, and US specialist FOCI mitigation counsel. The marketing work is to surface the firm's ITAR/EAR posture, FOCI mitigation posture, and technology-transfer-control architecture in US-prime-contractor and US-DOD-procurement vocabulary, so the US prime-contractor procurement reader and the US DOD programme office can internally represent the firm to the US security, US compliance, US programme, and US contracting counterparts.

US prime-contractor relationship architecture.

US prime-contractor procurement is governed by a small set of named US primes whose relationship architecture is the gating object for cross-border defense and dual-use firms not selling directly into US DOD. Lockheed Martin operates across aeronautics, missiles and fire control, rotary and mission systems, and space, with a procurement reading anchored on Lockheed's specific TAA and MLA architecture, Lockheed's supplier diversity and small-business requirements, and Lockheed's CMMC and security architecture. Northrop Grumman operates across aeronautics systems, defense systems, mission systems, and space systems, with parallel procurement architecture. Raytheon-RTX (Raytheon Technologies including Raytheon Missiles and Defense, Pratt and Whitney, Collins Aerospace) operates across the broadest cross-segment portfolio in US defense. BAE Systems Inc, the US-cleared subsidiary of BAE Systems plc, operates a US-cleared FOCI-mitigated structure that itself serves as a reference architecture for cross-border-to-US-cleared transitions. General Dynamics operates across combat systems, marine systems, mission systems, and IT. L3Harris operates across communication systems, integrated mission systems, space and airborne systems, and aviation systems. Boeing-Defense (Boeing Defense, Space and Security) operates across defense, space, and security platforms.

Each prime carries its own procurement architecture, its own TAA and MLA standard terms, its own subcontractor onboarding protocol, its own teaming-agreement architecture, its own supplier-conference and industry-day cadence, and its own internal procurement reader inside the prime's procurement, contracting, programme, supply-chain, and security functions. A cross-border defense or dual-use firm without a named US prime as the entry path is operating without a relationship anchor in US-prime-contractor procurement. The relationship architecture is the entry path: the firm enters US-prime-contractor procurement as a teaming partner, a tier-one subcontractor, a tier-two component supplier, a software-licensor, or a technology-licensor, and each entry path carries its own architecture.

The marketing work at the relationship layer is to surface the firm's relationship readiness in US-prime vocabulary: which named prime, which named programme adjacency, which entry path (teaming, tier-one subcontract, tier-two component, software licence, technology licence), which named US-cleared US affiliate or US partner the firm has stood up or is standing up, which named TAA or MLA architecture the firm and the prime are operating under or moving toward, and what the supplier-conference and industry-day cadence has been to date.

US DOD past-performance translation.

US DOD past-performance is the procurement filter that most often resolves against cross-border defense and dual-use firms whose past-performance is anchored on foreign-government and NATO partner-state programmes. The US DOD programme office, the US prime-contractor procurement reader, and the US contracting officer apply US DOD evaluation criteria to past-performance: the named US contract, the named US programme office, the named US contracting officer, the US contract value, the US contract scope, the US contract period of performance, the US delivery and schedule performance, the US technical performance, the US cost performance, and the US-recorded past-performance rating in CPARS (Contractor Performance Assessment Reporting System).

Foreign-government and NATO partner-state references do not translate into US DOD past-performance directly. They translate into a US DOD past-performance translation: the firm has delivered to a foreign-government customer at programme scale comparable to the US DOD programme of interest, the foreign-government programme has documented delivery, schedule, technical, and cost performance, and the US DOD programme office can read the foreign-government past-performance against US DOD evaluation criteria with adjustments. The translation is not automatic and is not done by the US DOD programme office on the firm's behalf. The translation work is the firm's, performed in US DOD vocabulary, surfaced in US procurement-readable form.

NATO programme past-performance translates with greater fluidity than non-NATO foreign-government past-performance because NATO procurement architecture overlaps with US DOD procurement standards on several dimensions. Five Eyes partner past-performance (UK, Canada, Australia, New Zealand) translates with the greatest fluidity for US security clearance and US DOD past-performance reading. Israeli past-performance under the US-Israel cooperative procurement architecture (Iron Dome co-production, F-35 partner participation, joint US-Israel programmes) carries specific translation pathways. Korean past-performance under the US-Korea Mutual Defense Treaty programme architecture carries other pathways. Japanese past-performance under the US-Japan defense cooperation architecture carries others. The translation work is corridor-specific.

US security clearance and CMMC-Level posture.

US security clearance covers individual personnel security clearances (Confidential, Secret, Top Secret, Top Secret SCI) issued by DCSA after a sponsored investigation, US facility security clearances issued by DCSA for cleared facilities, and the cleared-personnel and cleared-facility architecture required for classified US DOD work. A cross-border defense or dual-use firm without US-cleared personnel or US-cleared facility architecture is not procurement-eligible at US classified programmes, regardless of the firm's home-country clearance status. The clearance architecture sits with US specialist counsel and US-cleared sponsors. The marketing work is to surface the firm's clearance posture in US-procurement vocabulary: which named US affiliate is or is moving toward US-cleared facility status, which US-cleared partner is sponsoring the cleared work, which FOCI mitigation architecture is in place, and what the timeline and scope of US clearance is.

CMMC (Cybersecurity Maturity Model Certification) covers the cybersecurity posture required for US DOD contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC Level 1 covers basic FCI handling. CMMC Level 2 covers CUI handling at the standard NIST 800-171 control set. CMMC Level 3 covers CUI handling at an enhanced control set for higher-priority programmes. The CMMC programme is administered by the Cyber Accreditation Body and assessed by US authorised CMMC Third-Party Assessment Organizations (C3PAOs). A cross-border defense or dual-use firm without CMMC Level 1, Level 2, or Level 3 posture (depending on the contract type) is not procurement-eligible at most US DOD contracts handling FCI or CUI. The CMMC implementation work belongs with US authorised CMMC assessors. The marketing work is to surface the firm's CMMC posture in US procurement vocabulary.

FOCI mitigation architecture covers the structural architecture that allows a foreign-owned, foreign-controlled, or foreign-influenced firm to hold US-cleared facility status. The mitigation tools include Special Security Agreements (SSA), Proxy Agreements, Voting Trusts, and Board Resolutions, each with different architecture, different governance, and different US-prime and US-DOD reading. The FOCI mitigation work belongs with US specialist national-security counsel and DCSA-administered review. The marketing work is to surface the FOCI mitigation architecture in US-procurement-readable form.

Cross-corridor view: Tel Aviv, Stockholm, Seoul, London, Prague, Warsaw, Helsinki, Oslo, Tokyo, Paris.

The pattern repeats across the major non-US defense and dual-use corridors with corridor-specific surface differences. Tel Aviv carries the deepest non-US defense-tech and dual-use cohort, anchored on Unit 8200, Talpiot, 9900, MAFAT, and IDF technology trees, with the Israeli DECA export-control framework, US-Israel cooperative procurement architecture, and Iron Dome and F-35-partner programme adjacencies. The Tel Aviv corridor is detailed on the Tel Aviv city page.

Stockholm carries the Swedish defense and dual-use cohort anchored on Saab and the broader Swedish defense supply chain, with the Swedish ISP export-control framework and NATO programme adjacencies. The Stockholm corridor is detailed on the Stockholm city page. Seoul carries the Korean defense cohort anchored on Hanwha, KAI, and LIG Nex1, with the Korean DAPA export-control framework and US-Korea Mutual Defense Treaty programme architecture. The Seoul corridor is detailed on the Seoul city page.

London carries the UK defense cohort anchored on BAE, Babcock, and QinetiQ, with the UK ECJU export-control framework and Five Eyes US-procurement adjacency. The London corridor is detailed on the London city page. Prague carries the Czech defense cohort anchored on Aero Vodochody, Česká zbrojovka, and the broader Czech defense supply chain, with the Czech MOD export-control framework and NATO partner-state procurement adjacency. The Prague corridor is detailed on the Prague city page.

Warsaw carries the rapidly growing Polish defense cohort anchored on Polska Grupa Zbrojeniowa and WB Group, with the Polish MON export-control framework and growing US-prime adjacency through Poland's accelerated US-procurement programme. The Warsaw corridor is detailed on the Warsaw city page. Helsinki carries the Finnish defense cohort anchored on Patria, with the Finnish MOD export-control framework and post-2023 NATO procurement architecture. The Helsinki corridor is detailed on the Helsinki city page.

Oslo carries the Norwegian defense cohort anchored on Kongsberg and Nammo, with the Norwegian MOD export-control framework and longstanding NATO procurement adjacency. The Oslo corridor is detailed on the Oslo city page. Tokyo carries the Japanese defense and dual-use cohort anchored on Mitsubishi Heavy Industries and Kawasaki Heavy Industries, with the Japanese METI export-control framework and US-Japan defense cooperation programme architecture. Paris carries the French defense cohort anchored on Thales, Dassault, Safran, MBDA, and Naval Group, with the French DGA export-control framework and historic US-France defense procurement architecture.

Across all ten corridors, the underlying pattern is the same. The firm arrives with home-government track record, technical depth, and home-government export-control posture, and arrives at the US DOD, US federal, or US-prime-contractor procurement gate with the same defense-specific overlay missing on top of the four-filter baseline. The corridor differences are surface-level. The fix sequence is identical.

US DOD and US-prime-contractor procurement reads through the four-filter gate plus the defense-specific overlay. ITAR/EAR architecture, US-prime relationship architecture, US DOD past-performance translation, and US security clearance and CMMC-Level posture are the gating objects above the baseline. The home-government and NATO track record is real, and it does the supporting-proof work after the overlay is in place, not before. House view on cross-border defense and dual-use technology in US procurement

The fix sequence.

Three stages in order. The order matters. Rebuilding US-facing materials on a broken category anchor or a broken overlay produces cleaner execution on the same misread.

Diagnose. The first stage identifies where in the four-filter baseline plus defense-specific overlay the firm's US-facing frame is breaking. The diagnosis is firm-specific. A Tel Aviv EW firm at the first US-prime industry-day has a different first break than a Stockholm radar firm at first US-prime supplier conference, a Seoul ground-systems firm at first US Foreign Military Sales review, a Prague small-arms firm at first US prime-contractor supplier onboarding, a Warsaw artillery firm at first US-prime teaming conversation, a Helsinki autonomous-maritime firm at first US Navy Office of Naval Research engagement, an Oslo missile firm at first US Air Force programme office, or a Tokyo systems-integration firm at first US-Japan cooperative procurement working group. The diagnosis surfaces where the US prime-contractor and US DOD conversations are going quiet, what US prime and US DOD procurement readers are encountering in the first ninety seconds of the materials, and which of the baseline filters or overlay objects is doing the damage.

Correct the signal. The second stage rebuilds the US-facing frame. The US procurement category is named at the front in US-prime-contractor and US-DOD vocabulary, with the firm's position inside the named category and the US programme adjacency stated in US-procurement-readable terms. US DOD past-performance translation is surfaced from foreign-government and NATO references in US DOD evaluation-criteria vocabulary. US peer-set comparables are named explicitly against the US-recognised alternatives the prime contractor or programme office is also evaluating. ITAR/EAR architecture is stated in US-procurement-readable form: ITAR registration, EAR classification, technology-transfer-control architecture, TAA and MLA architecture, deemed-export-control architecture, FOCI mitigation architecture. US prime-contractor relationship architecture is stated in US-prime vocabulary: named prime, named programme adjacency, named entry path (teaming, tier-one subcontract, tier-two component, software licence, technology licence), named US-cleared US affiliate or US partner. US security clearance and CMMC-Level posture is stated in US-procurement vocabulary. Home-government track record, technical depth, and home-country export-control posture are repositioned as supporting proof beneath the US commercial frame.

Rebuild the execution layer. The third stage rebuilds the surfaces the US prime-contractor procurement reader, the US DOD programme office, and the US contracting officer encounter. US-facing principal and team bios with US-cleared US-based commercial leadership where the structure supports it. US references and US DOD past-performance translation packaging. US prime-contractor-facing materials calibrated to each named prime's procurement architecture (Lockheed-facing, Northrop-facing, Raytheon-RTX-facing, BAE-US-facing, General Dynamics-facing, L3Harris-facing, Boeing-Defense-facing). US DOD programme-office-facing materials calibrated to the named US DOD programme. US security and compliance documentation surfacing (FOCI mitigation, ITAR registration, EAR classification, CMMC posture, US security clearance posture). US-facing site and US commercial cadence calibrated to US prime-contractor industry-day, supplier-conference, and pre-RFP cadence. The execution layer sits on top of the corrected frame. Done last, it produces materials that survive the US prime-contractor and US DOD procurement filter. Done first, it produces beautifully executed materials that repeat the original misread with higher fidelity.

When to engage us.

The firm runs three engagements for cross-border defense and dual-use principals. Fit is confirmed in discovery, not published.

• Market Entry Sprint (six to ten weeks) for a single US category correction and the first US-facing materials rebuilt and shipped. Typical for a cross-border defense or dual-use firm at the first US-prime industry-day, first US-prime supplier conference, first US DOD programme-office engagement, first US Foreign Military Sales review, or first US-prime teaming conversation. See the Sprint →
• Cross-Border Build (three to six months) for a full US rebuild across positioning, US-prime-contractor-facing materials calibrated to multiple named primes, US DOD programme-office-facing materials, US DOD past-performance translation packaging, US security and compliance documentation surfacing, US-cleared US affiliate stand-up support at the marketing layer, and US commercial cadence calibrated to US-prime and US-DOD procurement rhythms. Standard shape for cross-border defense and dual-use principals committed to US scale across multiple US primes and US DOD programmes. See the Build →
• Group Partnership (monthly retainer, twelve-month minimum) for cross-border defense holdings, multi-portfolio defense operators, family-office-backed defense and dual-use holdings, sovereign-investor-backed defense portfolios, or trilingual fiduciary structures with multiple operating defense brands requiring US-facing rebuilds in parallel. See the Partnership →

For city-level corridor reading, see the Tel Aviv city page, the Stockholm city page, the Seoul city page, the London city page, the Prague city page, the Warsaw city page, the Helsinki city page, and the Oslo city page.

Frequently asked questions.