Cross-border defense and dual-use.
How foreign defense and dual-use firms approach US procurement under ITAR, EAR, and DFARS overlays.
Read the pillar →
The US regulatory regime, codified at 22 CFR Parts 120-130, controlling the export and temporary import of defense articles and services on the US Munitions List.
The International Traffic in Arms Regulations (ITAR) is the US regulatory regime governing the export, temporary import, brokering, and re-transfer of defense articles, defense services, and related technical data. The regulations are codified at Title 22 of the Code of Federal Regulations, Parts 120 through 130, and are issued under the authority of the Arms Export Control Act. ITAR is administered by the US Department of State, Directorate of Defense Trade Controls (DDTC), within the Bureau of Political-Military Affairs.
The scope of ITAR is defined by the United States Munitions List (USML), set out at 22 CFR 121.1. The USML is organised into 21 categories spanning firearms, guided missiles, vessels of war, military electronics, aircraft, and a range of associated systems and technical data. An item enumerated on the USML is subject to ITAR controls regardless of where it is physically located, who possesses it, or what it is intended to be used for. Technical data and defense services associated with USML items are also controlled, including engineering drawings, specifications, software, and assistance to foreign persons in the design, development, production, or modification of defense articles.
Persons engaged in manufacturing, exporting, or brokering defense articles or services must register with DDTC under 22 CFR Part 122 (manufacturers and exporters) or Part 129 (brokers); registration is renewable annually and carries a fee. Most exports require an export licence or another DDTC authorisation, such as a Technical Assistance Agreement (TAA) or Manufacturing License Agreement (MLA), before any controlled item, technical data, or service crosses the US border or is released to a foreign person. ITAR violations carry substantial civil and criminal penalties, including monetary fines, debarment, and imprisonment.
For internationally-headquartered firms with US subsidiaries that handle USML-controlled defense articles or technical data, ITAR shapes the operating architecture. Controlled facilities, US-cleared personnel for specified roles, segregated networks, foreign-person access controls, and explicit ITAR compliance programmes are structural requirements, not paperwork. The deemed-export principle treats release of controlled technical data to a foreign person inside the United States as an export to that person's country of nationality, which constrains who can be hired, who can access engineering systems, and how cross-border parent-subsidiary collaboration is structured.
ITAR sits alongside the Export Administration Regulations (EAR) for dual-use items, and inside DOD procurement it interlocks with DFARS clauses and CMMC requirements. Further reading: German cyber, FedRAMP, and CMMC and cross-border defense and dual-use technology in US procurement.
How foreign defense and dual-use firms approach US procurement under ITAR, EAR, and DFARS overlays.
Read the pillar →How DACH cyber and cloud firms sequence FedRAMP authorisation, CMMC alignment, and US federal market entry.
Read the pillar →The RFP architecture US federal procurement reads on, and what foreign suppliers rebuild before responding.
Read the pillar →