Skip Navigation
Search
Office of the Vice President for Research
Research Security Program
HomeResearch Security Program NewslettersExport Controls: Receipt of Materials, Equipment, Software, or Non-Public Information from a 3rd Party

Newsletter - January 2023

Stony Brook University’s Research Security Program

The program was created to assist faculty with compliance requirements (i.e., export control, disclosure, international travel, international activities and cybersecurity) by providing information, guidance and resources. This inter-disciplinary program is a collaboration between many university-wide offices in response to campus policies, sponsor requirements and federal regulations. 

This newsletter series will highlight different areas of the program with targeted discussions and case studies to assist the campus community with compliance.

Export Controls

Why is it important to understand how export control laws apply to your research?  

Avoid costly fines and penalties for export violations:

  • Monetary fines to the university or to the individual 
  • Denial of export privileges
  • Loss of federal funds
  • Seizure/forfeiture of goods 

What are U.S. export control laws?

 U.S. export control laws are a body of federal regulations that regulate the: 

  • Disclosure, shipment, use, transfer, or transmission of any item, commodity, material, technical information, technology, software, or encrypted software for the benefit of a non-U.S. person (also called foreign person)  or foreign entity anywhere (including the transfer within the U.S. “deemed export”). The two primary regulations* are the: 

International Traffic in Arms Regulations (ITAR)

Export Administration Regulations (EAR)

  • Transactions and the provision of services involving prohibited countries, persons or entities based on trade sanctions, embargoes, and travel restrictions.  The primary regulation is the:

Foreign Asset Control Regulations

  • Certain transactions with persons or entities designated on a federal restricted parties list (e.g., Denied Persons List, Entity List, Unverified List, Debarred List, Specially Designated Nations, and Blocked Persons).   

Read more about restricted parties and available campus tools to screen for these parties.

*Note: For purposes of this newsletter nuclear materials and equipment are not discussed.  There are additional federal regulations and agencies that also control these items.

What do the International Traffic in Arms Regulations control?

The International Traffic in Arms Regulations (ITAR) control the export and re-export (including the transfer within the U.S. to a non-U.S. person) of defense articles, technical data, and defense services. Defense articles are items and related technologies designated as military or space related. Technical data is the information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles.

The list of controlled defense articles is called The United States Munitions List (USML).   

Examples of items controlled under the ITAR: 

Military electronics (e.g., underwater sound equipment, radar, military computers); laser, imaging, and guidance equipment (e.g., thermal imaging cameras, night sightings, expensive global positioning systems); chemical agents (e.g., nerve agents, vesicant agents) and their precursors; biological agents and equipment to protect or handle them; carbon/carbon and metal matrix composites.   

Resources:

Campus Resource: International Traffic in Arms Regulations (ITAR)
U.S. Government Resource: §121.1 The United States Munitions List

What do the Export Administration Regulations control?


The Export Administration Regulations (EAR) control the export and re-export (including the transfer within the U.S. to a non-U.S. person) of commercial and dual-use (commercial and military/security applications) items (e.g., materials, equipment, component, chemicals, biologics), technology, and software.  In general, technology is information necessary for the development, production, use (operation, installation, maintenance, repair, overhaul, and refurbishing) of an item. 

The list of controlled items is called the Commerce Control List (CCL).  

Examples of items controlled under the EAR:
Chemicals, microorganisms, toxins, sensors, lasers, information security, semiconductors and semiconductor equipment, drones, navigation and avionics, materials, material processing, computers, laptops.   

EAR99 – if an item is (1) under the jurisdiction of the U.S. Department of Commerce and (2) NOT specifically listed on the CCL then it is designated as EAR99. The majority of commercial products are EAR99. 

Examples of EAR99 items: Circuit breakers, MRI scanners, vacuum pumps, lab equipment (e.g., beakers, petri dishes).  Even households’ items are considered EAR99.  

Resources:

Campus Resource:  Export Administration Regulations 
U.S. Government Resource: 15 CFR §774 Supplement 1The Commerce Control List

Targeted Discussion: Receipt of Materials, Equipment, Software,

or Non-Public Information from a 3rd Party 

Investigators may want to share materials, equipment, software, or non-public information ("items") that they receive from a 3rd party with a non-U.S. person. Most of the time, this is okay but there may be times where an export license is required for a non-U.S. person – even if you are conducting fundamental research.   

How to comply?

Know the classification of materials, equipment, software, and technology/technical data that you are receiving. 
  • Request the classification from the vendor/sender – this is the best way!
    • Sales representative
    • Sales catalog 
    • Company website 
    • Material Transfer Agreement 
    • Confidentiality Agreement
    • Conduct a self-classification – need information such as: specifications, design intent and performance levels 
    • -Ask the Director of Research Security for assistance
Know if controlled materials, equipment, software, or technical data/technology will be shared with lab/team members.
  • Physical items – such as materials, equipment, chemicals, biologics, etc.
  • Software “includes but is not limited to the system functional design, logic flow, algorithms, application programs, operating systems, and support software for design, implementation, test, operation, diagnosis and repair” (22 C.F.R. §120.45(f)).
  • Technical Data/Technology may be in any tangible or intangible form, such as written or oral communications, blueprints, drawings, photographs, plans, diagrams, models, formulae, tables, engineering designs and specifications, computer-aided design files, user manuals or documentation, electronic media or information revealed through visual inspection. (22 C.F.R. § 120.10 and 15 C.F.R. § 772).
Know if a license is required to share with non-U.S. persons
  • Anything controlled by the ITAR will require a license (or documentation of a license exception) to share with a non-U.S. person.
  • Items and technology controlled by the EAR are not as straightforward – licensing requirements depend upon classification and destination/non-U.S. person citizenship.

When to contact the Research Security Program?

The case studies that follow provide examples of times when the Research Security Program should be contacted. 

Tips: 

If you are unsure about the classification or determination for an export license - STOP - and contact the program. 

If an export license is required, the institution must apply - STOP - and contact the program. 

Always let the program know when you receive or intend to receive: 

  • Anything controlled under the ITAR.  
  • Anything controlled as 500 or 600 series under the EAR (discussed below in Case Study #3)

Case Studies 

Case Study #1

You will be receiving materials from a company. The company has indicated to you that the materials are ITAR controlled. You will be testing them according to testing methods that you have developed and sending the test results back to the company. The company has no objection to publication of your testing methods but does not want you to publish any of the actual test results.

What do you need to consider?

  • Can a person gather any technical information about the materials by simply observing the materials? 
  • What are you testing for?  Does the test involve technical information about the materials?  Will the test results provide any details about the structure and/or function of the materials? 
  • Will others have physical access to the materials? 

If you answer yes to any of these questions and have non-U.S. persons in your laboratory -  it is likely that an export license is required for them to have access to the material. Contact the Research Security Program to create a technology control plan and address the need for an export license. 

Case Study #2

You will be receiving material from a U.S. government agency. The agency has indicated to you that the material is ITAR controlled. You will be using the material as part of your fundamental research project. There are no publication or non-U.S. person restrictions in your award document.

What do you need to consider?  

  • Can a person gather any technical information about the material by simply observing the material? 

  • Will others have physical access to the material?

If you answer yes to any of these questions and have non-U.S. persons in your laboratory -  it is likely that an export license is required for them to have access to the material. Contact the Research Security Program to create a technology control plan and address the need for an export license. 

Also consider:

  • Whether the ITAR controlled materials are required or if there is a commercial or research grade equivalent that would eliminate the need for a technology control plan and export license.

 

CASE STUDY #3

You will be receiving materials from a collaborator. The collaborator has indicated that the materials are listed on The Commerce Control List of the EAR. You will be using them as part of your fundamental research project. There are no publication or non-U.S. person restrictions in your award document. What do you need to consider?

Consider how the EAR defines "use". "Use" is the technology required for the 'operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing' of a controlled item. 

An export license (deemed export) is necessary for "use" when: 

Note:  There is technology that is considered 500 (spacecraft and some radiation hardened items) and 600 (items that were previously on the USML) series that do not follow this definition of "use".  

Contact the Research Security Program if in the conduct of a fundamental research project you plan to: 

  • Receive 500 or 600 series items/technology 

  • Release "use" or other controlled technology to a non-U.S. person

Research Security Program Contact Information

Susan Gasparo, Director of Research Security 

Research Security Program Website
https://www.stonybrook.edu/commcms/research_security/index.php

Research Security Program Email  
ovpr_researchsecurity_admin@stonybrook.edu or susan.gasparo@stonybrook.edu