EAR vs. ITAR: A Side-by-Side Export Controls Compliance Comparison

Why Export Controls Compliance Requires You to Know Both Frameworks

Many defense contractors and manufacturers operate under a common misconception: if they are registered under ITAR, they have export controls covered. The reality is more complex. The United States maintains two distinct but interconnected export control regimes — the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) — and compliance with one does not guarantee compliance with the other. Understanding the differences between these two frameworks is not academic; it is operationally critical.

As someone who works daily with defense contractors, aerospace manufacturers, and technology companies navigating ITAR and export controls compliance, I see the consequences of confusion between EAR and ITAR play out in enforcement actions, failed audits, and lost contracts. This side-by-side comparison is designed to give compliance managers and executives a clear, practical reference for both frameworks.

The Governing Authorities: Who Owns Each Regulation

The first and most fundamental difference is jurisdictional authority.

ITAR: Department of State, DDTC

ITAR is administered by the U.S. Department of State through the Directorate of Defense Trade Controls (DDTC). It is rooted in the Arms Export Control Act (AECA) and focuses exclusively on defense articles, defense services, and related technical data. The DDTC maintains the United States Munitions List (USML), which is the definitive list of items subject to ITAR control.

EAR: Department of Commerce, BIS

EAR is administered by the U.S. Department of Commerce through the Bureau of Industry and Security (BIS). It governs the export of dual-use items — commercial goods and technologies that have both civilian and potential military applications. The Commerce Control List (CCL) is the EAR equivalent of the USML, organized around Export Control Classification Numbers (ECCNs). For a deeper look at how ECCNs work, see our post on understanding Export Control Classification Numbers.

Scope and Covered Items: The Core Distinction

This is where most compliance errors originate. Organizations misclassify items between the two lists, which can result in either under-compliance or unnecessary regulatory burden.

What ITAR Covers

• Weapons systems, military aircraft, and naval vessels
• Firearms, ammunition, and explosives designed for military use
• Military electronics, spacecraft, and satellites
• Technical data and defense services directly related to USML items
• Software specifically designed for defense articles

If an item appears on the USML, ITAR applies — full stop. There is no export license exception that eliminates ITAR obligations for USML-listed items exported to non-U.S. persons, even within the United States.

What EAR Covers

• Dual-use technology including semiconductors, sensors, and encryption software
• Commercial communications equipment with potential military applications
• Civilian aircraft components and avionics not on the USML
• Items that do not appear on the CCL but are still subject to EAR (the EAR99 designation)
• Re-exports of U.S.-origin items from third countries

The practical implication for aerospace and defense companies is significant: a single product line may contain components subject to ITAR and subsystems subject only to EAR. Classifying the whole assembly incorrectly exposes the organization to serious risk under whichever framework is violated.

Licensing Requirements: A Side-by-Side Look

ITAR Licensing

Under ITAR, any export of a defense article, defense service, or controlled technical data to a foreign person — regardless of where that person is located — requires either a license from DDTC or a specific exemption. Common license types include the DSP-5 for permanent exports and the DSP-61 and DSP-73 for temporary imports and exports. Exemptions exist but are narrowly drawn and must be applied carefully.

The concept of "deemed export" is especially important under ITAR. Sharing ITAR-controlled technical data with a foreign national on U.S. soil constitutes an export and requires authorization. For guidance on hiring foreign nationals in an ITAR environment, see our post on ITAR compliance and hiring foreign nationals.

EAR Licensing

EAR licensing requirements depend on the item's ECCN, the destination country, the end user, and the end use. Many EAR-controlled items qualify for License Exceptions — a broader and more flexible set of carve-outs than ITAR provides. Items classified as EAR99 generally do not require a license unless the transaction involves a sanctioned country, a denied party, or a prohibited end use.

BIS also maintains Entity Lists, Denied Persons Lists, and Unverified Lists that impose additional screening obligations. A robust export controls compliance program must screen all parties against these lists before every transaction.

Registration Requirements

ITAR Registration

Any U.S. company that manufactures, exports, or brokers defense articles or defense services is required to register with the DDTC — even if it has never executed an actual export. Registration is mandatory, not optional, and must be renewed annually. Failure to register is itself a violation, independent of any unlicensed export. For a complete walkthrough, see our post on how to get "ITAR certified."

EAR Registration

EAR does not impose a blanket registration requirement comparable to ITAR. Instead, obligations arise transactionally — when a company prepares to export an EAR-controlled item. However, companies that export frequently should establish internal classification and screening processes as part of a proactive compliance program development strategy.

Penalties: Enforcement and Consequences

Both frameworks carry substantial civil and criminal penalties, but the enforcement culture differs.

ITAR Penalties

• Civil penalties up to $1,335,326 per violation (indexed for inflation)
• Criminal penalties up to $1 million per violation and up to 20 years imprisonment
• Debarment from future defense contracts and export privileges
• DDTC enforcement is proactive, and voluntary disclosures are treated as a significant mitigating factor

EAR Penalties

• Civil penalties up to $364,992 per violation or twice the value of the transaction, whichever is greater
• Criminal penalties up to $1 million per violation and up to 20 years imprisonment
• Denial of export privileges, which can be commercially catastrophic
• BIS has increased enforcement activity significantly in recent years, particularly for technology exports to adversarial nations

In both regimes, voluntary self-disclosure — made promptly and thoroughly — is one of the most effective tools for reducing penalty exposure. This requires a mature internal compliance infrastructure capable of detecting and escalating potential violations quickly.

Key Compliance Program Elements for Both Frameworks

Regardless of whether your organization is subject primarily to ITAR, EAR, or both, a defensible export controls compliance program requires the following elements:

1. Jurisdiction and classification determination: Every product, technology, and piece of technical data must be classified against both the USML and CCL.
2. Screening protocols: All transactions must be screened against DDTC, BIS, and OFAC restricted party lists before execution.
3. License management: A centralized system for tracking license applications, approvals, conditions, and expiration dates.
4. Employee training: Regular, role-specific training is mandatory. Front-line employees, engineers, and managers each carry different obligations.
5. Visitor access controls: Physical access to ITAR-controlled facilities and data by foreign nationals must be carefully managed and documented.
6. Recordkeeping: ITAR requires five-year retention of export records; EAR requires five years from the date of export or the last activity, whichever is later.
7. Audit and monitoring: Regular internal audits catch violations before they become enforcement matters.

For organizations managing both regimes simultaneously, our post on how to manage an ITAR and EAR export compliance program provides a practical operational framework.

The Intersection: When Both Apply

One of the most operationally challenging situations arises when an item transitions from ITAR to EAR jurisdiction — or when a product line contains a mix of both. The U.S. government periodically moves items from the USML to the CCL through a process called Export Control Reform (ECR). When an item is moved to the CCL, it typically receives a "600 series" ECCN and remains subject to robust licensing requirements, even though it is now technically under EAR. Companies that treated the shift as a deregulatory event have been seriously surprised by BIS enforcement actions.

Manufacturers in particular face this dual-jurisdiction challenge constantly. Our detailed guide on ITAR compliance for manufacturers addresses how to structure programs that account for both regulatory regimes across complex product portfolios.

EAR vs. ITAR at a Glance

Governing agency: ITAR — Department of State (DDTC) | EAR — Department of Commerce (BIS)

Controlling list: ITAR — United States Munitions List (USML) | EAR — Commerce Control List (CCL)

Primary focus: ITAR — Defense articles, services, technical data | EAR — Dual-use items, commercial technology

Registration required: ITAR — Yes, mandatory annual registration | EAR — No general registration requirement

Deemed export rule: ITAR — Applies strictly to foreign nationals | EAR — Applies to foreign nationals for CCL items

License exceptions: ITAR — Limited, narrowly defined | EAR — Broader, more flexible

Max civil penalty: ITAR — ~$1.3M per violation | EAR — ~$365K per violation or 2x transaction value

Building a Program That Covers Both

Most organizations subject to ITAR are also subject to EAR in some dimension of their operations. Treating these as two separate compliance silos is inefficient and creates gaps. The most effective approach is an integrated export controls compliance program that addresses jurisdiction determination, licensing, training, physical security, and recordkeeping under a unified governance structure.

If your organization needs to build or mature this type of program, our ITAR and export controls compliance services are designed specifically for defense contractors, manufacturers, and technology companies operating in regulated environments. You may also find our ITAR and Export Controls Fundamentals guide a useful starting reference for your compliance team.

Ready to Strengthen Your Export Controls Compliance Program?

Whether you are building an export compliance program from scratch, preparing for a DDTC or BIS audit, or navigating a complex dual-jurisdiction classification challenge, Cleared Systems is ready to help. Our team brings hands-on experience with both ITAR and EAR across defense, aerospace, and manufacturing environments. Request a quote today to speak with a compliance specialist about your specific situation, or explore our engagement models to find the right fit for your organization's size, risk profile, and timeline.