- Why Sharetru?
- Resource Hub
When you deal with defense-related data and services, the different compliance regulations you’re subject to can be difficult to keep straight. One set of compliance mandates, ITAR, comes from the DDTC. Learn more about the DDTC, its relation to ITAR and USML, and how to maintain compliance.
The Directorate of Defense Trade Controls (DDTC) is an agency within the U.S. Department of Defense. The DDTC mission is: “Ensuring commercial exports of defense articles and defense services advance U.S. national security and foreign policy objectives.”
Thus, they are tasked with monitoring how defense articles are shared and services are conducted. Minimizing vulnerabilities in these two areas help to maintain security and protect national interests.
DDTC administers the International Traffic in Arms Regulations, a set of guidelines designed to keep sensitive materials out of the hands of non-authorized U.S. citizens and non-citizens. ITAR covers items listed on the United States Munitions List (USML), listed in sections 38 and 47(7) of the Arms Export Control Act, which includes items like data and services pertinent to military weapons and plans.
The DDTC regulates defense articles and defense services. Let’s look at defense articles first. This may seem like a vague term, but defense articles can cover any technical files related to U.S. defense data, items, and services. This could include digital and physical data.
In fact, incomplete items can fall under the defense article category. This means that even items that have reached a stage in the manufacturing process in which they can be identified as defense articles must be protected.
In addition to defense articles, defense services are covered, too. Defense services are actions or activities that assist in the creation of defense-related items. As the U.S. government puts it:
“The furnishing of assistance (including training) to foreign persons, whether in the United States or abroad in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing or use of defense articles.”
DDTC guidelines, including ITAR, impact anyone dealing in or using items on the USML. This includes government contractors and subcontractors, in addition to the following:
For companies that fall under one of the categories listed above and are subject to ITAR regulations, it’s mandatory that you register with the DDTC. This is required for all manufacturers, exporters, importers, and brokers of defense articles. While registering with the DDTC doesn’t grant you any export or import privileges, taking this step is important as it informs the U.S. government that you are involved in activities that fall under the ITAR umbrella. Registration is usually an important first step toward being issued an import or export license.
In addition to providing essential information to the government, you also must register with the DDTC to avoid serious noncompliance consequences. Handling ITAR-related material without properly informing the government makes it difficult to ensure that defense articles are being securely shared. ITAR violations, including failure to maintain DDTC registration, could result in civil fines as high as $500,000 and criminal fines as high as $1,000,000. You could also face ten years in prison per violation.
Not only could these consequences seriously damage your company’s reputation and financial standing, but they could also come at a high personal price. That’s why it’s so important to understand your obligations under ITAR and properly register with the DDTC.
Now that you have a better understanding of the DDTC, let’s look at ITAR. The best way to understand ITAR is by understanding the goal of these regulations: to keep USML items out of the hands of non-U.S. citizens. It’s that simple. Only citizens are allowed to handle USML data.
While the goal of ITAR is simple, enacting that goal has become more difficult as markets expand on a global level. More and more companies are hiring teams outside the U.S. Even if a company you sub-contract work to employs non-U.S. citizens, you’re at risk of noncompliance with ITAR. The State Department can issue exemptions to this ITAR mandate, and there are some countries that are exempt from this USML blackout.
The best way to align with ITAR regulations is to take steps to properly secure your data.
ITAR compliance is easily achieved with an effective plan and the proper tools in place. One such tool is a secure file sharing solution aligned with ITAR compliance. This allows you to limit who has access to your data on a granular level, mitigating the risk of unauthorized data leakage. You’ll maintain ITAR compliance and have a better way to manage your data.
Learn more about file sharing for ITAR compliance. Download this comprehensive guide now.
Founder of Sharetru (Formerly FTP Today) and a respected voice in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.
Get industry-leading thought leadership content to stay informed, delivered to your inbox.