University at Buffalo - The State University of New York
Skip to Content

Frequently Asked Questions

What is a deemed export and why do we care?

While an export is generally considered to be materials, information and technology that leave the country, something can be a deemed export without leaving the country. If regulated information or technology is released to a foreign national living in the U.S., it is deemed to be an export to the home country or countries of the foreign national.

This concept holds true for industrial espionage situations as well as national security concerns. The Export Administration Regulations (EAR) state that,

An export of technology or source code (except encryption source code) is ‘deemed’ to take place when it is released to a foreign national within the United States. Technology is ‘released’ for export when:

  • it is available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.);
  • when technology is exchanged orally; or
  • when technology is made available by practice or application under the guidance of persons with knowledge of the technology.
    •     See §734.2(b)(2) of EAR.

While International Traffic in Arms Regulations (ITAR) do not incorporate the term “deemed export” the concept is in the definition of an export and pertains to the release of ITAR technical data and defense services.

Preventing a deemed export is the primary compliance issue facing university research. Therefore, it is vitally important that we assess a research project/proposal for export issues when:

  • A foreign national will be assisting/collaborating;
  • Third party proprietary data will be shared; or
  • A software license agreement contains language indicating that the software is controlled to certain countries. 

As with other exports, publicly available technology is not subject to the deemed export rule. Nor does it apply to fundamental research appropriately structured to protect export controlled information / technology from foreign nationals involved with the project.

How do I classify export controlled items

How do I classify my exports?

If you answer NO to the following questions, then your item(s) fall under the Export Administration Regulations (EAR99).

  1. Is the item subject to International Traffic in Arms Regulations (ITAR)?
  2. Is the item subject to another federal agency’s export control regulations?
  3. Is the item on the Commodity Control List (CCL)?

What is ITAR?

ITAR stands for the International Traffic in Arms Regulations (22 CFR §§ 120-130), established by the Directorate of Defense Trade Controls within the U.S. Department of State. These regulations cover:

  • defense articles;
  • significant military equipment;
  • major defense equipment; 
  • defense services; and
  • technical data and software. 

The major items regulated under ITAR are identified in the United States Munitions List (USML).

What is CCL?

The Commerce Control List (CCL) identifies those items regulated by the Department of Commerce Bureau of Industry and Security (BIS). This includes export control, export and re-export of commercial and dual use items not subject to ITAR or other federal regulations. Dual use items are those with both commercial and military/security applications.

What items are controlled by other agencies?

The Department of Energy and the Nuclear Regulatory Commission also have specific export classifications for certain nuclear materials including:

  • plutonium;
  • uranium-233;
  • or uranium enriched above 0.711 percent by weight in the isotope uranium-235; and
  • reactor equipment 

What is EAR99?

Items not designated under the control of another federal agency or listed on the Commodity Control List (CCL) are classified as EAR99 (Export Administration Regulations). EAR99 items generally are low-technology consumer goods not requiring a license, however there are some exceptions. You might have to get a license if you are sending an item:

  • to an embargoed county; 
  • to an end-user of concern; or
  • in support of a prohibited end-use.

Which countries are embargoed?

Countries subject to comprehensive embargoes are prohibited from most exports, imports and other transactions without a license or other U.S. government authorization. The following is the current list.

  • Cuba
  • Iran
  • Peoples Republic of (North) Korea
  • Sudan
  • Syria
  • Crimea region of Russia

The Bureau of Industry and Security website has official updates as well as any restrictions noted for other countries. 

You'll find these to be the most relevant documents

Who is a non-U.S. person?

The federal government defines it as a person who is NOT:

  • Granted permanent U.S. residence, as demonstrated by the issuance of a permanent residence card, i.e., a "Green Card"
  • Granted U.S. citizenship
  • Granted status as a "protected person" under 8 U.S.C. 1324 b(a)(3), e.g., political refugees, political asylum holders, etc.

It also means any foreign corporation, business association, partnership, trust, society or any other entity or group that is not incorporated or organized to do business in the United States. This includes international organizations, foreign governments and any agency or subdivision of foreign governments (e.g., diplomatic missions).

What are export licenses?

Export licenses are the government documents you use in exporting regulated items such as technologies and prohibited, dangerous or strategic materials.

The U.S. Departments of State and Commerce are the primary agencies regulating these situations and granting the licenses.

It can take many months and up to a year to obtain a federal license unless an exception applies or you can use a general license. This may be impractical for visits by foreign nationals who want to participate in university hosted events or sponsored activities.

UB's export office coordinates with the government agencies when a license is needed. It works through the university's designee, who is the only person officially allowed to sign a federal license application.

What are the exclusions for fundamental research and published information?

University activities that include fundamental research and/or published information generally are excluded from export regulations. However, there are limits so it's important to know and comply with the guidelines.

Fundamental Research

For export purposes, fundamental research means basic and applied research in science and engineering, the results of which ordinarily are published and shared broadly within the scientific community. The Fundamental Research Exclusion (FRE) allows the results of university research to be excluded from export control regulations. 

It does NOT include proprietary research and industrial development, design, production and product utilization if the resulting information, products and projects ordinarily are restricted for proprietary or national security reasons. 

Important Cautions:

  1. A project can be fundamental research but use controlled technology or materials. The FRE applies only to the dissemination of research data and information, not to the transfer of technology or materials.
  2. The FRE becomes INVALID if the university accepts any contract clause that:
    • Forbids the participation of foreign nationals.
    • Gives the sponsor a right to approve publications resulting from the research.
      • A timely, prepublication sponsor review checking for proprietary information and/or patent rights does not affect the fundamental research status.
    • Otherwise restricts participation in research and access to and disclosure of research results.
  3. “Side deals" beyond the established contract can eliminate the FRE protection and expose the sponsor, the investigator and other responsible entities (university, center, lab) to penalties for export control violations.

SUNY Guidelines

State University of New York (SUNY) policy prohibits the acceptance of any awards that restrict dissemination of research results and/or foreign national participation. (documents 1800 and 1801)

You can request a justifiable exception to this policy when working with Sponsored Projects Services (SPS) during the contract negotiation process.

  • These requests are submitted to the chancellor or her designee for approval and are decided on a case-by-case basis as to protect state and national security.
  • Any projects granted exceptions will warrant further review as to the need for a technology control plan and/or export licenses.

Published Information

The Published Information Exclusion generally protects information when it is accessible to the public in any form, including:

  • Periodicals, books, print, electronic, software or other media available for general distribution to a community of persons interested in the subject matter, such as those in a scientific or engineering discipline:
    • Excludes certain encryption software;
    • Includes websites that provide free and uncontrolled access
  • Readily available at public or university libraries.
  • Patents and published patent applications available at any patent office.
  • Release at an open conference, meeting, seminar, trade show, or other open gathering held in the U.S. (ITAR) or anywhere (EAR).

*Note, a conference or gathering is open if all technically qualified members of the public are eligible to attend and attendees are permitted to take notes or otherwise make a personal record of the proceedings and presentations. The following do NOT change its open status:

  • A registration fee reasonably related to cost; or
  • Limited attendance based on 'first-come' or relevant scientific / technical competence.

 

What is a Technology Control Plan (TCP)?

A Technology Control Plan (TCP) helps ensure that controlled materials are not accessed by unauthorized persons. You need a plan when ITAR, CCL or other controlled items or data are present on campus, or when UB personnel are using controlled materials while not under the direct control of the provider.

Often a Technology Control Plan (TCP) is used to identify controlled materials or data and describe how these items will be secured while at the university. It includes plans for storing and housing the items as well as procedures that prevent unauthorized access to restricted items or information.

The PI is responsible for developing and monitoring the TCP, which should be customized as to necessary security measures for the given situation. TCPs generally reference the following:

  • Prevent unauthorized persons from observing by operating in secured laboratory space or during secure times.
  • Lock data, lab notebooks, hard copy reports and research materials in fireproof cabinets in rooms with key-controlled access.
  • Do NOT transmit export controlled information through email.
  • Encrypt electronic records on a stand-alone storage device that is not networked with other university computers. 
  • Limit your discussions about the project or work products to the identified contributing investigators and talk where unauthorized persons are not present.
  • Complete a signed confidentiality agreement before talking with third-party subcontractors.

Prepare your grant budget accordingly because there is a cost to protecting controlled materials. If you encounter unanticipated costs or research changes, consider other options for the additional costs, whether for a separate computer, special storage facilities or separate work space. Let your sponsor know of the need for additional security measures and perhaps the sponsor could help because you must protect controlled information, technology and materials. 

Start your TCP with the template provided. UB's export control office will help complete the plan and get it approved.

Here are a few tips to get you going on the TCP:  

  1. Use the PI's name to complete one set. Eventually each person on the project will have to complete the last few pages. 
  2. Leave blank those items that are not applicable.
  3. Use simple, direct language and avoid jargon. It is not a competitive grants application process.
  4. Include only factual information and security procedures you can achieve. If your proposed procedures are adequate, they should be acceptable.
  5. Focus on your current project, not what may occur later.
    • For example, if you are developing a grant application and need a TCP to share preliminary data with a collaborator, just focus on that. If you win the grant, you can use the first TCP to fairly easily and quickly develop a second TCP as needed for any controlled hardware that might be part of the grant.