ITAR and Export Controls for Satellite Programs
In January 2020, DDTC announced a $10 million settlement with Airbus SE for ITAR violations involving false statements on export authorization requests and unauthorized re-exports of defense articles, including satellite and helicopter components. The violations spanned nearly a decade across Airbus facilities in Europe. The case didn’t involve espionage or hostile actors. It involved a multinational company that failed to properly manage controlled technical data flowing between its own divisions.
That settlement sits alongside a longer list. RTX (formerly Raytheon): $200 million to DDTC in 2024 for 750+ violations across missile, satellite, and defense programs. L3Harris: $13 million in 2019 for unauthorized exports of defense articles. These aren’t outliers. They’re what happens when export control compliance falls behind the pace of engineering.
For satellite operators, export controls are not a compliance checkbox at the end of a program. They shape who you can hire, who you can partner with, where you can manufacture, and what you can say at a conference. Getting the classification wrong on a single component can trigger penalties that exceed the cost of the satellite itself.
Two Regimes, One Industry
U.S. export controls for satellites split across two separate regulatory frameworks, administered by two different federal departments with different legal authorities, different licensing processes, and different penalty structures.
The International Traffic in Arms Regulations (ITAR) are administered by the State Department’s Directorate of Defense Trade Controls (DDTC). ITAR governs the export of defense articles listed on the United States Munitions List (USML), which is codified at 22 CFR Parts 120-130. The legal authority is the Arms Export Control Act (22 U.S.C. 2778).
The Export Administration Regulations (EAR) are administered by the Department of Commerce’s Bureau of Industry and Security (BIS). EAR governs dual-use items on the Commerce Control List (CCL), codified at 15 CFR Parts 730-774. The legal authority is the Export Control Reform Act of 2018 (50 U.S.C. 4801 et seq.).
The practical consequence: before any hardware leaves a facility, before any technical specification crosses a border (even electronically), and before any foreign national reviews a design document, the operator must determine which regime applies. For many satellite programs, the answer is both. A spacecraft bus might fall under EAR while its propulsion system remains on the USML. A communications payload might be EAR-controlled while the software that aims it is ITAR. Classification happens at the component level, not the system level.
How Satellites Ended Up on the Munitions List
The current split traces back to a pair of failed Chinese rocket launches in the mid-1990s.
Through the early 1990s, commercial communications satellites were controlled under EAR as dual-use technology. The Commerce Department licensed their export. Then in October 1998, Congress enacted the Strom Thurmond National Defense Authorization Act for FY1999 (P.L. 105-261, Section 1513), which moved all commercial satellites and related items to the USML under State Department jurisdiction. The trigger was the Loral Space & Communications and Hughes Electronics investigation: both companies had provided technical assistance to China’s Long March rocket program following launch failures in 1995 and 1996. The assistance improved Chinese launch vehicle reliability, and a Congressional select committee (the Cox Committee, formally the Select Committee on U.S. National Security and Military/Commercial Concerns with the People’s Republic of China) concluded that the technology transfers had national security implications.
The mandate was blunt. It moved all commercial communications satellites, remote sensing satellites, and associated components, parts, accessories, and attachments to the USML. For the next 15 years, exporting a routine commercial communications satellite to a NATO ally required the same State Department authorization as exporting a missile guidance system.
The 2014-2017 Export Control Reform
The blanket USML classification of commercial satellites created friction that the industry and both the Bush and Obama administrations recognized as counterproductive. The Export Control Reform Initiative, launched in 2009, was the largest restructuring of U.S. export controls since the post-Cold War reorganization. For the space sector, the key changes came in three phases.
Phase 1 (2014): The interim final rules published May 13, 2014 (79 FR 27417 at BIS, 79 FR 27180 at State, effective November 10, 2014) moved commercial communications satellites to the CCL under ECCN 9A515. This restored BIS jurisdiction over routine commercial transactions for a class of satellites that posed minimal national security risk. The move applied to satellites that were not “specifically designed or modified” for military or intelligence applications.
Phase 2 (2016-2017): Additional categories followed. Lower-performance remote sensing satellites (those with ground sample distance of 30 meters or greater under current rules) moved to the CCL. The October 2024 proposed rule (89 FR 84784) would lower this threshold to 20 meters. Components, parts, and accessories associated with CCL-controlled satellites also moved, along with certain satellite testing equipment.
What remained on the USML (Category XV):
- Launch vehicles and launch vehicle components (Category IV)
- Satellite integration services when the satellite is USML-controlled
- High-resolution imaging systems (ground sample distance below 30 meters under current rules; a proposed 2024 rule would lower to 20 meters)
- Defense-related spacecraft (reconnaissance, signals intelligence, early warning)
- Radiation-hardened components specifically designed for space applications above specified performance thresholds
- Certain propulsion systems and attitude control equipment
- Technical data and defense services directly related to any USML item
The reform replaced one classification problem with another: every satellite program must now assess jurisdiction component by component. A commercial LEO broadband satellite might be entirely EAR-controlled. The same operator’s next-generation satellite, equipped with a higher-performance imaging sensor or a propulsion system that crosses a USML threshold, could pull the entire program back under ITAR.
Deemed Exports: The Hidden Compliance Risk
The violation that catches most space companies by surprise isn’t an unauthorized shipment. It’s a conversation.
Under both ITAR (22 CFR 120.50) and EAR (15 CFR 734.13), a “deemed export” occurs when controlled technology or technical data is released to a foreign national within the United States. The release is treated as an export to that person’s country of citizenship or permanent residency. No hardware crosses a border. No package goes through customs. An engineer reviews a controlled drawing at a desk in Los Angeles, and the transaction is legally equivalent to shipping the drawing to their home country.
This triggers compliance obligations in scenarios that companies routinely underestimate:
Hiring. Employing a foreign national in a role that involves access to ITAR-controlled technical data requires either a DDTC-approved Technical Assistance Agreement (TAA) or a determination that the specific data involved is not controlled. For EAR-controlled technology, a deemed export license from BIS may be required depending on the employee’s nationality and the Export Control Classification Number. Companies that hire first and classify later discover they have employees they cannot legally brief on their own programs.
Facility access. Hosting a foreign national visitor at a facility where ITAR-controlled hardware or technical data is visible can constitute an unauthorized export if the visitor can observe controlled items. This applies to customer visits, investor tours, partner meetings, and conference demonstrations. Companies operating in shared workspaces or co-located with other tenants face particular challenges.
Cloud infrastructure. Storing ITAR-controlled technical data on servers located outside the United States, or on cloud infrastructure where foreign nationals employed by the cloud provider could access the data, can constitute an unauthorized export. DDTC’s December 2019 interim final rule established that end-to-end encryption meeting specified standards (FIPS 140-2 or equivalent) provides a safe harbor for storing ITAR-controlled data in cloud environments, but the practical implementation requires encryption and access controls that many standard commercial cloud configurations do not provide by default.
Conferences and publications. Presenting ITAR-controlled technical data at a conference attended by foreign nationals, or publishing it in a paper accessible to foreign persons, can constitute an unauthorized export. The “fundamental research exclusion” (22 CFR 120.34(a)(8) and 120.49 for ITAR, 15 CFR 734.8 for EAR) exempts basic and applied research at accredited institutions from export controls, but the exclusion is narrow and does not apply to research funded by contracts with publication restrictions.
The Authorization Toolbox
When an export or deemed export requires authorization, the specific mechanism depends on which regime applies and what’s being transferred.
ITAR Authorizations (DDTC)
Technical Assistance Agreements (TAAs) are the workhorse authorization for satellite programs. A TAA authorizes the export of defense services and technical data to specified foreign persons for a defined scope of work. TAAs cover ongoing technical collaboration, which is what satellite development typically requires: design reviews, testing support, integration services, troubleshooting. Processing time is 40-60 days in straightforward cases but can extend to six months or longer for sensitive programs or destinations.
Manufacturing License Agreements (MLAs) authorize foreign production of USML defense articles. Less common in the satellite sector but relevant when a foreign partner manufactures ITAR-controlled components.
DSP-5 licenses authorize the permanent export of specific defense articles. Used for hardware shipments, component deliveries, and transfers of technical data packages that a TAA doesn’t cover. Each DSP-5 covers a specific transaction; it is not a blanket authorization.
DSP-73 licenses authorize temporary exports, typically for testing, demonstration, or exhibition of ITAR-controlled items abroad.
EAR Authorizations (BIS)
BIS uses a system of license exceptions that can eliminate the need for individual export licenses in defined circumstances. Key exceptions for the satellite sector include:
- TMP (Temporary Exports): For items exported temporarily for testing, exhibition, or demonstration
- TSR (Technology and Software under Restriction): For certain technology transfers to specified countries
- GOV (Governments): For exports to U.S. government agencies and their contractors abroad
When no license exception applies, BIS requires an individual export license application, reviewed against the Entity List, country restrictions, and end-use assessments.
The proposed License Exception CSA (Commercial Space Activities), published October 2024 at 89 FR 84784, would create a new exception specifically for commercial satellite-related exports to approved destinations. This would be the first export control mechanism designed specifically for the commercial space industry. Final rules have not been published as of April 2026.
Classification: The First Step Every Program Gets Wrong
The most consequential decision in space export controls is classification: determining whether an item falls under the USML (ITAR) or the CCL (EAR), and identifying the specific control category.
For USML items, the relevant categories are:
- Category IV: Launch vehicles, guided missiles, ballistic missiles, rockets, torpedoes, bombs, and mines
- Category XI: Military electronics
- Category XV: Spacecraft and related articles (the primary satellite category)
For CCL items, the relevant Export Control Classification Numbers include:
- 9A515: Spacecraft and related commodities (the “reformed” category for commercial satellites)
- 9D515: Software for spacecraft
- 9E515: Technology for spacecraft
Classification is not always straightforward. A commercial communications satellite might be 9A515 (EAR) as a system, while individual components within it (a radiation-hardened processor, a specific propulsion valve) might be USML Category XV. The 2014-2017 reform created “specially designed” criteria that serve as the dividing line between USML and CCL jurisdiction for satellite components. The criteria involve a multi-factor test (22 CFR 120.41) that examines whether an item was specifically designed, modified, configured, adapted, or used for a USML function.
When classification is unclear, companies can request a Commodity Jurisdiction (CJ) determination from DDTC (for USML/ITAR items) or a CCATS classification from BIS (for CCL/EAR items). CJ determinations typically take 60-90 days. During that period, the item must be treated as ITAR-controlled.
Enforcement Trends
DDTC enforcement in the space sector has accelerated. The pattern is consistent: large settlements for systemic violations involving deemed exports, inadequate compliance programs, and failures to properly classify items before transferring technical data.
| Year | Entity | Settlement | Primary Violations |
|---|---|---|---|
| 2024 | RTX (Raytheon) | $200 million | 750 violations: classification failures, unauthorized exports, license breaches across defense programs |
| 2021 | Honeywell | $13 million | Unauthorized transfers of ITAR-controlled drawings and technical data to foreign suppliers |
| 2020 | Airbus SE | $10 million | False statements on authorizations, unauthorized re-exports of defense articles |
| 2019 | L3Harris (Harris Corp) | $13 million | Unauthorized exports of defense articles |
| 2018 | FLIR Systems | $30 million | Unauthorized exports of ITAR-controlled thermal imaging technology |
Deemed exports account for the majority of space-sector ITAR enforcement. Companies that focus their compliance programs on hardware shipments while leaving technical data access loosely controlled are the ones that end up writing nine-figure checks. DDTC also increasingly pursues voluntary self-disclosures as evidence of a functioning compliance program. Companies that discover violations and self-report generally receive more favorable treatment than those where violations are discovered through investigation or third-party reporting.
What Operators Should Do
Classify Early
Begin ITAR/EAR classification during the design phase, before procurement and before hiring. Classification determines who can work on the program, which partners are eligible, and what authorization lead times to budget. Retrofitting classification after the program is underway creates risk.
Build the Compliance Infrastructure Before You Need It
A Technology Control Plan (TCP) establishes the physical, electronic, and procedural safeguards for controlled information. It defines who has access, how access is granted, how visitors are handled, and how electronic data is protected. Companies that build the TCP before the first authorization request avoid the situation where DDTC or BIS asks to review a compliance program that doesn’t exist yet.
Budget for Authorization Lead Times
TAA processing at DDTC currently runs 40-60 days for routine requests but can extend considerably for novel activities, sensitive destinations, or programs involving multiple foreign parties. DSP-5 licenses have similar timelines. BIS license processing averages 30-90 days depending on destination and complexity. Build these timelines into the program schedule alongside the FCC, FAA, and ITU licensing timelines covered in our regulatory compliance guide.
Pay Attention to the 2024 Proposed Reform
The joint BIS/DDTC proposed rule (89 FR 84784, October 2024) is the first major space export control reform since the 2014-2017 ECR. License Exception CSA could reduce the licensing overhead for commercial satellite exports to allied nations. Updated USML thresholds could shift additional items to the CCL. The proposed rules are under review, and final rules will change how satellite programs handle classification going forward.
Don’t Forget Sanctions Screening
Export controls and economic sanctions overlap but are administered separately. The Treasury Department’s Office of Foreign Assets Control (OFAC) maintains the Specially Designated Nationals (SDN) list. An export that is properly licensed under ITAR or EAR can still violate OFAC sanctions if the end user, intermediary, or beneficial owner appears on the SDN list. Sanctions screening must run in parallel with export licensing.
Further reading:
- The full multi-agency regulatory landscape, including how export controls interact with FCC, FAA, and NOAA licensing: U.S. Space Regulatory Compliance: A Complete Guide
- The FCC satellite licensing process that runs alongside export authorization: How Satellite Licensing Works: A Complete Guide
- How remote sensing classification thresholds connect to NOAA licensing: NOAA Remote Sensing License & Part 960 Explained
- Launch vehicle export controls and FAA oversight: FAA Part 450: What Operators Need to Know
- The FCC foreign ownership review for satellite operators intersects with ITAR/EAR jurisdictional decisions for foreign-controlled space station applicants.
- Export controls on ground-station hardware (USML Category XV, EAR ECCN classifications) shape what earth station equipment can be deployed at foreign sites.
- Regulatory terms referenced in this article: Space Regulatory Glossary
Key Regulatory References
- 22 CFR Parts 120-130: ITAR (current text)
- 15 CFR Parts 730-774: EAR (current text)
- 22 CFR 121, U.S. Munitions List, Category XV: Spacecraft and Related Articles
- 15 CFR 774, Supplement No. 1, ECCN 9A515: Spacecraft and Related Commodities
- 89 FR 84784: Proposed Rule, License Exception for Commercial Space Activities (October 2024)
- 79 FR 27180: ITAR Category XV Interim Final Rule, Spacecraft and Related Items (May 2014, effective Nov 2014)
- 79 FR 27417: BIS Interim Final Rule, ECCN 9A515 Spacecraft (May 2014, effective Nov 2014)
- P.L. 105-261, Section 1513: Strom Thurmond NDAA of 1999
Frequently Asked Questions
- Is my satellite ITAR or EAR controlled?
- It depends on the satellite's capabilities and components. Launch vehicles, satellite integration services, defense-related spacecraft, and high-resolution imaging systems (below 30-meter ground sample distance under current rules) remain on the U.S. Munitions List under ITAR. Commercial communications satellites and lower-performance remote sensing systems were moved to the Commerce Control List under EAR through the 2014-2017 Export Control Reform. Many satellite programs involve both ITAR and EAR components, requiring classification of each item individually.
- What is a deemed export in the satellite industry?
- A deemed export occurs when controlled technical data or defense services are shared with a foreign national inside the United States. The transfer is treated as an export to that person's country of citizenship or permanent residency. In the satellite industry, this affects hiring decisions, facility access, technical meetings, conference presentations, and even the use of overseas cloud infrastructure where controlled data might be stored or processed.
- What are the penalties for ITAR violations?
- Criminal penalties under the Arms Export Control Act include fines up to $1,000,000 per violation and imprisonment up to 20 years. Civil penalties under DDTC's administrative enforcement authority can exceed $1.27 million per violation. Beyond financial penalties, DDTC can debar companies from future export activities, effectively ending their ability to participate in international space programs.
- What is the proposed License Exception CSA?
- In October 2024, BIS and DDTC jointly proposed a new EAR License Exception for Commercial Space Activities (CSA) that would allow certain satellite-related exports to approved destinations without requiring individual export licenses. The proposal also includes updated USML thresholds and revised controls on cooperative servicing spacecraft. Published as 89 FR 84784, the proposed rules are under review with no final rule published as of April 2026.
- Do I need a Technical Assistance Agreement for my satellite program?
- If your satellite program involves sharing ITAR-controlled technical data or defense services with foreign persons, including foreign nationals employed in the United States, you need a Technical Assistance Agreement (TAA) approved by DDTC before the exchange occurs. TAAs are the most common DDTC authorization type in the commercial space sector because they cover the ongoing technical collaboration that satellite development requires.