European entities that receive controlled technology from US parties often find themselves with a bit of a quandary: how to balance the US trade controls’ restrictions on access to controlled technical information with local privacy and labor rules. This series of posts will describe the issues that arise under the relevant US and EU rules and strategies that can be used to address those issues.
In addition to controlling exports of technology from the United States and reexports of technology from one non-US country to the next, the US International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) also control releases of technology within a non-US country by individuals who are not nationals of that country. To give an example, if ITAR-controlled technical data is exported to a party in Belgium, the data may only be released to Belgian national individuals in that country unless authorization for release to a national of a different country has been granted under the ITAR.
To ensure compliance with these requirements, it is important, first, to understand how the US regulators look at nationality. Under the EAR, an individual is considered a national of only one country (even if the person holds dual citizenship), with the relevant nationality being that which was most recently obtained. For instance, if someone was an Indian citizen by birth and later became a citizen of Luxembourg, the individual would be viewed by the US Commerce Department as a Luxembourg national for purposes of compliance with the EAR.
Under the ITAR, the US State Department considers a person’s country (or countries) of citizenship (past and present) AND country of permanent residence when determining a person’s nationality for ITAR purposes. As a result, the release of ITAR-controlled technical information to an individual can be viewed by the State Department as causing exports to multiple countries, each of which require authorization. Using the example above, the same individual who was an Indian citizen by birth and later became a citizen of Luxembourg would be considered a dual-national of India and Luxembourg under the ITAR. As a result, any authorization for this person would need to provide coverage for export to a national of both of these countries, not just one.
So that’s the context in which the nationality issues arise under US trade controls. There are different mechanisms in place to authorize exports to individuals working for companies located outside the United States to try to minimize the compliance burden and address the potential conflicts with local labor and privacy rules. But to do so generally requires gathering at least some information from the company’s employees.
In our next post, we will discuss the relevant European labor and privacy rules that may be implicated as information is gathered for compliance with US trade controls. And we will then come back with additional information about the specific authorizations that can be used and how information may be gathered for each.
Authors of this post are :