• Exporting Information and Technology: New U.S. Visa Requirements Force U.S. and Multi-National Companies to Re-evaluate Export Control Compliance
  • April 20, 2011 | Authors: Nathanael D. Hartland; Henry J. Suelau
  • Law Firm: Miles & Stockbridge P.C. - Baltimore Office
  • The U.S. government is using a new method to force businesses to review and comply with broad U.S. export control laws.  For a business to hire a “foreign national” to work in the U.S., the U.S. employer typically is required to obtain a visa for the employee.  As of February 20, 2011, the U.S. Department of Homeland Security (Homeland Security)[1] requires all businesses applying for these visas to certify that they have reviewed detailed lists of products and technologies that are subject to U.S. export restrictions and will comply with export control requirements.  As described below, these requirements involve not only exports of physical products, but also disclosures of information and technology.

    This article provides a brief introduction to U.S. export control laws, reviews the basic steps needed to comply with them and highlights the civil and criminal penalties that can be imposed for their violation.  It also alerts multi-national businesses to the implications of this recent change in the visa requirements. 

    The Wide Scope of U.S. Export Control Laws

    Many people recognize that exporting certain products from the U.S. may require a license; however, many people do not recognize the broad scope of U.S. export control laws.

    U.S. export control laws apply not only to businesses with their headquarters in the U.S., but also to foreign companies that do business in the U.S. through subsidiaries set up to serve the U.S. market and to certain overseas activities of U.S. companies.  These laws also apply to U.S. citizens and certain others wherever they are in the world.  Finally, in recent years U.S. regulators have applied these laws to foreign companies that have no U.S. business other than merely receiving U.S.-origin products and technologies.  As frustrating and unpopular as this is outside the U.S., U.S. regulators have been successful in applying U.S. laws outside the territorial boundaries of the U.S., including sentencing foreign companies to criminal fines, convicting foreign executives, and extraditing people to the U.S. to spend time in U.S. prisons.  Executives have been arrested in airports and U.S. subsidiaries have been targeted for the misconduct of foreign parent companies.

    Further, U.S. export control laws apply to not only tangible products but also information and technology, such as technical information and know-how.[2]  These laws restrict the disclosure of controlled information and technology to people who are not U.S. nationals (sometimes called "deemed exports").  A company may be “exporting” if it merely shares restricted information or technology with a foreign national, whether the foreign national is located inside or outside the U.S.  “Exporting” can include merely giving foreign nationals access to information or technology through a computer system or paper filing cabinet. The information or technology at issue does not need to belong to a company to be exported by it and could take the form of drawings or specifications from a customer which are present on the company’s computer system.

    Restricted Products and Technologies

    Many businesses are under the mistaken impression that U.S. export control laws apply only to military items or other items that have clear “national security” implications.  In reality, these laws apply to a surprisingly broad array of products, materials, equipment, software, and other items and to related information and technology. Some of the relevant products and technologies are obvious—fighter jets, tanks, missiles, military software, and many other products and technologies engineered, adapted, or configured for military or intelligence purposes. Other “controlled” products and technologies are less obvious -- certain lasers, chemicals, material processing equipment, high power robots and machine tools, high power computers, various types of software, microchips and integrated circuits, satellites, space launch and ground control items, high tech materials such as super alloys and composites, GPS systems, telecom items, encryption systems, nuclear power-related items, high power cameras and image interpretation equipment, aerospace products and parts, handcuffs and electric cattle prods. This is not an exhaustive list.


    The two primary U.S. agencies that administer export control laws are the Department of Commerce’s Bureau of Industry and Security (BIS), which oversees products and technologies that have both military and civilian uses, and the Department of State’s Directorate of Defense Trade Controls (DDTC), which oversees products and technologies intended for military use. BIS administers rules known as the Export Administration Regulations (the EAR) and DDTC administers rules known as the International Traffic in Arms Regulations (the ITAR).

    Companies that deal with military products subject to ITAR must be cognizant of the ITAR regulations even if they do not engage in the export or “deemed export” of such regulated products.  Companies that provide military products and technologies or that configure or adapt other products for military use may be required to register as “defense manufacturers” under ITAR.

    The U.S. government can impose a wide array of sanctions for violations of the EAR and ITAR, including civil and criminal penalties, significant fines and imprisonment for up to ten years per individual violation, loss of export privileges, and debarment or suspension from government contracting and subcontracting. The U.S. government vigilantly enforces these laws, and there has been an increasing trend of prosecutions of corporate executives and other individuals.  Companies have faced fines of up to $100 million for violations of export control laws.

    The New Export Control Certification

    U.S. regulators have long recognized that many businesses are simply unaware of the broad scope of U.S. export control laws.  A particular area of concern for the U.S. enforcement agencies is controlled information or technology.  U.S. regulators view business’ ignorance of “deemed export” rules as a serious problem and have decided to attempt to “educate” companies in a variety of ways in the past.  Now these “educational” efforts have been raised to a new level.

    To increase companies’ awareness of U.S. export restrictions, Homeland Security has revised the main form used to apply for several important types of employment visas that are necessary to permit foreign nationals to work in the U.S.[3]  As revised effective February 20, 2011, the form requires employers to certify that they have reviewed several lengthy lists of controlled products and technologies[4]  and that a license either is or is not required to disclose or provide the foreign national named in the visa petition with access to any controlled information or technology.  If the employer determines that a license is required, it must certify that it will not disclose this controlled information or technology to the foreign national unless and until it obtains a license.  This requires the employer to restrict the foreign national’s access to the information or technology.


    The implications of this new certification may be quite significant.  Although the export control rules are not new, the new visa certification will require companies that may never have taken the time to review their technologies in light of U.S. export laws to certify that they have reviewed lengthy lists of controlled products and technologies.[5]  If they find that their technologies are controlled, they will have to certify that they will comply with the regulations’ requirements with respect to deemed exports. 

    Although the new certification does not directly address exports of tangible products, the certification has significant implications for tangible products as well.  Much of the controlled information and technology that is subject to disclosure restrictions is controlled because it relates to a controlled tangible product.  Companies that review the export control lists in connection with a visa petition may learn that they have controlled products or technologies that they had not realized were subject to export restrictions.

    In the past, companies often successfully asserted the defense of ignorance in U.S. government investigations or criminal proceedings involving prohibited exports or disclosures.  A company that certifies that it has reviewed the controlled products and technologies lists will have more difficulty later claiming later that it did not realize that some of its products or technologies were controlled. 

    The new visa certification may also have implications for multi-national management structures and cross border merger and acquisition transactions.  A company that has certified in a visa petition that it has controlled products and technologies may need to obtain U.S. government authorization before it can share information relating to such products and technologies with a foreign manager or potential acquirer.  Putting in place a non-disclosure agreement is not generally enough to protect a company from liability for an export or deemed export that violates U.S. export rules.


    U.S. companies and multinational companies with a U.S. presence should put in place a trade compliance program that minimizes the risk of violating U.S. export control laws, allows them to obtain export licenses when required and to obtain visas to hire foreign nationals.  The first step in such a compliance program is to identify whether it deals in any controlled product or technology and determine whether a license would be required to export any such product or related technology or information.  If export control laws require a license to disclose such information to a foreign person, the company should apply for a license early on to minimize situations in which the company must isolate a key foreign employee from controlled information.  In addition, a trade compliance program should address other important topics such as anti-bribery and trade sanctions laws.


    [1] Homeland Security is the primary U.S. agency responsible for immigration.  It handles the adjudication of visa petitions through a division known as U.S. Citizenship and Immigration Services (USCIS).

    [2] In general, U.S. export control laws do not focus on whether information or technology is protected by intellectual property laws.

    [3] The revised petition is used to apply for the following categories of temporary visas:  H-1B, for workers in a “specialty occupations;” L-1, for executives, managers and specialized knowledge workers transferring from a related company abroad; and O-1A, for those of “extraordinary ability” in science, education, business or athletics.

    [4] Although the U.S. government is taking affirmative steps to simplify its “export control lists,” these lists currently remain complex, lengthy and full of potential pitfalls.

    [5] A misrepresentation on the visa petition form could potentially give rise to personal and/or company liability.