Export Control: Red Flags


Red Flag items may involve an elevated risk of non-compliance with the EAR, reputational or political risk, and added administrative costs for managing high-risk engagements. A thoughtful review process can mitigate these risks, safeguard federal research funding opportunities, and comport with the expectations of federal agencies. Please contact the Export Control Office before proceeding in any of the following activities mentioned below.

Certain activities are not exempt under the Fundamental Research Protection (FRE). Those usually involve controlled technologies, country restrictions, sponsors that operate outside of FRE, restrictions in agreements, physical exports, and restricted entities. Some examples of these are:

  • Transfer of proprietary information related to controlled items or technology,
  • Transfer of ITAR-controlled items (particularly if UC receives ITAR items or technical data),
  • Sales and service agreements related to controlled items or technology,
  • Physical exports outside the U.S. of hardware, software, or technology,
  • Engagements and transactions with restricted parties or entities that are not covered by the FRE,
  • Defense services,
  • Restricted end uses, or
  • Transactions involving embargoed or sanctioned parties/countries.

Controlled Technologies

In general, controlled technologies will relate to technology areas and items listed as export controlled [i.e. appearing on the Commerce Control List (CCL) or U.S. Munitions List (USML). Relevant technologies typically involve military, space, nuclear, and similarly sensitive applications. An example of controlled technology that can be utilized within a university research environment is infrared cameras developed for the military but utilized for research on eye disease. The federal government is also moving to add a separate list of technology areas, termed “Emerging Technologies,” as broader areas where there is an economic or strategic defense advantage to control proliferation of those technologies.

  • Encryption, advanced computing, and information technology: Source code, process design kits (PDKs), integrated circuits, etc.
  • Space-related: NASA, European Space Agency, or other space agency funding; satellites, rockets, landing vehicles, etc.
  • Nuclear: Weapons related as well as civilian or energy research
  • Chemical or biological weapons: Select agents list or Dual Use Research of Concern
  • Others: Includes UAVs (drones) or AUVs, robotics, rocket or missile technology, oil and gas exploration, acoustic technology or research, infrared cameras or focal plane arrays, certain sensors, etc.

Country Restrictions

The highest risk countries, regardless of activity, are those under OFAC’s most comprehensive sanctioned countries, including Cuba, Iran, North Korea, Syria and Ukraine (Crimea, Donetsk, and Luhansk Regions). Any activities involving those countries, including field research, travel, conference presentations, collaboration, etc., need to be escalated to your location Export Control Office to determine whether the activity requires a license. Escalation and license review must take place prior to the activity to avoid violations.

The federal government has placed additional controls on countries with a high level of military-civil fusion, where the private sector is actively involved and compelled to participate in research programs that aid or develop the military. The current list of military end user (MEU) countries include Cambodia, China, Russia, Myanmar (Burma) and Venezuela.

When UC receives funding from or contracts with outside parties, there is inherent export control risk, as many sponsors, industry partners and other organizations operate outside the Fundamental Research Exclusion (FRE). As such, UC may be contracting with or entering into agreements with parties that are conducting export controlled research or development, using export controlled technology, or otherwise generally limiting access to information or items based on citizenship. However, not all sponsors or partners will carry the same export control risk. In cases where UC is selling a service or other item, those activities do not fall under the FRE and may be subject to export controls. Based on the nature of the activity and red flags, coordination with the Export Control Officer, could be necessary for the sale of service or items.

Generally speaking, a sponsored research project funded by the National Institutes of Health (NIH) for biomedical research carries less export compliance risk than participating in a Department of Defense (DoD) research project. While the DoD regularly funds and encourages basic research projects, where the results will be published in academic journals and there are no dissemination or citizenship restrictions, the intent for the research funded by the DoD likely has a national security or military application further along in the research and development process. In addition to the DoD, other examples of sponsors that may carry additional export compliance risks include:

  • U.S. defense, aerospace and intelligence agencies (DARPA, NASA, NSA, etc.)
  • U.S. nuclear energy and weapons agencies (DOE, NRC, ARPA-E)
  • U.S. defense, intelligence, aerospace and nuclear contractors (Space X, General Atomics, Boeing)
  • Foreign defense, aerospace, intelligence and nuclear agencies

Defense Service

Interactions and collaborations with foreign defense, aerospace, intelligence and nuclear agencies, or with foreign non-governmental organizations where the research area relates to defense, aerospace, intelligence or nuclear technology or application, such as defense contractors, may trigger a “defense service.” “Defense services” are regulated under the International Traffic in Arms Regulations (ITAR) to control the provision of services related to “defense articles” (ITAR-controlled military items or technical data) as well as engagements with foreign defense and foreign defense-affiliated organizations and individuals. Prior authorization from the U.S. government in the form of an export license or Technical Assistance Agreement (TAA) from the Department of State is required.

See Technology, Technical Data, and Software: Technical Assistance and Defense Service for more information.

Transfer of Intellectual Property, Technology, Data, Software or Items

Sponsored projects or partnerships may involve the use of proprietary information or intellectual property (IP) not meant for the public domain or the use of proprietary items and software. Such information and items can be received under a nondisclosure agreement or other agreement type where UC agrees to keep them confidential. Information that is not in the public domain or intended to be published as part of academic research does not qualify under the Fundamental Research Exclusion (FRE) and is therefore subject to export controls. In particular, industry partners often intend to protect the trade secrets and commercial value of their information and technology. UC should understand the intent of an industry partner to appropriately assess export control risks.

  • Department of Defense or other military-related funding or collaboration: Army, Navy, Air Force, DARPA, Northup Grumman, etc.
  • Foreign government involvement
  • Foreign military: Providing information to a foreign military may be a defense service
  • Services: Such as consulting for or training foreign nationals, other than activities covered as “educational information” or “fundamental research”

Export Control Language

UC’s primary strategy to protect its open and collaborative environment as a fundamental research-focused institution is to ensure that institutional agreements do not contain publication or foreign national restrictions—whether in the agreement terms and conditions or the activities outlined in the project—that would remove UC’s qualification for the Fundamental Research Exclusion (FRE).
There are two primary scenarios where export control language within an agreement would present an inherent risk to the University:

  1. The agreement from the outside party contains export control language that indicates the activity covered by the agreement may require restrictions or approval
  2. Agreements without export control language that protects UC from disclosure of export controlled items or information.

In order to mitigate this risk, faculty and research administrators must be aware of the potential for this scenario and how to identify restricted proprietary information or technology through common sponsored research and university activities, including but not limited to:

  • Non-Disclosure Agreements (NDAs) and Confidentiality Disclosure Agreements (CDAs)
  • Data Use Agreements (DUAs) and Software License Agreements (SLAs)
  • Partnerships or Sponsorships from high risk government agencies, including the Department of Defense, Department of Energy, NASA and Intelligence Community (IC) agencies
  • Partnerships or Sponsorships from industry partners, most notably defense contractors working on Department of Defense or other programs of specific national security concerns

Are there basic/fundamental research red flags?

  • Publication or dissemination restrictions in award or BAA/RFP
  • Foreign national restrictions or requirements for US citizens or US persons only
  • DoD contracts/DFARS: “Distribution Statement B, C, D…” or “DoD only”
  • Proprietary information: NDAs, CDAs, or other confidentiality agreements

Physical Exports

In sponsored research awards, the proposal statement of work, budget and budget justification may describe intended export activities as part of the research project, such as:

  • Field research performed outside the U.S.
  • Activities with international collaborations that could involve tangible exports
  • Budget line items for international shipping or travel expenses
  • Budget justifications discussing costs for international shipping, travel or other activities

Restricted Parties

Restricted Parties refer to individuals and organizations on one of several government restricted lists. Restricted Party Screening (RPS) should be performed on international individuals and organizations where UC is entering into a formalized agreement, with limited exceptions (one being matriculated students only taking classes). Engagements with restricted parties are a Red Flag. They may include the receipt or transfer of funds or services, or research collaborations, and carry both potential legal requirements and reputational risks. Consult the UCOP Restricted Party and Entity of Concern Escalation Procedure Guidance for additional detail on creation of a local procedure to adequately identify, analyze and decide on whether to engage with Restricted Parties.