Export Controls for Software Developers: What You Actually Need to Know
EAR, ITAR, ECCN, license exceptions — export control regulations are notoriously complex. Here's a developer-friendly primer on the regulations that ComplianceGrid helps you navigate.
Why Developers Should Care About Export Controls
If your software facilitates international shipments, processes cross-border payments, or manages supply chains, you're likely touching export-controlled workflows. Violations of US export control laws can result in criminal penalties up to $1M per violation and 20 years imprisonment. These aren't theoretical — the Bureau of Industry and Security (BIS) actively prosecutes violations.
The Two Main Regimes
EAR (Export Administration Regulations)
Administered by the Bureau of Industry and Security (BIS). Covers most commercial goods, software, and technology. Items are classified using ECCN (Export Control Classification Number) codes, which determine whether a license is required based on the destination country, end-user, and end-use.
Most commercial items fall under EAR99 — a catch-all category that generally doesn't require an export license except to embargoed countries or sanctioned end-users.
ITAR (International Traffic in Arms Regulations)
Administered by the Directorate of Defense Trade Controls (DDTC). Covers defense articles, services, and technical data listed on the US Munitions List (USML). ITAR is stricter than EAR — virtually all exports require a license, and there are fewer exceptions.
Key Concepts for Developers
Restricted Party Screening
Before any export transaction, screen all parties (consignee, end-user, intermediate consignee, freight forwarder) against government watchlists. ComplianceGrid's /v1/compliance/restricted-party-screening endpoint checks against SDN, Entity List, Denied Persons, and other relevant lists in a single API call.
License Determination
Use the /v1/compliance/export-license endpoint to determine whether a specific transaction requires a license. The API evaluates the ECCN, destination country, end-use, and end-user to return a license requirement determination.
AES Filing
For shipments valued over $2,500 per Schedule B number (or any shipment requiring an export license), Electronic Export Information (EEI) must be filed via the Automated Export System (AES). ComplianceGrid's /v1/aes/filings endpoint handles filing preparation and submission.
Common Developer Pitfalls
- Assuming EAR99 means no restrictions — EAR99 items still can't be exported to embargoed countries or sanctioned parties
- Screening only the buyer — You must screen ALL parties in the transaction chain
- One-time screening — Watchlists are updated frequently; re-screen parties regularly
- Ignoring deemed exports — Sharing technical data with foreign nationals in the US can constitute an export
How ComplianceGrid Helps
We abstract the regulatory complexity into API calls. You don't need to know which lists to check, how to interpret ECCN codes, or when AES filing is required — our APIs encode that regulatory logic. But understanding the basics helps you build more robust compliance workflows and ask the right questions when edge cases arise.