What Are ITAR and EAR? Defense Export Control and ERP Compliance Guide

ITAR and EAR are the two core U.S. regulations governing the export of defense and dual-use (both civilian and military) items. ITAR (International Traffic in Arms Regulations) is administered by the DDTC under the U.S. Department of State and covers military items on the United States Munitions List (USML). EAR (Export Administration Regulations) is administered by the BIS under the U.S. Department of Commerce and covers dual-use items on the Commerce Control List (CCL). Manufacturers anywhere in the world become directly subject to these rules whenever they use U.S.-origin parts, software, or technical data.

Aerospace and defense supply chains are increasingly global, and the number of manufacturers integrated into the supply networks of prime contractors is growing with them. This growth brings a significant compliance obligation: any company that uses a U.S.-origin component, software library, or technical drawing becomes subject to ITAR and EAR export control rules. Failing to understand these rules can lead to heavy penalties and removal from the supply chain. This guide explains what ITAR and EAR are, how they differ, and what they mean in practice for defense manufacturers.

What Is ITAR?

ITAR (International Traffic in Arms Regulations) is the U.S. regulation governing the export of military-purpose items, services, and technical data. It is administered by the Directorate of Defense Trade Controls (DDTC) within the U.S. Department of State. The items it covers are defined on the United States Munitions List (USML); weapons, military vehicles, defense systems, and their related technical data appear on this list.

Transferring an ITAR-controlled item almost always requires an export license from the DDTC. An important point: ITAR covers not only physical items but also technical data. Sending a technical drawing by email, or giving a foreign national engineer access to that data, can itself count as an “export.”

What Is EAR?

EAR (Export Administration Regulations) is the U.S. regulation governing the export of dual-use items. It is administered by the Bureau of Industry and Security (BIS) within the U.S. Department of Commerce. The items it covers are defined on the Commerce Control List (CCL), and each item is assigned an Export Control Classification Number (ECCN).

A dual-use item is one with both civilian and military applications; certain electronic components, sensors, software, and specialized materials are examples. If an item is not listed under a specific ECCN on the CCL, it generally falls under the EAR99 category; these items are controlled but usually do not require a license unless embargoed countries or restricted parties are involved.

What Is the Difference Between ITAR and EAR?

ITAR and EAR are mutually exclusive for any given item: a product is subject to only one of them. ITAR focuses on military items, while EAR focuses on dual-use and commercial items. The key differences are:

Criterion	ITAR	EAR
Regulating body	Department of State (DDTC)	Department of Commerce (BIS)
Control list	U.S. Munitions List (USML)	Commerce Control List (CCL)
Scope	Military-purpose items	Dual-use and commercial items
Classification	USML category	ECCN number
License requirement	Almost every export	Varies by country and end user
Classification method	Commodity Jurisdiction (CJ)	Self-classification / CCATS

Summary: Determining whether an item falls under ITAR or EAR is the first and most critical step of export compliance. Misclassification can lead to shipment delays, denied licenses, heavy fines, and revocation of export privileges. Penalties for ITAR violations can reach hundreds of thousands of dollars per incident and, in serious cases, imprisonment.

Why Should Defense Manufacturers Pay Attention to ITAR/EAR?

Although ITAR and EAR are U.S. regulations, their reach extends far beyond U.S. borders. A manufacturer becomes subject to these rules in the following situations:

1. Use of U.S.-origin parts: If your product contains a component imported from the U.S., the re-export of that part is subject to U.S. rules.
2. Access to technical data: If a technical drawing, software, or specification you receive from a U.S. partner falls under ITAR/EAR, you must control who has access to that data.
3. Supplying a U.S. prime contractor: If you supply parts into the U.S. defense supply chain, your contract will most likely mandate ITAR/EAR compliance.
4. The de minimis rule: If the U.S.-origin content in a product exceeds a certain threshold, the entire product can fall under U.S. control.

These obligations directly affect the daily operations of every manufacturer entering the defense industry supply chain. Local export control regimes in each country typically impose parallel obligations as well; end-user and end-use documentation must be tracked for dual-use exports under domestic legislation too.

Why Is an ITAR-Compliant ERP and EAR-Compliant ERP Necessary?

At the heart of ITAR and EAR compliance lie traceability and access control: What is the origin of each part, which products carry U.S.-origin content, who accessed controlled technical data, and which license was used on which order? An auditable record of all these questions must be maintained. Managing these records with spreadsheets increases both the risk of error and the risk of failing to provide evidence during an audit.

An ITAR-compliant ERP or EAR-compliant ERP makes this compliance burden manageable by tying it to production data. HarmonyERP supports the export control processes of defense manufacturers with the following capabilities:

• Origin and serial/lot traceability: The origin and movement of every part is recorded; products carrying U.S.-origin content can be distinguished and reported retroactively.
• Role-based access and authorization: Controlled technical data is accessible only to authorized users; who accessed which data is logged.
• Configuration and document management: Technical drawings and revisions are managed in a controlled manner, and unauthorized sharing is prevented.
• On-premise architecture: Your data is kept on your own servers and, when required, runs in an air-gapped environment; this is a critical advantage in preventing controlled technical data from leaving your premises.

Common Mistakes in ITAR/EAR Compliance

1. Not treating technical data as an “export.” Sending a technical drawing to a business partner abroad by email is also an export and may require a license.
2. Overlooking foreign national access. Giving a foreign national employee within your own country access to controlled data may count as a “deemed export.”
3. Forgetting re-export rules. Sending a U.S.-origin part to a third country may require a separate license.
4. Assuming classification. Assuming a product is EAR99 without evidence is risky; an official classification should be requested when needed.
5. Not keeping traceability records. Being unable to present origin and access records during an audit is the weakest link of a compliance program.

Frequently Asked Questions

What is a defense industry ERP?

A defense industry ERP is enterprise resource planning software developed for aerospace and defense manufacturers that supports compliance with strict quality standards such as AS9100 and ISO 9001, lot/serial-level end-to-end traceability, project-based costing, and export control requirements such as ITAR/EAR. It unifies production, quality, procurement, and access control processes on a single secure platform. HarmonyERP meets these needs with an on-premise architecture and role-based authorization.

What does an ITAR-compliant ERP mean?

An ITAR-compliant ERP is an enterprise resource planning system that restricts access to controlled technical data through role-based authorization, makes part origin and serial/lot movement traceable, and prevents data from leaving the organization (usually on-premise). Its purpose is to prevent ITAR-controlled items and technical data from reaching unauthorized persons and to provide the necessary records during an audit. HarmonyERP supports these needs with origin traceability and role-based access control.

What is the main difference between ITAR and EAR?

ITAR regulates military-purpose items (the United States Munitions List / USML) and is administered by the DDTC under the Department of State. EAR regulates dual-use and commercial items (the Commerce Control List / CCL) and is administered by the BIS under the Department of Commerce. A product is subject to only one of them at a time.

Does ITAR bind companies outside the U.S.?

Yes. ITAR and EAR apply to any product containing U.S.-origin items, software, or technical data. A manufacturer outside the U.S. becomes subject to these rules if it uses or re-exports a U.S.-origin part. For companies supplying U.S. prime contractors, contracts generally mandate ITAR/EAR compliance.

What does EAR99 mean?

EAR99 is a category used for items that are not listed under a specific ECCN on the Commerce Control List (CCL) but are still subject to the EAR. These items generally do not require a license; however, a license may be mandatory for exports to embargoed countries, restricted parties, or prohibited end uses.

What is the penalty for an ITAR/EAR violation?

Violations can result in heavy fines, revocation of export privileges, and, in serious cases, imprisonment. Administrative fines for ITAR violations can reach hundreds of thousands of dollars per incident; criminal liability can also bring imprisonment. For this reason, a strong compliance program and traceability infrastructure are essential.

Conclusion

ITAR and EAR are two separate U.S. regulations governing the export of defense and dual-use items; ITAR focuses on military items (USML), while EAR focuses on dual-use items (CCL), and a product is subject to only one of them at a time. These rules bind not only U.S. companies but every defense manufacturer that uses U.S.-origin parts, software, or technical data. At the core of compliance lies origin and access traceability; keeping these records manually carries serious risk.

An ITAR-compliant ERP or EAR-compliant ERP makes this burden manageable by tying it to real production data. HarmonyERP’s defense industry solution combines origin traceability, role-based access control, and configuration management on a single platform; HarmonyERP runs all of this on-premise on your own servers. With 20+ years of enterprise software experience, we help aerospace and defense manufacturers set up their compliance processes in an audit-ready way.

Related guides: Defense Industry ERP Solution · HarmonyERP Overview