Expert Dual-Use Export Control Lawyer — EAR & EU Compliance Defense

A dual-use export control lawyer advises companies on regulatory compliance for products, software, and technology that serve both civilian and military purposes. This means navigating U.S. Export Administration Regulations (EAR), EU Regulation 2021/821, and multi-jurisdictional licensing requirements simultaneously. Our legal team has defended exporters through classification disputes, enforcement actions, and voluntary self-disclosures across 19 jurisdictions since 2009—helping clients avoid the $300,000-per-violation civil penalties that characterize this space while securing licenses for everything from semiconductor equipment to encryption software to advanced composites.

Dual-use items — products, software, and technology listed on national control lists that can be used for both civil and military purposes, subject to export authorization under Article 1(2) of Regulation (EU) 2021/821 and the U.S. Commerce Control List (CCL).

Key Takeaways

  • Export Classification Numbers (ECCNs) determine whether your item requires a BIS license. Items not listed are EAR99 and face fewer restrictions—but misclassifying a controlled item as EAR99 can trigger six-figure penalties.
  • EU Regulation 2021/821 mandates authorization for dual-use exports using eight common assessment criteria covering human rights, regional stability, and national security risks. Unlike the U.S., the EU also controls certain transfers within member states.
  • Deemed exports — sharing controlled technology with foreign nationals inside the United States — require the same licenses as physical shipments to their home countries. This catches many companies off guard during hiring or hiring discussions.
  • Voluntary self-disclosure to BIS can reduce civil penalties from $300,000 per violation to under $50,000, but only if filed before an investigation begins. Once BIS opens a case, this option disappears.
  • Technical assistance — training, consulting, design services — triggers licensing requirements even when no physical goods cross borders. Knowledge transfer counts.

What Is a Dual-Use Export Control Lawyer and Why Do You Need One?

Dual-use export control lawyers specialize in regulatory frameworks governing items with both civilian and potential military applications. Under Article 1(2) of Regulation (EU) 2021/821, dual-use items include products, software, and technology that appear on the EU control list or meet technical parameters outlined in the regulation’s annexes. What these lawyers actually do is advise on three critical compliance areas: export classification, license application strategy, and enforcement defense.

Companies exporting encryption software, carbon fiber composites, precision machine tools, or advanced semiconductor manufacturing equipment navigate overlapping U.S. and EU controls. The U.S. Export Administration Regulations (EAR)—codified under 50 U.S.C. § 4801—require exporters to classify items against the Commerce Control List, determine whether a destination, end-user, or end-use trigger requires a license, and screen transactions against restricted party lists. EU exporters must obtain individual, global, or general authorizations under Regulation 2021/821 when exporting controlled dual-use items to non-EU countries or transferring certain items within the EU. Miss a restriction in either regime, and you’re liable for penalties in both jurisdictions.

Our legal team conducts classification reviews, prepares license applications with supporting end-use statements, and represents clients in BIS enforcement proceedings. We have handled voluntary self-disclosures in 14 countries, resulting in mitigated penalties and avoided denial orders for clients in aerospace, telecommunications, and advanced manufacturing sectors.

What are dual-use items in export control?

Dual-use items are goods, software, and technology capable of both civilian and military use, listed in Annex I of Regulation (EU) 2021/821 or controlled under the U.S. Commerce Control List (CCL). The EU list includes ten categories: nuclear materials, advanced materials, electronics, computers, telecommunications, sensors, navigation, marine technology, aerospace, and propulsion systems. Each category contains specific technical thresholds. Category 5 Part 2, for instance, controls encryption software using algorithms exceeding certain key-length parameters—which is why vendors sometimes cap encryption strength differently for EU versus U.S. customers.

The U.S. CCL uses Export Control Classification Numbers (ECCNs) structured as five-character alphanumeric codes. The first digit (0-9) indicates the category, the second character identifies the group (A for equipment, B for test/production, C for materials, D for software, E for technology), and the final three digits specify the control reason and item sequence. Items not listed on the CCL are designated EAR99 and generally require no license except when destined for embargoed countries or parties on the Entity List, Denied Persons List, or Specially Designated Nationals list.

Here’s a pitfall we see constantly: exporters assume commercial off-the-shelf software is exempt. Under EAR Part 742, mass-market encryption software still requires classification and may need a license or self-classification report to BIS, depending on encryption strength and destination. Don’t find out you needed a license after shipping the product.

When do I need an export control lawyer?

Specialized counsel becomes essential in four scenarios. Start with pre-transaction due diligence — before signing a contract with a foreign buyer, distributor, or joint-venture partner. Lawyers review technology transfer provisions, conduct end-use risk assessments, and confirm whether the transaction triggers U.S. extraterritorial jurisdiction through de minimis rules or foreign-produced items subject to EAR. This step costs thousands upfront and saves millions if it prevents a bad deal.

License application strategy is the second critical moment. Determining whether to pursue a standard BIS license, claim a license exception, or structure the transaction to avoid controlled transfers requires technical justification and end-use certifications that address the eight common assessment criteria under EU Regulation 2021/821 Annex II. Our team drafts these documents.

Third: investigation response. When BIS or an EU national competent authority issues a subpoena, initiates an audit, or opens an enforcement action, counsel manages document production under attorney-client privilege, prepares voluntary self-disclosures, and negotiates settlement terms to avoid denial orders—which ban you from exporting for years. The investigation response window is narrow.

Fourth, compliance program development — building classification matrices, restricted-party screening protocols, deemed export policies, and internal audit procedures. Companies handling cross-border technology transfers in aerospace, semiconductor, telecommunications, and advanced materials sectors face the highest regulatory scrutiny and benefit most from systematic compliance infrastructure.

How Do Dual-Use Export Control Regimes Differ Across Jurisdictions?

EU Regulation 2021/821 and U.S. Export Administration Regulations share policy goals — preventing weapons proliferation, addressing regional security threats — but diverge sharply in structure and extraterritorial reach. The EU framework relies on a common control list adopted by all member states, harmonized licensing types (individual, global, general), and assessment criteria binding national licensing authorities. U.S. EAR applies extraterritorial jurisdiction based on item origin, controlled U.S. content in foreign-made goods, and software or technology derived from U.S. sources—triggering licensing requirements even for transactions with no direct U.S. nexus. A German company selling to Switzerland may still need a U.S. license if the product contains 10% U.S.-origin components.

Under Regulation 2021/821 Article 3, EU exporters must obtain authorization to export dual-use items from the EU to third countries. Authorization types include individual export authorizations (valid for one consignee and end-user), global export authorizations (covering multiple shipments to named consignees), and Union general export authorizations (pre-approved categories of exports requiring no individual application, only registration). National competent authorities in each member state process applications using the eight common assessment criteria in Annex II: respect for international commitments (arms embargoes, non-proliferation treaties), risk of diversion to military programs, regional stability, internal situation in the destination country, risk to EU security interests, behavior of the buyer country toward the international community, and risk of diversion to terrorism. Processing times vary by member state—expect 30 to 90 days for individual authorizations, longer if the authority requests additional end-use documentation.

U.S. EAR structure differs fundamentally. Exporters first classify items using the CCL. If the item has an ECCN, exporters check three license triggers: destination (Country Groups D:1, D:5, E:1, E:2 require licenses for most ECCNs), end-user (parties on the Entity List or Denied Persons List), and end-use (if the exporter knows or has reason to know the item will support weapons proliferation or military programs). If no trigger applies, the export is authorized under the EAR’s “No License Required” (NLR) designation. If a trigger applies, exporters may claim a license exception or apply for a specific license through BIS.

What is the Commerce Control List?

The Commerce Control List is the index of controlled dual-use items under U.S. EAR, organized into ten categories (0-9): nuclear materials and facilities, special materials and related equipment, materials processing, electronics, computers, telecommunications, sensors and lasers, navigation and avionics, marine, aerospace and propulsion. Each ECCN contains item descriptions, technical specifications, and control reasons (national security, regional stability, firearms convention, missile technology, nuclear nonproliferation, chemical and biological weapons). An item’s control reason determines which destinations require licenses—for example, national security (NS) controls prohibit exports to Russia, China, and 20 other countries without a license.

EAR99 designation applies to items not listed on the CCL. These items require no license except when destined for embargoed countries (Cuba, Iran, North Korea, Syria, Crimea region) or when the exporter has knowledge the item will support a prohibited end-use (weapons development, nuclear proliferation). Misclassification—labeling a controlled ECCN as EAR99—is a frequent enforcement trigger. BIS reviews classification decisions during compliance audits and can issue $300,000 civil penalties per unlicensed export, multiplied across shipments if the violation is systematic.

What is the difference between EU and US export controls?

EU and U.S. regimes diverge in five structural areas. Authorization types: EU Regulation 2021/821 offers individual, global, and Union general export authorizations; U.S. EAR uses license exceptions (pre-approved categories published in EAR Part 740) and specific licenses issued on a case-by-case basis. Extraterritorial reach: U.S. EAR asserts jurisdiction over foreign-made items incorporating more than de minimis amounts of controlled U.S. content (10% for most items, 25% for items controlled for anti-terrorism reasons) and over reexports of U.S.-origin items from any country. EU controls apply to exports from the EU but lack comparable reexport jurisdiction over non-EU transactions, creating planning opportunities for some supply chains.

License triggers: EU licensing hinges on item classification and destination; U.S. licensing depends on item classification, destination, end-user screening, and end-use determination. A U.S. exporter may face a license requirement even for EAR99 items if the transaction involves an Entity List party. Processing timelines: EU member state licensing authorities operate under national procedures, with review periods ranging from 30 days (some general authorizations) to 90 days or more for individual licenses involving sensitive destinations. U.S. BIS reviews standard license applications within 90 days—plan any deal announcements or business commitments accordingly—but escalates applications involving embargoed destinations or sensitive technologies to interagency review, extending timelines to 180 days. That gap between standard and escalated review can derail transaction schedules entirely.

Enforcement: The 2009 SIPRI report examining national implementation of Regulation (EC) No 428/2009—the predecessor to Regulation 2021/821—found that criminal penalties for export violations varied widely among EU member states, with some applying custodial sentences and others relying on administrative fines. U.S. enforcement combines administrative penalties (up to $300,000 per violation under 50 U.S.C. § 4819) with denial orders (prohibiting violators from participating in export transactions) and criminal prosecution under the Export Administration Act and other statutes. A denial order doesn’t expire—it effectively ends a company’s ability to export for years.

What Types of Export Licenses and Authorizations Does a Dual-Use Lawyer Handle?

Dual-use export lawyers prepare license applications under four frameworks: U.S. BIS specific licenses, U.S. license exceptions, EU individual and global export authorizations, and UK Standard Individual Export Licences. Each demands tailored documentation. BIS specific license applications—submitted through the Simplified Network Application Processing Plus (SNAP-R) system—require item classification, end-user and end-use statements, foreign consignee certifications, and technical specifications. Incomplete submissions trigger Requests for Additional Information. That single omission can delay approval by 30 to 60 days, pushing you past contractual delivery windows.

EU individual export authorizations require similar documentation: item technical description, ECCN or EU list entry, destination country, end-user identity and activities, end-use declaration, and narrative addressing the eight common assessment criteria in Annex II. National competent authorities may request site visits, third-party certifications, or additional end-use assurances before issuing authorization.

What is an Open General Licence?

An Open General Licence (OGL) is a UK-specific authorization covering pre-approved exports of certain dual-use items to specified destinations. No individual application required. Registration and record-keeping are mandatory. The UK Export Control Joint Unit publishes OGLs on gov.uk, each identifying eligible items by control list entry, authorized destinations, and conditions. OGL (Dual-Use), for instance, allows certain Category 5 Part 2 encryption items to specified countries without individual licenses, provided the exporter registers with the Export Control Joint Unit and maintains records for four years.

OGL registration is free and processed within five business days. Exporters submit company details, eligible item descriptions, and intended destinations. Once the Export Control Joint Unit issues a registration certificate, you reference it on shipping documents. But OGLs don’t authorize exports to embargoed destinations, parties subject to asset freezes under UK sanctions, or transactions triggering catch-all controls—meaning the exporter knows the items will support weapons programs.

OGLs do not exist in the U.S. EAR framework. License exceptions published in EAR Part 740 are the closest analogue—pre-approved export categories requiring no application but demanding compliance with exception-specific conditions and record-keeping.

How long does an export license take?

U.S. BIS processing timelines depend on classification and destination. Standard review—for lower-sensitivity ECCNs to allied destinations—averages 45 to 60 days from submission. Enhanced review, triggered by specific ECCNs, destinations (China, Russia, Venezuela), or interagency referrals, extends timelines to 120 to 180 days. BIS suspends the review clock when issuing Requests for Additional Information, adding 15 to 30 days per request.

EU member state authorities process individual export authorization applications within 30 to 90 days under national procedures implementing Regulation 2021/821. Germany’s Federal Office for Economic Affairs and Export Control (BAFA) publishes average processing times of 60 days for standard applications and 90 days for applications requiring interagency consultation. France’s Direction Générale des Entreprises processes applications within 60 days for non-embargoed destinations.

UK Standard Individual Export Licences (SIELs) are processed within 20 working days for straightforward applications and 60 working days for complex cases involving sensitive destinations or technologies. The Export Control Joint Unit may extend review if additional end-use assurances are required.

Strategies for expedited processing: Pre-application consultations with licensing authorities reduce friction. Complete technical documentation submitted upfront—not piecemeal in response to information requests—signals preparation and accelerates review. Established compliance history matters. Companies with certified internal compliance programs audited by national authorities may qualify for global or general authorizations entirely, eliminating case-by-case review.

⚠️ Time is critical — every day matters

Get a free case assessment

Our team specialises in cases with an international element. We review applicable treaties, assess risks, and prepare an action plan.

Free Consultation →
🔒 Confidential · Response within 24h · No obligation

Comparison: EU Regulation 2021/821 vs. U.S. EAR vs. UK Export Controls

Aspect EU Regulation 2021/821 U.S. Export Administration Regulations UK Export Control Act
Control list EU common list (Annex I, ten categories) Commerce Control List (CCL), ECCN system UK Strategic Export Control Lists (incorporating EU list post-Brexit)
Authorization types Individual, global, Union general export authorizations Specific licenses, license exceptions (EAR Part 740) Standard Individual Export Licence (SIEL), Open General Licence (OGL)
Extraterritorial reach Applies to exports from EU; no reexport jurisdiction Applies to U.S.-origin items, items with >10% U.S. content, U.S.-developed technology worldwide Applies to exports from Great Britain; Northern Ireland follows EU rules
License triggers Item + destination Item + destination + end-user + end-use Item + destination + end-user
Average processing time 30–90 days (member state dependent) 45–180 days (standard vs. enhanced review) 20–60 working days
Deemed export rules Technical assistance controls apply Deemed exports require licenses for foreign national access within U.S. Technical assistance authorization required for foreign nationals
Penalties Member state criminal/administrative sanctions (varies) Up to $300,000 civil penalty per violation, denial orders, criminal prosecution Unlimited fines, up to 10 years imprisonment

Takeaway: U.S. EAR controls the widest scope—reexports, foreign-made items with U.S. content, and even technology shared with foreign nationals inside the U.S. EU Regulation 2021/821 harmonizes controls within the EU but stops at EU borders. UK controls split post-Brexit: Great Britain now licenses independently, while Northern Ireland follows EU rules for goods crossing into the EU.

Comparison: License Exceptions vs. General Export Authorizations vs. Open General Licences

Framework Authorization Type Application Required Eligible Items Record-Keeping Typical Use Case
U.S. EAR License Exception TSU No Technology for civil end-uses to certain countries Yes, 5 years Software updates to foreign customers
U.S. EAR License Exception ENC One-time classification request Mass-market encryption items Yes, 5 years Commercial encryption software exports
EU Regulation 2021/821 Union General Export Authorization Registration only Items listed in authorization annexes to specified destinations Yes, 3 years Routine exports to low-risk countries
UK Export Control Open General Licence Registration only Items specified in OGL to named destinations Yes, 4 years Encryption items to NATO allies

Takeaway: License exceptions and general authorizations skip the application process but demand strict compliance. You must verify each transaction fits the exception, keep detailed records, and monitor regulatory changes. Slip up—export an ineligible item or to a blocked party—and it’s treated as an unlicensed export with full penalties attached.

Frequently Asked Questions About Dual-Use Export Control Lawyers

What is the Commerce Control List?

The Commerce Control List indexes U.S. dual-use items subject to EAR export controls. It’s organized into ten categories (0–9): nuclear materials, electronics, computers, telecommunications, sensors, navigation, marine, aerospace, materials, and propulsion. Each item gets a five-character Export Control Classification Number (ECCN) that specifies the control reason (national security, regional stability, firearms convention, missile technology, nonproliferation) and licensing rules by destination.

What is the difference between ECCN and EAR99?

An ECCN is assigned to items actually listed on the Commerce Control List—it tells you the specific control requirements. EAR99 labels items subject to EAR but not listed. Most EAR99 items need no license except for embargoed countries, denied parties, or when you know the end-use is prohibited military or proliferation activity. That distinction matters: misclassifying something as EAR99 when it needs an ECCN license is itself a violation.

What are dual-use items under EU law?

Dual-use items under EU law are goods, software, and technology listed in Annex I of Regulation (EU) 2021/821. They’re capable of both civil and military applications, which is why they need export authorization when leaving the EU or transferred within it in certain cases. The list spans nuclear materials, advanced materials, electronics, computers, telecommunications, sensors, navigation systems, marine technology, aerospace, and propulsion—deliberately aligned with international regimes like the Wassenaar Arrangement, Nuclear Suppliers Group, and Missile Technology Control Regime so that no country becomes a backdoor for restricted technology.

What is a deemed export?

A deemed export under U.S. Export Administration Regulations happens the moment you release controlled technology or source code to a foreign national inside the United States. It’s treated as an export to that person’s home country and requires the same license as shipping the item physically there. This covers sharing technical data with foreign national employees, contractors, or students—even during visual inspections, oral briefings, or hands-on training involving controlled technology. The rule exists because information travels in people’s heads.

How long does a BIS export license take?

Standard review runs 45 to 60 days for routine cases: allied destinations, lower-sensitivity items. Sensitive destinations—China, Russia, Venezuela—or interagency referrals trigger enhanced review: 120 to 180 days. Here’s the complication: the review clock pauses every time BIS asks for more information, and those pauses add 15 to 30 days each. If you file in January expecting an answer by March, one information request can push you to April. Pre-application consultations and complete initial submissions cut review time meaningfully.

What is the penalty for an unlicensed dual-use export?

U.S. law allows civil penalties up to $300,000 per violation (50 U.S.C. § 4819), plus denial orders that bar you from export transactions entirely. Criminal prosecution for willful violations means fines up to $1,000,000 and 20 years in prison. EU member states impose their own penalties. Germany: fines up to €500,000 and five years imprisonment. France applies fines and imprisonment under the Customs Code. The UK imposes unlimited fines and up to ten years imprisonment under the Export Control Act 2002. The penalty varies by country, but the consequence—losing export privileges—is universal.

When do I need technical assistance authorization?

Technical assistance authorization applies when you provide training, consulting, design services, troubleshooting, or related support tied to controlled dual-use items for foreign parties, especially if it could support military end-uses or proliferation programs. Regulation (EU) 2021/821 requires it when you know—or have been told by competent authorities—that the assistance relates to controlled items. U.S. EAR goes further: deemed export licenses are mandatory when you release controlled technology to foreign nationals within the United States, treating the release as an export to their home country.

What is brokering in export control?

Brokering means arranging or negotiating transactions for dual-use item transfers between third countries without taking physical possession yourself. You’re the middleman. Regulation (EU) 2021/821 Article 6 requires authorization when you know—or have been informed by competent authorities—that the items are or may be intended for military end-use involving weapons of mass destruction or delivery systems. The rule applies to brokers established in EU member states and EU nationals conducting brokering activities outside the EU. Ignorance is no defense if authorities have flagged the items.

What are the common assessment criteria in EU export licensing?

Annex II of Regulation (EU) 2021/821 sets eight assessment criteria that EU licensing authorities must evaluate for individual and global export authorizations. They examine the destination country’s international commitments (especially arms embargoes), human rights record, internal stability, diversion risk, stance on terrorism and international law, impact on regional stability, terrorism diversion risk, and whether its technical and economic capacity matches the export. These criteria justify denials when exports would breach international obligations or threaten security and human rights. They’re not theoretical—they determine whether your application moves forward or stops.

Can I use an Open General Licence for exports to China?

No. UK Open General Licences exclude China for most controlled dual-use items. OGLs typically cover NATO allies, EU member states, Australia, Japan, New Zealand, and Switzerland—not higher-risk destinations. Exports to China, Russia, and similar countries require Standard Individual Export Licences (SIELs) with case-by-case review and longer timelines. Always verify OGL terms on gov.uk before assuming coverage, since eligible destinations and items change periodically and outdated assumptions can lead to violations.

Book a call
Your message send!