Export Control Guidance (A-Z)

back to top

This page is intended to provide guidance regarding activities subject to export controls and typically overseen by the Export Control Compliance Program (ECCP). Topics and definitions are arranged alphabetically from A-Z. If you are unable to find an answer to your questions, please contact the ECCP at exportcontrol@unl.edu, or 402-472-6965.

As a reminder, your research or activities may be subject to export controls if you:

List of Topics

Arms Embargo

Atomic Energy Act (AEA) Data – Tiers (1-3)

Commerce Control List (CCL)

Controlled Unclassified Information (CUI) & Covered Defense Information (CDI)

DD 2345 Form

Deemed Export

Dual Use

Dual-Use Research of Concern (DURC)

EAR 99

Educational Information

Embargoed or Sanctioned Countries with Special Rules

Entities on the Restricted List

Export

Export Administration Regulations (EAR)

Export Control Classification Number (ECCN)

Export Controls

Export Controls & Biological Agents and Toxins

Export License

Export License Exception

Foreign National

Fundamental Research Exclusion (FRE)

International Shipping

International Travel

International Conferences and Presentations (Remote) 

International Traffic in Arms Regulations (ITAR)

Letter of Attestation

Military or Space Related Research

NASA Checklist

The Office of Foreign Assets Control (OFAC)

Open & Closed Meetings

Online STEM courses to Sanctioned and Embargoed Countries 

Participation in Research by Foreign Nationals

Publicly Available, Public Domain, and Open Source

Purchasing & Export Controls Guidance

Re-export

Restrictions on Publication

Research Related to Nuclear, Chemical, Biological Weaponry, Missiles, or Unmanned Vehicles

Research Involving Select Agents or Other Pathogens

Research Related to Encryption Technologies

Restricted Party Screening (RPS)

Safeguarding Covered Defense Information, Controlled Unclassified Information & Office 365 US Government

Student Theses/Dissertations & Export Controls

Technical Data

Technology

United States Restrictions and Sanctions Related Lists (Consolidated Screening List)

Arms Embargo

The International Traffic in Arms Regulations (ITAR) prohibits exports, transfers and import of defense data, services and articles regulated under the ITAR to certain countries under a U.S. arms embargo or sanctions (22 CFR 126.1). It is the policy of the United States to deny licenses and other approvals for exports and imports of defense articles and defense services, destined for or originating in certain countries.

  1. For defense articles and defense services, the following countries have a policy of denial:

2. For defense articles and defense services, a policy of denial applies to the following countries except as specified in the associated paragraphs under 126.1:

This means that, for UNL employees, shipping, sharing, or importing defense data or services with/from any of the above countries, including citizens of these countries, may constitute a violation of U.S. export control law. Appropriate approvals, where applicable, must be in place prior to engaging in such activities with these countries. Please be sure and contact the Export Control Compliance Program before you consider involvement in any such activity.

Atomic Energy Act (AEA) Data – Tiers (1-3)

The Atomic Energy Act (AEA) was established in 1946 after World War II in order to determine how the United States would control and manage nuclear technology and to assure the proper management of source, special nuclear, and byproduct material. The National Nuclear Security Administration (NNSA) is the agency within the Department of Energy that is responsible for administering regulations  controlling a broad range of atomic energy activities, including assistance to foreign atomic energy activities related to nuclear weapons, and AEA-controlled information, which includes all classified or unclassified policies, practices, information, technical data, items, materials, facilities, equipment, software, technologies or services used to design, assess, detect, develop, fabricate, qualify, maintain, transport, render safe, or dispose of devices implementing a military application of atomic energy. These span the range of Technology Readiness Levels from basic research through Manufacturing Readiness Levels (expanding scientific principles that may have manufacturing implications through production).

Indications of AEA control may include information which is developed utilizing nuclear weapon program funding. Under NNSA Policy NAP 476.1, AEA-controlled information is managed in a graded manner:

UNL faculty and staff conducting work regulated under the AEA Tier 2 or Tier 3 must have a Technology Control Plan (TCP) in place before the project starts. Due to the restrictions on this type of work, AEA regulated projects are treated similarly to work falling under the International Traffic in Arms Regulations. Please contact the Export Compliance Program, to ensure all appropriate approvals are in place and a TCP has been established prior to beginning the project.

See Regulatory Information & Other Resources for additional travel requirements when engaging in DOE work that is regulated under the AEA. Restrictions and requirements are typically included in award documents, but please contact the Export Compliance Program with questions about how this might apply to your work under a DOE award.

Commerce Control List (CCL), ECCNs, & EAR 99

A key in determining whether an export license is needed or applicable in controlling a particular item, from the Department of Commerce, is knowing whether the item you intend to export has a specific Export Control Classification Number (ECCN). The ECCN is an alpha-numeric code, (which may look something like this: 3A001) and that describes the item and indicates licensing requirements. All ECCNs are listed in the Commerce Control List (CCL) (Supplement No. 1 to Part 774 of the EAR) which is available on the Government Printing Office website. The CCL is divided into the following ten broad categories, and each category is further subdivided into five product groups.

0 Nuclear & Miscellaneous
1 Materials, Chemicals, Microorganisms and Toxins
2 Materials Processing
3 Electronics
4 Computers
5 Part 1 Telecommunications
5 Part 2 Information Security
6 Sensors and Lasers
7 Navigation and Avionics
8 Marine
9 Aerospace and Propulsion
A Systems, Equipment and Components
B Test, Inspection and Production Equipment
C Material
D Software
E Technology

If your item falls under U.S. Department of Commerce jurisdiction but is not listed on the CCL, it is designated as EAR99.

EAR99 is the general “catch-all” classification number assigned to any item that is subject to the EAR but that does not have a specific export control classification number listed in the Commerce Control list. EAR99 items generally consist of low-technology consumer goods and do not require a license in many situations. However, if you plan to export an EAR99 item to an embargoed country, to an end-user of concern, or in support of a prohibited end-use, you may be required to obtain a license and should check with ECCP staff prior to making any export decisions.

Controlled Unclassified Information (CUI) & Covered Defense Information (CDI)

This information is intended to provide guidance to the UNL campus regarding applicability of Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) in research and securing controlled information via Office 365 US Government.

Controlled Unclassified Information (CUI) is federal non-classified information (32 CFR Part 2002) the U.S. Government creates or possesses, or that a non-federal entity (i.e. the University of Nebraska-Lincoln) receives, possesses, or creates for, or on behalf of, the U.S Government, that requires information security controls to safeguard or disseminate.

Covered Defense Information (CDI) is a category of CUI. CDI is a specific term used by the DoD to describe information that requires protection under the DFARS Clause 252.204-7012, it is defined as:

As described in the Controlled Unclassified Information (CUI) Registry, CUI is divided into the following organizational groups:

Key Information:

For Marking of CUI and other helpful information

The table below has questions that are intended to help research personnel determine if something is Controlled Unclassified Information (CUI) and how to document/treat it. This is a helpful guide but does not include all of the needed information. For additional resources please use the following links below:

The CUI Marking Handbook gives you instructions on how to handle and document CUI as well as other helpful information. The DoD Instruction 5200.48 Controlled Unclassified Information (CUI) has information about CUI regulations regarding DoD.

University of Nebraska-Lincoln Guidance Document for Marking Research Documents and Presentations to ensure appropriate access and documentation.

Please use the table below while creating presentations, documents, reports that may be using controlled unclassified and proprietary information.

*Documents, reports, etc. will be referred to as article in the guidance*

 QuestionYesNo
1.Does the article include any controlled or proprietary information?Identify what type of controlled and/or proprietary information it includes, including what the relevant sources are and go to Question 2.No marking necessary.   (If an article does not include any type of controlled and/or proprietary information, it may be useful to mark the first page as such).  
2.Did the external party provide you information that is proprietary and non-public that you have included in the article? (Make sure to check that the external party allows such information to be included by reviewing all necessary forms/documents, non-disclosure agreements, material transfer agreements and any other documents).Ensure that the cover page is marked with the inclusion of such information and consider question 4.No action required.
3.Does the article include any research results subject to a publication or dissemination restriction? An example is the DFAR 252.204-7000 Disclosure of Information clause.Consider question 4.No marking necessary.   (If an article does not include any type of controlled and/or proprietary information, it may be useful to mark the first page as such).  
4.Considering the type of controlled information identified by questions 2 and 3, is the controlled information technical information subject to the US export control regulations? (Consider this information. Technology, under the EAR and Technical Data under the ITAR.)If yes, mark the cover page with the Export Control disclaimer. (Below guidance)   Best Practice: consider including in the portion markers in the relevant sections of the document the classification and jurisdiction of the technology or technical data. (ITAR Cat II or ECCN EAR99). Consider Question 5.No additional action required.
5.       Considering the type of controlled information identified in earlier questions, is there any Controlled Unclassified Information included?Mark in accordance with CUI Marking Handbook   At a minimum, ensure that the Cover page is marked Controlled or CUI and that each page in the document includes a Banner marking of Controlled or CUI.   If CUI specified, you must include the specific authority in the banner marking. (E.g. Export Controlled Research should be marked as CUI//SP-EXPTR   Best Practice: if the document includes both controlled and publicly releasable information, consider portion marking. [1] No additional action required.
6.Considering the type of controlled information identified in earlier questions, is there any Covered Defense Information included?Mark in accordance with the DoD Instruction 5200.48 Controlled Unclassified Information (CUI)No additional action required.
1. Portion marking for CUI would be (CUI) or (CUI//relevant category) and portion marking for uncontrolled information is (U).

The following disclaimer language is provided as a template for research personnel to utilize:

Export Control Disclaimer – WARNING – This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751, et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C., App. 2401 et seq.). Violations of these export laws are subject to severe criminal penalties.

Video Reference for CUI-Marking Instructions

Video: Introduction to Marking CUI (updated August 6, 2018) – For an overview of how to mark documents, emails, presentations, systems, and other files containing CUI, watch this video. It addresses the designation indicator and CUI banner marking, including CUI control marking, CUI category markings, and Limited Dissemination Control Markings. The video also discusses portion marking, cover sheets, marking multipage documents, and decontrolling CUI.

  • 0:00 — Intro:  What a Marking Standard Is
  • 1:32 — CUI Basics
  • 1:44 — CUI-Specified
  • 2:38 — Designation Indicator
  • 3:22 — Banner Marking
  • 6:48 — Limited Dissemination Controls
  • 8:15 — Portion Marking
  • 9:31 — Marking Multiple Pages
  • 9:53 — Separate Banner Markings from Administrative Markings
  • 10:49 — Coversheets
  • 11:32 — Forms
  • 12:17 — Email
  • 13:20 — Presentations/PowerPoints
  • 13:53 — Transmittal Documents
  • 14:28 — Electronic Media (hard drive, USB, CD ,etc.)
  • 14:56 — Audio, Video, and Photographs
  • 15:40 — Shipping and Mailing
  • 16:04 — Decontrol CU

See the video for details:

For more videos from the National Archive on CUI related topics please use the link below:

CUI Training | National Archives

See also guidance topic on Safeguarding Covered Defense Information, Controlled Unclassified Information & Office 365 US Government.

Training Resources

If you will be working with CUI, Export Control Compliance Staff may require you to take a course on CUI. If you score a 70% or better you will pass the course and receive a certification. This certification does not expire, however UNL has determined it will be valid for 3 years upon the completion date.

If Export Control requires you to complete a CUI training, use the link below for access to the training and information. (Please note, if you are not required to take this training you are still allowed to take the training for your own personal knowledge).

DoD Mandatory Controlled Unclassified Information (CUI) Training (usalearning.gov)

For additional resources regarding CUI and Cyber Security Training please use the following resources below.

For further assistance/questions please consult with UNL Export Control Compliance Personnel. *If your project is documented as an Export Control Project in NuRamp, there may be more information that is specific to your research in the Project details.*

DD2345 Form

The DD 2345 Militarily Critical Technical Data Agreement is a certification required by U.S. contractors (universities) that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application. This data is under the control of, or in the possession of, the U.S. Department of Defense (DoD).

The University of Nebraska-Lincoln (UNL) holds one general DD2345 certification. As per guidelines regarding these certifications, Institutions of Higher Education are supposed to hold only one certification (i.e. to avoid multiple researchers or PI’s applying and utilizing separate or inaccurate certifications). The ECCP staff and empowered official serve as the data custodians for this certification. Those outside of the ECCP shall not hold or apply separately for another DD2345 without communication and/or agreement from the UNL empowered official.

In order to access UNL’s DD 2345 form information, please read and complete the Request for Use Form.

Deemed Export

In addition to the shipment of a commodity (e.g. a product) from the United States to a foreign country, the Export Administration Regulations state that the release of controlled technology to foreign persons in the U.S. are “deemed” to be an export to the person’s country or countries of nationality and is found in 734.2(b) of the EAR.

Note: Those organizations having persons with permanent residence status, U.S. citizenship, and persons granted status as “protected individual,” are exempt from the deemed export rule.

Many of the licenses for deemed exports involve those conducting scientific research. Note that under 734.8 of the EAR, fundamental research is defined as “basic and applied research in science and engineering where the resulting information is ordinarily published and shared broadly within the scientific community” and, as such, is exempt from EAR licensing 5 requirements. Research conducted using publically available information is also exempt from any license requirements.

In addition, Per Part 772 of the Export Administration Regulations (EAR), “technology” is specific information necessary for the “development,” “production,” or “use” of a product. The General Technology Note states that the “export of technology,” is controlled according to the provisions of each Category.” It further states that “technology required for the development, production, or use of a controlled product remains controlled even when applicable to a product controlled at a lower level.” Please note that the terms “required,” “development,” “production,” “use,” and “technology” are all defined in Part 772 of the EAR. Controlled technology is that which is listed on the Commerce Control List.“Use”. (All categories and General Technology Note)

Operation, installation (including on site installation), maintenance (checking), repair, overhaul and refurbishing. “Development”. (General Technology Note)“Development” is related to all stages prior to serial production, such as: design, design research, design analyses, design concepts, assembly and testing of prototypes, pilot production schemes, design data, process of transforming design data into a product, configuration design, integration design, layouts.“Production”. (General Technology Note) (All Categories) Means all production stages, such as: product engineering, manufacture, integration, assembly (mounting), inspection, testing, and quality assurance.

Note: In general, it is difficult for a deemed export to occur under the “use” definition of equipment in the EAR because it must meet all of the above noted categories of use. A foreign person involved in the “development” or “production” of a dual use item, is more likely to meet the deemed export parameters, in which case a deemed export license may be required.

Dual Use

Dual use describes tangible items, software, and/or technology that have both a potential civilian and military use. Determining whether or not an item could fall under the dual use definition should be made in consultation by the ECCP staff as the details of the item can have significant impact in understanding whether or not it is dual use.

Note: For example, an iPad can be used in a classroom (civilian use) and also function as a weapons control system (military use).



Dual-Use Research of Concern (DURC) and Pathogen with
Enhanced Pandemic Potential (PEPP)

The Office of Science and Technology Policy (OSTP) under the United States Government (USG) has created a new policy “United States Government Policy for Oversight of Dual Use Research of Concern and Pathogens with Enhanced Pandemic Potential”. This new policy supersedes the 2012 United States Government Policy for Oversight of Life Sciences Dual Use Research of Concern (Federal DURC Policy) the 2014 United States Government Policy for Institutional Oversight of Life Sciences Dual Use Research of Concern (Institutional DURC Policy) and the Recommended Policy Guidance for Departmental Development of Review Mechanisms for Potential Pandemic Pathogen Care and Oversight. This new policy was published May 2024 with an effective date of May 2025.

The purpose of this policy is to provide an oversight framework for conducting and managing certain federally funded life sciences research on biological agents and toxins. Specifically, when they are enhanced, have the potential to pose risks to public health, agriculture, food security, economic security, or national health. The overarching goal of the policy is to require institutions receiving federal funding to establish policies, practices, and procedures to identify potential DURC and ensure development and implementation of risk mitigations plans for such experiments. *This policy may also affect non-funded research. *

The following agents and toxins are listed by the select agent regulatory agency. This list may change, so please refer to 9 CFR 121.3-121.442 CFR 73.373.4, and 7 CFR 331.3USDA or HHS websites and Section 4.1.1 and 4.1.2 of the Oversight of Dual Use Research of Concern and Pathogens with Enhanced Pandemic Potential Policy. The seven groups below of Select Agents and Toxins are part of this new policy.

HHS Select Agents and Toxins

Biological agents and toxins listed in this part of the list are controlled by Select Agent Regulations, please refer to the Select Agents and Toxins list for any relevant strain exclusions.

Abrin
Bacillus cereus Biovar anthracis
Botulinum neurotoxins
Clostridium botulinum and neurotoxin-producing species of Clostridia
Conotoxins (Short, paralytic alpha conotoxins containing the following amino acid sequence X1CCX2PACGX3X4X5X6CX7)
Coxiella burnetii
Crimean-Congo hemorrhagic fever virus
Diacetoxyscirpenol
Eastern equine encephalitis virus
Ebola virus
Francisella tularensis
Lassa fever virus
Lujo virus
Marburg virus
Mpox virus Clade I
1918-1919 H1N1 including reconstructed replication competent forms of the 1918 pandemic influenza virus containing any portion of the coding regions of all eight gene segments (Reconstructed 1918 Influenza virus)
Ricin
Rickettsia prowazekii
Severe acute respiratory coronavirus (SARS-CoV)
SARS-CoV/SARS-CoV-2 chimeric viruses resulting from any deliberate manipulation of SARS-CoV-2 to incorporate nucleic acids coding for SARS-CoV virulence factors
Saxitoxin
Chapare virus
Guanarito virus
Junín virus
Machupo virus
Sabía virus
Staphylococcal enterotoxins (subtypes A, B, C, D, E)
T-2 toxin
Tetrodotoxin
Tick-borne encephalitis complex virus: Far Eastern subtype
Tick-borne encephalitis complex virus: Siberian subtype
Kyasanur Forest disease virus
Omsk hemorrhagic fever virus
Variola major virus (Smallpox virus)
Variola minor virus (Alastrim)
Yersinia pestis

Overlap Select Agents and Toxins

List of Agents and Toxins

Bacillus anthracis
Bacillus anthracis Pasteur strain
Brucella abortus
Brucella melitensis
Brucella suis
Burkholderia mallei
Burkholderia pseudomallei
Hendra virus
Nipah virus
Rift Valley fever virus
Venezuelan equine encephalitis virusAdd some description that will expand

USDA Veterinary Services (VS) Select Agents and Toxins

List of Agents and Toxins

African horse sickness virus
African swine fever virus
Avian influenza virus [this is included here as a veterinary select agent in 9 CFR 121.3. Low pathogenicity strains are excluded.]
Classical swine fever virus
Foot-and-mouth disease virus
Goat pox virus
Lumpy skin disease virus
Mycoplasma capricolum
Mycoplasma mycoides
Newcastle disease virus
Peste des petits ruminants virus
Rinderpest virus
Sheep pox virus
Swine vesicular disease virus

USDA Plant Protection and Quarantine (PPQ) Select Agents and Toxins

List of Agents and Toxins

Coniothyrium glycines
Peronosclerospora philippinensis (Peronosclerospora sacchari)
Ralstonia solanacearum
Rathayibacter toxicus
Sclerophthora rayssiae
Synchytrium endobioticum
Xanthomonas oryzae

Other Risk Group 4 Pathogens

Pathogens listed in this part of the list are Risk Group 4 but not controlled by the Select Agent Regulations, please refer to the NIH Guidelines for any relevant strain exclusions.

Tick-borne encephalitis virus complex including Absetterov, Central European
encephalitis, Hanzalova, Hypr, and Kumlinge
Herpesvirus simiae (herpes B or monkey B virus)
Hemorrhagic fever agents and viruses as yet undefined

Other Risk Group 3 Pathogens

Pathogens listed in this part of the list are Risk Group 3 but not controlled by the Select Agent Regulations, please refer to the NIH Guidelines for any relevant strain exclusions.

Bartonella
Brucella
Orientia tsutsugamushi
Pasteurella multocida type B -“buffalo” and other virulent strains
Rickettsia akari, R. australis, R. canada, R. conorii, R. rickettsii, R, siberica, R. typhi (R.
mooseri)
Chikungunya virus except the vaccine strain 181/25
Semliki Forest virus
Flexal virus
Lymphocytic choriomeningitis virus (LCM) (neurotropic strains)
Hantaviruses, including Hantaan virus
Middle East respiratory syndrome coronavirus (MERS-CoV)
Severe acute respiratory coronavirus 2 (SARS-CoV-2)
Japanese encephalitis virus except strain SA 14-14-2
Yellow fever virus
Human influenza A virus H2N2 (1957-1968)
Highly pathogenic avian influenza A virus H5Nx strains within the Goose/Guangdong/96-like H5 lineage (e.g., H5N1, H5N6, H5N8 etc.)
Transmissible spongiform encephalopathy (TSE) agents (e.g., Creutzfeldt-Jacob disease and kuru agents)

Other

Additional Information

Any attenuated pathogen or vaccine strain that is currently excluded from the Select Agent Regulations that exhibits the recovery of virulence at or near the wild-type


Mpox virus clade I/II chimeric viruses resulting from any deliberate manipulation of clade II to incorporate nucleic acids coding for clade I virulence factors

Categories of Research

There are two categories under this policy, Category 1 research is subject to oversight by research institutions and federal funding agencies. Category 2 is subject to oversight by research institutions, federal funding agencies, and their federal department if applicable due to heightened potential for biosafety and biosecurity risks.

Category 1 Research

There are three criteria that must be met:

Category 2 Research

There are three criteria that must be met:

Definitions

Click here for expansion of definitions

“Biological agents” are any microorganism (including, but not limited to, bacteria, viruses, fungi, or protozoa), infectious material, or any naturally occurring, bioengineered, or synthesized component of any such microorganism or infectious material, capable of causing:
Death, disease, or other biological malfunction in a human, an animal, a plant, or another living organism;
Deterioration of food, water, equipment, supplies, or material of any kind; or,
Deleterious alteration of the environment.

“Biosafety” is the application of practices, controls, and containment infrastructure that reduces the risk of unintentional exposure to, contamination with, release of, or harm from pathogens, toxins, and other associated biological materials.

“Biosecurity” is the application of security measures designed to prevent the loss, theft, misuse, diversion, unauthorized possession or material introduction, or intentional release of pathogens, toxins, biological materials, and related information and/or technology.

“Dual use research” is research conducted for legitimate purposes that generates knowledge, information, technologies, and/or products that can be utilized for benevolent or harmful purposes.

“Dual use research of concern (DURC)” is life sciences research that, based on current understanding, can be reasonably anticipated to provide knowledge, information, products, or technologies that could be misapplied to do harm with no, or only minor, modification to pose a significant threat with potential consequences to public health and safety, agricultural crops and other plants, animals, the environment, materiel, or national security.

“Institutional Contact for Dual Use Research (ICDUR)” is the official designated by the research institution to serve as an internal resource for application of the Policy as well as the liaison (as necessary) between the institution and the relevant federal funding agency.

“Institutional review entity (IRE)” is the entity established by the research institution to execute the institutional oversight responsibilities described in Section 5.2, with the attributes described in Section 5.2.B.

“Life sciences” is the study or use of living organisms, viruses, or their products, including all disciplines, methodologies, and applications of biology (including biotechnology, genomics, proteomics, bioinformatics, and pharmaceutical and biomedical research and techniques).

“Pathogen with enhanced pandemic potential (PEPP)” is a type of pathogen with pandemic potential (PPP) resulting from experiments that enhance a pathogen’s transmissibility26 or virulence, or disrupt the effectiveness of pre-existing immunity, regardless of its progenitor agent, such that it may pose a significant threat to public health, the capacity of health systems to function, or national security. Wild-type pathogens that are circulating in or have been recovered from nature are not PEPPs, but may be considered PPPs because of their pandemic potential.

“Pathogen with pandemic potential (PPP)” is a pathogen that is likely capable of wide and uncontrollable spread in a human population and would likely cause moderate to severe disease and/or mortality in humans.

“Reasonably anticipated” describes an assessment of an outcome such that, generally, individuals with scientific expertise relevant to the research in question would expect this outcome to occur with a non-trivial likelihood. It does not require high confidence that the outcome will definitely occur, but excludes experiments in which experts would anticipate the outcome to be technically possible, but highly unlikely.

For additional information on the policy please see the links below.

Export Control and IBC

UNL faculty and staff planning to conduct research with agents and toxins listed under DURC, will require a Technology Control Plan (TCP) before the research starts. This is in addition to meeting UNL Biosafety Guidelines on Dual Use Research of concern. Please contact the Export Control Compliance Program & Biosafety Officer, to ensure all appropriate approvals are in place and a TCP has been established prior to beginning the project. These two offices work together to ensure the above requirements are met.

Educational Information

Information not subject to the EAR if it is released by instruction in catalog courses and associated teaching laboratories of academic institutions. Certain types of information related to encryption software cannot be considered “educational information” and therefore are subject to the EAR even if they are released “by instruction in catalog courses and associated teaching laboratories of academic institutions.”

Information that is normally taught or released by the university as part of the normal instruction in a catalog course or in an associated teaching laboratory is considered Educational Information and, as provided for under the federal regulations (15 CFR§734.3(b)(iii), is NOT subject to export controls.

Embargoed or Sanctioned Countries with Special Rules

U.S. sanctions programs vary in scope and by country.  Some are broad-based and oriented geographically (i.e. Cuba, Iran).  Others are “targeted” (i.e. counter-terrorism, counter-narcotics) and focus on specific individuals and entities.  These programs may encompass broad prohibitions at the country level as well as targeted sanctions. Special export rules apply to Cuba, Iran, North Korea, Syria, Sudan and other countries with sanctions. Due to the diversity among sanctions, we advise visiting the Office of Foreign Assets Control (OFAC) “Sanctions Programs and Country Information” page for information on a specific program.

University activities that involve any type of transaction (e.g., travel to an embargoed country, transfer of information, data or technology; shipping materials; payment of funds; hosting a visitor etc.) with a Non-U.S. person or entity from an embargoed or sanctioned country may be subject to export controls and in some cases strictly prohibited by the U.S. government. A general or specific export license may be required by OFAC for all research and educational activities to an embargoed or sanctioned country.

For example, the Cuba sanctions regulate personal travel to Cuba, as well as, professional research activity conducted with Cuban institutions here and abroad.  That said, the Cuba regulations allow for a broad range of research and humanitarian related activity when approved by license from OFAC or if the activities fall under the “General License” and do not require prior approval.

The Iran sanctions (Iranian Transactions and Sanctions Regulations- ITSR), in contrast, do not regulate individual travel to Iran, but remain highly restricted as to any activity or research, which OFAC defines as a “service” to Iran.  While, certain kinds of collaborative activities are permissible with Iranian institutions, many are prohibited. Research that contemplates the exchange of material items with Iran, providing guidance or advice on the nuclear or energy sector, attending a conference, or providing advice on establishing a laboratory or research facility in Iran, are examples of services where a license may be required.  Likewise, peer review or editorial comment that extends beyond the scope of what is normally defined as credential input or scientific journal editorial review may also trigger a license requirement.

Collaboration with former students or others living in Iran may require a license, as noted previously some activities may be permissible, such as the “Publishing exemption” which allows US persons to engage in a transaction “necessary and ordinarily incident to the publishing and marketing of manuscripts, books, journals, and newspapers in paper or electronic form.” (31 CFR 560.538). However, this exemption cannot be used if the other parties represents the Government of Iran or identified on a restricted party list. Before engaging in collaboration, contact the Export Control Office.

With respect to Syria and Sudan, travel and transactions with these countries will also trigger a review because of the geopolitical instability in both countries, transactions with those nations similarly, must be evaluated carefully for evolving sanctions and requirements.

Special requirements also extend to individual and entities in other countries, such as North Korea; Libya; Crimea region of Ukraine; Russia; Venezuela and a few others. Hence, when contemplating any research or transactional activity with one of these OFAC countries or foreign nationals known to reside in these countries, contact the Export Control Office for an export control review and information on license requirements before proceeding. If a specific OFAC license is required, the Export Control Office can assist; however, it may take months to receive an approval from the US government or may not be approved at all.

Export Control Compliance Policies

Entities on the Restricted List

The U.S. Government periodically publishes laws, regulations, executive orders, or directives that identify entities, companies or persons that are prohibited or restricted from engaging in specific transactions or activities. These restrictions can apply to the activities of institutions of higher education. Activities such as travel, research collaboration, providing or receiving services, and/or hosting visitors from entities will require a review by the Export Control Compliance Office (ECCP) prior to engaging in any activities with them.

These lists are constantly being revised by the U.S. Government, please follow the links for each regulatory list or contact UNL Export Control for questions.

BIS Entity List:

The Export Administration (EAR) contains a list of names of certain foreign persons, which includes private and public: businesses, institutions, educational institutions, and government organizations. Individuals or Entities listed on this list may be subject to license requirements or other export control requirements. For more information click the link above.

BIS Unverified List:

This list is maintained by the Export Administration, and the regulations focus on shipping items to an individual or entity on the list. For more information click the link above.

OFAC Specially Designated Nationals and Blocked Persons (SDN) (OFAC):

This list contains individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. Specially Designated Nations or SDNs are also listed here. For more information click the link above.

Bureau of International Security & Nonproliferation (ISN) Nonproliferation Sanctions (NPS):

The United States imposes sanctions under various legal authorities against individuals or entities that engage in proliferation activities. For more information click the link above.

See also the guidance topic United States Restrictions and Sanctions Related Lists.

Export 

To send or take controlled tangible items, software or technology out of the United States in any manner, to transfer ownership or control of controlled tangible items, software or technology to a foreign person, or to disclose information about controlled items, software or information to a foreign government or foreign person. The controlled tangible item, software or technology being sent or taken out of the United States is also referred to as an “export.”

Export Administration Regulations (EAR)

Federal regulations that regulate the export and re-export of most commercial items. These items can range anywhere from a simple pencil to large equipment. UNL faculty, staff, and students must be cognizant in understanding whether or not their items are controlled via an ECCN or if it is categorized as the lowest set of controls via EAR 99.

See also the guidance topic on Commerce Control List, ECCNs, & EAR 99.

Export Controls

Federal regulations that restrict the release of certain items, information and software to foreign nationals in the United States and abroad. Those regulations are the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), as well as regulations administered by the Office of Foreign Assets Control (OFAC).

Export Controls & Biological Agents and Toxins

The United States (U.S.) Department of Commerce, and the State Department, along with various other government agencies control certain technology, items, etc. Authorization from one or more government agencies may be required to transfer export-controlled items internationally. Please also keep in mind that every export from the United States is an import to another country. That country may also have import regulations, duties and taxes that must be followed.

Additionally, foreign national (e.g. F-1, J-1, H1-B, B-1 visa holder or foreign entity) access or use of export-controlled items, in the U.S. may be restricted unless authorized by the federal government.

EAR-Controlled Biologicals

The Bureau of Industry and Security Export Administration Regulations (EAR) controls certain biological pathogens, toxins, and chemical agents through the Commerce Control List (CCL). Faculty and staff planning to transfer biological agents outside the U.S. or to a foreign national in the U.S. are encouraged to seek guidance from the Export Controls Office before engaging in such activities. Several relevant export control classification numbers (ECCN) from the CCL1 are:

ITAR-Controlled Biologicals

It is important to keep in mind that biological agents may also be controlled under the International Traffic in Arms Regulations (ITAR) (see Category XIV: Toxicological Agents Including Chemical, Biological Agents and Associated Equipment, of the United States Munitions List) . Foreign nationals and entities in the United States may not access ITAR-controlled biologicals without authorization from the government. ITAR treats any of the following as defense articles:

Fundamental Research and Published Information Exclusions

Generally, in the United States, a foreign national may use EAR export-controlled pathogens and toxins for fundamental research so long as the technology being shared with the foreign national or entity is publicly available and part of fundamental research (see below). It is important to keep in mind that unlike EAR controlled pathogens and toxins, foreign nationals and entities in the United States may not access ITAR controlled biological agents/substances (see Category XIV: Toxicological Agents Including Chemical, Biological Agents and Associated Equipment, of the United States Munitions List (USML)).

Fundamental research is defined as research in science, engineering, or mathematics, the results of which ordinarily are published and shared broadly within the research community, and for which the researchers have not accepted restrictions for proprietary or national security reasons. Please reference our guidance on Fundamental Research Exclusion (FRE) for further information.

Examples of Potentially Export-Controlled Activities

Common Misconceptions

Additional Resources

Export License

An export license is formal approval from a federal regulatory agency to export a controlled item to a specific person in a specific place for a specific purpose. Either the BIS or the DDTC, depending on whether the item is specified on the Commerce Control List or United States Munitions List, respectively, issues export licenses for most controlled items.

When the recipient of an intended export is located in a country subject to a comprehensive embargo, special approval needs to be obtained from OFAC (in addition to any approval required by other agencies). Countries subject to comprehensive embargoes include Cuba, Iran, North Korea, (North) Sudan and Syria. Several other countries are subject to less stringent embargoes, but may still require a license for travel and other transactions.

At UNL, the Export Control staff and empowered official have sole authority to determine whether a particular transaction requires an export license. They also have sole authority to apply for export licenses on behalf of UNL faculty, students, and staff.

Export licenses require very specific answers to the following questions:

  1. What are you exporting?
  2. Where are you exporting it to?
  3. Who will receive it?
  4. How will they use it?

License applications typically take about 60-90 days to process, so you should plan to contact the Export Control staff as early as possible to determine whether a license is required and begin gathering the necessary information.

Export License Exception

An Export License Exception is a special authorization that allows you to export or re-export, under very specific conditions, items that would otherwise require an export license. Export License Exceptions are detailed in EAR§740.

See Educational Information, Fundamental Research Exclusion, and Published Information Exclusion

Foreign National or Foreign Person

Anyone who is not a “U.S. person.” A “U.S. person” is any one of the following:

Anyone who doesn’t fit into one of these categories is considered a “foreign person.” This means that faculty, staff, and students at UNL with work or student visas are considered “foreign persons” for the purposes of export controls.

More detailed information about the agencies’ respective regulations can be found on the Regulatory Information page.

Depending on the details of a project that a foreign national may be planning to work on, or their country(ies) of citizenship and that country’s current status under U.S. government regulations, some foreign nationals may not be eligible to work on certain projects. ECCP staff can assist in clarifying when this may or may not be applicable.

See also the guidance on Participation in Research by Foreign Nationals.

Note: Any foreign entity not incorporated or organized to do business in the United States falls within the definition of a foreign national. This includes any branch of a foreign government and also can include universities and research laboratories in other countries.

Fundamental Research Exclusion (FRE)

Sometimes, a research project may produce information that would normally be subject to export controls and require an export license in order to be shared with colleagues in or from other countries. However, the results of “fundamental research” projects are specifically excluded from these licensing requirements in most circumstances.

Keep in mind that even if the fundamental research exclusion applies, it applies only to the results of the research. If the conduct of the research includes activities subject to export controls, a license must be obtained before any foreign nationals can participate in those activities.

“Fundamental research” is defined as basic and applied research in science, mathematics, and engineering, where the resulting information is ordinarily published and shared broadly within the scientific community. Under the State Department‘s narrower interpretation, “fundamental research” can only describe information and technology that already is in existence and in the public domain. In order for research data to qualify for the “fundamental research” exclusion from the licensing requirements, it must meet two criteria:

  1. Research results must be freely publishable; and
  2. There must be no limitations on access to or dissemination of research results on the basis of national origin.

If either condition is not met, this exception is destroyed and dissemination of the data may require a license. For example, certain terms in a statement of work or research agreement might prevent a project from qualifying for the fundamental research exclusion. These include terms that:

UNL’s Export Control staff and empowered official are the only persons authorized to determine whether a research project at UNL qualifies as fundamental research.

International Shipping

In addition to any environmental and biosafety guidelines, all shipments of tangible items to foreign countries are subject to export controls. Sometimes the university must obtain an export license from the Commerce Department or State Department for the shipment. Certain documentation must also be filed with the government before any shipments can be made. Failure to do so may constitute an export violation that could result in severe fines and/or other penalties. Please contact the Export Control Staff prior to negotiating any material transfer agreements (MTAs) or packing any materials for international shipments. The Export Control Staff can help you be certain your shipment meets export and sanction laws.

Click here for an example of the shipping invoice

Related Definitions:

End-use – a detailed description of how the ultimate consignee intends to use the commodities being exported.

End-user – a person abroad that receives and ultimately uses the exported or re-exported items. The end-user is not a forwarding agent or intermediary, but may be the purchaser or ultimate consignee.

International Travel

When traveling abroad, faculty, staff and students at UNL should be familiar with the impact of export control regulations. Researchers need to make sure that any information discussed or items taken out of the U.S. are either not controlled, or if controlled, the proper licenses are in place. University personnel, as individuals, can be held liable for improperly transferring controlled technology. Thus, it is important to review and understand that federal requirements are civil and criminal sanctions, with the ability to assess fines and/or invoke prison sentences for individuals violating the export control and embargo laws. These fines or sentencing consequences are substantial and apply to university personnel as well as the University as an institution.

To ensure you do not run the risk of exporting sensitive information or technology when traveling abroad, or dealing with sanctioned countries, entities or individuals, keep in mind that presentations and discussions must be limited to topics that are not related to controlled items or technologies, unless that information is already published or otherwise in the public domain.

Before sharing technology or information, verify that it falls into one or more of the following categories prior to traveling:

Depending on your international destination(s), an export license or other government approval may be required for your laptop computer, software or other equipment. There are exceptions for “tools of the trade,” but these exceptions depend on the equipment and the country of your destination. Encryption software in particular is subject to special regulations and more stringent license requirements.

Fortunately, most international travel does not raise any export control concerns. However, there are denied entities in almost every country. The checklist is designed to provide UNL travelers information on applicable export control regulations they will need to follow based on the nature of their activities while traveling as well as verifying any export control restrictions for your foreign destination.

For additional information, please visit our FAQ and caution information page.

International Travel Services
For travel outside the U.S., UNL requires all international travelers to file an electronic travel authorization and use Travel & Transport for flight arrangements. Please visit the University of Nebraska International Travel Resources page for additional information and details about foreign travel policies.

Once you have filed your electronic travel authorization through Concur, you will also receive a notification from NuRamp. If you are traveling to a country with risks, sanctions, embargoes, or concerns, you will need to complete our export control travel checklist. If you are traveling to a country with no identified risks, sanctions etc, you will simply receive an informational email and asked to contact Export Control staff if you are traveling with certain items or have plans that should be reviewed for export control concerns.

Visa Support
UNL faculty and staff traveling abroad can use the International Engagement Visa Support Webpage to find details about how to secure a visa, and enroll in the US State Department Smart Traveler Enrollment Program (STEP).

Evacuation Coverage for UNL Personnel Traveling Abroad
On February 1, 2015, the University of Nebraska – Lincoln secured blanket international travel coverage for all faculty and staff who travel outside the country on UNL business with the correct visa. Faculty and staff no longer need to purchase this insurance individually. Additional information can be found on the University of Nebraska International Travel site.

International Conferences and Presentations (Remote)

There are a few things to consider before presenting material in a remote setting for conferences, seminars, trade shows, or presentations “outside” the U.S. Although you are not physically traveling or shipping material, United States Export Control Laws and Regulations still apply in many instances to data and information that you may be sharing via a remote setting (e.g. zoom presentation). 

In general, if the information that you plan on presenting is already published and found in the public domain, it is usually safe for you to share this information. However, if the classification of the Scope of Work or the material, technology, or methods includes: 

Please reach out to the UNL Export Control Personnel for questions regarding international presentations or conferences if your work is not in the public domain or if you will be presenting on material that is Export Controlled, or in a country or an entity (Universities can have restrictions too)  with sanctions or embargoes. We can complete a review and screenings to ensure you are not sharing or working with a person/entity with restrictions.  

Additional Resouces can be found at:  

Tele/Video Conferencing (Zoom/Teams)  

UNL Export Control A-Z Guidance (Publicly Available, Public Domain, and Open Source)  

International Traffic in Arms Regulations (ITAR)

International Traffic in Arms Regulations (ITAR) are administered by the U.S. Department of State and ITAR places strict controls on the export of “defense articles” and “defense services.” These Federal regulations are used primarily to control the import and export of defense articles and defense services. Similar to ECCNs and EAR 99, another key way in determining whether or not your items/information fall under export control regulations is to understand whether or not they fall under any of the ITAR categories.

These categories are enumerated under the United States Munitions List (USML).  USML categories are organized by paragraphs and subparagraphs and identified alphanumerically (e.g. Category IX.10 refers to infrared scene generators, and Category XII.3 refers to laser spot trackers or laser spot detection…”). The categories usually start by enumerating or otherwise describing end-items, followed by major systems and equipment; parts, components, accessories, and attachments; and technical data and defense services directly related to the defense articles of that USML category.

Letter of Attestation

If the department is hiring/hosting non-U.S. person(s), renewing a non-immigrant visa for an employee, hosting visitors, visiting students, or speakers it must be certified that a “No Matching Record” Visual Compliance screening was conducted prior to EC Assessment Approval. If a matching record is found, the department should also recognize that the non-U.S. person may be affiliated with restricted, barred, or concerning entities, institutions, and/or other organizations. This means there are restrictions or due diligence on our ability to share data with or provide access to certain technologies to individuals employed by or affiliated with these restricted, barred, or concerning entities. Additionally, keep in mind that any non-U.S. person(s) receiving funding from a restricted, barred, or concerning entity should be treated as restricted parties themselves, even if they are not individually named on a restricted parties list or list of concern.

One way the university is mitigating the risk of hiring/hosting non-U.S. person(s), renewing a non-immigrant visa for an employee, hosting visitors, visiting students, or speakers who might have an affiliation, or their institution and/or other organizations might show up on a restricted party list or list of concern is through Letters of Attestation (LOA). An LOA is an acknowledgment to the Beneficiary and Supervisor that the Beneficiary has an affiliation with an entity on a Restricted Party List or List of Concern and they cannot export-control information to that entity and should be committed to fundamental research. An LOA is situation specific. When the need for an LOA has been identified, Export Control will contact the Supervisor with the appropriate information needed for them to complete the LOA. The LOA can be found by using the link below:
https://go.unl.edu/ec_loa

Military or Space Related Research

International Traffic in Arms Regulations (ITAR) are administered by the U.S. Department of State. ITAR places strict controls on the export of “defense articles” and “defense services.” Defense articles include any item, software or technical data on the United States Munitions List (USML). Defense services include assistance (including training) or any technical data associated with a defense article furnished to foreign persons, whether or not in the United States. Any defense article, service or related technical data found to be on the USML requires an export license before it can be exported – that is, given to a foreign person, whether or not they are in the United States. Some license exemptions are available under specific circumstances, but in general you should expect to obtain an export license.

ITAR controls exports that are:

Because spacecraft and satellites are subject to export controls, UNL policy requires a determination or technology control plan (TCP) for almost every research project that studies the design or operation of these items. Certain projects funded by federal agencies, such as NASA, also prohibit the participation of certain foreign persons or entities. Contact the Export Control Staff for more information.

Research into military technologies will also generally require the implementation of a TCP. This includes studies into the design and operation of weapons, defense systems, military vehicles, and protective gear. Almost all military research projects require government approval, so please be sure to contact the Export Control Staff when applying for funding from the Defense Department, Department of Energy, NASA, or the Department of Homeland Security.

NASA Checklist

NASA is restricted by specific applications of Section 1340(a) of The Department of Defense and Full-Year Appropriations Act, Public Law 112-10 (NASA’s 2011 continuing resolution), and Section 539 of the Consolidated and Further Continuing Appropriation Act of 2012, Public Law 112-55 (NASA’s FY 2012 appropriation) from using funding appropriated in the Acts to enter into or fund any grant or cooperative agreement of any kind to participate, collaborate, or coordinate bilaterally in any way with China or any Chinese-owned company, at the prime recipient level or at any subrecipient level, whether the bilateral involvement is funded or performed under a no-exchange of funds arrangement.

NASA defines “China or Chinese-owned Company,” to mean the People’s Republic of China (PRC), any company owned by the PRC, or any company incorporated under the laws of the PRC; this would include Chinese universities and research institutes. The law is interpreted by NASA to prohibit participation (funded or unfunded) by any individual, regardless of nationality, who is affiliated with the Chinese Government or a Chinese-owned Company.NASA does not consider this a prohibition of Chinese nationals.For each NASA proposal or award, UNL must certify compliance with this restriction. When research personnel submit a proposal to NASA, they will be contacted by OSP and RCS staff in order to complete a NASA Certification form. This form asks a series of questions regarding each person’s involvement with China and requires signature and attestation that the information being disclosed is true. Affirmative disclosures regarding involvement with China will be reported to NASA as part of the proposal/award process. Moreover, PIs are responsible for ensuring that, prior to adding additional participants to a NASA project,or if any changes occur with any project personnel’s involvement with China, the new participants must provide a complete and up-to-date certification to Sponsored Programs and/or an update to previously submitted information. In addition, Export Control and COI purposes necessitated a couple of additional steps beyond the certification form. Please reference the NASA checklist document linked below to review the three specific steps required for these awards.

If any question arise regarding whether or not research personnel should disclose certain information, they must always err on the side of caution and ensure full and transparent disclosure to NASA and to UNL.

NASA Checklist

The Office of Foreign Assets Control (OFAC)

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC acts under Presidential national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze assets under US jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments.

See also the guidance topic Embargoed or Sanctioned Countries with Special Rules.

Open & Closed Meetings

Open meetings are conferences, seminars or other gatherings where all technically qualified members of the public are eligible to attend and attendees are permitted to take notes or otherwise make a personal record of the proceedings and presentations.

This is in contrast to a closed meeting in which not all technically qualified members of the public may attend and often notes or recording of the proceedings or presentations may be prohibited. This is typically due to the nature of the information that will be presented or discussed.

It is particularly important to disclose that you plan on attending a closed meeting if you are traveling internationally or if you will be presenting or provided access to any information that will be export controlled. You should contact ECCP staff prior to participating in a closed meeting, so that they can review whether or not certain security parameters should be put into place regarding your attendance at such a meet.

Online STEM courses to Sanctioned and Embargoed Countries

Export control laws and regulations control the export of tangible and intangible items, materials, information, or services, which may include online learning. Typically, no license is required to share information that is part of an online course. The regulations provide for an educational exemption. The International Traffic in Arms Regulations (ITAR) exempts most sharing of information “commonly taught” in colleges and universities, and the Export Administration Regulations (EAR) usually exempts educational information “released by instruction in catalog courses and associated teaching laboratories”.

However, the Office of Foreign Assets Control (OFAC) regulates instruction delivered online, to individuals who are residents in, or ordinarily resident to, comprehensively sanctioned and embargoed countries in instances when such instruction is considered a “service” (certain exceptions apply). Specific Licenses to provide a “service” to comprehensively sanctioned and embargoed countries are required under most circumstances. Under other circumstances a General License, which authorizes a particular type of transaction without the need to apply for a Specific License is allowable. There may also be licensing requirements for software and other items associated with the online courses.

The ECCP will assess the applicable restrictions summarized in the below guidance chart and explore potential options for requesting U.S Government licensing authorization if/when applicable.  This means, if you are planning on delivering an online learning course to anyone residing in or ordinarily resident to one of the below countries, you must contact the ECCP prior to engaging in this activity.  

Guidance Chart

Participation in Research by Foreign Nationals

Foreign nationals are persons who are not U.S. citizens or lawful permanent residents (those who have green cards). A foreign national also means any foreign corporation, business association, partnership or any other entity or group that is not incorporated to do business in the U.S.

The university campus is open to students and faculty from many different countries. However, access to restricted or export-controlled technology, commodities, defense articles and defense services by an unauthorized foreign person could result in severe criminal or civil penalties for the university and the university employee making the export.

When planning research involving foreign countries or foreign nationals (including graduate or undergraduate research assistants), the principal investigator (PI) should understand that, depending upon the nature of the research and the status of the foreign country, obtaining export licenses can take several months. Therefore, the PI must identify any possible export control restrictions in the early planning stages of a proposal and contact the Export Control Staff for assistance in complying with applicable laws.

While UNL strives to maintain an open campus that fosters collaboration between students and faculty from many different countries, allowing unauthorized foreign persons to access controlled items or information, such as export controlled technology, commodities, defense articles, technical data, and/or defense services, can constitute a violation of one or more export control regulations. Prosecution of an export violation may result in fines of up to $1 million and/or a prison sentence of up to 20 years.

Publicly Available, Public Domain, and Open Source

Information that is already published or is out in the public domain is considered public information and, as provided for under the federal regulations (15 CFR§734.7 and 15 CFR§734.11), is NOT subject to export controls (i.e. published information exclusion). However, there are differences between how the ITAR and EAR define this exclusion. While they share the idea that publicly available information should not be subject to export controls, they differ in how the information can be made publicly available. Additionally, the ITAR refers to information “in the public domain” while the EAR refer to “publicly available” information.

Publicly Available (EAR)

Public Domain (ITAR)

Open Source

Open Source and Publicly available are commonly confused and used interchangeably. Open Source is available to all users but is restricted by copyright laws as Public Domain Software is not restricted by copyright laws.

Purchasing & Export Controls Guidance

When purchasing equipment, software or other tangible items, it is important to ensure that any export control issues are addressed prior to bringing them to campus.

The following guidance provides information for purchasing equipment, software, or other tangible items whether they are from a foreign or U.S. vendor. It also provides questions to ask of vendors when purchasing these type of items, information on anti-boycott language, international shipping for these purchases, and some examples of foreign Universities or other entities that appear on the U.S. government Restricted or Denied listings.

Purchasing & Export Controls Guidance

Re-export

According to the U.S. Bureau of Industry and Security (BIS), a reexport is “the shipment or transmission of an item subject to the Export Administration Regulations (EAR) from one foreign country to another foreign country. A reexport also occurs when there is ‘release’ of technology or software (source code) subject to the EAR in one foreign country to a national of another foreign country.”

This is important to understand if your item, technology or software requires a license before you can export it from the United States to a specific country. That same item, technology or software requires a license to be reexported from its current non-U.S. country to another non-U.S. country (e.g. You are shipping an item from UNL to a lab in France, which then will be shipping that same item to a lab in China).

Restrictions on Publication

Certain terms included in contracts or agreements might prevent a project from qualifying for the fundamental research exclusion. These include terms that:

When information generated by such a project includes these type of terms, the project would therefore be controlled under export regulations because restrictions on publications void the fundamental research exclusion. Such controls may also result in restrictions on the participation of certain foreign nationals and require licensing. Also, contractual restrictions on participation by foreign nationals might be interpreted to imply restrictions on publication, with a potential loss of the fundamental research exclusion.

Research Related to Nuclear, Chemical, Biological Weaponry; Missiles; or Unmanned Vehicles

Exports of special nuclear material (including Pu, 233U, and 235U) are governed by the Nuclear Regulatory Commission.

Technologies related to the production and use of nuclear material for peaceful purposes, like nuclear energy, are regulated under the Export Administration Regulations and specific items can be found in Categories of the Commerce Control List.

Technologies related to the military use of nuclear energy, including weapons systems, are regulated under the International Traffic in Arms Regulations. Specific controlled technologies can be found in Categories enumerated under the United States Munitions List (USML).

The Department of Commerce regulates and restricts the transfer and export of “dual use” technologies which are technologies or items having both commercial and military or proliferation applications. These can be found listed on the Commerce Control List (CCL).

Some examples of this research:

Research Related to Encryption Technologies

Encryption software  is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, or email messages sent over computer networks or the Internet.

Sharing, shipping, transmission or transfer of almost all encryption software in either source code or object code is subject to U.S. export regulations. Even most publicly available “dual-use” encryption code requires a license or license exception to ship outside the U.S.

In addition, U.S. persons are prohibited, without prior authorization, from providing technical assistance (instruction, skills training, working knowledge and consulting services) to a foreign national with the intent to help in the overseas development or manufacture of encryption software subject to U.S. Government notification or authorization. This prohibition does NOT limit university personnel from teaching or discussing general information about cryptography or developing or sharing encryption code within the United States that arises during, or results from, fundamental research.

However, source code for most strong encryption software is subject to export controls. Projects that require access to such source code (either for the purposes of study or development) will likely be required to implement a technology control plan that specifically details information security procedures.

Research Involving Select Agents or Other Pathogens

Both the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) have provisions for the control of pathogens and toxins. The control level depends on which regulations apply to the item.

Inside the United States any person, including foreign nationals, may purchase and use EAR export controlled pathogens and toxins for fundamental research. However, the “deemed” export rule applies to technical information about the controlled item or to the development or production of technology associated with the controlled item. For example, if a PI receives confidential, proprietary or export controlled information about the development or production of an EAR controlled biological, the PI may need a “deemed” export license to provide such information to a foreign national on campus.

Select agent regulations are separate from export control regulations, any given research project may be subject to either or both sets of regulations. This means that labs handling select agents may be required to complete both an IBC protocol and in some cases a determination or technology control plan may be required.

If a PI wishes to ship controlled pathogens or toxins outside the U.S. please Contact the Export Control Staff as an export license may be required.

Restricted Party Screening (RPS)

The United States Government prohibits U.S. persons, including educational institutions, from conducting business with persons and entities designated as restricted parties (Specially Designated Nationals and Blocked Persons – SDNs) on any federal restricted party listings. In addition, some entities may also be added to what is call the “unverified listing,” which is a listing of f0reign entities in which the U.S. government has concerns but has not yet designated them as a restricted party.

The Office of Foreign Asset Controls (OFAC) is the central repository for many of these restricted party or unverified lists.  However, the lists are also administered and enforced by several additional U.S. agencies which include but are not limited to:

The University of Nebraska-Lincoln utilizes a specialized software subscription service for screening of entities and individuals against the restricted party or unverified database listings maintained by the above listed agencies.  This software, called Visual Compliance, not only permits screening against all the federally maintained lists, but also auto-updates all prior screenings on a nightly basis in the event of changes to any of the restricted party or unverified listings. Screenings can be completed quickly and easily by ECCP staff, typically within the same day of the request. In many instances, such as export controlled research and foreign national visa reviews, ECCP staff are already completing screenings of entities and individuals. However, UNL personnel can and should request screenings be completed under additional circumstances such as:

To request a screening using the Visual Compliance software, please contact ECCP staff directly. When requesting a screening, please be prepared to provide some of the following information in order for staff to complete the screening(s):

Additional Resources

Safeguarding Covered Defense Information, Controlled Unclassified Information & Office 365 US Government

Information that falls under CDI requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies that resides on the contractor’s information system, government wide policy, and is:

  1. Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or
  2. Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.

These controls must be compliant with the below federal regulations:

At UNL, Office 365 US Government is the current solution that has been implemented to meet the NIST 800-171 IT security requirements. Office 365 US Government is a Microsoft Office (Word, Excel), email (Outlook) and storage platform that meets U.S. Government security standards. The below list of security features does not include everything covered by this platform, but some of the main features allow UNL researchers to:

If your project requires adherence to CUI or CDI requirements, please be aware that there is a cost associated with receiving access to use the secure Microsoft 365 US Government platform. Please ensure you are consulting with RCS/OSP/ITS regarding planning for this cost during the proposal stage if your research project will require this type of security. 

If CUI or CDI compliance is required for a research project, RCS and/or OSP will work with the Principal Investigator and Information Technology Services (ITS) to:

Questions to Consider:

Note: the Cybersecurity Maturity Model Certification (CMMC) is a new cybersecurity certification that will be required by Department of Defense contractors in the US Defense Industrial Base, university-based research labs & facilities, University Affiliated Research Centers (UARCs) and Federally Funded R&D Centers (FFRDCs). The CMMC is a unified standard for implementing cybersecurity across the defense industry base, which include universities that conduct research funded under DoD. CMMC requires that contractors be audited by 3rd party organizations to determine their current cybersecurity maturity level (1-5). The DFARS clause 252.204-7012 is currently viewed as a “trust measure,” while CMMC will be a “verification measure.” 

See also guidance topic on Controlled Unclassified Information (CUI) & Covered Defense Information (CDI).

Student Theses/Dissertations & Export Controls

In general, most student involvement in research or other academic activities will not fall under export control regulations. However, in some circumstances, students may be working towards a graduate degree in an area where export controls apply. While this can be a valuable learning experience as part of the student’s graduate work, faculty advisors must closely weigh how export control requirements (e.g. publication restrictions) will impact the student’s ability to complete the project and meet academic or graduation requirements. This guidance is intended to provide information to students and faculty regarding student involvement and the parameters around graduate work that is subject to export control requirements.

In addition to following all requirements as outlined within an export control determination or TCP, the below listing provides frequently encountered areas that must be considered by the student and the faculty member(s). When a student thesis/dissertation will be involved, the faculty must ensure notification to the ECCP occurs as early on in the process as possible. Without this notification, it is difficult to ensure appropriate review, documentation, and export control requirements are met well ahead of the project starting and the student graduating.

Technical data

Technical data is a specific term defined under the ITAR that refers to information that is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. Technical data includes, but is not limited to, information in the form of:

The term “technical data” does not include information concerning general scientific, mathematical or engineering principles commonly taught in schools, colleges and universities. It also does not include information in the public domain or basic marketing information on function, purpose, or general system descriptions.

Keep in mind that the “technical data” term, can appear in contracts and agreements that may not have the same meaning as the technical data definition under ITAR. The type of research and sponsor is a good indicator on whether the term refers to information related to defense articles or other type of information.

UNL faculty, staff and students conducting research that will generate, access or store technical data, as defined under the ITAR, will require a Technology Control Plan (TCP), as this information is linked to defense articles and defense services. Note, UNL is not a cleared facility, therefore, technical data that is considered “classified” information cannot be accessed or received on campus.

See also the guidance topic International Traffic in Arms Regulations (ITAR).

Technology

Per the Export Administration Regulations (EAR), “technology” is information necessary for the “development,” “production,” or “use” of an item. Technology goes beyond the general and basic marketing material, or information contained in published information such as manuals; the term refers to specific information that may come in the form of blueprints, drawings, plans, diagrams, models, methods, engineering specifications or other documentation linked to dual-use items identified in the Commerce Control List (ECCNs on the CCL). Therefore, the level of controls will depend on the nature of the technology and the country of origin of the foreign national. The “deemed export” rules apply to the transfer of such technology, to a foreign national inside the U.S. 

When there are dual-use items, the export control office reviews the possibility of a deemed export of knowledge and technology. For the use of equipment, a deemed export would only occur if ALL 6 categories of “use” of equipment by a foreign national are met, which are defined as: operation, installation, maintenance (checking), repair, overhaul and refurbishing (restore, review).

See also guidance topic Export Administration Regulation (EAR), Deemed Export and Dual-Use.

U.S. Restrictions and Sanctions Related Lists (Consolidated Screening List)

While the UNL Export Control Compliance Program uses Visual Compliance, a software that screens from multiple listings that includes the consolidated screening listings, the following information and resources are available for public use.

The Consolidated Screening List (CSL) is a list of parties for which the United States Government maintains restrictions on certain exports, reexports, deemed exports or transfers of items. Each agency is responsible for maintaining and updating their respective lists. Companies, entities, and persons found on the lists are sanctioned by the U.S. government and may not export goods from the United States or receive exported goods from the United States. Exporters are responsible for ensuring that all export transactions are properly authorized.

These tools are a consolidation of multiple export screening lists of the Departments of Commerce, State and the Treasury and may be used as an aid to in conducting electronic screens of potential parties to regulated transactions.

In the event that a company, entity or person on the list appears to match a party potentially involved in your export activity or transaction, you must contact the Export Control Office in order to ensure appropriate follow up is completed. There may be a strict export prohibition, requirement for seeking a license application, evaluation of the end-use or user to ensure it does not result in an activity prohibited by any U.S. export regulations, or other restriction. 

Definitions