This page is intended to provide guidance regarding activities subject to export controls and typically overseen by the Export Control Compliance Program (ECCP). Topics and definitions are arranged alphabetically from A-Z. If you are unable to find an answer to your questions, please contact the ECCP at email@example.com, or 402-472-6965.
As a reminder, your research or activities may be subject to export controls if you:
- Are shipping items internationally
- Will be traveling outside the U.S.
- Plan to have foreign national(s) participate in research or want to collaborate with a researcher or institution from outside the U.S.
- Are working on a project that has contractual restrictions regarding proprietary information, foreign national participation, publications restrictions, or that specifically includes export control regulations as a condition of the award, contract, or agreement.
- Will be receiving military or space related information, controlled unclassified/covered defense information, technical data, equipment or software, or will require a DD2345 form.
- Will be researching or working on subjects related to nuclear, chemical, biological, weaponry, missiles, or unmanned vehicle technologies.
- Working with encryption technology.
- Will perform work involving select agents or other pathogens.
List of Topics
Commerce Control List (CCL), ECCNs, & EAR 99
A key in determining whether an export license is needed or applicable in controlling a particular item, from the Department of Commerce, is knowing whether the item you intend to export has a specific Export Control Classification Number (ECCN). The ECCN is an alpha-numeric code, (which may look something like this: 3A001) and that describes the item and indicates licensing requirements. All ECCNs are listed in the Commerce Control List (CCL) (Supplement No. 1 to Part 774 of the EAR) which is available on the Government Printing Office website. The CCL is divided into the following ten broad categories, and each category is further subdivided into five product groups.
|0||Nuclear & Miscellaneous|
|1||Materials, Chemicals, Microorganisms and Toxins|
|5 Part 1||Telecommunications|
|5 Part 2||Information Security|
|6||Sensors and Lasers|
|7||Navigation and Avionics|
|9||Aerospace and Propulsion|
|A||Systems, Equipment and Components|
|B||Test, Inspection and Production Equipment|
If your item falls under U.S. Department of Commerce jurisdiction but is not listed on the CCL, it is designated as EAR99.
EAR99 is the general “catch-all” classification number assigned to any item that is subject to the EAR but that does not have a specific export control classification number listed in the Commerce Control list. EAR99 items generally consist of low-technology consumer goods and do not require a license in many situations. However, if you plan to export an EAR99 item to an embargoed country, to an end-user of concern, or in support of a prohibited end-use, you may be required to obtain a license and should check with ECCP staff prior to making any export decisions.
Controlled Unclassified Information, Covered Defense Information, and Office 365 US Government
This information is intended to provide guidance to the UNL campus regarding applicability of Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) in research and securing controlled information via Office 365 US Government.
CUI is federal non-classified information the U.S. Government creates or possesses, or that a non-federal entity (i.e. the University of Nebraska-Lincoln) receives, possesses, or creates for, or on behalf of, the U.S Government, that requires information security controls to safeguard or disseminate.
CDI is used to describe information that requires protection under the DFARS Clause 252.204-7012. It is defined as unclassified controlled technical information (CTI) or other information, as described in the Controlled Unclassified Information (CUI) Registry, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies, that resides on the contractor’s information system, government wide policy, and is:
- Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or
- Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.
These controls must be compliant with the below federal regulations:
CUI – 32 CFR Part 2002: Issued by the Federal Information Security Oversight Office (ISOO) to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.
CDI – DFARS 252.204.7012 Safeguarding Covered Defense Information & Cyber Incident Reporting. This clause is found in DOD Contracts, which addresses the requirements of safeguarding CUI and other sensitive information and reporting breaches. This clause defines CDI to include four different categories: (1) covered technical information (“CTI”); (2) operations security; (3) export controlled information; and (4) any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.
CUI/CDI – NIST SP 800-171: “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). The requirements apply to all components of nonfederal information systems and organizations that process, store, or transmit CUI, or provide security protection for such components. The CUI requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations.
-NIST SP 800-171 identifies 110 unique requirements that apply to University information systems that process, store, or transmit CUI. The 110 requirements are organized into the following 14 families: access control (22 controls); awareness and training (3 controls); audit and accountability (9 controls); configuration management (9 controls); identification and authentication (11 controls); incident response (3 controls); maintenance (6 controls); media protection (9 controls); personnel security (2 controls); physical security (6 controls); risk assessment (3 controls); security assessment (4 controls); system and communications protection (16 controls); and system and information integrity (7 controls).
CUI is divided into multiple organizational groups and categories, please reference the full list here. The following is provided as an example of some of the organizational groups and categories that may be applicable at UNL.
Please be sure to reference the full list linked above to view all of the organizational groups and categories.
|Organizational Index Group||CUI Categories|
|Export Control||Export Controlled|
|Export Controlled Research|
|Organizational Index Group||CUI Categories|
|Health Information (HIPAA)|
|Student Records (FERPA)|
- While CUI encompasses multiple areas of information, University researchers will typically encounter CUI requirements included in sponsor contracts (FAR/DFAR (252.204-7008, 7009, 7012 clauses) or in regulations governing the type of data they are receiving/collecting/storing (e.g. HIPAA).
- Information, as defined by the federal CUI Program, may include research data and other project information that a research team receives, possesses, or creates in the performance of a sponsored contract.
- This means that a research project at the University of Nebraska-Lincoln (UNL) may require the implementation of CUI or CDI information security controls when the federal contract/award contains language/clauses (FAR, DFAR) requiring those controls.
- The Office of Research Compliance Services (RCS) and Office of Sponsored Programs (OSP) review research contracts and awards to determine the applicability of the clauses in negotiation with the sponsor.
- A research project may also include CUI if it is using data acquired under a Data Use/Transfer Agreement (DUA/DTA) and the data (e.g. HIPAA/PHI) is categorized by the government as CUI.
- In order to meet some of the CUI security requirements, UNL has implemented Office 365 US Government. This is a Microsoft Office (Word, Excel), email (Outlook) and storage platform that meets U.S. Government security standards. The below list of security features does not include everything covered by this platform, but some of the main features allow UNL researchers to:
- Store content in the continental United States.
- Support covered defense information and export-controlled data.
- Support protected health information with HIPAA business associate agreements.
If your project requires adherence to CUI or CDI requirements, please be aware that there is a cost associated with receiving access to use the secure Microsoft 365 US Government platform. Please ensure you are consulting with RCS/OSP/ITS regarding planning for this cost during the proposal stage if your research project will require this type of security.
If CUI or CDI compliance is required for a research project, RCS and/or OSP will work with the Principal Investigator and Information Technology Services (ITS) to:
- Verify that the research project will receive, possess, and/or create CUI or CDI.
- Identify, with assistance from ITS, the appropriate information security system/technology solution to use to secure and store the information.
- Appropriate system solutions may include Microsoft Office 365 US Government or use of encrypted/secure email and storage.
- Communicate an appropriate information security plan for the research project. This plan outlines the policies and procedures the research team will follow (e.g., information access restrictions, laboratory security, etc.) to comply with the CUI or CDI requirements.
Questions to Consider:
- Does your research project receive funding from the Department of Defense (DoD) or a DoD-funded prime contractor?
- Does the contract contain DFARS 252.204.7008, 7009 and 7012 clauses, on safeguarding covered defense information and cyber incident reporting? The following is an example/part of a clause that could be contained in a contract:
The covered contractor’s information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” (available via the internet at http://dx.doi.org/10.6028/NIST.SP.800-171) in effect at the time the solicitation is issued or as authorized by the Contracting Officer.
- Have you been informed that you have a project funded by a non-DoD sponsor subject to NIST 800-171?
- Does your project involve funding from DoD’s Small Business Innovation Research (SBIR) or Strategic Technology Transfer Research (STTR) programs?
- Does the project result in storage, processing, or transmission of CUI/CDI?
The DD 2345 Militarily Critical Technical Data Agreement is a certification required by U.S. contractors (universities) that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application. This data is under the control of, or in the possession of, the U.S. Department of Defense (DoD).
- Unclassified Militarily Critical Technical Data (MCTD) is data that can be used to produce military or space equipment and related technology. also includes such things as, ITAR information, blueprints, drawings, computer software and operating instructions and technical information.
The University of Nebraska-Lincoln (UNL) holds one general DD2345 certification. As per guidelines regarding these certifications, Institutions of Higher Education are supposed to hold only one certification (i.e. to avoid multiple researchers or PI’s applying and utilizing separate or inaccurate certifications). The ECCP staff and empowered official serve as the data custodians for this certification. Those outside of the ECCP shall not hold or apply separately for another DD2345 without communication and/or agreement from the UNL empowered official.
In order to access UNL’s DD 2345 form information, please read and complete the Request for Use Form.
In addition to the shipment of a commodity (e.g. a product) from the United States to a foreign country, the Export Administration Regulations state that the release of controlled technology to foreign persons in the U.S. are “deemed” to be an export to the person’s country or countries of nationality and is found in 734.2(b) of the EAR.
Note: Those organizations having persons with permanent residence status, U.S. citizenship, and persons granted status as “protected individual,” are exempt from the deemed export rule.
Many of the licenses for deemed exports involve those conducting scientific research. Note that under 734.8 of the EAR, fundamental research is defined as “basic and applied research in science and engineering where the resulting information is ordinarily published and shared broadly within the scientific community” and, as such, is exempt from EAR licensing 5 requirements. Research conducted using publically available information is also exempt from any license requirements.
In addition, Per Part 772 of the Export Administration Regulations (EAR), “technology” is specific information necessary for the “development,” “production,” or “use” of a product. The General Technology Note states that the “export of technology,” is controlled according to the provisions of each Category.” It further states that “technology required for the development, production, or use of a controlled product remains controlled even when applicable to a product controlled at a lower level.” Please note that the terms “required,” “development,” “production,” “use,” and “technology” are all defined in Part 772 of the EAR. Controlled technology is that which is listed on the Commerce Control List.“Use”. (All categories and General Technology Note)
Operation, installation (including on site installation), maintenance (checking), repair, overhaul and refurbishing. “Development”. (General Technology Note)“Development” is related to all stages prior to serial production, such as: design, design research, design analyses, design concepts, assembly and testing of prototypes, pilot production schemes, design data, process of transforming design data into a product, configuration design, integration design, layouts.“Production”. (General Technology Note) (All Categories) Means all production stages, such as: product engineering, manufacture, integration, assembly (mounting), inspection, testing, and quality assurance.
Note: In general, it is difficult for a deemed export to occur under the “use” definition of equipment in the EAR because it must meet all of the above noted categories of use. A foreign person involved in the “development” or “production” of a dual use item, is more likely to meet the deemed export parameters, in which case a deemed export license may be required.
Dual use describes tangible items, software, and/or technology that have both a potential civilian and military use. Determining whether or not an item could fall under the dual use definition should be made in consultation by the ECCP staff as the details of the item can have significant impact in understanding whether or not it is dual use.
Note: For example, an iPad can be used in a classroom (civilian use) and also function as a weapons control system (military use).
Information not subject to the EAR if it is released by instruction in catalog courses and associated teaching laboratories of academic institutions. Certain types of information related to encryption software cannot be considered “educational information” and therefore are subject to the EAR even if they are released “by instruction in catalog courses and associated teaching laboratories of academic institutions.”
Information that is normally taught or released by the university as part of the normal instruction in a catalog course or in an associated teaching laboratory is considered Educational Information and, as provided for under the federal regulations (15 CFR§734.3(b)(iii), is NOT subject to export controls.
To send or take controlled tangible items, software or technology out of the United States in any manner, to transfer ownership or control of controlled tangible items, software or technology to a foreign person, or to disclose information about controlled items, software or information to a foreign government or foreign person. The controlled tangible item, software or technology being sent or taken out of the United States is also referred to as an “export.”
Export Administration Regulations (EAR)
Federal regulations that regulate the export and re-export of most commercial items. These items can range anywhere from a simple pencil to large equipment. UNL faculty, staff, and students must be cognizant in understanding whether or not their items are controlled via an ECCN or if it is categorized as the lowest set of controls via EAR 99.
See also the guidance topic on Commerce Control List, ECCNs, & EAR 99.
Federal regulations that restrict the release of certain items, information and software to foreign nationals in the United States and abroad. Those regulations are the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), as well as regulations administered by the Office of Foreign Assets Control (OFAC).
An export license is formal approval from a federal regulatory agency to export a controlled item to a specific person in a specific place for a specific purpose. Either the BIS or the DDTC, depending on whether the item is specified on the Commerce Control List or United States Munitions List, respectively, issues export licenses for most controlled items.
When the recipient of an intended export is located in a country subject to a comprehensive embargo, special approval needs to be obtained from OFAC (in addition to any approval required by other agencies). Countries subject to comprehensive embargoes include Cuba, Iran, North Korea, (North) Sudan and Syria. Several other countries are subject to less stringent embargoes, but may still require a license for travel and other transactions.
At UNL, the Export Control staff and empowered official have sole authority to determine whether a particular transaction requires an export license. They also have sole authority to apply for export licenses on behalf of UNL faculty, students, and staff.
Export licenses require very specific answers to the following questions:
- What are you exporting?
- Where are you exporting it to?
- Who will receive it?
- How will they use it?
License applications typically take about 60-90 days to process, so you should plan to contact the Export Control staff as early as possible to determine whether a license is required and begin gathering the necessary information.
Export License Exception
An Export License Exception is a special authorization that allows you to export or re-export, under very specific conditions, items that would otherwise require an export license. Export License Exceptions are detailed in EAR§740.
Foreign National or Foreign Person
Anyone who is not a “U.S. person.” A “U.S. person” is any one of the following:
- U.S. Citizen
- lawful permanent resident alien (green card holder)
- protected political asylee or someone granted temporary residency under the amnesty provision.
Anyone who doesn’t fit into one of these categories is considered a “foreign person.” This means that faculty, staff, and students at UNL with work or student visas are considered “foreign persons” for the purposes of export controls.
More detailed information about the agencies’ respective regulations can be found on the Regulatory Information page.
Depending on the details of a project that a foreign national may be planning to work on, or their country(ies) of citizenship and that country’s current status under U.S. government regulations, some foreign nationals may not be eligible to work on certain projects. ECCP staff can assist in clarifying when this may or may not be applicable.
See also the guidance on Participation in Research by Foreign Nationals.
Note: Any foreign entity not incorporated or organized to do business in the United States falls within the definition of a foreign national. This includes any branch of a foreign government and also can include universities and research laboratories in other countries.
Fundamental Research Exclusion (FRE)
Sometimes, a research project may produce information that would normally be subject to export controls and require an export license in order to be shared with colleagues in or from other countries. However, the results of “fundamental research” projects are specifically excluded from these licensing requirements in most circumstances.
Keep in mind that even if the fundamental research exclusion applies, it applies only to the results of the research. If the conduct of the research includes activities subject to export controls, a license must be obtained before any foreign nationals can participate in those activities.
“Fundamental research” is defined as basic and applied research in science and engineering, where the resulting information is ordinarily published and shared broadly within the scientific community. Under the State Department‘s narrower interpretation, “fundamental research” can only describe information and technology that already is in existence and in the public domain. In order for research data to qualify for the “fundamental research” exclusion from the licensing requirements, it must meet two criteria:
- Research results must be freely publishable; and
- There must be no limitations on access to or dissemination of research results on the basis of national origin.
If either condition is not met, this exception is destroyed and dissemination of the data may require a license. For example, certain terms in a statement of work or research agreement might prevent a project from qualifying for the fundamental research exclusion. These include terms that:
- Grant the sponsor pre-approval rights over publication of research results
- Allow the sponsor to claim resulting research information as proprietary or trade secret
- Prohibit foreign nationals from participating in the project
- Restrict the publication or other dissemination of research results from a given project
UNL’s Export Control staff and empowered official are the only persons authorized to determine whether a research project at UNL qualifies as fundamental research.
In addition to any environmental and biosafety guidelines, all shipments of tangible items to foreign countries are subject to export controls. Sometimes the university must obtain an export license from the Commerce Department or State Department for the shipment. Certain documentation must also be filed with the government before any shipments can be made. Failure to do so may constitute an export violation that could result in severe fines and/or other penalties. Please contact the Export Control Staff prior to negotiating any material transfer agreements (MTAs) or packing any materials for international shipments. The Export Control Staff can help you be certain your shipment meets export and sanction laws.
End-use – a detailed description of how the ultimate consignee intends to use the commodities being exported.
End-user – a person abroad that receives and ultimately uses the exported or re-exported items. The end-user is not a forwarding agent or intermediary, but may be the purchaser or ultimate consignee.
When traveling abroad, faculty, staff and students at UNL should be familiar with the impact of export control regulations. Researchers need to make sure that any information discussed or items taken out of the U.S. are either not controlled, or if controlled, the proper licenses are in place. University personnel, as individuals, can be held liable for improperly transferring controlled technology. Thus, it is important to review and understand that federal requirements are civil and criminal sanctions, with the ability to assess fines and/or invoke prison sentences for individuals violating the export control and embargo laws. These fines or sentencing consequences are substantial and apply to university personnel as well as the University as an institution.
To ensure you do not run the risk of exporting sensitive information or technology when traveling abroad, or dealing with sanctioned countries, entities or individuals, keep in mind that presentations and discussions must be limited to topics that are not related to controlled items or technologies, unless that information is already published or otherwise in the public domain.
Before sharing technology or information, verify that it falls into one or more of the following categories prior to traveling:
- Research that qualifies for the fundamental research exclusion
- Published information
- Publicly available software
- Educational information
- Patent applications
Depending on your international destination(s), an export license or other government approval may be required for your laptop computer, software or other equipment. There are exceptions for “tools of the trade,” but these exceptions depend on the equipment and the country of your destination. Encryption software in particular is subject to special regulations and more stringent license requirements.
Fortunately, most international travel does not raise any export control concerns. However, there are denied entities in almost every country. The checklist is designed to provide UNL travelers information on applicable export control regulations they will need to follow based on the nature of their activities while traveling as well as verifying any export control restrictions for your foreign destination.
For additional information, please visit our FAQ and caution information page.
International Travel Services
For travel outside the U.S., UNL requires all international travelers to file an electronic travel authorization and use Travel & Transport for flight arrangements. Please visit the University of Nebraska International Travel Resources page for additional information and details about foreign travel policies.
Once you have filed your electronic travel authorization through Concur, you will also receive a notification from NuRamp. If you are traveling to a country with risks, sanctions, embargoes, or concerns, you will need to complete our export control travel checklist. If you are traveling to a country with no identified risks, sanctions etc, you will simply receive an informational email and asked to contact Export Control staff if you are traveling with certain items or have plans that should be reviewed for export control concerns.
UNL faculty and staff traveling abroad can use the International Engagement Visa Support Webpage to find details about how to secure a visa, and enroll in the US State Department Smart Traveler Enrollment Program (STEP).
Evacuation Coverage for UNL Personnel Traveling Abroad
On February 1, 2015, the University of Nebraska – Lincoln secured blanket international travel coverage for all faculty and staff who travel outside the country on UNL business with the correct visa. Faculty and staff no longer need to purchase this insurance individually. Additional information can be found on the University of Nebraska International Travel site.
International Traffic in Arms Regulations (ITAR)
International Traffic in Arms Regulations (ITAR) are administered by the U.S. Department of State and ITAR places strict controls on the export of “defense articles” and “defense services.” These Federal regulations are used primarily to control the import and export of defense articles and defense services. Similar to ECCNs and EAR 99, another key way in determining whether or not your items/information fall under export control regulations is to understand whether or not they fall under any of the ITAR categories.
These categories are enumerated under the Unites States Munitions List (USML). USML categories are organized by paragraphs and subparagraphs and identified alphanumerically (e.g. Category IX.10 refers to infrared scene generators, and Category XII.3 refers to laser spot trackers or laser spot detection…”) . The categories usually start by enumerating or otherwise describing end-items, followed by major systems and equipment; parts, components, accessories, and attachments; and technical data and defense services directly related to the defense articles of that USML category.
Open & Closed Meetings
Open meetings are conferences, seminars or other gatherings where all technically qualified members of the public are eligible to attend and attendees are permitted to take notes or otherwise make a personal record of the proceedings and presentations.
This is in contrast to a closed meeting in which not all technically qualified members of the public may attend and often notes or recording of the proceedings or presentations may be prohibited. This is typically due to the nature of the information that will be presented or discussed.
It is particularly important to disclose that you plan on attending a closed meeting if you are traveling internationally or if you will be presenting or provided access to any information that will be export controlled. You should contact ECCP staff prior to participating in a closed meeting, so that they can review whether or not certain security parameters should be put into place regarding your attendance at such a meet.
Participation in Research by Foreign Nationals
Foreign nationals are persons who are not U.S. citizens or lawful permanent residents (those who have green cards). A foreign national also means any foreign corporation, business association, partnership or any other entity or group that is not incorporated to do business in the U.S.
The university campus is open to students and faculty from many different countries. However, access to restricted or export-controlled technology, commodities, defense articles and defense services by an unauthorized foreign person could result in severe criminal or civil penalties for the university and the university employee making the export.
When planning research involving foreign countries or foreign nationals (including graduate or undergraduate research assistants), the principal investigator (PI) should understand that, depending upon the nature of the research and the status of the foreign country, obtaining export licenses can take several months. Therefore, the PI must identify any possible export control restrictions in the early planning stages of a proposal and contact the Export Control Staff for assistance in complying with applicable laws.
While UNL strives to maintain an open campus that fosters collaboration between students and faculty from many different countries, allowing unauthorized foreign persons to access controlled items or information, such as export controlled technology, commodities, defense articles, technical data, and/or defense services, can constitute a violation of one or more export control regulations. Prosecution of an export violation may result in fines of up to $1 million and/or a prison sentence of up to 20 years.
Published Information Exclusion
Information that is already published or is out in the public domain is considered public information and, as provided for under the federal regulations (15 CFR§734.7 and 15 CFR§734.11), is NOT subject to export controls. Examples of information in the public domain include:
- Books, newspapers, pamphlets
- Publically available technology and software
- Information presented at conferences, meetings, and seminars open to the public
- Information included in published patents
- Websites freely accessible by the public
Purchasing & Export Controls Guidance
When purchasing equipment, software or other tangible items, it is important to ensure that any export control issues are addressed prior to bringing them to campus.
The following guidance provides information for purchasing equipment, software, or other tangible items whether they are from a foreign or U.S. vendor. It also provides questions to ask of vendors when purchasing these type of items, information on anti-boycott language, international shipping for these purchases, and some examples of foreign Universities or other entities that appear on the U.S. government Restricted or Denied listings.
According to the U.S. Bureau of Industry and Security (BIS), a reexport is “the shipment or transmission of an item subject to the Export Administration Regulations (EAR) from one foreign country to another foreign country. A reexport also occurs when there is ‘release’ of technology or software (source code) subject to the EAR in one foreign country to a national of another foreign country.”
This is important to understand if your item, technology or software requires a license before you can export it from the United States to a specific country. That same item, technology or software requires a license to be reexported from its current non-U.S. country to another non-U.S. country (e.g. You are shipping an item from UNL to a lab in France, which then will be shipping that same item to a lab in China).
Restrictions on Publication
Certain terms included in contracts or agreements might prevent a project from qualifying for the fundamental research exclusion. These include terms that:
- grant the sponsor pre-approval rights over publication of research results or
- allow the sponsor to claim resulting research information as proprietary or trade secret
- otherwise restrict the publication or other dissemination of research results from a given project.
When information generated by such a project includes these type of terms, the project would therefore be controlled under export regulations because restrictions on publications void the fundamental research exclusion. Such controls may also result in restrictions on the participation of certain foreign nationals and require licensing. Also, contractual restrictions on participation by foreign nationals might be interpreted to imply restrictions on publication, with a potential loss of the fundamental research exclusion.
Military or Space Related Research
International Traffic in Arms Regulations (ITAR) are administered by the U.S. Department of State. ITAR places strict controls on the export of “defense articles” and “defense services.” Defense articles include any item, software or technical data on the United States Munitions List (USML). Defense services include assistance (including training) or any technical data associated with a defense article furnished to foreign persons, whether or not in the United States. Any defense article, service or related technical data found to be on the USML requires an export license before it can be exported – that is, given to a foreign person, whether or not they are in the United States. Some license exemptions are available under specific circumstances, but in general you should expect to obtain an export license.
ITAR controls exports that are:
- Predominantly items of military nature
- Modified or specifically designed for military use
- “Space” related items and technology
- Controlled for national security reasons
Because spacecraft and satellites are subject to export controls, UNL policy requires a determination or technology control plan (TCP) for almost every research project that studies the design or operation of these items. Certain projects funded by federal agencies, such as NASA, also prohibit the participation of certain foreign persons or entities. Contact the Export Control Staff for more information.
Research into military technologies will also generally require the implementation of a TCP. This includes studies into the design and operation of weapons, defense systems, military vehicles, and protective gear. Almost all military research projects require government approval, so please be sure to contact the Export Control Staff when applying for funding from the Defense Department, Department of Energy, NASA, or the Department of Homeland Security.
Research Related to Nuclear, Chemical, Biological Weaponry; Missiles; or Unmanned Vehicles
Exports of special nuclear material (including Pu, 233U, and 235U) are governed by the Nuclear Regulatory Commission.
Technologies related to the production and use of nuclear material for peaceful purposes, like nuclear energy, are regulated under the Export Administration Regulations and specific items can be found in Categories of the Commerce Control List.
Technologies related to the military use of nuclear energy, including weapons systems, are regulated under the International Traffic in Arms Regulations. Specific controlled technologies can be found in Categories enumerated under the United States Munitions List (USML).
The Department of Commerce regulates and restricts the transfer and export of “dual use” technologies which are technologies or items having both commercial and military or proliferation applications. These can be found listed on the Commerce Control List (CCL).
Some examples of this research:
- Nuclear technologies associated with production and use of nuclear material for both peaceful and military applications, including certain associated technologies related to nuclear physics and/or nuclear engineering.
- Rocket system technologies that contribute to ballistic missile systems, space launch vehicles and sounding rockets and unmanned air vehicles (UAV). The also include navigation, avionics and flight control usable in rocket systems and unmanned air vehicles.
- Chemical, biotechnology and biomedical engineering technologies that could be applied to develop and produce chemical and biological weapons.
- Remote sensing, imaging and reconnaissance technologies related to satellite and aircraft remote sensing that can be used for civilian imagery projects or for military and intelligence reconnaissance activities.
- Advanced computer/microelectronic technology that can play a useful (but not necessarily critical) role in the development and deployment of missiles and missile systems and in the development and production of nuclear weapons.
- Certain materials technologies related to structural functions in aircraft, spacecraft, missiles, undersea vehicles and propulsion devices.
- Information security technologies associated with cryptography and cryptographic systems that help ensure secrecy for communications, video, data and related software.
- Laser and directed energy systems technologies that have critical military applications, including incorporation in guided ordinance such as laser guided bombs and ranging devices.
- Sensors and sensor technologies that provide real-time information and data and could provide a significant military advantage in a conflict.
- Marine technologies used in propulsion systems designed for undersea use and navigation and quieting systems associated with reducing detectability and enhancing operations survivability.
Research Related to Encryption Technologies
Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, or email messages sent over computer networks or the Internet.
Sharing, shipping, transmission or transfer of almost all encryption software in either source code or object code is subject to U.S. export regulations. Even most publicly available “dual-use” encryption code requires a license or license exception to ship outside the U.S.
In addition, U.S. persons are prohibited, without prior authorization, from providing technical assistance (instruction, skills training, working knowledge and consulting services) to a foreign national with the intent to help in the overseas development or manufacture of encryption software subject to U.S. Government notification or authorization. This prohibition does NOT limit university personnel from teaching or discussing general information about cryptography or developing or sharing encryption code within the United States that arises during, or results from, fundamental research.
However, source code for most strong encryption software is subject to export controls. Projects that require access to such source code (either for the purposes of study or development) will likely be required to implement a technology control plan that specifically details information security procedures.
Research Involving Select Agents or Other Pathogens
Both the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) have provisions for the control of pathogens and toxins. The control level depends on which regulations apply to the item.
Inside the United States any person, including foreign nationals, may purchase and use EAR export controlled pathogens and toxins for fundamental research. However, the “deemed” export rule applies to technical information about the controlled item or to the development or production of technology associated with the controlled item. For example, if a PI receives confidential, proprietary or export controlled information about the development or production of an EAR controlled biological, the PI may need a “deemed” export license to provide such information to a foreign national on campus.
Select agent regulations are separate from export control regulations, any given research project may be subject to either or both sets of regulations. This means that labs handling select agents may be required to complete both an IBC protocol and in some cases a determination or technology control plan may be required.
If a PI wishes to ship controlled pathogens or toxins outside the U.S. please Contact the Export Control Staff as an export license may be required.
Restricted Party Screening (RPS)
The United States Government prohibits U.S. persons, including educational institutions, from conducting business with persons and entities designated as restricted parties (Specially Designated Nationals and Blocked Persons – SDNs) on any federal restricted party listings. In addition, some entities may also be added to what is call the “unverified listing,” which is a listing of f0reign entities in which the U.S. government has concerns but has not yet designated them as a restricted party.
The Office of Foreign Asset Controls (OFAC) is the central repository for many of these restricted party or unverified lists. However, the lists are also administered and enforced by several additional U.S. agencies which include but are not limited to:
- Department of Commerce
- Department of State,
- Department of Treasury,
- Department of Homeland Security
The University of Nebraska-Lincoln utilizes a specialized software subscription service for screening of entities and individuals against the restricted party or unverified database listings maintained by the above listed agencies. This software, called Visual Compliance, not only permits screening against all the federally maintained lists, but also auto-updates all prior screenings on a nightly basis in the event of changes to any of the restricted party or unverified listings. Screenings can be completed quickly and easily by ECCP staff, typically within the same day of the request. In many instances, such as export controlled research and foreign national visa reviews, ECCP staff are already completing screenings of entities and individuals. However, UNL personnel can and should request screenings be completed under additional circumstances such as:
- Tours involving foreign nationals or entities on campus. Particularly if a tour will involve ORED and research areas that could have or has been designated as working in an export controlled area.
- International collaborations
- Research protocols that will involve an international component.
- International shipments
To request a screening using the Visual Compliance software, please contact ECCP staff directly. When requesting a screening, please be prepared to provide some of the following information in order for staff to complete the screening(s):
- Person or Entity Name
- Country(ies) of citizenship or country where the entity is located
- Reason for screening (e.g. campus tour)
- Department of Commerce Guidance on Restricted Party Screening;
- Department of the Treasury Guidance on Restricted Party Screening; and,
- Export.gov Information and Links to Consolidated Screening Lists.
Information governed under the ITAR and required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. Technical data includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation, as well as information covered by an invention secrecy order or certain kinds of classified information.
The term “technical data” can include software directly related to defense articles, but does not include information concerning general scientific, mathematical or engineering principles commonly taught in schools, colleges and universities. It also does not include information in the public domain or basic marketing information on function or purpose or general system descriptions.
See also the guidance on the International Traffic in Arms Regulations (ITAR).