Export Administration Regulations (EAR)

Documentation Updated: 2025-03-09

Description

Export Administration Regulations

• Law/Regulation: Export Administration Regulations
• Jurisdiction: United States
• Effective Date: 1979 (with regular updates)
• Purpose: Control exports of dual-use items and technologies that have both commercial and military applications
• Detection Tools:
  • TBD
• Related Risks:
  • LLM01: Prompt Injection
  • LLM02: Sensitive Information Disclosure
  • LLM03: Supply Chain
  • LLM06: Excessive Agency
• Related Regulations:
  • ITAR - Export Controls for Defense
  • US EO on AI - Federal AI Regulations
  • EU AI Act - AI System Requirements

The Export Administration Regulations (EAR) are U.S. regulations that control the export of dual-use goods, software, and technologies. Designed to protect national security and foreign policy interests, EAR governs the export and re-export of sensitive items that have both civilian and military applications. It is a critical framework for companies involved in the international trade of advanced technologies.

Scope & Applicability

EAR applies to U.S. entities exporting controlled technologies and items that may have both civilian and military applications.

• Covered Entities: U.S. companies and individuals involved in exporting or re-exporting controlled items.
• Data Types: Technical data, software, and technologies with dual-use applications.
• Key Exemptions: Items that are in the public domain or covered by specific licensing exceptions.

Key Requirements

Organizations must classify their exports accurately, obtain necessary licenses, and implement compliance programs:

• Determine the Export Control Classification Number (ECCN) for items and technologies.
• Obtain export licenses when required and comply with licensing conditions.
• Special Focus Areas:
  • Technology Control Plans: Develop procedures to prevent unauthorized access to controlled technology.
  • Documentation: Maintain detailed export records and classification documents.
• Additional Focus: Regularly review compliance programs to adapt to updates in EAR.

Impact on LLM/AI Deployments

For AI systems, especially those involving sensitive technologies, EAR compliance is essential:

• Export Controls: Ensure that any AI software or technical data shared internationally complies with EAR licensing requirements.
• Collaboration: Monitor international partnerships to avoid unlicensed technology transfers.
• Data Security: Implement measures to secure AI models and technical data from unauthorized export.
• Security and Observability Considerations:
  • Access Audits: Track and log access to controlled technology data.
  • Compliance Monitoring: Regularly review export records and verify proper licensing.
  • Encryption: Secure sensitive technical data with robust encryption methods.
  • Training: Educate staff on EAR compliance requirements.
  • Policy Reviews: Update internal controls as export regulations evolve.

Enforcement & Penalties

The U.S. Department of Commerce, through the Bureau of Industry and Security (BIS), enforces EAR.

• Enforcement Body: Bureau of Industry and Security (BIS).
• Fines and Penalties:
  • Civil Penalties: Fines can be significant, varying by the nature and volume of violations.
  • Criminal Penalties: Severe violations may lead to imprisonment.
• Additional Enforcement Mechanisms: Investigations, license revocations, and export bans.
• Operational Impacts: Non-compliance can result in loss of export privileges, financial penalties, and reputational harm.

Resources & References

• Official Regulation Text
• Bureau of Industry and Security