What Is ITAR? A Space Industry Professional's Guide

If you work in the space industry — or plan to — you need to understand ITAR. The International Traffic in Arms Regulations govern the export and temporary import of defense articles and defense services on the United States Munitions List (USML). Because most space technology originated as defense technology, ITAR's reach into the commercial space sector is far broader than most professionals expect.

ITAR compliance is not optional. Violations carry penalties of up to $1.2 million per violation in civil fines and up to 20 years imprisonment for criminal violations. Companies have been fined tens of millions of dollars for ITAR breaches. Yet many space startups, university research groups, and international collaboration teams discover ITAR requirements only after they have already violated them.

This guide explains ITAR in practical terms: what it covers, who must comply, how violations happen, and how to build a compliance program that protects your organization without paralyzing your operations.

What ITAR Covers

ITAR is administered by the Directorate of Defense Trade Controls (DDTC) within the U.S. State Department. It implements the Arms Export Control Act (AECA) and controls the export of items on the United States Munitions List — a catalog of 21 categories of defense articles, from firearms to spacecraft.

For the space industry, the most relevant USML categories are:

• Category IV — Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets, Torpedoes, Bombs, and Mines: This covers launch vehicles, sounding rockets, and their major components. If you build, test, or provide technical data related to launch vehicles, you are likely working with Category IV items.
• Category XI — Military Electronics: Includes space-qualified electronics, radiation-hardened components, and certain satellite subsystems with military applications.
• Category XV — Spacecraft and Related Articles: This is the broadest space-specific category. It covers satellites, satellite subsystems (power systems, propulsion, attitude control, thermal management), ground control equipment, space-qualified optics, and associated technical data. Notably, Category XV was created in 2014 to consolidate space items that were previously scattered across multiple categories.

Critically, ITAR controls not just physical hardware but also technical data and defense services. Technical data includes design specifications, engineering drawings, test data, manufacturing procedures, and operational manuals. A defense service is any assistance (including training) provided to a foreign person involving ITAR-controlled articles or data. This means that showing a satellite design to a foreign colleague, or having an international intern work on a controlled project, can constitute an ITAR-regulated activity.

Who Must Comply

ITAR applies to any U.S. person — including U.S. citizens, permanent residents, companies incorporated in the U.S., and any person physically in the U.S. — who manufactures, exports, or brokers defense articles or defense services. Key groups that must comply include:

• Satellite manufacturers: Any company that designs, builds, or integrates satellites or satellite subsystems. This includes startups building CubeSats — ITAR does not have a minimum size threshold.
• Launch service providers: Companies that build, operate, or provide technical support for launch vehicles.
• Component suppliers: Companies that manufacture space-qualified components — reaction wheels, star trackers, solar cells, propulsion systems, or radiation-hardened electronics — that are enumerated on the USML.
• Software developers: If your software controls ITAR-regulated hardware or processes ITAR-controlled technical data, it may itself be subject to ITAR controls.
• Universities and research institutions: Academic research involving ITAR-controlled technology, including government-funded projects, requires compliance. The "fundamental research exclusion" provides some relief for basic research, but once research becomes restricted or involves specific hardware, ITAR applies.
• Consultants and advisors: Providing technical advice to a foreign entity regarding ITAR-controlled technology constitutes a defense service and requires authorization.

Registration Requirement

Any company or person engaged in the manufacture or export of defense articles or defense services must register with DDTC. Registration is a prerequisite for applying for export licenses. The registration fee starts at $2,250 per year. Failure to register is itself an ITAR violation. Many space startups fail to register until they are already in violation — often because they did not realize their technology was ITAR-controlled.

ITAR vs. EAR: Understanding the Distinction

ITAR is not the only U.S. export control regime. The Export Administration Regulations (EAR), administered by the Bureau of Industry and Security (BIS) within the Commerce Department, control dual-use items — technology with both civilian and military applications. Some space technology has been moved from the USML (ITAR) to the Commerce Control List (EAR) through a series of export control reform initiatives.

The key differences for space industry professionals:

• ITAR applies to items specifically designed or modified for military use, listed on the USML. Controls are strict: no export to any foreign person without a license or exemption, regardless of the destination country.
• EAR applies to dual-use items on the Commerce Control List. Controls are risk-based: some items can be exported to allied countries without a license (under license exceptions), while exports to embargoed countries are prohibited or heavily restricted.

The 2014 export control reform moved many commercial satellite components and systems from ITAR to EAR, easing restrictions on commercial satellite exports to allied nations. However, the most sensitive technologies — including certain propulsion systems, space-qualified optics above specific resolution thresholds, and items with significant intelligence applications — remain on the USML under ITAR control.

Common Violations and How They Happen

ITAR violations in the space industry frequently fall into several patterns:

1. Unauthorized Disclosure of Technical Data

The most common violation. This occurs when ITAR-controlled technical data — design documents, test results, engineering specifications — is shared with a foreign person without authorization. Common scenarios include:

• Emailing controlled documents to a foreign partner or customer
• Presenting technical details at an international conference
• Allowing foreign national employees or interns to access controlled projects without a Technical Assistance Agreement (TAA)
• Storing controlled data on cloud servers located outside the United States

2. Deemed Exports

A "deemed export" occurs when ITAR-controlled technology is released to a foreign person within the United States. Hiring a foreign national engineer and giving them access to ITAR-controlled satellite designs constitutes a deemed export that requires a license — even though nothing physically crosses a border. This catches many startups that hire international talent without considering export control implications.

3. Failure to Register

Companies that manufacture or export defense articles must register with DDTC. Many startups building satellites, satellite components, or launch vehicle subsystems do not register because they do not realize their products are USML-controlled. Failure to register is a strict liability violation — intent is irrelevant.

4. Unauthorized Retransfers

When ITAR-controlled items are exported to an authorized end user, the end user cannot retransfer them to a third party or country without separate authorization. This is a common issue in international satellite programs where subsystems pass through multiple partners.

5. Conference and Trade Show Disclosures

Presenting technical details about ITAR-controlled technology at international space conferences — even on U.S. soil, if foreign nationals are present — can constitute an unauthorized export. Companies must screen presentation content for ITAR-controlled information before any public or semi-public disclosure.

Penalties

ITAR enforcement has real consequences:

• Civil penalties: Up to $1,216,326 per violation (adjusted annually for inflation). Multiple violations in a single incident are counted separately, so a single transaction can generate millions in fines.
• Criminal penalties: Up to $1 million per violation and 20 years imprisonment for willful violations.
• Debarment: Companies and individuals can be debarred from participating in any defense trade activities — effectively ending their ability to work in the space industry.
• Consent agreements: Major enforcement cases typically result in consent agreements that include large financial penalties, mandatory compliance remediation, and ongoing monitoring by external compliance officers. Recent cases in the space sector have resulted in penalties ranging from $5 million to $79 million.

Notable space industry enforcement actions include penalties against major satellite manufacturers for unauthorized exports of satellite technical data to China and other restricted destinations. These cases typically involve legacy practices from an era when export controls were less strictly enforced — but the penalties are assessed based on current regulations.

Building an ITAR Compliance Program

An effective ITAR compliance program for a space company should include the following elements:

1. USML classification. Determine whether your products, technology, or services are ITAR-controlled. This requires a thorough commodity jurisdiction analysis. If your items are on the USML, you must register with DDTC. If they are dual-use, they fall under EAR. The classification determination is foundational — everything else depends on getting this right.
2. DDTC registration. If you manufacture or export defense articles or services, register with DDTC. Even if you have no current plans to export, registration is required if you manufacture ITAR-controlled items.
3. Technology Control Plan (TCP). Develop a TCP that specifies how ITAR-controlled technical data and hardware will be stored, accessed, transmitted, and protected. The TCP should address physical security (locked facilities, badge access), cybersecurity (encrypted storage, access controls on networks), and personnel security (screening, training, need-to-know restrictions).
4. Foreign person screening. Implement procedures to identify foreign persons — including employees, contractors, visitors, and collaborators — who may require export authorizations before accessing controlled technology. This includes checking against the DDTC Debarred Parties List, BIS Entity List, and OFAC sanctions lists.
5. License management. When exports are required, apply for the appropriate authorization: a DSP-5 (permanent export), DSP-73 (temporary export), TAA (technical assistance agreement), or MLA (manufacturing license agreement). Track license conditions, expiration dates, and reporting requirements.
6. Training. Conduct regular ITAR training for all employees who may encounter controlled technology. Training should cover what ITAR is, what your company's controlled items are, how to identify potential violations, and how to report concerns. Annual refresher training is a best practice.
7. Recordkeeping. ITAR requires retention of export records for a minimum of 5 years. Maintain records of all exports, licenses, agreements, commodity jurisdiction determinations, and compliance incidents.
8. Voluntary disclosure. If a violation is discovered, consider filing a voluntary disclosure with DDTC. Voluntary disclosures are viewed favorably in enforcement proceedings and typically result in significantly reduced penalties compared to violations discovered through investigation.

ITAR and International Collaboration

ITAR creates unique challenges for international space collaboration. Programs like the International Space Station, Artemis (through the Artemis Accords), and joint satellite projects require careful navigation of export controls. The U.S. has negotiated bilateral defense trade treaties with the UK and Australia that streamline ITAR compliance for certain exports between those countries. Other allied nations access controlled technology through government-to-government channels (Foreign Military Sales) or through individual licenses.

For commercial space companies seeking international partners or customers, ITAR compliance is often the single largest barrier to market entry. Companies that build effective compliance programs — and can demonstrate them to foreign customers — gain a competitive advantage over those that cannot navigate the regulatory complexity.

How SpaceNexus Helps

Managing ITAR compliance across a growing organization is operationally demanding. SpaceNexus's Compliance module helps space industry professionals:

• Monitor regulatory changes: Track DDTC, BIS, and OFAC rulemaking and policy updates that affect your export control obligations.
• Screen parties: Check counterparties against consolidated denied parties lists, debarred entities, and sanctions databases.
• Track license deadlines: Manage export license expiration dates, reporting requirements, and renewal timelines.
• Stay informed: Receive alerts on enforcement actions, policy changes, and industry compliance best practices relevant to the space sector.

Navigate ITAR, EAR, and space industry compliance requirements with SpaceNexus Compliance Hub — including regulatory tracking, denied party screening, and compliance deadline management built specifically for space industry professionals.