Trade, Export Controls & Sanctions
Entities on the BIS Entity List (as of Sept 2025)
Maximum civil penalty per EAR violation
Commerce Control List categories requiring ECCN classification
Regulation Overview
https://www.bis.gov/regulations/ear
The Export Administration Regulations are the U.S. government's primary framework for controlling exports, reexports, and in-country transfers of dual-use items—commercial goods, software, and technology with both civilian and potential military or national security applications. For supply chain teams, the core obligation is classifying every item against the Commerce Control List and screening all transaction parties against BIS restricted party lists.
Every item subject to EAR jurisdiction must be classified using Export Control Classification Numbers (ECCNs). Items not specifically listed are designated EAR99. The ECCN classification, combined with the Commerce Country Chart and restricted party screening, determines whether an export license is required. BIS now updates the Entity List monthly, and the 50 Percent Affiliates Rule extends restrictions to subsidiaries of listed entities.
EAR compliance requires product-level classification data, end-user screening, and end-use verification across every export transaction. When BIS updates the Entity List, revises ECCNs, or changes country group designations, your entire product portfolio requires reassessment.
Key Components / Sub-Frameworks
U.S. companies exporting items subject to EAR jurisdiction
Foreign companies reexporting U.S.-origin items or foreign direct products
Distributors and resellers handling EAR-controlled goods, software, or technology
Non-U.S. entities incorporating controlled U.S.-origin content above de minimis thresholds
Companies transacting with entities on the Entity List, Unverified List, or Military End User List
Any entity facilitating exports, reexports, or in-country transfers of EAR-subject items
Key Thresholds
Your company exports 5,000 SKUs across 40 countries. Each item requires ECCN classification against a 600-page Commerce Control List spanning 10 categories and 5 product groups. Engineering provides technical specs in inconsistent formats. Your trade compliance team manually maps each item. A single misclassification can trigger $300,000+ in penalties—and the problem is often systemic across entire product lines.
BIS adds and revises entities monthly. The Entity List now exceeds 3,163 entries. The 50 Percent Affiliates Rule means you must screen not just named entities but their subsidiaries. Your customer passed screening last quarter—but their parent company was added to the Entity List last week. Without continuous screening, you transact blind.
Your product incorporates components from 30 suppliers across 8 countries. Each component may carry its own ECCN. The de minimis rule requires calculating U.S.-origin controlled content in foreign-made items. Without supplier-level ECCN data, you cannot determine whether your finished product is subject to EAR jurisdiction—or whether a license is required for reexport.
BIS conducts end-use checks and compliance audits globally. An auditor requests your classification methodology, screening records, license determinations, and transaction documentation across 24 months of exports. Your evidence is spread across ERP records, email chains, and spreadsheets maintained by three different teams. Compiling the audit file takes weeks—and gaps in documentation create presumptions of non-compliance.
Certivo In Action
Certivo in Action — EAR Workflow
From Manual Classification to Automated Validation
CORA collects, parses, and validates supplier ECCN data automatically. Your trade compliance team focuses on license strategy and risk decisions—not spreadsheet classification and manual party screening.
Export Compliance Documentation Acceleration
Generate complete, BIS audit-ready classification records, screening documentation, and license determination packages in hours—not the weeks of manual compilation.
Proactive EAR Compliance Assurance
When BIS updates the Entity List, revises ECCNs, or changes country group designations, Certivo reassesses your portfolio instantly. Know which products and customers are affected before your next shipment.
Key Statistics
Frequently Asked Questions
What items are subject to the Export Administration Regulations?
The EAR applies to all items subject to U.S. Department of Commerce jurisdiction—including commodities, software, and technology with commercial and dual-use applications. This covers U.S.-origin items wherever located, foreign-produced items incorporating controlled U.S. content above de minimis thresholds, and certain foreign direct products of U.S. technology. Items are classified using ECCNs on the Commerce Control List or designated EAR99.
What are the penalties for EAR violations?
Civil penalties exceed $300,000 per violation or twice the transaction value, whichever is greater. Criminal penalties include up to $1 million per violation and 20 years imprisonment. BIS assessed a record $252 million civil penalty in February 2026 for unlicensed semiconductor equipment exports to an Entity List designee. Penalties are strict liability—no knowledge requirement. Market access and export privileges can also be revoked.
How does the 50 Percent Affiliates Rule affect EAR compliance?
Effective September 29, 2025, the BIS Affiliates Rule extends Entity List, Unverified List, and MEU List restrictions to any entity 50% or more owned—directly or indirectly—by a listed party, even if the subsidiary is not explicitly named. This significantly expands supplier and customer due diligence requirements. CORA screens ownership structures and flags affiliated entities automatically, ensuring your restricted party screening captures both named entities and their subsidiaries.
How does Certivo automate ECCN classification and restricted party screening?
Certivo collects supplier ECCN declarations and technical documentation, extracts classification data, validates against the Commerce Control List, and screens all transaction parties against BIS and OFAC restricted party lists in real time. CORA parses supplier documents regardless of format, detects misclassifications through anomaly detection, and generates audit-ready compliance evidence. One supplier submission feeds classification validation, screening, and license determination workflows.
How does EAR compliance relate to ITAR and OFAC sanctions?
The EAR covers dual-use and commercial items under Commerce jurisdiction. ITAR covers defense articles under State Department jurisdiction. OFAC administers sanctions programs restricting transactions with embargoed countries and designated parties. Many companies must comply with all three. Certivo validates supplier evidence and screens transactions across EAR, ITAR classification boundaries, and OFAC sanctions lists simultaneously—eliminating duplicate screening workflows.