#exportcontrol

By Engin Sindel, Assist Export, Türkiye

Technology exports can be exhilarating. There’s something undeniably exciting about watching a locally developed innovation reach international markets—a tangible reminder that progress in Türkiye is not confined to borders. But behind the headlines and commercial wins lies a more intricate puzzle. One that tech exporters must solve with care: export control compliance.

Let’s not sugarcoat it. This is a tricky area. It exists in the space where technology, regulation, international diplomacy, and national security collide. And that intersection doesn’t always have clear signage. Turkish companies developing hardware, software, or dual-use goods are increasingly finding themselves under the microscope of both domestic and foreign regulatory frameworks.

Take a software firm in Ankara exporting cybersecurity tools to Southeast Asia. Or a drone manufacturer in Bursa delivering components to a client in the Gulf. Even if the product is benign in everyday use, its potential for military or surveillance applications might trigger licensing requirements, reporting obligations, or even denial of export clearance. That potential is where export controls begin.

The foundation of Türkiye's export control regime is largely shaped by commitments to international agreements—like the Wassenaar Arrangement, the Missile Technology Control Regime (MTCR), and the Chemical Weapons Convention (CWC), among others. As a member or adherent, Türkiye must ensure that companies within its borders do not inadvertently contribute to the proliferation of sensitive technologies.

Sounds straightforward? In theory, yes. In practice, not always.

One of the biggest challenges Turkish tech exporters face is classification. How do you determine if your product is controlled? The answer lies in control lists, technical specifications, and an uncomfortable number of acronyms. A software package, for example, might fall under ECCN codes (Export Control Classification Numbers) that require a deep understanding of both the code and the tool. And these classifications are not just bureaucratic labels. They dictate whether you need a license, where you can ship, and what end-uses are restricted.

Add to that another layer: end-use and end-user screening. Even if your product isn't listed as controlled, shipping to an embargoed country or a blacklisted entity can land you in serious trouble. We’re talking fines, shipment seizure, and in some cases, criminal penalties. Overcautious? Maybe. But in this arena, it's better to be that than the alternative.

At Assist Export, we’ve supported clients through some surprisingly nuanced cases. One involved an IoT sensor company exporting to a partner in Eastern Europe. While the product itself wasn’t controlled, the buyer was ultimately supplying a larger system for border surveillance. Red flags were raised. Licenses were required. The exporter didn’t anticipate it, but because they had done their screening early, delays were minimized.

Education is a major part of the solution. Many SMEs simply don’t know that export controls apply to them. They associate it with weapons or chemicals, not embedded chips or encryption modules. And fair enough—the terminology doesn’t help. But ignorance doesn’t exempt you from compliance. If anything, it puts you at greater risk.

The other hurdle is procedural complexity. Getting an export license in Türkiye can be a time-consuming process, involving multiple agencies and often very detailed documentation. It's not impossible—far from it—but it does require planning. And patience. For smaller companies without dedicated compliance teams, this can feel overwhelming. That’s where external consultants, like those of us at Assist Export, often play a vital role.

Now, it's not all friction and fear. There’s a positive angle too. Companies that build export compliance into their culture tend to be better prepared for global growth. They avoid legal trouble, win the trust of international partners, and often find it easier to attract investment. That kind of discipline sends a signal. It says: we know what we’re doing.

Which brings me to something we’re humbled by. Assist Export has been nominated for the 2025 Go Global Awards, to be held in London this November, on the 18th and 19th. Hosted by the International Trade Council, it’s not just a ceremony. It’s a summit of thinkers, builders, and enablers from across the world. A space to share ideas, challenge assumptions, and build collaborations that stretch beyond borders. For us, being there is not just an honor—it's a moment to reflect on where we stand, and where we’re going.

The restrictions on access to USML items by Dual and Third Country National employees of a foreign person can cause significant difficulties because the current accepted definitions of Dual and Third Country Nationals do not reflect the definition of “US persons.” The Department of State defines Dual and Third Country Nationality as follows:

Third Country National: An individual holding nationality from a country or countries other than the country of the foreign signatory to the agreement; and

Dual National: Holds nationality from the country of a foreign signatory and one or more additional foreign countries.[84]

Although “nationality” is not defined under ITAR, it is accepted that the U.S. Government will take country of origin[85] and continued ties or allegiance to a country into account when determining Dual or Third Country Nationality.[86]

This means that a person who was born in the UK but is a U.S. permanent resident working in the U.S. for a U.S. company will be considered a U.S. person only (under the definition of “US person”). If, however, the same person emigrated to Canada, obtained Canadian citizenship and commenced employment with a Canadian company, they would be treated as a Canadian-UK Dual National for the purposes of any U.S. export authorization to which their employer was a party. If that person did not obtain Canadian citizenship but instead became a temporary or permanent Canadian resident, they would be treated as a UK Third Country National for the purposes of any U.S. export authorization to which their employer was a party.[28]

It is also possible for a person who was born in one country to become a Dual National for the purposes of ITAR without necessarily leaving their country of origin, simply by obtaining a foreign passport (thereby “holding nationality” from another country). This is frequently the case where the individual’s parent/s were born in a country that grants citizenship to children of its citizens, regardless of where the children were born, for example, a child born in Canada to parents who were born in the UK is able to obtain a UK passport (see British nationality law). Once they have done so, they become an Canadian-UK Dual National for the purposes of ITAR.

Restrictions on access to USML items by Dual and Third Country National employees of foreign persons essentially forces foreign persons to discriminate against their employees who do not meet the nationality criteria under an export authorization. Such discrimination may be illegal in some countries under anti-discrimination law (such as in Canada[87] and Australia[37]).

In addition, the prohibition on access by Dual and Third Country Nationals from countries proscribed under ITAR 126.1 can cause problems for countries with large immigrant populations from those countries (such as Canada and Australia, which both have large Overseas Chinese and Overseas Vietnamese immigrant populations: see immigration to Canada and immigration to Australia).[37]

The U.S. Government actively enforces restrictions on access to USML items by Dual and Third Country Nationals:

1) Petitioners that are ITAR/EAR certified (hold such licenses) should already have a comprehensive ITAR/EAR compliance program in place, one which now needs to be modified to include additional USCIS attestation requirements.  A copy of the applicable license and associated certifications should be kept with the beneficiary’s H-1B compliance file, ready for possible inspection by USCIS/ICE auditors.  

2) Petitioners that may be subcontractors to defense contractors  (ITAR/EAR license holders) must review their contracts to determine whether there is such a clause, and are advised to make note in their H-1B Compliance file that such a document search was performed, or that one is deemed not necessary.

3) Petitioners that may be deemed to be subject to ITAR/EAR because they have foreign parents, affiliates or subsidiaries that produce or export or transfer US origin military goods or services must register for ITAR/EAR certification.  Same compliance procedure as 1) above will apply.

            Those companies that are licensed or may be subject to ITAR/EAR certification or OFAC compliance requirements are advised to communicate with Immigration counsel without delay.

Readers should note that the application of ITAR compliance and ITAR certification requirements is spreading despite a lack of specificity in US Commerce Dept, and US Dept. of State rules about what these requirements actually entail.  Nowhere in the International Traffic in Arms Regulations (ITAR) is it spelled out what “ITAR compliant” means.  As is the case with agency implementation of many federal regulations, different staff members of the Directorate of Defense Trade Controls (DDTC) and the Commerce Bureau of Industry and Security (BIS) will make slightly different interpretations.  The Treasury Department Office of Foreign Assets Control (OFAC) imposes yet a third set of compliance obligations.

Nonetheless, a generally safe definition of ITAR compliant is as follows:

For a company involved in the manufacture, sale or distribution of goods or services covered under the United States Munitions List (USML) or a component supplier to goods covered under USML, the contractual stipulation or requirement of being  “ITAR compliant” means that the company must be registered with the State Department’s Directorate of Defense Trade Controls (DDTC).  These requirements are laid out on the DDTC’s web site http://pmddtc.state.gov/registration/index.html.  Any company that must be compliant must understand and abide by the ITAR as it applies to any relevant USML linked goods or services.  Any company that becomes a USML prime exporter or subcontractor must now register with DDTC and certify that they operate in accordance with the ITAR.

The license requirement for dissemination of information does not apply if it falls under one or more of the following exclusions:

Public Domain (ITAR, EAR)

22 CFR Ch.1 § 120.11

    http://www.pmdtc.org/docs/ITAR/2005/22cfr120_Part_120.pdf

[However, note that the U.S. government has nonetheless attempted to prosecute dissemination of control-list technology, even though the information was shown to have been available on the internet.]

15 CFR Ch. 7  § 734.3 (b)(3) http://www.access.gpo.gov/bis/ear/pdf/734.pdf  

Education Exclusion  (ITAR,EAR)

22 CFR Ch.1 § 120.10(a)(5) http://www.pmdtc.org/docs/ITAR/2005/22cfr120_Part_120.pdf

15 CFR Ch.7 § 734.9 http://www.access.gpo.gov/bis/ear/pdf/734.pdf  

No license is required to share with foreign nationals “information concerning general scientific, mathematical or engineering principles commonly taught in universities or information in the public domain”

Fundamental Research  Exclusion (ITAR, EAR)

22 CFR Ch.1 § 120.11(a)(8) http://www.pmdtc.org/docs/ITAR/2005/22cfr120_Part_120.pdf

15 CFR Ch. 7  § 734.8 http://www.access.gpo.gov/bis/ear/pdf/734.pdf

No license is required to disclose to foreign nationals information which is “published and which is generally accessible or available to the public [through, for example] fundamental research in science and engineering at universities where the resulting information is ordinarily published and shared broadly in the scientific community.”

  Other expressed restrictions in ITAR/EAR, and other federal regulations, to providing services to foreign nationals.

  ITAR and EAR prohibit assisting and training foreign nationals anywhere in the design, development, use, testing, etc. of controlled dual-use equipment without a license from Commerce or State.  An example given is in the operation of microbial culture fermenters having a capacity of 20 liters or more.

Furthermore, the technology transfer need not be in the course of a direct commercial relationship.  Technology or code is considered "released" for export when it is "available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.); when technology is exchanged orally; or when technology is made available by practice or application under the guidance of persons with knowledge of the technology."

In addition, while there is a general license exception in the EAR 774, Note 2, for “General Software”, a prohibition remains in place for export to certain enumerated embargoed countries and for certain types of software.  That Note, PDF, states: [also, see, Section 2B]

(“mass market” software) is available to all destinations, except countries in Country Group E:1 of Supplement No. 1 to part 740 of the EAR, for release of software that is generally available to the public by being:

a. Sold from stock at retail selling points, without restriction, by means of:

1. Over the counter transactions;

2. Mail order transactions;

3. Electronic transactions; or

4. Telephone call transactions; and

b. Designed for installation by the user without further substantial support by the supplier.

Note: The General Software Note does not apply to "software" controlled by Category 5 part 2 ("Information Security"). For "software" controlled by Category 5, part 2, see Supplement No. 1 to part 774, Category 5, part 2, Note 3 Cryptography

Note. Export Administration Regulations July 30, 2004

 There are limited exceptions on export and transfer of certain types of knowledge, data, and technology, such as for universities that teach foreign students fundamental research techniques or scientific knowledge that is in the public domain.

 Note: however, there are no expressed exclusions that allow foreign persons to use controlled equipment or software without a license.   Some universities rely upon the Fundamental Research exclusion [see below] on the ground that using equipment is part and parcel of conducting fundamental research and/or the Education exclusion when the program of instruction requires using such software or equipment, but it is unlikely that such exclusions will extend more generally to commercial software development firms or other commercial concerns.  

While this is not the place for an in-depth discussion of these issues, I-129 filers must now be aware of the general outlines of export restrictions in order to make a baseline determination of whether they may be subject to ITAR/EAR licensing requirements, how and what to document for compliance, and if necessary, so as to be better prepared to approach the license application process.

Another set of expressed export and international trade restrictions is contained in the U.S. Treasury’s Office of Foreign Assets Control (OFAC) prohibitions against the provision of services to countries subject to US sanction programs, boycotts, etc. without a license.  The OFAC prohibitions may impose a comprehensive ban on service provision that includes services associated with IT-BPO, and other business and technology services, even if there is no direct or dual-use military application.  In some instances, the OFAC ban extends to:

Conducting surveys and interviews in boycotted countries

Providing marketing & business services to persons in boycotted countries  

Creating new information materials at the behest of persons in a boycotted country

Engaging the services of persons in a boycotted country to develop new information materials

There are a number of countries currently under Treasury boycotts of various types, which include (but are not limited to):

    Cuba, Iran, Iraq, Libya, Liberia, Sudan, Syria, North Korea

NOTE:  The restrictions on provisions of goods and services to some boycotted countries can be thorough-going and applies to foreign business units of U.S. companies.

            See, OFAC website for specific restrictions, and license requirements, which vary depending upon the country:

http://www.treas.gov/offices/enforcement/ofac/programs/index.shtml

        OFAC Sanctions Programs 

Program Abbreviation 

Program Last Updated:

    Balkans-related Sanctions

[BALKANS]

06/22/2010

    Belarus Sanctions

[BELARUS]

05/19/2010

    Burma Sanctions

[BURMA]

09/10/2010

    Cote d’Ivoire (Ivory Coast)-related Sanctions

[COTED]

04/13/2009

    Counter Narcotics Trafficking Sanctions

[SDNT] ; [SDNTK]

10/26/2010

    Counter Terrorism Sanctions

[SDGT] ; [FTO] ; [SDT]

11/04/2010

    Cuba Sanctions

[CUBA]

10/13/2010

    Democratic Republic of the Congo-related Sanctions

[DRCONGO]

06/24/2010

    Diamond Trading Sanctions

NONE

05/21/2008

    Iran Sanctions

[IRAN] ; [IRGC] ; [IFSR] ; [IRAN-HR]

09/29/2010

    Iraq-related Sanctions

[IRAQ]

09/13/2010

    Former Liberian Regime of Charles Taylor Sanctions

[LIBERIA]

05/23/2007

    Lebanon-related Sanctions

[LEBANON]

07/30/2010

    Non-proliferation Sanctions

[NPWMD]

10/27/2010

    North Korea Sanctions

[NORTH KOREA] ; [DPRK]

11/04/2010

    Somalia Sanctions

[SOMALIA]

11/03/2010

    Sudan Sanctions

[SUDAN] ; [DARFUR]

10/20/2010

    Syria Sanctions

[SYRIA]

07/10/2008

    Zimbabwe Sanctions

[ZIMBABWE]

11/25/2008