LenzoBlogDeemed Exports: When Technical Data Needs a License
Last updated:
January 11, 2026

Deemed Exports: When Technical Data Needs a License

Lenzo Compliance Team
Deemed Export
Export License
Export Compliance
ITAR
Export Classification

Your VP of Engineering hires a brilliant semiconductor designer. PhD from Tsinghua, ten years at TSMC, exactly the expertise you need. HR processes the H-1B. IT sets up the workstation. Engineering gives them access to the design files.

Nobody calls compliance. Why would they? The engineer works in your California office. Nothing left the building.

Except under EAR, you just made an export. A deemed export—releasing controlled technology to a foreign national inside the United States. If that technology requires a license for China, it requires a license for a Chinese national in Palo Alto. Same rules. Same penalties.

I've watched this play out at three semiconductor companies in the past eighteen months. Two discovered it during internal audits—one triggered by an unrelated investigation. The third discovered it when BIS sent an inquiry letter asking about their Chinese engineering staff.

The voluntary self-disclosure for that third company covered 47 engineers across four years. Exposure calculation: 47 people × roughly 1,000 access events each × up to $300K per violation. Nobody actually pays the maximum, but the CFO's face when legal walked through the math was something I won't forget. Settlement discussions took fourteen months. Final number was $1.2M plus three years of enhanced compliance monitoring.

Key Takeaways

  • A "deemed export" occurs when controlled technology or source code is released to a foreign national in the US—same licensing requirements as physically exporting to that person's home country
  • "Release" includes visual inspection, oral exchange, and application of knowledge—not just handing over documents
  • The relevant country is the person's citizenship or permanent residence, not their immigration status or where they went to school
  • Green card holders and US citizens are exempt. Everyone else requires analysis
  • University research exemptions exist but are narrower than most institutions assume
  • Penalties mirror physical export violations: up to $300K per violation, potential criminal liability, denial of export privileges

What Counts as a Deemed Export

The test isn't whether you handed someone a document. It's whether they gained access to controlled technology through any means.

A defense contractor I worked with had this problem with facility tours. They'd bring potential customers through their production floor—including foreign government delegations. Controlled equipment visible. Process parameters on screens. Tour guides explaining technical capabilities. Nobody had thought about whether those visual observations constituted deemed exports. A lot of them did.

  • Visual inspection of controlled equipment counts. Your visiting engineer from Germany walks through the clean room and observes your deposition process parameters displayed on the control screens. That's a release.
  • Oral exchange of technical data counts. Your Korean contractor asks how you achieved a specific tolerance on a precision machining process. You explain it. That's a release.
  • Application of knowledge gained from controlled technology counts. You train a Taiwanese engineer on operating your controlled manufacturing equipment. The training itself is a release.

Citizenship Is What Matters

The licensing analysis keys off the foreign national's most recent country of citizenship or permanent residence. Not where they went to school. Not where they worked before. Not their immigration status in the US.

This creates scenarios that confuse HR departments constantly.

Your engineer was born in Iran, grew up in Canada, did their PhD at MIT, and has worked in the US for fifteen years on an H-1B. For deemed export purposes, their country of citizenship is Iran. Technology that requires a license for export to Iran requires a license for release to this person—regardless of how American their career looks on paper.

The Canadian upbringing doesn't help. The MIT degree doesn't help. The fifteen years of US employment doesn't help. Citizenship controls.

Two categories of people are exempt from deemed export requirements: US citizens (including naturalized citizens) and lawful permanent residents (green card holders). Everyone else—H-1B, L-1, F-1, J-1, TN, O-1—requires analysis based on their citizenship.

A biotech company learned this when they realized their entire computational biology team included researchers from China, Russia, and Iran on various visa types. The team had full access to controlled genetic engineering technology. Nobody had run a deemed export analysis because "they work here." That's not how the regulation works.

The Technology Classification Problem Nobody Solves

Not all technology triggers deemed export requirements. EAR99 stuff—most commercial information—doesn't need licensing regardless of who sees it. The analysis applies to technology controlled under an ECCN that requires a license for the person's country of citizenship.

This means you need two things: the ECCN of every technology your foreign nationals can access, and the citizenship of every foreign national who might access it.

Here's where companies fail. They've classified their products for export. They know which finished goods have ECCNs. But they've never classified their internal technology—the R&D processes, design methodologies, manufacturing know-how, simulation software, test procedures. That stuff lives on shared drives, in source repositories, in the heads of engineers who discuss it in meetings.

A COO at an aerospace supplier asked me: "We know our products are controlled. Are you telling me we need to classify every PowerPoint our engineers create?" Not every PowerPoint. But the one explaining how you achieved a specific performance threshold on a controlled system? Yes. If that information would require a license to export to China, it requires a license before your Chinese national employee opens it.

The companies that get this right maintain a technology inventory separate from their product classification database. Design files for the 3E001 manufacturing process. Source code for the 5D002 encryption module. Training materials for operating 3B001 equipment. Each classified. Each mapped to which citizenships require licenses. Each gated in IT access controls.

The University Research Exception (And Its Limits)

An engineering dean told me: "We assumed deemed exports weren't our problem because we're a university. Then we looked at our sponsored research contracts. About 40% had publication restrictions that probably invalidate the exemption. We'd never analyzed it."

  • Publication intent must be real. If the research is classified, proprietary, or subject to publication restrictions, the fundamental research exception doesn't apply. Many university research contracts include sponsor review rights or publication delays. Those restrictions can destroy the exemption.
  • The research must be "basic." Applied research aimed at specific commercial applications, product development, or process improvement doesn't qualify. The line between basic and applied isn't always clear, and universities frequently cross it without recognizing the shift.
  • The exception covers the research, not the researcher. A graduate student might work on fundamental research that's exempt and also assist with a professor's industry consulting project that isn't. The exemption doesn't attach to the person—it attaches to specific activities.

License Exceptions Exist—But Don't Assume They Apply

Some deemed exports qualify for license exceptions. TSR, TMP, GOV—the same exceptions available for physical exports can work for deemed exports.

The trap: companies assume that because they use TSR for shipping products to Germany, TSR automatically covers releasing technology to German nationals in their US facility. Not necessarily. The exception analysis runs fresh for each deemed export. Country Group eligibility, end-use restrictions, all conditions apply.

A Chinese national in your California office doesn't qualify for TSR just because the technology would qualify if you shipped it to a friendly country. China isn't in the same Country Group. Different analysis. Different outcome.

And like physical exports, you need contemporaneous documentation showing why the exception applied. The records requirement doesn't disappear because nobody put anything in a box.

What Actually Works (And What HR Hates)

A VP of Engineering told me: "This is the most bureaucratic thing compliance has ever asked us to do." I told him about the company that paid $1.2M because they didn't do it. He stopped complaining.

  • HR captures citizenship at offer stage—actual citizenship, not just visa status. Dual citizenship too. This isn't optional information collected later. It's required before the offer goes out.
  • Technology access requires classification first. Before IT grants access to source repositories, design systems, or manufacturing documentation, someone has verified the ECCN. No classification on file? No access granted. Engineering complains that this slows down onboarding. It does. By about a week. A voluntary self-disclosure takes fourteen months.
  • Every access grant gets logged with the deemed export analysis that authorized it. When BIS asks—and they will ask—you can produce documentation showing you checked before granting access, not after the inquiry arrived.
  • Annual re-verification catches drift. People move between projects. They get added to Slack channels and SharePoint sites without anyone thinking about whether that's a new technology release. Citizenship status changes. Annual audits find the gaps before BIS does.

FAQ

  • How do I know if we have a deemed export problem? Ask two questions. First: do we have foreign nationals (not green card holders) working on controlled technology? If you don't know the answer, you have a problem. Second: for each one, can someone show me the deemed export analysis that was performed before they got access? If nobody can produce that documentation, you have a bigger problem.
  • Our best engineers are foreign nationals. Can we just sponsor green cards faster? Green card holders are exempt from deemed export requirements. Accelerating green card sponsorship is a legitimate strategy—some companies prioritize it for employees working on controlled technology. But the green card process takes years. You need a deemed export license for the interim period, or you need to restrict access until the green card comes through. Neither option makes engineering happy.
  • What does remediation actually look like? If you discover unauthorized deemed exports, you're looking at voluntary self-disclosure to BIS. That means: identifying every foreign national who accessed controlled technology, determining which accesses required licenses, calculating the scope of violations, preparing a detailed submission, and negotiating a settlement. Timeline: 12-18 months minimum. Legal fees: $200K-500K depending on complexity. Penalties: highly variable, but six to seven figures for systematic failures affecting dozens of employees over multiple years.
  • Can we solve this with better IT access controls? Technology controls are necessary but not sufficient. You can gate access to repositories and systems, but you can't gate every conversation, whiteboard session, or email thread where controlled information gets shared. IT controls reduce the problem. They don't eliminate it. You still need the analysis and documentation for every foreign national with potential access to controlled technology.

Deemed exports are the compliance requirement that technology companies discover too late. Nothing physically left the building. No shipping documents. No customs filings. Just people accessing information that, under EAR, counts as an export to their country of citizenship.

Compliance platforms—SAP GTS, Descartes, Lenzo—can help track controlled technologies and flag personnel access for analysis. But the core work is HR integration: knowing who's accessing what, and running the deemed export analysis before access is granted.

The companies that get this wrong aren't trying to evade export controls. They just didn't realize that hiring talent triggers the same regulatory framework as shipping products. By the time they figure it out, the violation has been accumulating with every login, every code commit, every design review meeting, every Slack thread.

Remediation at that point isn't a policy update. It's a voluntary self-disclosure. And the CFO will have questions about how a compliance gap accumulated for four years without anyone noticing.

Sources

More to explore

View all
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Trade Compliance FAQ: 25 Questions Every SMB Exporter Gets Wrong

OFAC's maximum civil penalty hit $377,700 per violation in January 2025. BIS bumped its ECRA penalty cap to $374,474 the same month. The questions compliance teams ask haven't changed much over the years. They've just gotten a lot more expensive to answer wrong.
Last updated:
November 27, 2025
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Trade Compliance Glossary: Terms Every Exporter Needs

Your customs broker just emailed about an ECCN classification conflict with the freight forwarder's HTS determination. Legal wants to know if the end-user triggers EAR99 or needs a BIS license review. And someone in accounting keeps confusing OFAC with OFCCP. Again.
Last updated:
November 28, 2025
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Best Trade Compliance Software for SMB Exporters (2026)

OFAC civil penalties blew past $254M by mid-2025. BIS piled on with over 170 Entity List additions across 6 separate rulings between January and October. And the part that keeps compliance teams awake: none of those penalties landed because someone forgot to screen a counterparty.
Last updated:
February 12, 2026
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

License Exception Eligibility: Quick Reference

BIS published 2,847 updates to the Export Administration Regulations in 2025. Seventeen directly affected license exception eligibility for at least one ECCN category. For compliance teams processing 50–200 shipments monthly, tracking which exceptions apply to which items has turned into a puzzle that resets every few weeks.
Last updated:
February 11, 2026
Lenzo — Trade Compliance Platform
TOOLS
Tariff CalculatorCompliance ServiceCanada TariffsHS CodeUS Tariffs on ChinaOFAC SearchMexico TariffsHSN Code List
Legal
Acceptable Use PolicyAI Data Usage PolicyBilling & Refund PolicyCookies PolicyData Processing AddendumPrivacy PolicyTerms of Service
Lenzo - Trade Compliance © 2026 All rights reserved
Secure read-only integrations
AES-256 encrypted data
OAuth 2.0 access