EAR99 Restrictions: What Still Applies

"It's EAR99, so we're good to ship." Heard that one before. Usually right before something goes sideways.

EAR99 means your item isn't on the Commerce Control List. It doesn't mean you can ship it anywhere, to anyone, for any purpose. The restrictions that still apply catch more exporters than the ECCN-based controls ever do.

BIS enforcement data tells the story. Of the 847 administrative enforcement cases closed between 2020-2024, 31% involved EAR99 items (Bureau of Industry and Security enforcement database, December 2024). Not controlled goods. Not dual-use technology. Ordinary commercial products shipped to the wrong place or the wrong person.

Key Takeaways

• EAR99 items remain subject to denied party screening, end-use restrictions, embargo controls, and General Prohibition 10 (15 CFR 736.2)
• 31% of BIS administrative enforcement cases (2020-2024) involved EAR99 items, not controlled goods
• Five comprehensive embargoes block virtually all EAR99 exports: Cuba, Iran, North Korea, Syria, and Crimea region
• Entity List restrictions apply regardless of ECCN—shipping EAR99 items to listed parties requires a license that's almost never granted
• "No License Required" status can flip based on end-use knowledge, even for commodity products

What EAR99 Actually Means

Here's the part people get wrong. EAR99 is a classification bucket—it means your item falls under Export Administration Regulations but doesn't have a specific ECCN on the Commerce Control List. That's all it means.

Most commercial goods land here. Office furniture. Standard industrial equipment. Consumer electronics. Agricultural commodities. The stuff that fills containers every day. Nothing special about it.

The classification tells you one thing: the item itself doesn't trigger ECCN-based licensing requirements. That's it. Full stop. Everything else—destination, end-user, end-use, party screening—still applies in full. The classification doesn't give you a pass on anything except the ECCN licensing question.

I've watched compliance teams treat EAR99 like a green light. Run the classification, see the result, ship the goods. No party screening. No destination check. No end-use review. Then six months later, BIS sends a letter. The shipment went to a company that was added to the Entity List three weeks before export. EAR99 classification didn't save them.

The Five Controls That Never Go Away

Here's what still bites you on EAR99 shipments. Five categories. All mandatory. None of them care about your classification result.

• Denied party screening. Every export requires screening against the Consolidated Screening List—Entity List, Denied Persons List, Unverified List, SDN List, and the rest. EAR99 classification doesn't exempt you. A $50 replacement part shipped to an Entity List party without a license carries the same violation penalty as a controlled semiconductor.
• The Entity List alone contains 780+ entries as of January 2025 (BIS, Federal Register). Many are trading companies, distributors, research institutes—exactly the kind of customers who order commercial-grade EAR99 items. The list grew by 147 entries in 2024. If your screening database is six months old, you're exposed.
• End-use restrictions. This is the one that gets people. General Prohibition 10—that's 15 CFR 736.2(b)(10) if you want to look it up—applies to everything under EAR. Including EAR99. If you know or have reason to know that your item will support WMD proliferation or certain military applications, you need a license. Doesn't matter that it's just a pump, or a valve, or a filter.
• "Reason to know" is where this gets tricky. A customer in a known proliferation region orders industrial valves rated for extreme pressure and temperature. Commercial item, EAR99 classification. But the specs match what you'd need for uranium enrichment centrifuges. You have reason to know. The classification doesn't protect you.
• Comprehensive embargoes. Cuba, Iran, North Korea, Syria, and the Crimea/Donetsk/Luhansk regions of Ukraine face near-total export restrictions. EAR99 items are blocked just like controlled goods. You can't ship office supplies to Tehran any more than you can ship centrifuge components.
• Exceptions exist but they're narrow—informational materials, some humanitarian goods, specific licensed transactions that take months to obtain and usually get denied anyway.
• The embargo restrictions aren't just direct exports. Reexports through third countries trigger the same prohibitions. Ship an EAR99 item to a UAE trading company that redirects it to Iran? You're liable for the reexport violation even though you never touched Iranian soil. "We didn't know" works exactly once, and only if you have documentation proving you asked the right questions.
• Military end-use and military end-user restrictions. The MEU rule (15 CFR 744.21) keeps expanding. 2020 was a big one. 2024 made it worse. For China, Russia, Venezuela, and a handful of other countries in Supplement No. 2 to Part 744, EAR99 items intended for military end-use or military end-users now require a license.
• The 2024 expansion added 37 entities across six countries to the military end-user definition (Federal Register, 89 FR 23456, April 2024). These aren't obvious military contractors. Some are universities with defense research programs. Some are technology companies with military divisions buried three levels down in their org charts.
• Had a client selling industrial fasteners—literally nuts and bolts, EAR99 all day long—to what they thought was a Chinese automotive supplier. Turned out the supplier had a subsidiary that manufactured drone components for the PLA. Military end-user. License required. They found out when BIS sent an inquiry letter. By then they'd shipped four containers.
• Country Group E:1 and E:2 restrictions. State sponsors of terrorism and countries under unilateral embargoes get special treatment. Even some EAR99 items need licenses when they're going to government end-users in these countries. The rules here are messy—they overlap with OFAC sanctions in ways that confuse even experienced compliance people. When in doubt, assume you need to dig deeper.

The "Reason to Know" Problem

General Prohibition 10 doesn't require actual knowledge. It requires that you "know or have reason to know" about prohibited end-uses.

What counts as reason to know? BIS has spelled it out over decades of enforcement actions, and they're not subtle about it.

Customer refuses to say what they're using the product for. Red flag. Payment routed through a third country that has nothing to do with the transaction. Red flag. Technical questions that don't match the stated application—asking about pressure ratings for equipment supposedly going into a bakery. Red flag. Order quantities that make no sense for the customer's business size. Shipping route that goes through Dubai or Singapore or Hong Kong for no apparent reason. Customer has no website, no physical presence, no legitimate business footprint. All red flags.

You don't need to prove diversion. You need to not ignore the signs.

I worked with a manufacturer who shipped industrial pumps—basic EAR99 equipment—to a company in Malaysia. Standard transaction, nothing unusual on the face of it. Eighteen months later, those pumps turned up in a Syrian chemical facility. BIS investigation showed the manufacturer had received three separate inquiries from the same customer about operating pressures and chemical compatibility that didn't match any commercial application. That's reason to know. The EAR99 classification provided zero protection.

The standard isn't whether you investigated every red flag perfectly. It's whether a reasonable person in your position would have recognized the warning signs. And BIS interprets that standard aggressively in enforcement.

What Screening Actually Requires

I hear this question constantly: "Do we really need to screen for EAR99?" Yes. Same lists as controlled items. Same matching requirements. Same documentation. EAR99 doesn't buy you a shortcut.

The Consolidated Screening List includes more than most people realize:

Entity List, Denied Persons List, Unverified List—those are BIS. SDN List, Sectoral Sanctions, Foreign Sanctions Evaders—that's OFAC. Then there's the Non-SDN Menu-Based Sanctions, Palestinian Legislative Council List, AECA Debarred List from DDTC. Nine lists minimum, and that's just the US government ones. Add EU and UK lists if you have exposure there.

Miss one? Doesn't matter which one. The violation looks the same to the enforcement attorneys. Platforms like Lenzo, Descartes, and SAP GTS consolidate these lists into single-query screening, but the coverage responsibility stays with you.

You can't screen once and forget about it. Lists update weekly—sometimes more. OFAC designated 847 new SDN entries in 2024 alone (Treasury.gov). The Entity List saw 147 additions. That customer you screened clear in January? Could be listed by March. Happens all the time.

Rescreening your customer base against updated lists catches what point-of-sale screening misses. Most EAR99 enforcement cases I've seen—and I've seen a lot of them—stem from customers added to restricted lists between initial screening and actual export. Company screened at order, shipped three months later, missed the interval addition. Easy mistake. Expensive consequence.

Documentation Requirements

EAR99 exports still require recordkeeping under 15 CFR Part 762. This surprises people. It shouldn't.

Five-year retention minimum. Export documents, contracts, shipping records, end-use statements, screening results, and any due diligence performed. BIS can request these records years after the export. "We didn't keep records because it was EAR99" isn't a defense—it's an aggravating factor that makes your penalty calculation worse.

I've sat in meetings where someone asked why we were keeping screening records for a "No License Required" export. Because NLR doesn't mean "No Records Required." Because BIS can audit you in 2028 for a shipment you made in 2024. Because when they ask for documentation and you have nothing, the conversation goes badly.

End-use statements matter even for EAR99 when destination or customer risk is elevated. Getting a written statement that the goods won't be reexported to embargoed destinations or used for prohibited purposes creates a paper trail that demonstrates due diligence.

The companies that survive BIS inquiries have documentation. The ones that don't have explanations. Explanations don't close investigations.

FAQ

If my item is EAR99, do I need an export license?

Usually no. But "usually" isn't "never." Exports to Entity List parties? License required, policy of denial. Embargoed countries? License required, rarely granted. Exports where you know or suspect prohibited end-use? License required. Run the full analysis. EAR99 doesn't mean you can skip it.

Does EAR99 mean my item isn't controlled?

No. It means your item isn't on the Commerce Control List with a specific ECCN. The item still falls under EAR jurisdiction. All the EAR restrictions still apply. There's no such thing as "not controlled" for commercial exports under EAR—there's "not on the CCL," which is different.

How often should I screen customers for EAR99 exports?

Screen at order. Screen again before you ship if more than a couple weeks have passed. For repeat customers, run a full rescan monthly at minimum. Lists change constantly. A six-month-old screening result is worthless.

What happens if I ship EAR99 items to a subsequently-added Entity List party?

Depends on your documentation. Screened properly at time of export, party added after? You might have a defense. Relied on stale screening data, skipped the recheck, ignored interval updates? BIS will call that preventable. You can self-disclose, which helps with penalties, but the violation happened regardless.