What Is TAA Compliance and Which Products Need It?

When the General Services Administration awarded a $12 million network infrastructure contract in early 2025, the winning vendor's TAA certification fell apart during a post-award audit. The hardware had been assembled in Malaysia — a non-designated country under the Trade Agreements Act — and the contract was terminated for default. The company had spent eight months pursuing the award.

TAA compliance determines whether a product can legally be sold to the U.S. federal government, and the rules governing it are narrower and more specific than most export managers assume.

The Trade Agreements Act Governs Where Products Come From, Not What They Do

TAA compliance is a procurement eligibility question, not an export control question. The Trade Agreements Act of 1979 (19 U.S.C. § 2501) requires that products sold to the U.S. federal government above certain contract thresholds be produced in the United States or in a country with a qualifying trade agreement. The Federal Acquisition Regulation at § 25.400–25.403 implements this across all federal procurement. Where the product was made, and whether that origin qualifies, is the entire analysis — dangerousness, export restrictions, and licensing status are irrelevant to TAA.

The designated country list is maintained by the Office of the U.S. Trade Representative and covers parties to the WTO GPA, U.S. Free Trade Agreements, and qualifying least-developed nations. China, Russia, India, Malaysia, Vietnam, and Indonesia are not on it. That absence is the actual compliance problem for most electronics manufacturers, because supply chains in those categories run heavily through excluded countries.

We talk to export managers who genuinely don't realize their standard commercial product line and their federal product line need separate origin determinations. The manufacturing is identical. The paperwork isn't.

Substantial Transformation Is the Central Compliance Test

"Assembled in" is not the same as "substantially transformed," and that gap is where most TAA certifications fall apart. CBP's standard under 19 C.F.R. § 177 requires a manufacturing process that changes a product's name, character, or use — not just physical construction in a designated country. Two products assembled at the same facility, using the same labor, can receive different origin determinations based on what the input components were and what changed during assembly.

Two products with identical assembly locations can have different TAA outcomes depending on the degree of manufacturing activity. A router assembled in Mexico from Chinese PCBs may qualify if the assembly process creates a new article of commerce with distinct functionality. A router assembled in Taiwan from pre-programmed Chinese components may not, if the Taiwan operation only involved housing and labeling. CBP has issued hundreds of country-of-origin rulings on this. They are fact-specific. The same product category, ruled differently, based on one additional manufacturing step.

This is where companies get burned. The "assembled in" claim on the spec sheet doesn't establish TAA compliance. We've seen procurement officers accept vendor TAA certifications at face value, only to discover during audit that the underlying component analysis was never done. One telecommunications hardware vendor lost a $4.2 million GSA schedule contract in 2025 after CBP determined that Hong Kong assembly operations didn't meet the substantial transformation threshold for the HSPD-12 access cards included in the award.

The part that rarely gets discussed: substantial transformation analysis needs to happen at the component level, not the finished product level. If a TAA-compliant finished good contains a non-compliant subassembly that retained its original character through integration, the finished good can carry the non-compliant origin of that subassembly. "Made in the USA" on the outside doesn't fix a Chinese ASIC on the inside.

TAA and BAA Apply in Different Procurement Contexts and Cannot Be Substituted

BAA and TAA are not interchangeable, and certifying the wrong one for a given contract is one of the more common reasons federal awards get clawed back. The Buy American Act (41 U.S.C. §§ 8301–8305) governs domestic preference — it requires that goods purchased by the federal government be produced in the U.S. with predominantly U.S.-made components. TAA governs trade agreement compliance — it determines whether a product from a designated country qualifies when BAA is waived. They answer different questions. Applying one where the other is required doesn't satisfy either.

BAA's domestic component content threshold reached 60% as of March 2025, up from 55% under prior FAR amendments per Federal Register Vol. 89. That threshold applies regardless of whether a trade agreement exists. A product assembled in Ohio from 58% U.S. components fails BAA even if every other aspect of the procurement is domestic.

TAA replaces BAA when a contract exceeds the applicable threshold and triggers trade agreement coverage. At that point, products from any designated country qualify — a German-manufactured server is eligible where a U.S.-assembled one with 58% domestic content would not be under BAA alone. The frameworks don't stack; one displaces the other based on contract structure.

The failure mode we see most often: a vendor holds a GSA schedule with BAA certifications across their product line, wins a task order that triggers TAA coverage, and submits the existing certs without re-running the origin analysis. FAR 52.225-5 and 52.225-6 specify which regime applies to a given contract. If a contracting officer finds BAA certs on a TAA-governed award, the vendor is exposed regardless of where the products were actually made.

Export Compliance Determination Starts with Product Classification, Not Destination

Product classification comes before destination, before end-user, before license lookup. This is the foundational sequence under the EAR at 15 C.F.R. § 730 et seq., and it's the step most often abbreviated when teams are moving fast on a shipment.

Classification begins with jurisdiction: BIS for commercial and dual-use goods under EAR, DDTC for defense articles under ITAR (22 C.F.R. §§ 120–130). Items with ITAR components frequently generate downstream EAR obligations for the finished good — a combination that gets missed when teams classify the end product without tracing controlled subcomponents.

Once jurisdiction is established, the product gets located on the Commerce Control List. If it matches a CCL entry, it receives an ECCN. If not, it's EAR99: subject to EAR but not specifically controlled. Going straight to destination checks is the approach that consistently fails. We've seen a medical device manufacturer ship 47 units to a European distributor before anyone ran the thermal imaging subcomponent against the CCL. That component held a 6A003 classification. Every shipment moved without a license determination.

ECCN and CCL Are Related But Not the Same Thing

The Commerce Control List is the catalog — a structured document maintained by BIS at 15 C.F.R. Part 774. An ECCN number lookup is the alphanumeric identifier for a specific entry within it. Confusing the two leads to classification work that answers the wrong question.

The CCL spans 10 categories subdivided by product group. An ECCN encodes this structure: first digit for category (0–9), letter for product group (A for equipment, B for test equipment, C for materials, D for software, E for technology), three-digit number for the specific entry. 5E002 covers encryption technology. 3A001 covers electronic components with specific performance thresholds. Products with no CCL match are classified EAR99 — subject to EAR but without a specific control entry, which is not the same as unrestricted. EAR99 items still require license review for embargoed destinations and sanctioned end-users.

The control reasons attached to each ECCN — NS, MT, AT, CB, and others — determine which destination countries require a license. Two items with different ECCNs but identical physical descriptions can face completely different licensing requirements because their control reasons diverge. We've had classification submissions come back from BIS because the control reason analysis was missing — the ECCN was right, BIS wanted the reasoning on paper. Getting the number correct and skipping the documentation doesn't survive a license review.

Aircraft TAA Status Depends on Manufacture Location and Component Origin

A Cessna 172 manufactured at the Textron Aviation facility in Wichita, Kansas qualifies as TAA-compliant. U.S. manufacture satisfies the designated country requirement without any substantial transformation analysis. That part is genuinely simple.

What isn't simple: the avionics package. Modern Cessna 172S aircraft ship with Garmin G1000 avionics systems, and Garmin sources components across supply chains that include non-designated countries. When a federal agency procures flight training aircraft and specifies avionics configuration, the TAA determination extends to the avionics suite under contract — not just the airframe. If the specific Garmin units included haven't been substantially transformed in a designated country, the finished aircraft's TAA status is complicated by the subassembly origin, regardless of what the type certificate says about the aircraft as a whole.

The FAA type certificate data sheet and manufacturing records provide the traceability for that analysis — but someone has to actually run it, and most procurement teams don't know to ask; export compliance solutions rarely extend to the avionics BOM.

Aircraft, medical devices, and scientific instruments are where this gap shows up most consistently. The manufacturer certifies the finished article. Nobody checks the BOM.

The Four Types of Exports and Where TAA Fits Within Them

BIS classifies exports into four categories under the EAR, and which category applies determines what regulatory obligations follow. Most SMB exporters only think about the first one.

Commercial exports cover physical goods moving from the U.S. to foreign destinations. Largest category, primary scope of EAR licensing requirements.

Technology and software exports are where things get complicated. These cover the transmission or release of controlled information — blueprints, technical data, source code — to foreign nationals, including when that transmission happens inside the United States. These are "deemed exports" under 15 C.F.R. § 734.13. The classification of the technology follows the classification of the product it supports, so a software tool controlling a 3A001-classified device likely carries its own control. Engineering teams sharing CAD files with overseas contractors trigger this category. Most of them don't know it.

Reexports cover transfer of U.S.-origin goods or technology from one foreign country to another. U.S.-origin controls travel with the item regardless of how many borders it crosses. A product exported to Germany and then shipped to a third country still carries its original EAR obligations — the German exporter can't release them unilaterally.

Transfers cover in-country changes in end-use or end-user within a foreign destination. A piece of controlled equipment sold to a legitimate Singapore buyer that gets redirected to a military program without a new license determination is a transfer violation. This one shows up least often in SMB compliance programs and causes the most surprise when it surfaces in an investigation.

TAA compliance intersects with commercial exports when a U.S. government entity is the buyer, and with reexports when foreign-made goods enter the U.S. and get sold into federal procurement. Country-of-origin determination follows the good through the supply chain regardless of intermediate transactions, and the export documentation for routed shipments has to tell the same story.

FAQ

What is TAA in export compliance?

The Trade Agreements Act (19 U.S.C. § 2501) is a U.S. federal procurement statute requiring that goods sold to the U.S. government above applicable contract thresholds originate from the United States or from a country designated under an applicable trade agreement. It governs government procurement eligibility, not export licensing. Export compliance under EAR or ITAR is a separate regulatory framework addressing what can be sent outside the United States, to whom, and under what license conditions. The two frameworks can apply to the same product — but they operate independently.

What does TAA compliant mean?

A product is TAA-compliant if it was either manufactured in the United States or "substantially transformed" — changed in name, character, or use through a manufacturing process — in a TAA-designated country. The designated country list currently includes approximately 130 countries under the WTO GPA, U.S. FTAs, and least-developed country provisions. China, Russia, India, and Malaysia are excluded.

What items need to be TAA compliant?

Any product sold under a federal contract that exceeds the applicable TAA threshold and falls within a product category covered by FAR 52.225-5 requires TAA compliance. This includes commercial IT equipment, networking hardware, software, medical devices, and professional services with tangible deliverables. The WTO GPA threshold for supply contracts is $183,000 as of 2025.

What is the difference between TAA compliant and BAA compliant?

The Buy American Act requires that goods purchased by the federal government be manufactured in the U.S. with at least 60% domestic component content (as of March 2025, per updated FAR). TAA applies when a contract exceeds the TAA threshold and triggers trade agreement coverage — at that point, BAA is waived and products from any designated country qualify. The two don't overlap cleanly. A German-made product satisfies TAA but fails BAA. A U.S.-assembled product with 58% domestic components fails BAA regardless of TAA status.

What is the first step in export compliance determination?

Product classification. Before considering destination, end-user, or license requirements, you need to determine whether your product falls under BIS jurisdiction (EAR) or DDTC jurisdiction (ITAR), and whether it appears on the Commerce Control List or the U.S. Munitions List. Everything downstream — license determination, country controls, end-use screening — depends on getting the classification right first.

What is the difference between ECCN and CCL?

The Commerce Control List (CCL) is the catalog — a structured list of controlled items maintained by BIS at 15 C.F.R. Part 774. An ECCN is the alphanumeric identifier assigned to a specific item within that catalog. Products not found on the CCL receive a classification of EAR99, meaning they're subject to EAR but not under a specific ECCN control. Products on the CCL each have an ECCN that determines which countries require a license and for what reasons.

Is a Cessna 172 a TAA compliant product?

A Cessna 172 manufactured at Textron Aviation's Wichita, Kansas facility is TAA-compliant as a finished aircraft, since it's produced in the United States. For federal procurement purposes, the compliance determination extends to specific components included under contract. Avionics and instruments sourced from non-designated countries that haven't been substantially transformed in a designated country can complicate the analysis depending on contract terms.

What are the 4 types of exports?

Under the EAR, the four categories are: (1) commercial exports — physical goods shipped abroad for commercial purposes; (2) technology and software exports — controlled information or source code transferred to foreign nationals, including deemed exports within the U.S.; (3) reexports — transfer of U.S.-origin items from one foreign country to another; and (4) transfers — in-country changes in end-use or end-user within a foreign destination. Each category carries its own licensing analysis and recordkeeping obligations under 15 C.F.R. § 762.

---

TAA Certification Is Only as Strong as the Origin Analysis Behind It

Cross‑check TAA compliant countries against your BOM before you sign certifications. Lenzo aggregates the country-of-origin indicators, CCL lookups, and designated country verification that support the documentation layer needed for federal procurement and export compliance workflows.

What the certification forms don't ask about: a CROSS ruling obtained by one vendor for a specific manufacturing process doesn't transfer to another vendor doing nominally similar work. CBP evaluates the actual steps, at the actual facility, against the actual inputs — not the product category. Two companies assembling routers in Taiwan from Chinese PCBs can receive opposite rulings based on whether one vendor's process includes reprogramming to a unique firmware image that changes the functional character of the device. The ruling is public. The underlying process documentation is not. Compliance teams that read the CROSS rulings for their product category and document how their own process compares — step by step, against the CBP criteria — are building a defensible record. Everyone else is hoping the auditor doesn't look closely.