International Contracting Training & FAQ

The Office of Foreign Assets Control (OFAC) is a division of the U.S. Department of Treasury that enforces economic and trade sanctions to achieve U.S. foreign policy and national security goals. [1, 2] These sanctions target foreign countries and regimes, terrorists, human rights violators, and other threats. [2] OFAC sanctions focus on transactions and finances rather than technology. [3] The regulations apply to U.S. citizens, anyone in the United States, any U.S. person, and in some cases, foreign subsidiaries of U.S. persons. [3] OFAC can block anyone from using the U.S. financial system, including the use of U.S. currency, if they are involved in transactions with any person or entity designated by OFAC. [3]

One of the tools that OFAC uses to administer sanctions is the Specially Designated Nationals and Blocked Persons (SDN) list. [3] The SDN list includes people and entities that U.S. businesses are prohibited from doing business with. [4] The SDN list is not static and changes daily, so due diligence must be conducted for each transaction. [5] OFAC jurisdiction is very broad and there can be liability for any person, regardless of nationality, who causes a violation. [6] U.S. persons cannot facilitate or otherwise support activity that would be prohibited if performed by a U.S. person. [6] Additionally, SDNs can be located in non-sanctioned countries. [6]

FAR Subpart 25.7 prohibits federal agencies and their contractors and subcontractors from acquiring supplies or services that would be prohibited by OFAC. [7]

OFAC also issues “general licenses” that allow some types of transactions with sanctioned persons. [8] For example, general licenses may be issued for providing medical supplies or winding down business with a sanctioned person. [8]

The International Traffic in Arms Regulations (ITAR) are a set of regulations that control the export of defense articles, defense services, and related technical data.  The ITAR are administered by the Directorate of Defense Trade Controls (DDTC) of the Department of State.  They are based on the Arms Export Control Act and are designed to be a much tighter set of regulations than the Export Administration Regulations (EAR).  The ITAR requires that any transfer of technology or a defense article to any foreign location or any foreign individual who is not a permanent resident, asylee, or refugee in the United States must be accompanied by a license or a specific license exception. 

Here is a summary of key ITAR concepts:

• Defense Articles: Any item or technical data designated by the US government on the US Munitions List (USML).  This list includes 21 categories and includes classified information, ammunition, biological toxins, guidance systems, jet engines, and technology. 
• Defense Services: Providing assistance to a foreign military, including training, assembly of products, repair, testing, and maintenance of a defense article. 
• Technical Data: Information related to the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles.  Classified information and software directly related to defense articles is also considered technical data. 
• ITAR Registration: Any company in the business of making any kind of defense article or providing a defense service must register with the Department of State as a manufacturer or broker.  This registration is required even if the company never sends anything outside of the United States.
• ITAR Prohibitions: The ITAR prohibits the export of defense articles and defense services to certain countries, including Russia and China. [3] The ITAR also prohibits the transfer of technical data to foreign persons in the United States without a license. 

The ITAR has a number of exceptions, including for information that is in the public domain and for fundamental research.  However, it is important to carefully consider the requirements of the ITAR before disclosing any information to foreign persons, including potential customers. 

Because the definition of an export under the ITAR includes deemed exports (the transfer of technical data to a foreign person in the United States), it is important for companies to have a technology control plan in place to prevent violations.  The ITAR also has a process for voluntary disclosure of violations. 

The EAR, or Export Administration Regulations, are a series of federal laws that restrict the transfer of goods and technology to and the performance of services for people and entities outside of the United States.  The EAR specifically defines an export as:

• An actual shipment or transmission out of the United States, including sending or taking an item out of the United States in any manner. 
• Releasing or otherwise transferring technology or source code to a foreign person in the United States (also known as a deemed export). 
• The transfer by a person in the U.S. of registration, control, or ownership of certain subject spacecraft to persons outside the U.S. and non-U.S. nationals. 

The EAR covers any item warranting control that is not exclusively controlled for export, re-export, or transfer (in the country) by another agency or otherwise excluded from coverage.  It doesn’t matter if the item is “dual use,” has purely civilian applications, or has purely military applications, as long as the item isn’t covered by ITAR. 

Items subject to the EAR are described in the U.S. Commerce Control List (CCL).  Items on this list fall into 10 general categories:

• Nuclear Materials, Facilities and Equipment (and Miscellaneous Items)
• Materials, Chemicals, Microorganisms and Toxins
• Materials Processing
• Electronics
• Computers
• Telecommunications (Part 1) and Information Security (Part 2)
• Sensors and Lasers
• Navigation and Avionics
• Marine
• Aerospace and Propulsion

There are also five product groups within these categories.  One of these is EAR99, which is a catch-all for items that fall within the scope of the EAR, but aren’t specifically controlled for export.  These items don’t ordinarily require a license to export, unless the destination is embargoed, or the recipient or end use is restricted. 

It is important to note that information or software of general distribution that is publicly available is excluded from the EAR, excluding certain encryption technology.  This means that information that has been published and software that is generally distributed is not controlled. 

The Committee on Foreign Investment in the United States (CFIUS) is an interagency committee that reviews certain transactions involving foreign investment in the U.S. to determine their effect on national security. CFIUS regulations, found in CFR Title 31, Parts 800 and 802, govern the following covered transactions involving foreign parties:

• Covered control transactions: These are any transactions that could result in foreign control of a U.S. business, including those carried out through a joint venture.
• Covered investments: These include changes in the rights a foreign person has with respect to a U.S. business where they have an investment if that change could result in a covered control transaction or covered investment.
• Real estate acquisitions: This includes some leases within defined distances of specific military installations by foreign parties.

Any contemplated foreign investment in a U.S. company should be analyzed to see if a CFIUS review may be required, or if not required, should be voluntarily initiated. Since the 2018 statutory change, many more foreign investments may trigger a CFIUS review, including investments that do not give the foreign party control of the U.S. company. Companies will need to conduct export control classifications of their technology to determine if they have “critical technologies” under CFIUS, even if the company has never exported anything. The possession of critical technology triggers CFIUS jurisdiction.

CFIUS is on the rise. According to its 2023 Annual Report to Congress, CFIUS considered 154 Declarations for transactions subject to CFIUS jurisdiction, including investments from various countries. They also reviewed 286 notices of transactions subject to CFIUS’s jurisdiction, the highest number in the last decade. In addition, they began 162 investigations into transactions, almost double the amount from 2020, and imposed mitigation measures in more than 40 cases.

The National Industrial Security Program (NISP) is a partnership between the federal government and private industry to safeguard classified information.  The NISP is administered by the Defense Counterintelligence and Security Agency on behalf of the Department of Defense and 34 other federal agencies.  The National Industrial Security Program Operating Manual (NISPOM) establishes requirements for the protection of classified information disclosed to or developed by: 

• Contractors
• Licensees
• Grantees
• Certificate holders

The goal of the NISPOM is to prevent unauthorized disclosure.  On December 21, 2020, the Department of Defense promulgated the NISPOM at 32 C.F.R. Part 117, establishing the NISPOM Rule.  The NISPOM Rule prohibits a company under Foreign Ownership, Control, or Influence (FOCI) from being eligible for a Facility Security Clearance (FCL) until the FOCI factors have been favorably resolved.

Foreign Ownership, Control, or Influence (FOCI) occurs when a foreign interest has the power, whether direct or indirect, to direct or decide matters affecting the management or operations of a U.S. company in a manner that may result in unauthorized access to classified information or that may adversely affect the performance of classified contracts.  Five percent (5%) foreign ownership is presumed to place the company under FOCI. 

The U.S. government has established FOCI procedures to mitigate risks associated with FOCI in order to ensure that foreign firms cannot undermine U.S. security to gain unauthorized access to classified information. 

Here are some FOCI factors:

• Record of economic and government espionage against U.S. targets 
• Record of enforcement and/or engagement in unauthorized technology transfer 
• The type and sensitivity of the information that will be accessed
• The source, nature, and extent of FOCI
• Record of compliance with pertinent U.S. laws, regulations, and contracts
• The nature of any bilateral and multilateral security and information exchange agreements that may pertain
• Ownership or control, in whole or in part, by a foreign government

The NISPOM Rule, which was established on December 21, 2020, prohibits a company under FOCI from being eligible for a Facility Security Clearance (FCL) until the FOCI factors have been favorably resolved.  FOCI can also disqualify a contractor from the award of contracts requiring access to sensitive information. 

There are several mitigation measures that can be taken when FOCI factors are present.

When FOCI factors are not related to ownership, these measures include:

• Modification/termination of loans, contracts, etc., with foreign interests
• Diversification/reduction of foreign-source income
• Demonstration of financial viability independent of foreign interests
• Elimination/resolution of problem debt
• Board member oversight
• Executive-level security committees
• Physical or organizational separation of the classified division
• Special board resolutions
• Combination measures

When FOCI factors are related to ownership, these measures include:

• Board resolution
• Security Control Agreement (SCA)
• Special Security Agreement (SSA)
• Voting Trust (VT) or Proxy Agreement (PA) 
• Combination measures

Contractors granted access to classified information must report any material change concerning FOCI to the cognizant security agency (CSA).  This includes:

• Submitting Standard Form (SF) 328, “Certificate Pertaining to Foreign Interests”
• Reporting, in writing, the details of any discussion, consultations, or agreements that may reasonably lead to effective ownership or control by a foreign interest
• Forwarding a copy of Schedule 13D from the foreign investor

The Privacy Act of 1974 was designed to safeguard against unwarranted invasions of privacy. It accomplishes this by establishing a code of “fair information practices.”

Here are some key things to know about the Privacy Act:

• It applies to federal government contractors who design, develop, or operate a system of records on individuals.
• It requires contractors to establish administrative, technical, and physical safeguards. These safeguards help ensure the security and confidentiality of records.
• The safeguards also protect against any anticipated threats or hazards to security or integrity. The goal is to prevent substantial harm, embarrassment, inconvenience or unfairness to any individual whose information is maintained.
• It is found in FAR Subpart 24.1.
• It has required clauses/flow-downs:
  • FAR 52.224-1, Privacy Act Notification
  • FAR 52.224-2, Privacy Act
• There are civil/criminal penalties for violations.

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on information policy designed to protect natural persons with regard to the processing of personal data and on the free movement of such data. It applies to the EU and the European Economic Area (EEA), including the transfer of personal data outside the EU and EEA.

Here are some additional details about the GDPR:

• A similar regulation was adopted by the United Kingdom in 2018.
• Violations of the GDPR are subject to criminal and monetary penalties.
• The GDPR established a 72-hour cyber incident reporting requirement that has subsequently been adopted by the Department of Defense (DoD).

The Buy America Act (BAA) is a law that requires the U.S. government to prefer U.S. products over non-U.S. products in government procurements.  The BAA applies to all U.S. government agencies. However, agencies may have additional “Buy American” requirements on top of the general BAA requirements.  For example, the Department of Transportation has unique Buy America requirements. 

The BAA applies to prime contractors and subcontractors selling to a U.S. government prime contractor.  Services are not subject to the BAA. 

Key Concepts of the BAA:

• End Product: The BAA focuses on the “end product”, which is any article, material, or supply that the government is acquiring. [2, 3] To be BAA compliant, the end product must meet certain criteria. 
• Manufacturing: The end product must be manufactured in the United States.  The BAA’s definition of “manufactured” excludes items that are agricultural, animal, or processed from a natural resource. 
• Components: The end product must meet a “domestic content” requirement.  The percentage of domestic content required depends on the type of product.
• For products made wholly or predominantly from iron or steel, at least 95% of the iron or steel must be U.S. origin. 
• For other products, at least 65% of the cost of all components must be U.S. origin.
• Cost of Components: When determining the cost of components to assess compliance with the domestic content requirement, contractors must analyze the cost of each component.  If the origin of a component is unknown, it is considered a foreign component. 
• Country of Origin: To comply with the BAA, contractors must identify the country of origin for each product and its components by tracing their supply chain. 

The BAA is a preference, not a requirement.  This means that the government may purchase foreign end products under certain circumstances.  These circumstances, also called “exceptions” or “waivers,” include: 

• Public Interest: A waiver may be granted when the government determines it is in the public interest to waive the BAA.
• Non-Availability: If a product is not available in the quantity or quality needed by the government, the BAA can be waived.
• Unreasonable Cost: If a foreign product is 20% to 30% cheaper than a comparable U.S. product, the government may purchase the foreign product. [4, 10, 11] For the Department of Defense, the threshold is 50% cheaper.
• Commercial IT Products: If a product is a commercial information technology product, the BAA is waived. This exception does not apply to commercially available off-the-shelf (COTS) products.
• Commissary and Resale: Products for commissary and resale are excepted from the BAA.

The BAA does not require all end products and components to be of U.S. origin.

Contractors must certify compliance with the BAA.  This often involves identifying which products are foreign.  The government may apply a cost penalty (or “tax”) to foreign products.

Just because a product is BAA-compliant does not mean that it can be labeled “Made in the USA”.  The Federal Trade Commission has separate rules for “Made in the USA” labels. 

Relationship to other laws:

• Trade Agreements Act: The Trade Agreements Act allows the government to purchase products from certain designated countries, even if they are not made in the United States.  A contract can be subject to either the BAA or the TAA, depending on the dollar value.  The BAA typically applies to contracts with lower values and the TAA to contracts with higher values. 
• Department of Transportation Buy America: The DOT has additional requirements that generally prohibit the purchase of foreign-made products.  There is no commercial IT exception for the DOT Buy America requirements. 
• Build America, Buy America Act: BABA expands on the Buy America requirements for infrastructure projects funded by the federal government. 

The BAA is complex and navigating its requirements can be difficult. Contractors should familiarize themselves with all applicable regulations and carefully review their contracts to determine the specific requirements for each product and project.

The Trade Agreements Act (TAA) is a 1979 statute designed to implement global free-trade agreements and remove trade barriers, such as the Buy American Act (BAA). The TAA requires contractors to deliver end products from certain approved countries when performing government contracts. The origin of a service is the country in which the company providing it is established or incorporated, not necessarily where it’s being performed. The origin of a product is determined by whether it’s “substantially transformed” into a new and different article of commerce in an approved country. “Substantially transformed” is determined on a case-by-case basis by U.S. Customs and is based on several factors, including the complexity of the manufacturing process and the change in tariff classification.

Here’s a summary of how the TAA compares to the BAA:

• The TAA applies domestically and overseas, while the BAA only applies domestically. 
• The TAA typically applies to contracts valued over $174,000 (for products) and $6.708 million (for construction), while the BAA applies to procurements over $10,000. This means the BAA usually applies to lower value contracts and the TAA to higher value contracts. 
• The TAA’s dollar thresholds are updated every two years by the U.S. Trade Representative (USTR). 
• The TAA doesn’t apply to small business set-asides, certain national defense procurements, sole-source awards, resale/commissary, or purchases from AbilityOne/UNICOR.
• The TAA does not supersede Buy America requirements under grants and infrastructure projects because they are not procurements.

The TAA generally prohibits the government from procuring products from non-designated countries. There is limited waiver authority. Sometimes the government will engage in an “open market buy” to procure non-compliant products, but contractors should make sure this is clear in their communications with the government to avoid being accused of fraud.

To determine whether the BAA or TAA applies, contractors should always check their contracts.

Specialty metals are a specific subset of metals and alloys that are considered critical to US national security, particularly for defense applications. Specialty metals include:

• Steel alloys: Iron alloys containing between 0.2% to 2% carbon and specific percentages of other metals like aluminum, chromium, cobalt, and others.
• Nickel or iron-nickel alloys: Containing a total of alloying metals other than nickel and iron greater than 10%.
• Cobalt alloys: Containing a total of alloying metals other than cobalt and iron greater than 10%.
• Titanium and titanium alloys.
• Zirconium and zirconium alloys.

The regulations governing specialty metals are primarily aimed at ensuring a robust domestic supply chain for these materials, as they are essential for manufacturing military aircraft, missiles, ships, tanks, and other defense systems. The key regulations are found within the Defense Federal Acquisition Regulation Supplement (DFARS) and include:

• DFARS 252.225-7008: This clause focuses on the acquisition of specialty metals as end items. It mandates that any specialty metal delivered under a contract must be melted or produced in the United States or its outlying areas. This clause has relatively few exceptions and is broad in scope.
• DFARS 252.225-7009: This clause addresses the acquisition of items containing specialty metals as components. It requires that any specialty metals incorporated into items delivered under a contract be melted or produced in the United States, its outlying areas, or a qualifying country. This clause has many exceptions and is more nuanced in its application.

The term “produced” in these regulations refers to processes beyond just melting the metal. It includes atomization, sputtering, and the final consolidation of non-melt-derived metal powders. This expanded definition acknowledges that stages beyond melting are crucial for giving specialty metals the properties required for their intended applications.

The regulations surrounding specialty metals recognize the complexity of modern supply chains. There are several exceptions to these rules, including:

• Simplified Acquisition Threshold: Acquisitions below $250,000 are exempt from these restrictions.
• Commercial Off-The-Shelf (COTS) Items: COTS items containing specialty metals are generally exempt, although exceptions apply to fasteners and certain high-performance magnets.
• Fasteners: Specific exceptions exist for COTS fasteners incorporated into higher-tier COTS end items and for certified fasteners from manufacturers who source a significant portion of their specialty metals domestically.
• Commercial Derivative Military Articles (CDMAs): These are products where the manufacturer certifies that they use a certain percentage of domestic specialty metals in their production process, allowing for a single integrated manufacturing line.

It is important to note that even if an item qualifies for an exception under the specialty metals regulations, it might still be subject to other domestic preference requirements like the Buy American Act or the Trade Agreements Act.

In addition to the specialty metals restrictions, DoD also has restrictions on certain magnets, tantalum, and tungsten under DFARS 252.225-7052. These restrictions prohibit the acquisition of these materials if they were melted or produced in specific “covered countries,” which currently include China, Russia, North Korea, and Iran. Notably, this is a sourcing restriction rather than a domestic preference, meaning these materials can be sourced from other countries as long as they are not from the prohibited list.

The regulations related to specialty metals and other “special materials” are designed to:

• Safeguard domestic industries crucial for national security.
• Reduce reliance on potentially adversarial nations for critical materials.
• Ensure a reliable and secure supply chain for defense applications.

These regulations are subject to change and can be complex. It’s important to review your contracts carefully, understand the specific requirements, and stay updated on any amendments or new policies.

The Berry Amendment is a US federal law that restricts the Department of Defense (DoD) from purchasing certain products unless they are wholly grown, reprocessed, reused, or produced in the United States. This amendment, originally introduced in 1941, was designed to safeguard US national security interests and protect the US industrial base. Initially focusing on troop clothing and food production, the Berry Amendment’s scope has significantly expanded over time.

Key points about the Berry Amendment include:

• Applicability: It applies only to purchases made with DoD funds, not to those made by civilian agencies or with state and local funds.
• Threshold: Most acquisitions at or below $150,000 are exempt, except for athletic footwear and flags, which have lower thresholds.
• Covered Products: The Berry Amendment covers a wide range of products, including:
  • Food 
  • Hand or measuring tools
  • Clothing and apparel 
  • Textiles, including equipment and furnishings
  • American flags
• Component Requirement: The Berry Amendment generally applies to both end products and their components, meaning that even the raw materials or fibers used in a product must be domestically sourced. This makes it more restrictive than other “Buy American” requirements like the Buy American Act (BAA).
• Exceptions: There are exceptions to the Berry Amendment for situations such as:
  • Acquisitions outside the US in support of combat operations
  • Acquisitions by vessels in foreign waters
  • Perishable foods purchased outside the US
  • Products intended for resale, such as those sold in DoD commissaries
  • Unavailability of products in sufficient quantity or quality from US sources 
  • De minimis amounts of certain natural fibers
• Complexity: Due to its numerous provisions, exceptions, and specific product categories, the Berry Amendment can be complex and difficult to navigate .

It is important to note that even if the Berry Amendment does not apply to a specific procurement, other “Buy American” requirements, such as the BAA or Trade Agreements Act (TAA), may still apply.

The Kissell Amendment was sponsored by Congressman Larry Kissell in 2009 as part of the American Recovery and Reinvestment Act. [1] Similar to the Berry Amendment, the Kissell Amendment strengthens the U.S. textile industry and is codified at 6 U.S.C. § 453b.  In 2013, the Kissell Amendment was implemented into the Homeland Security Acquisition Regulation (HSAR) for Department of Homeland Security (DHS) procurements.  The Kissell Amendment has many exceptions, including:

• Acquisitions under $250,000
• Items subject to free trade agreements
• Many commercial items
• Incidental amounts of foreign content (< 10%)
• Non-availability
• Some commercial item purchases (excluding body armor)
• Procurements by vessels in foreign waters
• Emergency procurements

While the Kissell Amendment aims to protect the textile industry broadly, it primarily applies to clothing and equipment purchased by the Transportation Security Administration (TSA). The Trade Agreements Act (TAA) typically overrides the Kissell Amendment for most DHS procurements over $174,000, but the TAA does not always apply to the TSA.  The Kissell Amendment lives in the space where the TSA buys clothing and related equipment for over $250,000.

The HSAR Clause 3052.225-70, Requirement for Use of Certain Domestic Commodities, states that contractors delivering to the TSA must ensure that the following items are grown, reprocessed, reused, or produced in the United States: 

• Clothing and the materials and components thereof (excluding accessories not normally associated with clothing, e.g. sensors/electronics)
• Textile equipment
• Cotton and cotton blends
• Fibrous glass
• Metal fibers and metalized yarns
• Wool (including fibers and yarns)
• Woven silk and woven silk blends
• Spun silk yarn for cartridge cloth
• Synthetic fabric or coated synthetic fabric (including all textile fibers and yarns used in the synthetic fabric)
• Canvas products
• Any item of individual equipment manufactured from or containing any of the fibers, yarns, fabrics, or materials listed here

Note that commercial products are an exception to this HSAR clause.

The Kissell Amendment only applies to acquisitions involving DHS funds that are related to national security interests.  Items must be:

• Intended for use in a DHS protective action
• Used to protect the nation from internal or external threats 

Examples include items protecting borders, transportation systems, maritime domain, or critical infrastructure.