Export Control

Policy Summary

It is the policy of the university to comply with U.S. export control laws. Export control laws restrict certain types of information, technologies and commodities that can be transmitted overseas to entities and individuals, including U.S. citizens, or made available to foreign nationals on U.S. soil.  

It is the responsibility of faculty, staff and students to be aware of and comply with U.S. export control laws as well as with the university’s written instructions and procedures before engaging in any activities that may raise compliance issues under U.S. export control laws or this policy.  

Related Regulations

Who is Governed by this Policy

  • Students
  • Staff
  • Faculty

Policy

Overview 

This policy explains how the university implements export control laws that advance national security and economic interests. Although many university activities subject to federal export control laws can be carried out without prior written authorization (a “license”) from one or more U.S. government agencies, a license may be required to carry out certain research, academic, educational or other university activities involving specified technologies or persons/entities from certain countries. It is critical that Principal Investigators (“PI”s) on research activities, and the academic, educational or other university project leader (“PL”s) for non- research activities, assess how export controls may apply to a proposed research or academic, educational or other university project early in the proposal development or planning process to allow time for obtaining an export license, if required.  

A. Potential Restricted University Activity  

Before engaging in activities that involve an export, members of the university community must understand and identify any potential export requirements and limitations. Export control laws and regulations restrict two principal areas of activity: 1) the shipment, transmission or transfer of certain items, software, technology and services from the U.S. to foreign countries; and 2) the disclosure or transfer of certain items, software, technology, information or materials to Foreign Persons located in the U.S. (a “Deemed Export”). In addition, economic sanctions laws and regulations restrict certain transactions subject to U.S. sanctions, such as providing certain goods or services to sanctioned or embargoed countries or to entities or individuals identified on any Restricted Parties screening lists including those on the List of Specially Designated Nationals and Blocked Persons (SDN List).  

In general, export controls must be considered when the above activities are anticipated in a potential project or program. In addition, members of the university community should consider whether hardware, software or technical data to be received from third-parties, including from research sponsors and/or the government, may trigger export control requirements, even if the research to be conducted at the university is covered by an exception. Members of the university community shall not store Export-Controlled Data in cloud-based applications, such as Google Drive.  

B. Responsible Parties  

All members of the university community have responsibility for complying with export control laws that apply to their work as faculty and staff at the university and to their studies at GW.   

OVPR's Export Control Office (“OVPR/Export Control”) assists members of the university community in complying with export control laws and pursuing applicable licenses from U.S. Government agencies. Obtaining required licenses is often a lengthy process, and the university community is encouraged to contact OVPR/Export Control early in the project development process for guidance.  

The primary responsibility for compliance with export control laws, regulations, sponsored research agreements and this policy rests with the PI or PL as the individual most informed about the project. The PI must:  

  1. Comply with applicable laws and this policy, including the other sources listed in Related Information on page 9, and with all related guidance and procedures in OVPR/Export Control
  2. Contact OVPR/Export Control if the PI notices any potential export control issue or has any questions whether such laws and this policy apply to the proposed or existing project; 
  3. Work with OVPR/Export Control and the Division of Information Technology’s Office of Risk and Compliance, to review data use agreements and maintain GW’s ability to comply with technical requirements.  In addition, the PI must follow contractual requirements for data security that apply to data in their custody and ensure others with access to secured data follow contractual requirements;  
  4. Not store Export-Controlled Data in cloud-based applications, such as Google Drive; 
  5. Work with the sponsor or other parties and OVPR/Export Control to design an agreement, scope of work, academic or educational activity or other project that enables the university to remain within the Fundamental Research Exemption, or other applicable exemption or exclusion from export control licensing requirements as described below in Section II, and to understand other export control laws that restrict providing goods or services to individuals, groups or countries subject to U.S. sanctions including in particular, Cuba, Iran, Sudan, North Korea, Syria, Crimea and others as specified by the Office of Foreign Assets Control (OFAC); and 
  6. Work with the sponsor and OVPR/Export Control to develop a Technology Control Plan (TCP), if OVPR/Export Control determines a TCP is needed. The TCP will describe limits to access on export controlled items and information.

Export Control Exemptions 

Many activities at the university are exempt from U.S. export control laws and regulations under the Fundamental Research Exemption (FRE) or another export control exemption. Research covered under the FRE, as defined and explained in the EAR and the ITAR, is not subject to the EAR or the ITAR. Generally, exports of data and information resulting from research qualifying for the FRE do not require licenses or other authorization, and other restrictions ordinarily imposed by the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR) do not apply. Because of the importance of the FRE to activities at the university, a description of the FRE follows.  

Research eligible for the FRE is basic and applied research in science and engineering, where the resulting information is ordinarily published and shared broadly within the scientific community. Whenever possible, the university structures its projects to qualify for the FRE. PIs, PLs and others involved in identifying and negotiating research or educational, academic or other university opportunities should make every effort to ensure that the FRE applies to their projects.  

To qualify for the FRE, the research sponsor must not impose, and the university researcher must not accept, any restrictions on the publication of the scientific or technical results of the research performed at the university. The FRE does not apply to cases, in which the university accepts national security controls on its research, including: 

A. Requirements for prepublication review and approval by the sponsor and/or the U.S. Government, with right to withhold permission for publication; 

B. Restrictions on prepublication dissemination of information to non- U.S. citizens or other categories of persons; or  

C. Restrictions on participation of non-U.S. Persons or other categories of persons in the research.  

If the university accepts these restrictions on a particular project: 

A. The FRE would not apply, and the project would be subject to U.S. export controls that would otherwise not apply; and  

B. Project personnel would need to analyze all proposed exports or transfers of project-related materials to Foreign Persons–including technical data related to the design, methodology, results and analysis of the project–to ensure export compliance, including determining whether a license is required.  

Note that certain temporary publication restrictions do not prevent the university from relying upon the FRE. The temporary restrictions that do not remove a project from the FRE include prepublication reviews:  

A. Of research papers to verify that the publication will not release proprietary information that the sponsor has furnished to the researchers; 

B. For certain multi-site clinical trials with a requirement for a publication committee to review data from participating sites and make decisions about joint publications; and  

C. Of research papers to verify that the publication would not compromise patent rights, so long as the review causes no more than a reasonable and temporary delay in publication of the research results. In order to preserve the FRE, the university generally does not agree to conduct research with parties that impose proprietary data restrictions unless the other party first agrees that no data subject to export controls will be provided without prior written notice and prior written approval of the university.  

Although exemptions to export control laws apply to many of the university’s activities, some activities may be restricted. Failure to comply with these laws exposes both the individuals involved and the university to severe criminal and civil penalties as well as administrative sanctions (loss of research funding and export privileges). Additionally, the university may take administrative actions consistent with applicable university policies up to and including termination or expulsion of faculty, employees and students. 

FRE Projects with Supplied Materials or Planned Exports 

Even if a project is covered by the FRE, materials a sponsor or other third party may provide to initiate and/or support the project (that serve as inputs to the project), including hardware, software and technical data, are still subject to U.S. export controls and may require export licenses or authorizations to provide to Foreign Persons. Similarly, U.S. export controls still apply to all hardware and software exported from the U.S., and an export license may be required even if the hardware or software is being exported to support a FRE project. For example, U.S. export control laws would apply to the export of hardware to an international research collaborator, even if the underlying project is covered under the FRE.  

Projects that do not qualify for FRE 

It is possible that some research projects will not qualify for the FRE. In such cases, OVPR/Export Control will inform the PI that the FRE will not apply to the project and will work with the PI and appropriate university offices to determine whether other exemptions or exclusions apply to enable the university to undertake the research project without requiring a license. If another exemption or exclusion is available, OVPR/Export Control will inform the PI and will advise whether a TCP or additional measures must still be put in place for the project to ensure export compliance. In such cases, OVPR/Export Control will work with the PI to develop a TCP. However, if the FRE and other exemptions or exclusions are not available, OVPR/Export Control will inform the PI accordingly. If a license appears to be required, the Executive Director of Research Integrity and Compliance will review the matter and decide if an application for a license is appropriate. Any export license applications will be handled by OVPR/Export Control, with input from the PI, and will be coordinated in advance with the Office of the Senior Vice President and General Counsel (OGC).  

Definitions

Deemed Export: Occurs when technology or software source code is released or transmitted to a Foreign Person within the U.S. including through a discussion with a foreign researcher or student. 

Export: Generally, an export means: (1) An actual shipment or transmission of items controlled under the EAR or ITAR out of the U.S.; (2) any written, oral or visual release or disclosure of controlled technology, information or software to a Foreign Person either in the U.S. or outside the U.S.; or (3) any actual use or application of controlled technology on behalf of or for the benefit of any foreign entity or person anywhere. 

Export Controlled Data  

Export Controlled Data means:  

A. Technical data that is controlled under the ITAR.  

B. Technology or software that is subject to the EAR and is controlled at a level higher than EAR99; or  

C. Information subject to controls under the regulations of the NRC. 

Export Controlled Data does not include:  

A. Technology or software that arises during, or results from, fundamental research under Section 734.8 of the EAR;  

B. Technology or software that has been made available to the public without restrictions upon its further dissemination and qualifies as published under Section 734.7 of the EAR; or  

C. Information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities, or information in the public domain as defined in ITAR Section 120.11. 

Foreign Person: Both the EAR and ITAR define “Foreign Person” as any person, corporation, business association, partnership, trust, society or any other entity or group that is not incorporated or organized to do business in the U.S. as well as international organizations, foreign governments and any agency or subdivision of foreign governments (e.g., diplomatic missions), and anyone who is not a U.S. citizen, a lawful permanent resident of the U.S. (i.e., a green card holder) or who does not have refugee or asylum status in the U.S.  

Information arising from “Fundamental Research”: Information arising during or resulting from basic or applied research in science or engineering conducted at the university in the U.S. where the results of the research are ordinarily shared with the scientific community, published in the public domain and made accessible to the public. The information that results from fundamental research (other than certain encryption source code) is excluded from export controls. This Fundamental Research Exemption only applies to the disclosure of software, technology and technical data to Foreign Persons at the university in the U.S.; it does not apply to the shipment or carriage of equipment, materials or samples outside the U.S.  

Re-export: An actual shipment or transmission of items subject to export regulations from one foreign country to another foreign country. For the purposes of the U.S. EAR, the export or re-export of items subject to the EAR that will transit through a country or countries to a new country, or are intended for re-export to the new country, are deemed to be exports to the new country. 

Restricted Parties:  By order of the U.S. government, U.S. individuals and companies are restricted or prohibited from exporting or providing services of any kind to any party contained in any of the government Restricted Party Screening lists. A Consolidated Screening List is also available.  

Technology Control Plan: A Technology Control Plan (TCP) contains procedures to control access for all export-controlled items and information. 

Procedures

On the Export Control webpage, the university provides guidance on various procedures designed to promote university compliance, including detailed explanations of the export controls regulations and their limitations, examples of export triggers, exemptions, and export-controlled activities and other procedures.  

Forms

The Export Control Forms and Documents webpage lists and details the purpose of the forms and documents used for Export Control procedures, guidance, and assessments.

Related Information

Contacts

ContactPhone NumberEmail Address
Office of the Vice Provost for Research, Export Control202-994-1812 [email protected]

Responsible University Official: Vice Provost for Research
Responsible Office: Office of the Vice Provost for Research

Origination Date: October 1, 2004
Last Material Change: December 6, 2019

More information describing university policies is outlined in the University Policy Principles.
Noncompliance with this policy can be reported through this website.