‘Export Control’ Clauses in software agreements

Nick O’Connell - Partner, Head of Digital & Data - Saudi Arabia - Digital & Data

November 2013

In many instances, these clauses are simply not applicable – although they have crept into the standard documentation of US technology companies and are often treated as ‘not negotiable’. It is reasonable for licensees to request further information from licensors to help them determine whether an export control clause is relevant to a particular agreement, and to determine whether there are any further implications or obligations of which they need to be aware. In this article we outline the background to US export control provisions, and some further considerations for licensees.


US software vendors/licensors typically seek to incorporate an ‘export control’ clause into their software licence agreements. Such export control clauses seek to have licensees contractually agree that ‘US and any other relevant export control laws’ apply to the licensee, and that the licensee will not re-export the subject software in a manner inconsistent with such laws. Typically, such licensors also seek to impose an obligation on licensees to ensure that a certain statement relating to the applicability of such laws accompanies the software (or any data produced with the software) if it is re-exported.

This type of export control clause broadly finds its basis in the US Department of Commerce’s Export Administration Regulations (“EAR”) and the US Department of State’s International Traffic in Arms Regulations (“ITAR”). The ITAR is heavily focussed on military weapons, but also includes software relating to military weapons. The EAR regulates items designed for commercial purpose which could have military applications, including goods and technology (including software), and in this article we focus on the EAR.

The EAR itself does not specifically require US licensors to have foreign licensees agree to be bound by US export control regulations. Our expectation is that licensors seek to extract licensees’ agreement on this point in order to meet obligations imposed on them pursuant to EAR licences (being regulatory permits that the licensors may have had to obtain in order to export the subject software).


As a matter of UAE law, and with reference to basic legal principles, the EAR does not apply to UAE entities operating in the UAE (or elsewhere outside the US). Despite this, it seems clear that, from a US perspective, the EAR is of extra-territorial effect outside the US – and it also applies to non-US entities carrying-out prohibited activities in respect of items subject to the EAR.

Title 15 of the US Code of Federal Regulations (“15 CFR”), which sets out the provisions of the EAR, specifies at Part 734.12 that:

any person who complies with the license or other requirements of a foreign law or regulation is not relieved of the responsibility of complying with US laws and regulations, including the EAR.

From time to time, US authorities do take action against foreign entities for breach of the EAR. The examples that we were able to find seem to be directly related to security or military use (such as the re-export to Iran of technology used in drone aircraft). We found no information indicating that US authorities have any interest in technical non-compliance with the EAR where the non-compliant entity is not involved in activity of this general nature. For this reason, if the software in question is unlikely to have any security or military use, we expect that there is only a limited risk that US authorities would seek to prosecute a foreign licensee for non-compliance with the EAR that occurs outside the US.


EAR requirements only apply to items that are ‘subject to the EAR’. The term ‘subject to the EAR’ is extremely broad, and basically includes  “all items in the United States[…]”, “all U.S. origin items wherever located”, “certain foreign-made direct products of U.S. origin technology or software”, amongst other items (see 15 CFR 734.3).

A key ‘exception’ is for items comprising ‘publicly available’ technology and software. The term ‘publicly available’ is further defined in 15 CFR. It includes technology and software included in certain patent applications, as well as technology and software that has been (or will be) published by becoming ‘generally accessible to the interested public in any form’. This includes by way of publication in patents and open patent applications, and by making software available for general distribution – either for free or at a price that does not exceed the cost of reproduction and distribution.

Thus, if the relevant software is the subject of a patent or a published patent application, or if it is made available for general distribution for free or at a price that does not exceed the cost of reproduction and distribution, then it would not be an item ‘subject to EAR’ – and it would therefore not be necessary for a licensee to comply with the EAR requirements (or to agree to do so by way of an export control clause).


The impact of an item being ‘subject to EAR’ is that – depending on the applicability of certain ‘General Prohibitions’ – the item cannot be exported from the US (or re-exported from a  foreign country) except pursuant to an EAR licence. The applicability of any General Prohibition will depend on whether the item falls within a classification identified with an Export Control Classification Number (“ECCN”) or whether it falls within a ‘catch-all’ category (called “EAR99”).A summary of the General Prohibitions taken from 15 CFR 732.1 appears in the box accompanying this article.

For its own EAR compliance purposes, a licensor would have determined whether the relevant software is properly classified under an ECCN or under EAR99. If a licensor insists on including an export control provision, then it is not unreasonable for the licensee to request that the licensor confirms the applicable ECCN or whether EAR99 applies. Our general expectation is that if the relevant software is an ‘item subject to the EAR’, the type of software typically licensed in by our clients is more likely to fall within EAR99, as the ECCN categories generally cover very specific weapons-related content.

Once a licensee is able to confirm whether or not the relevant software is ‘subject to the EAR’ and (if so) the relevant ECCN or applicability of EAR99, the licensee would need to consider the applicability of the General Prohibitions and (possibly) the need to seek a licence for the proposed activity.

Brief summary of the ten general prohibitions:

  1. General Prohibition One (Exports and Re-exports): Export and re-export of controlled items to listed countries.
  2. General Prohibition Two (Parts and Components Re-exports): Re-export and export from abroad of foreign-made items incorporating more than a de minimis amount of controlled U.S. content.
  3. General Prohibition Three (Foreign-produced Direct Product Re-exports): Re-export and export from abroad of the foreign-produced direct product of U.S. technology and software.
  4. General Prohibition Four (Denial Orders): Engaging in actions prohibited by a denial order.
  5. General Prohibition Five (End-Use End-User): Export or re-export to prohibited end-user or end-users.
  6. General Prohibition Six (Embargo): Export or re-export to embargoed destinations.
  7. General Prohibition Seven (U.S. Person Proliferation Activity): Support of proliferation activities.
  8. General Prohibition Eight (In-Transit): In-transit shipments and items to be unladen from vessels and aircraft.
  9. General Prohibition Nine (Orders, Terms and Conditions): Violation of any orders, terms, or conditions.
  10. General Prohibition Ten (Knowledge Violation to Occur): Proceeding with transactions with knowledge that a violation has occurred or is about to occur.

Al Tamimi & Company’s Technology, Media & Telecommunications team regularly handles software and technology contracting issues. For further information on export control clauses, or any other software or technology contracting issues, please contact Nick O’Connell n.oconnell@tamimi.com