The following activities are not deemed reexports (see “deemed reexport” definition in §734.14(b)):
(a) Authorized Release of “technology” or source code. Release of “technology” or source code by an entity outside the United States to a foreign person of a country other than the foreign country where the release takes place if:
(1) The entity is authorized to receive the “technology” or source code at issue, whether by a license, license exception, or situation where no license is required under the EAR for such “technology” or source code; and
(2) The entity has “knowledge” that the foreign national's most recent country of citizenship or permanent residency is that of a country to which export from the United States of the “technology” or source code at issue would be authorized by the EAR either under a license exception or in situations where no license under the EAR would be required.
(b) Release to Country Group A:5 nationals. Without limiting the scope of paragraph (a), release of “technology” or source code by an entity outside the United States to a foreign person of a country other than the foreign country where the release takes place if:
(1) The entity is authorized to receive the “technology” or source code at issue, whether by a license, license exception, or through situations where no license is required under the EAR;
(2) The foreign person is a bona fide 'permanent and regular employee' of the entity and is not a proscribed person (see §772.1 for definition of proscribed person);
(3) Such employee is a national exclusively of a country in Country Group A:5; and
(4) The release of “technology” or source code takes place entirely within the physical territory of any such country, or within the United States.
(c) Release to other than Country Group A:5 nationals. Without limiting the scope of paragraph (a), release of “technology” or source code by an entity outside the United States to a foreign person of a country other than the foreign country where the release takes place if:
(1) The entity is authorized to receive the “technology” or source code at issue, whether by a license, license exception, or situations where no license is required under the EAR;
(2) The foreign person is a bona fide 'permanent and regular employee' of the entity and is not a proscribed person (see §772.1 for definition of proscribed person);
(3) The release takes place entirely within the physical territory of the country where the entity is located, conducts official business, or operates, or within the United States;
(4) The entity has effective procedures to prevent diversion to destinations, entities, end users, and end uses contrary to the EAR; and
(5) Any one of the following six (i.e., paragraphs (c)(5)(i), (ii), (iii), (iv), (v), or (vi) of this section) situations is applicable:
(i) The foreign person has a security clearance approved by the host nation government of the entity outside the United States;
(ii) The entity outside the United States:
(A) Has in place a process to screen the foreign person employee and to have the employee execute a non-disclosure agreement that provides assurances that the employee will not disclose, transfer, or reexport controlled “technology” contrary to the EAR;
(B) Screens the employee for substantive contacts with countries listed in Country Group D:5 (see supplement no. 1 to part 740 of the EAR). Although nationality does not, in and of itself, prohibit access to “technology” or source code subject to the EAR, an employee who has substantive contacts with foreign persons from countries listed in Country Group D:5 shall be presumed to raise a risk of diversion, unless BIS determines otherwise;
(C) Maintains a technology security or clearance plan that includes procedures for screening employees for such substantive contacts;
(D) Maintains records of such screenings for the longer of five years or the duration of the individual's employment with the entity; and
(E) Will make such plans and records available to BIS or its agents for civil and criminal law enforcement purposes upon request;
(iii) The entity is a U.K. entity implementing §126.18 of the ITAR (22 CFR 126.18) pursuant to the U.S.-U.K. Exchange of Notes regarding §126.18 of the ITAR for which the U.K. has provided appropriate implementation guidance;
(iv) The entity is a Canadian entity implementing §126.18 of the ITAR pursuant to the U.S.-Canadian Exchange of Letters regarding §126.18 of the ITAR for which Canada has provided appropriate implementation guidance;
(v) The entity is an Australian entity implementing the exemption at paragraph 3.7b of the ITAR Agreements Guidelines; or
(vi) The entity is a Dutch entity implementing the exemption at paragraph 3.7c of the ITAR Agreements Guidelines.
(d) Definitions. (1) Substantive contacts include regular travel to countries in Country Group D:5; recent or continuing contact with agents, brokers, and nationals of such countries; continued demonstrated allegiance to such countries; maintenance of business relationships with persons from such countries; maintenance of a residence in such countries; receiving salary or other continuing monetary compensation from such countries; or acts otherwise indicating a risk of diversion.
(2) Permanent and regular employee is an individual who:
(i) Is permanently (i.e., for not less than a year) employed by an entity, or
(ii) Is a contract employee who:
(A) Is in a long-term contractual relationship with the company where the individual works at the entity's facilities or at locations assigned by the entity (such as a remote site or on travel);
(B) Works under the entity's direction and control such that the company must determine the individual's work schedule and duties;
(C) Works full time and exclusively for the entity; and
(D) Executes a nondisclosure certification for the company that he or she will not disclose confidential information received as part of his or her work for the entity.
Note to paragraph (d)(2): If the contract employee has been seconded to the entity by a staffing agency, then the staffing agency must not have any role in the work the individual performs other than to provide the individual for that work. The staffing agency also must not have access to any controlled “technology” or source code other than that authorized by the applicable regulations or a license.
[81 FR 35605, June 3, 2016]