The term ‘dual-use’ refers to goods, software, and technologies that have legitimate commercial applications but that also have potential military, proliferation, or strategic applications. Dual-use export controls are administered by the Bureau of Industry and Security (BIS) within the US Department of Commerce under the Export Administration Regulations (EAR), and they apply to a far broader range of products and companies than the ITAR controls discussed in other articles in this section. While ITAR covers items specifically designed or modified for military use, dual-use controls cover commercial products — computers, semiconductors, telecommunications equipment, sensors, lasers, navigation systems, software, and many others — that could be repurposed for harmful uses by foreign governments, military actors, or terrorist organizations.

For technology companies, dual-use export controls represent one of the most significant and rapidly evolving compliance obligations they face. BIS has significantly expanded the scope of dual-use controls in recent years, adding new export controls on advanced semiconductors and semiconductor manufacturing equipment, artificial intelligence software, quantum computing technology, and other emerging technologies that have been identified as critical to national security. The October 2022, October 2023, and October 2024 BIS rules on advanced computing and semiconductor manufacturing represent the most sweeping expansion of US dual-use export controls in decades, with profound implications for US semiconductor companies, their customers, and the global supply chains that supply advanced computing infrastructure.

The Structure of the Commerce Control List

The Commerce Control List (CCL), codified at 15 CFR Part 774, Supplement No. 1, is organized into ten categories, each subdivided by product type (equipment and components, test and inspection equipment, materials, software, and technology) and by Export Control Classification Number (ECCN). The ten categories are: Category 0 (Nuclear Materials, Facilities, and Equipment), Category 1 (Special Materials and Related Equipment), Category 2 (Materials Processing), Category 3 (Electronics), Category 4 (Computers), Category 5 (Telecommunications and Information Security, which includes both telecommunications equipment and cybersecurity/encryption items), Category 6 (Sensors and Lasers), Category 7 (Navigation and Avionics), Category 8 (Marine), and Category 9 (Aerospace and Propulsion).

Every item on the CCL is assigned an ECCN, which is a five-character alphanumeric code (e.g., 3A001 for certain electronic components, 4A002 for certain computers). The ECCN identifies the category, product type, control list number, and reason for control. Items subject to the EAR that are not listed on the CCL are classified as ‘EAR99’ — meaning they are subject to the EAR but do not require a license for most exports to most destinations. EAR99 items can still require a license for export to embargoed countries, to end users on restricted party lists, or for end uses subject to catch-all controls. The vast majority of commercial products are EAR99, but technology companies should not assume that their products are EAR99 without conducting a proper classification analysis.

Reasons for Control and License Requirements

Every ECCN on the CCL identifies the reasons for which the item is controlled. The principal reasons for control are: NS (National Security) — items that could contribute to the development of conventional military capabilities of adversary countries; AT (Anti-Terrorism) — items that could contribute to terrorist acts; NP (Nuclear Nonproliferation) — items with potential nuclear explosive applications; CB (Chemical and Biological Weapons) — items with potential chemical or biological weapons applications; MT (Missile Technology) — items controlled under the Missile Technology Control Regime; RS (Regional Stability) — items whose export could contribute to instability in specific regions; SS (Short Supply) — items in limited supply; SL (Surreptitious Listening) — certain telecommunications monitoring equipment; and UN (United Nations) — items subject to UN arms embargoes.

The reason for control determines which countries require a license for export of the controlled item. License requirements are set out in the Commerce Country Chart (15 CFR Part 738, Supplement No. 1), which cross-references ECCN reason for control codes with country-specific license requirements. By checking the ECCN’s reasons for control against the Country Chart for the destination country, the exporter can determine whether a license is required for the specific export. This analysis must be performed for every transaction involving a CCL-controlled item, as the applicable license requirements depend on the specific ECCN and the specific destination.

License Exceptions

BIS has established a system of License Exceptions that allow exports of certain controlled items to proceed without a license, subject to specified conditions. License Exceptions are codified at 15 CFR Part 740 and include: LVS (Low Value Shipments) for small-value exports; GBS (Governments and International Organizations) for exports to government entities; CIV (Civil End-Users) for exports to civil end users in certain countries; APP (Computers) for exports of computers meeting certain performance thresholds; TSR (Technology and Software — Unrestricted) for certain technology transfers; ENC (Encryption Commodities and Software) for encryption products; TMP (Temporary Imports, Exports, Re-exports, and Transfers) for temporary shipments; RPL (Servicing and Replacement of Parts and Equipment) for replacement parts; STA (Strategic Trade Authorization) for exports to US allies in specified circumstances; and several others.

License Exceptions are powerful compliance tools that can significantly reduce the administrative burden of EAR licensing for routine commercial transactions with trusted allies. However, they are subject to important limitations: they are not available for exports to embargoed countries, for exports to Entity List or other restricted parties, and for end uses covered by the catch-all controls. Companies that use License Exceptions must document their eligibility for the exception and must comply with all applicable conditions. Misuse of a License Exception is an EAR violation equivalent to an unauthorized export.

Emerging Technology Controls

BIS has significantly expanded the CCL in recent years to address emerging technologies with national security implications. The Export Control Reform Act of 2018 (ECRA) directed BIS to establish a process for identifying and controlling ’emerging and foundational technologies’ — technologies that are essential to US national security and are not yet subject to robust multilateral export controls. Pursuant to ECRA, BIS has added controls on a range of emerging technologies, including advanced semiconductors and semiconductor manufacturing equipment, advanced computing architectures, artificial intelligence and machine learning software in specific configurations, quantum computing and related items, advanced surveillance technology, and biotechnology tools with weapons applications.

For technology companies developing or commercializing products in any of these areas, the pace of BIS rulemaking means that the CCL classification of their products may change more rapidly than in any previous period in US export control history. A company that correctly classified its advanced chip in 2021 may find that the chip was captured by new controls in 2022 or 2023. Regular classification review — at minimum annually and whenever significant regulatory changes occur — is essential for staying current with CCL obligations. Companies that have not reviewed their product classifications against the October 2022, October 2023, and October 2024 advanced computing rules and their subsequent amendments should treat that review as an urgent compliance priority.