Skip to main content

Definitions

BIS

The Bureau of Industry and Security (BIS) is a division of the U.S. Department of Commerce responsible for implementing and enforcing the Export Administration Regulations (EAR). BIS oversees the export, reexport, and transfer of dual-use items—those with both civilian and military applications—and maintains the Commerce Control List (CCL). It plays a central role in regulating strategic trade to protect U.S. national security and economic interests.

Classified Research

Classified research involves information or materials that have been designated by the U.S. government as requiring protection against unauthorized disclosure for national security reasons. Such research is governed by federal classification standards (e.g., Confidential, Secret, Top Secret) and access is restricted to individuals with the appropriate security clearance and a need to know. Classified research is not considered fundamental research and is subject to strict handling, storage, and communication requirements.

Commerce Control List (CCL)

A list of items under the jurisdiction of the EAR, including commodities, software, and technology, which are subject to export controls based on their nature and technical parameters.

Comprehensively Sanctioned Countries

Comprehensively sanctioned countries are nations subject to the most extensive U.S. economic sanctions, imposed by the Department of the Treasury’s Office of Foreign Assets Control (OFAC). These sanctions generally prohibit nearly all direct and indirect transactions involving the country, its government, and entities or individuals located there. As of April 2025, the comprehensively sanctioned countries are Cuba, Iran, North Korea, and Syria.

Contextualized Data

Contextualized data refers to information that has been linked with additional details—such as metadata, technical specifications, origin, or intended use—that gives it specific meaning or relevance. In controlled research settings, contextualized data may enable interpretation, replication, or application, and can elevate the regulatory sensitivity of the information. When combined with identifying or technical context, such data is more likely to be subject to export control or safeguarding requirements.

Controlled Research

Controlled research refers to research activities that are subject to restrictions on publication, access, or participation due to regulatory, contractual, or sponsor-imposed limitations. Unlike fundamental research, which is intended to be openly published and broadly shared, controlled research may involve export-controlled information, proprietary data, or technologies subject to U.S. export control laws (such as the EAR or ITAR), Controlled Unclassified Information (CUI), or classified information. When research is designated as controlled, specific safeguards—such as a Technology Control Plan (TCP), access restrictions, or licensing—may be required to ensure compliance with applicable laws and institutional policies.

Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI) is information that the U.S. Government creates or possesses—or that an entity creates or possesses for or on behalf of the government—that requires safeguarding or dissemination controls in accordance with applicable laws, regulations, and government-wide policies.

Country of Concern

A foreign country of concern (FCOC) is a nation identified by the U.S. government as posing heightened risks to national security, research integrity, or economic competitiveness. Under the CHIPS and Science Act of 2022, this designation includes China, Iran, North Korea, and Russia. Entities outside these countries but owned or controlled by them are also subject to restrictions.

Covered Defense Information (CDI)

Covered Defense Information (CDI) is a subset of Controlled Unclassified Information (CUI) that includes unclassified information provided to or developed by a contractor in connection with a Department of Defense (DoD) contract that requires safeguarding or dissemination controls pursuant to law, regulation, or government-wide policy.

Customs and Border Protection (CBP)

Customs and Border Protection (CBP) is a federal agency within the U.S. Department of Homeland Security responsible for enforcing customs, immigration, and trade laws at U.S. borders and ports of entry. CBP regulates the import and export of goods, collects duties and taxes, and ensures compliance with laws related to international shipments, including those involving export-controlled or restricted items. It plays a key role in the processing and clearance of cross-border transfers of tangible items.

Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to assess and verify the cybersecurity practices of contractors and organizations handling Controlled Unclassified Information (CUI). CMMC defines multiple levels of maturity, each with specific requirements for safeguarding sensitive federal information, and is intended to ensure that appropriate cybersecurity protections are in place throughout the defense supply chain.

Directorate of Defense Trade Controls (DDTC)

The Directorate of Defense Trade Controls (DDTC) is a division of the U.S. Department of State responsible for administering and enforcing the International Traffic in Arms Regulations (ITAR). DDTC oversees the licensing, registration, and compliance requirements for exports of defense articles, defense services, and related technical data listed on the U.S. Munitions List (USML). Its mission is to advance U.S. national security and foreign policy interests through the regulation of defense trade.

Deemed Export

A deemed export refers to the release or transmission of controlled technology, technical data, or source code to a foreign person within the United States. Under U.S. export control regulations—particularly the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR)—such a release is considered an export to the foreign person’s country of citizenship. Deemed exports can occur through visual inspection, oral discussions, training, or access to controlled research environments. Because no physical shipment takes place, deemed exports are often overlooked, but they are subject to the same licensing requirements and restrictions as physical exports. Institutions must assess foreign national access to export-controlled information, equipment, and software to ensure compliance.

Defense Article

A defense article is any item, technical data, or software that is specifically designed, developed, configured, adapted, or modified for a military application and is listed on the U.S. Munitions List (USML), which is regulated under the International Traffic in Arms Regulations (ITAR). This includes weapons, military vehicles, protective equipment, spacecraft components, and related parts and accessories. Physical items as well as associated technical data and software can be considered defense articles. The export, transfer, or disclosure of defense articles—whether internationally or to a foreign person in the U.S.—typically requires prior authorization from the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC).

Defense Service

Defense services refer to the provision of assistance—whether in the United States or abroad—to foreign persons in the development, design, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, or use of defense articles. This includes the transfer of technical data and the provision of training or other forms of support related to items on the U.S. Munitions List (USML). Defense services are regulated under the International Traffic in Arms Regulations (ITAR), and their provision to foreign persons—whether in-person, remotely, or through written or oral communication—generally requires prior authorization from the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC).

Delivery Terms

Delivery terms, often referred to as Incoterms (International Commercial Terms), are standardized terms used in international trade to define the responsibilities of buyers and sellers for shipping, insurance, customs clearance, and risk of loss. They specify who pays for transportation and duties, where risk transfers between parties, and who is responsible for export and import procedures. Proper use of delivery terms helps prevent misunderstandings and ensures compliance with contractual and regulatory obligations.

EAR99

EAR99 is a classification under the Export Administration Regulations (EAR) for items that are subject to the EAR but are not specifically listed on the Commerce Control List (CCL). These items are generally low-risk and often do not require a license for export to most destinations. However, a license may still be required if the export is to a sanctioned country, a prohibited end user, or for a restricted end use.

Eligibility

Eligibility refers to whether a person, entity, or organization is legally permitted to access controlled items, information, or research under U.S. export control regulations, contract terms, or institutional policies. Eligibility may be determined based on factors such as citizenship, immigration status, affiliations, end use, or inclusion on restricted party lists. In research settings, eligibility assessments help ensure compliance when granting access to export-controlled technology, secure environments, or participation in restricted projects.

Effective Control

Effective control refers to the ability to maintain physical possession of an export-controlled item or to secure it in a manner that prevents unauthorized access—such as in a locked container, room, or hotel safe. This concept is relevant when applying for license exceptions or temporarily traveling with controlled items to ensure continued compliance with U.S. export regulations.

End Point

At Purdue, an end point refers to a computer, workstation, or other device that is connected to a controlled research environment or secure computing system. End points serve as the access point through which users interact with regulated data, software, or systems, and must meet specific security and configuration requirements to ensure compliance with export control, CUI, or cybersecurity standards.

End Use

End use refers to the specific purpose for which an item, software, or technology will be employed by the recipient. Under U.S. export control regulations, the end use is a critical factor in determining whether a license is required, especially if the item may be used in activities such as nuclear proliferation, missile development, chemical or biological weapons production, or military applications. Accurate end-use information is essential for export compliance and risk assessment.

End User

An end user is the individual, organization, or entity that will ultimately receive and use an exported item, technology, or service. Identifying the end user is essential for determining export license requirements and for screening against U.S. government restricted party lists. Even if an item passes through intermediaries, the end user is the final recipient responsible for the item’s application.

Export

An export is the physical shipment, electronic transmission, or transfer of items, software, or technical data from the United States to a foreign country or to a foreign person, regardless of location. Exports can occur through shipping, email, cloud storage, hand-carry, verbal communication, or visual access, and are subject to U.S. export control laws.

Export Administration Regulations (EAR)

The Export Administration Regulations (EAR) are U.S. federal regulations administered by the Department of Commerce’s Bureau of Industry and Security (BIS) that control the export, reexport, and transfer of dual-use items—goods, software, and technologies with both civilian and military applications. The EAR covers items listed on the Commerce Control List (CCL) and applies to U.S. persons, entities, and activities worldwide.

Export Control Classification Number (ECCN)

An Export Control Classification Number (ECCN) is an alphanumeric code used in the Export Administration Regulations (EAR) to identify items subject to export controls on the Commerce Control List (CCL). Each ECCN describes the item’s technical characteristics and indicates the reasons for control, which help determine licensing requirements based on the destination, end use, and end user. Proper ECCN classification is essential for ensuring compliance with U.S. export regulations.

Export Control Regulations

Export control regulations are U.S. federal laws that govern the export of sensitive items, technology, software, and technical data to foreign countries and foreign persons. These include the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and sanctions regulations administered by the Office of Foreign Assets Control (OFAC). The purpose of these regulations is to protect U.S. national security, economic interests, and foreign policy objectives.

Foreign Country of Concern

A foreign country of concern (FCOC) is a nation identified by the U.S. government as posing heightened risks to national security, research integrity, or economic competitiveness. Under the CHIPS and Science Act of 2022, this designation includes China, Iran, North Korea, and Russia. Entities outside these countries but owned or controlled by them are also subject to restrictions.

Foreign Adversary

Foreign Adversary (aka Adversary Countries), as defined by Indiana House Enrolled Act (HEA) 1179, are nations identified as foreign adversaries under 15 CFR § 7.4 or designated by the Governor of Indiana as threats to critical infrastructure. As of April 2025, these countries include Cuba, China, Iran, North Korea, Russia and Venezuela. The law imposes disclosure requirements on Indiana public universities for any gifts or contracts involving these countries and restricts the transfer of intellectual property or use of state resources in collaborations with entities linked to them.

Foreign Person

A foreign person is any individual who is not a U.S. citizen, lawful permanent resident (green card holder), or protected individual under U.S. immigration law (such as a refugee or asylee). The term also includes any foreign corporation, business, organization, or government not incorporated or organized under U.S. law. Foreign persons are subject to export control restrictions when accessing controlled items or information.

Foreign Trade Regulations (FTR)

The Foreign Trade Regulations (FTR) are U.S. federal rules administered by the Census Bureau that govern the reporting of export shipment information through the Automated Export System (AES). The FTR outlines requirements for filing Electronic Export Information (EEI), specifies when filing is mandatory, and ensures accurate data collection for trade statistics and enforcement purposes. Compliance with the FTR is essential for lawful export documentation and reporting.

Fundamental Research

Fundamental research is basic or applied research in science and engineering where the results are intended to be published and broadly shared within the research community. It is not subject to export control regulations so long as there are no restrictions on publication or access based on nationality. This definition is established under National Security Decision Directive 189 (NSDD-189) and applies primarily to research conducted at accredited institutions of higher education in the United States.

General Guidance Memorandum (GGM)

A General Guidance Memorandum is a formal communication issued to provide clarification, interpretation, or recommended practices related to export control regulations, U.S. sanctions, or research security requirements. These memoranda help faculty, staff, and administrators understand how to ensure compliance in common scenarios and are generally advisory in nature.

Hand Carry

Hand carry refers to the physical transportation of tangible items—such as equipment, samples, or documents—across international borders by an individual, typically as part of personal luggage during travel. Even though no commercial shipment is involved, hand-carrying items is still considered an export under U.S. regulations and may require prior review, documentation, or licensing depending on the nature of the items and destination.

High-Risk Destinations

High-risk destinations are: Afghanistan, Armenia, Azerbaijan, Belarus, Burma (Myanmar), Cambodia, Central African Republic, China (including Hong Kong), Democratic Republic of Congo, Cyprus, Eritrea, Georgia, Haiti, Iraq, Kazakhstan, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Moldova, Mongolia, Nicaragua, Russia, Somalia, South Sudan, Sudan, Tajikistan, Turkmenistan, Uzbekistan, Venezuela, Vietnam, Yemen, Zimbabwe.

Instruction Materials

Instruction materials refer to general information or content used to teach or explain how to operate, assemble, maintain, or use a product or system. Under export control regulations, publicly available instructional materials—such as manuals, textbooks, or training guides—are typically not controlled, unless they contain or reveal technical data or controlled technology subject to the EAR or ITAR. The classification depends on the content, context, and level of technical detail provided.

International Traffic in Arms Regulations (ITAR)

The International Traffic in Arms Regulations (ITAR) are U.S. regulations administered by the Department of State’s Directorate of Defense Trade Controls (DDTC) that control the export, reexport, and transfer of defense articles, defense services, and related technical data listed on the U.S. Munitions List (USML). ITAR is designed to protect U.S. national security and foreign policy interests by regulating access to military-related technologies.

License

A license is formal authorization issued by a U.S. government agency—such as the Department of Commerce (BIS) or Department of State (DDTC)—that permits the export, reexport, transfer, or disclosure of controlled items, technology, or services to a foreign person or destination. A license is typically required when an export cannot be made under a license exception or general authorization due to the item's classification, end use, end user, or destination.

License Exception

A license exception is a provision under the Export Administration Regulations (EAR) that allows the export, reexport, or transfer of certain controlled items without the need to obtain a specific license, provided that defined criteria and conditions are met. License exceptions are limited in scope and must be used in strict accordance with the regulations, taking into account the item, destination, end use, and end user.

Material Transfer Agreement (MTA)

A Material Transfer Agreement (MTA) is a contractual document used to govern the transfer of tangible research materials between two organizations. It defines the terms under which the materials may be used, including restrictions on redistribution, intellectual property rights, publication, and liability. MTAs help ensure compliance with legal, regulatory, and sponsor obligations during research collaborations.

NDA Information Sheet

Form required when a non-disclousure agreement/confidentiality agreement is requested and must be reviewed by the Export Controls Team. This form gathers all the necessary information for the EC/IA team to conduct an export control analysis review before the agreement can be executed.

Non-contextualized Controlled Research Data

information that is raw output with no identifying marks generated, processed, stored, and/or transmitted under a controlled project subject to dissemination controls, export control regulations and federal cybersecurity rules. The information is raw output with no identifying marks for the controlled project. The information must be correlated with additional input from a person, application or second data source in scope of the controlled research project to become Contextualized Controlled Research Data thus in scope of the export control regulations and federal cybersecurity rules.
 
Non-contextualized Data is categorized as Restricted, under Purdue's Data Classification and Handling Procedures and is not the results of Fundamental Research. Therefore access to the data is still limited to authorized individuals as identified by a Technology Control Plan and effective security controls must be maintained over non-contextualized Controlled Research Data as defined by the Technology Control Plan. Access to the information would have potential adverse impact to the mission of the applicable controlled research project.

OFAC

The Office of Foreign Assets Control (OFAC) is a division of the U.S. Department of the Treasury responsible for administering and enforcing economic and trade sanctions based on U.S. foreign policy and national security objectives. OFAC maintains lists of sanctioned individuals, entities, and countries, and regulates transactions that may involve restricted parties or embargoed regions. Compliance with OFAC regulations is essential when engaging in international collaborations, financial transactions, or exports.

Personal Acknowledgment Form

A Personal Acknowledgment Form is a document used to confirm that an individual—typically a researcher, student, or staff member—has been informed of and agrees to comply with applicable export control regulations, institutional policies, and specific requirements related to controlled research or access-restricted information.

Principal Investigator

A Principal Investigator (PI) is the lead researcher responsible for the overall design, conduct, and management of a sponsored research project. The PI holds primary accountability for compliance with institutional policies, sponsor requirements, and applicable laws, including those related to export controls, data security, and the ethical conduct of research.

Release (of Controlled Technology)

A release refers to the act of making controlled technology, technical data, or software available to a foreign person through any means, including visual inspection, oral communication, electronic transmission, or access to physical or digital systems. Under U.S. export control regulations, such a release—whether intentional or inadvertent—is considered an export and may require prior government authorization depending on the item's classification and the recipient’s nationality.

Restricted End Use

Restricted end use refers to the intended application of an item, software, or technology that is prohibited or controlled under U.S. export control regulations due to national security, nuclear nonproliferation, chemical/biological weapons, or military-related concerns. Even if the item itself is not highly controlled, a license may be required—or the transaction may be entirely prohibited—if the end use involves activities such as weapons development, missile technology, or military applications in embargoed countries.

Researcher

A person who is responsible for the design and conduct of research and/or reporting/publishing research outcomes.

Restricted Party List

A restricted party list refers to any official list published by the U.S. government that identifies individuals, companies, or entities that are subject to trade, export, or financial restrictions. These parties may be subject to denial of export privileges, sanctions, or other prohibitions due to concerns related to national security, foreign policy, or criminal activity. Examples include the U.S. Department of Commerce’s Denied Persons List, the U.S. Department of Treasury’s Specially Designated Nationals (SDN) List, and the U.S. Department of State’s Debarred List. Engaging with a restricted party—whether through shipments, services, or information sharing—may be prohibited or require prior authorization. Screening against restricted party lists is a key component of export control compliance at Purdue.

Restricted Party Screening

Restricted party screening is the process of checking individuals, organizations, or entities against U.S. government-issued lists of parties that are subject to trade, export, or financial restrictions. This screening helps ensure that Purdue does not engage, directly or indirectly, with entities that are denied export privileges, sanctioned, or otherwise prohibited from receiving controlled items, information, or funding. It is a critical step in maintaining compliance with U.S. export control and sanctions regulations.

Restriction (in the Context of Fundamental Research)

A restriction, in the context of fundamental research, refers to any limitation on the publication, dissemination, or access to research results—such as sponsor-imposed approval rights, foreign national participation limits, or confidentiality clauses—that would prevent the research from being openly shared. The presence of such restrictions disqualifies a project from being considered fundamental research under U.S. export control regulations and may subject the activity to additional compliance requirements. Note: This use of the term restriction is distinct from a restricted party, which refers to an individual or entity listed by the U.S. government as being subject to trade or export prohibitions.

Sanctions

Sanctions are legal restrictions imposed by a government to limit or prohibit economic activity with specific countries, entities, or individuals in order to achieve national security, foreign policy, or human rights objectives. U.S. sanctions, administered primarily by the Office of Foreign Assets Control (OFAC), may include bans on exports, imports, financial transactions, or the provision of services. Sanctions can be comprehensive (targeting entire countries) or targeted (focusing on specific parties or sectors).

Technology

Technology refers to specific information necessary for the development, production, or use of a product. Under U.S. export control regulations, this includes technical data, blueprints, plans, diagrams, models, formulas, and instructions, whether in tangible or intangible form. Technology is controlled when it is listed on the Commerce Control List (CCL) or U.S. Munitions List (USML) and may require authorization before being shared with foreign persons or entities.

Technology Control Plan (TCP)

A Technology Control Plan (TCP) is a document that outlines the specific security measures, access restrictions, and procedural safeguards in place to prevent unauthorized access to export-controlled technology, technical data, or other regulated information. TCPs are used to ensure compliance with U.S. export control regulations and are typically required when foreign persons are involved in research subject to access restrictions.

U.S. Munitions List (USML) Category

A U.S. Munitions List (USML) Category is a designation used under the International Traffic in Arms Regulations (ITAR) to identify defense articles, defense services, and related technical data that are subject to Department of State jurisdiction. Each item on the USML is assigned to a specific category (e.g., Category I for firearms, Category XV for spacecraft) based on its military function or capability. Unlike ECCNs under the EAR, items controlled under the USML generally require a license for export to any foreign person or country, unless a specific exemption applies.

Use (of Controlled Technology)

In export control regulations, “use” refers to the direct application of controlled technology through all of the following activities: operation, installation (including on-site installation), maintenance, repair, overhaul, and refurbishing. Under the Export Administration Regulations (EAR), all six elements must be involved for the term "use" to apply. This definition is important in determining whether access to certain technology by a foreign person constitutes an export requiring authorization.

Technical Data

(ITAR term) Information which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions or documentation (22 CFR 120.9).

U.S. Government Restricted Party Lists

The U.S. government restricts certain exports, reexports and transfers of items to certain persons, entities and destinations. These restrictions are maintained by several federal agencies, including but not limited to the State, Treasury and Commerce Departments, on various lists. When a person or entity is on such a list, U.S. entities are expected to do additional due diligence to ensure that any proposed interaction doesn't involve an activity that is prohibited by U.S. law. If a proposed sponsor, subcontractor or international visitor is believed to be on one of these lists, the Export Controls Team must review the situation to determine if a license is required or if the activity can be approved. The federal government maintains a free website which searches against all such list. The website is found at https://www.export.gov/csl-search. The University reserves the right to restrict additional parties based on emerging US Government legislative or administrative guidance, or when it is otherwise in the University's best interest.
 
Purdue login to Visual Compliance (Boilerkey will be required to log in)

U.S. Person

Any person who is a U.S. Citizen, lawful permanent resident (Green Card holder), or a protected individual as defined by 8 U.S.C. 1324b(a)(3); and entities that are incorporated or organized to do business in the United States. This includes U.S. subsidiaries of foreign entities.

Contact Information

Address:
Young Hall, 5th floor
Room 548
155 South Grant Street
West Lafayette, IN 47907

Email: rsec@purdue.edu

Phone: (765) 494-1642

Staff contact info

Purdue University, West Lafayette, IN 47907 (765) 494-4600

© 2025 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by Office of Research

If you have trouble accessing this page because of a disability, please contact Office of Research at researchweb@groups.purdue.edu.