Bureau of Industry and Security (BIS) Licenses Under the Export Administration Regulations: A Practical Guide for Compliance

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) is responsible for enforcing the Export Administration Regulations (EAR) — the rules that control the export, reexport, and even in-country transfer of commercial items, “dual-use” technologies, and certain military-related products.

Many companies pay close attention to OFAC sanctions but underestimate how powerful BIS rules are in day-to-day business. In reality, BIS licensing is often the key factor that determines whether a deal with an overseas partner is allowed — especially when the transaction involves sensitive technologies, higher-risk countries, or customers with potential red flags.

This overview breaks down, in practical terms, when a BIS license is required, how BIS makes its licensing decisions, and what companies can do to reduce enforcement risk. It also explains how BIS export controls intersect with OFAC sanctions, and why both systems matter for anyone operating internationally.

 

What Is a BIS License?

A BIS license is an official authorization from the Bureau of Industry and Security that allows a company to export, reexport, or transfer items that fall under the Export Administration Regulations (EAR) but cannot move freely without approval.

Items subject to the EAR cover a wide range of products, including:

• Commercial and dual-use goods, software, and technology listed on the Commerce Control List (CCL), each assigned a specific Export Control Classification Number (ECCN).
• Many everyday commercial items classified as EAR99, which are not listed on the CCL but may still require a license depending on where they are going, who will receive them, and how they will be used.

BIS licenses are usually tied to a specific transaction and spell out exactly what is allowed. They typically include:

• The approved items and their ECCNs
• The authorized end-users and any intermediaries
• The countries or destinations involved
• Quantities, values, and the validity period
• Any special conditions, such as reporting duties, end-use statements, or recordkeeping requirements
  
  

License Exceptions vs. Licenses

The EAR also allows certain exports to move forward without a full BIS license by using License Exceptions—limited authorizations outlined in Part 740 of the EAR.

A License Exception isn’t a free pass. It’s a tightly defined set of rules that lets a transaction proceed only if every condition is met. Some of the most commonly used exceptions include:

• ENC (Encryption Commodities, Software, and Technology) – for certain types of encryption items
• TMP (Temporary Imports, Exports, Reexports, and In-Country Transfers) – for example, taking equipment abroad for a trade show
• RPL (Servicing and Replacement of Parts) – for sending replacement parts or repair tools in controlled situations

To rely on a License Exception, companies must:

• Confirm that the ECCN qualifies
• Check that the destination country is eligible
• Ensure the end-user is not restricted or prohibited
• Keep clear documentation explaining why the exception applies

If none of the exceptions fit, the company must obtain a BIS license before the item is shipped.

 

When Is a BIS License Required?

Whether a BIS license is required usually depends on four key factors:

• Whether the item is subject to the EAR, and how it is classified (ECCN vs. EAR99)
• The destination country
• The end-user and all other parties involved in the transaction
• The intended end-use

1. Item Classification and Reasons for Control

Everything starts with identifying the correct ECCN. Each ECCN spells out:

• Technical specifications (e.g., computing performance, encryption levels, precision)
• Reasons for control (e.g., national security, missile technology, nuclear nonproliferation, regional stability)

Once the ECCN is known, exporters use the Commerce Country Chart to see whether a license is required for a specific destination based on those reasons for control.

Items classified as EAR99 often do not require a license for many countries. However, a license may still be necessary—or the transaction may be prohibited—if the destination, end-user, or end-use triggers additional restrictions.

2. Destination-Based Controls

BIS organizes countries into groups (A, B, D, E) in Supplement No. 1 to Part 740, and these groupings directly affect license requirements and the use of License Exceptions.

As a general guide:

• Group E countries (certain comprehensively embargoed or terrorism-supporting states) face the strictest controls.
• Certain Group D countries (those posing national-security concerns) impose extra restrictions on advanced or dual-use technology.

3. End-User Controls and Restricted Party Lists

Even if the item and destination wouldn’t normally require a license, the transaction may still need one—or be outright prohibited—based on the end-user or other participants (such as purchasers, consignees, brokers, or logistics providers).

Important BIS lists include:

• Denied Persons List (DPL) – individuals and companies barred from export activities
• Entity List – foreign parties subject to special license requirements and strict review policies
• Unverified List (UVL) – parties whose reliability BIS could not confirm; requires extra due diligence and generally blocks License Exception use
• Military End-User (MEU) List – parties designated as military end-users, triggering the MEU rules

Affiliates – the “50% Rule” concept

Recent regulatory trends extend certain restrictions to entities that are 50% or more owned by listed parties—even if those affiliates are not named on the Entity List or MEU List themselves.
This significantly expands BIS’s reach and more closely aligns ownership-based restrictions with OFAC’s “50 Percent Rule.”

4. End-Use Controls

Under Part 744, the EAR adds further license requirements—or even full prohibitions—based on the intended end-use. These include activities involving:

• Development or production of nuclear, chemical, or biological weapons
• Missile technology and UAV programs
• Nuclear explosive devices or unsafeguarded nuclear activities
• Military end-use or military end-users in certain countries (MEU Rule)

These restrictions apply globally, even to otherwise low-risk EAR99 items, when the exporter knows—or has reason to know—that the items will be used for a prohibited purpose.

 

The BIS Licensing Process (SNAP-R)

BIS license applications are filed online through SNAP-R, the government’s electronic portal for export-control submissions. While the system itself isn’t complicated, the quality and completeness of the information you put in can make or break the outcome.

A typical BIS license application includes:

• Applicant information – who is exporting or reexporting the item, plus any agents or outside counsel helping with the submission
• Detailed item description – ECCN, technical specs, quantities, and values
• End-user and consignee details – names, addresses, ownership information, and what these entities actually do
• End-use statement – a clear and specific explanation of how the item will be used and by whom (often backed by a signed end-use certificate)
• Supporting documentation – things like contracts, purchase orders, datasheets, technical brochures, emails, and internal compliance assessments

How BIS Reviews License Applications

Once an application is submitted, BIS reviews it under the EAR and often consults with other agencies—State, Defense, Energy, and sometimes the intelligence community. In practice, reviewers focus on several big-picture questions:

• Does the transaction raise any national security or foreign policy issues?
• Could the item contribute to weapons proliferation (WMD, missile tech, nuclear, chemical, biological)?
• Is there a risk of diversion or transshipment to another unauthorized party or country?
• Do the parties involved have a clean compliance history?
• Are there any red flags about the destination, the end-user, or the stated end-use?

Depending on the answers, BIS may:

• Approve the license
• Approve with special conditions (e.g., reporting requirements, restrictions on end-use, or additional documentation)
• Deny the application

The process is structured, but the government’s risk assessment drives the final call—so clear, accurate, and well-documented submissions are essential.

 

Enforcement and Penalties for Violations

Violating the EAR is not a “minor paperwork issue.” Actions like exporting without a required license, misusing a License Exception, or giving BIS inaccurate information can trigger serious criminal and civil consequences.

Under the Export Control Reform Act of 2018 (ECRA), willful violations can lead to:

• Up to 20 years in prison for each violation
• Criminal fines of up to $1 million per violation
  
  

On the civil side, penalties can be just as severe. Administrative fines may reach the higher of:

• A substantial per-violation amount (adjusted periodically for inflation), or
• Twice the value of the underlying transaction
  
  

And the fallout doesn’t stop with fines. Additional consequences may include:

• Loss of export privileges
• Suspension or exclusion from U.S. government contracting
• Mandatory compliance improvements imposed by regulators
• Parallel investigations by OFAC or the Department of Justice

In short, EAR violations can quickly escalate into major legal, financial, and operational risks.

 

Practical Compliance Steps for Companies

Given the complexity of BIS licensing and the pace of regulatory change, companies should adopt a structured export control compliance program that includes at least the following elements:

1. Classification and ECCN Analysis
   • Maintain a formal process for classifying items under the CCL or confirming EAR99 status.
   • Periodically review classifications when products are redesigned or when rules change.
     
     
2. Destination and Country Risk Screening
   • Use the country groups and Commerce Country Chart when scoping markets and planning transactions.
   • Treat exports to high-risk jurisdictions as requiring heightened management and legal review.
     
     
3. Restricted Party and Ownership Screening
   • Screen all transaction parties (end-users, consignees, freight forwarders, and banks) against BIS and OFAC lists.
   • Incorporate ownership screening to identify entities majority-owned by listed parties.
     
     
4. End-Use Due Diligence
   • Obtain detailed end-use statements and, where appropriate, technical descriptions and site information.
   • Train staff to recognize and escalate “red flags” (unusual routing, shell entities, inconsistent technical capabilities, reluctance to share information, etc.).
     
     
5. Proper Use of License Exceptions
   • Confirm that all conditions of any License Exception (ENC, TMP, RPL, etc.) are fully satisfied.
   • Document the legal analysis and maintain records for the periods required under the EAR.
     
     
6. License Application Strategy
   • For higher-risk transactions, consider pre-filing consultations with experienced export-control counsel.
   • Ensure all SNAP-R submissions are accurate, consistent, and supported by robust documentation.
     
     
7. Training, Internal Controls, and Audits
   • Provide regular training tailored to sales, logistics, finance, and engineering functions.
   • Implement system controls (ERP blocks, shipping holds, contract clauses) to prevent unauthorized exports.
   • Conduct periodic internal audits and remediate any identified weaknesses.
     
     
8. Coordination with Sanctions Compliance (OFAC)
   • Integrate BIS export-control review with OFAC sanctions screening and banking compliance.
   • Recognize that a transaction may require both a BIS license and OFAC authorization, and that an approval by one agency does not automatically resolve issues within the jurisdiction of the other.

 

BIS–OFAC Interaction in Practice

Export-control rules and sanctions often operate at the same time, and they don’t always reach the same result. A transaction that’s allowed under the EAR might still be prohibited under OFAC sanctions—and the reverse can also be true. In practice, effective compliance means treating them as two overlapping layers of U.S. national-security regulation, not as separate systems.

Core points to keep in mind:

• A BIS license never overrides OFAC sanctions. If a party is on the SDN List or the transaction involves a comprehensively sanctioned country, the deal can be blocked even if BIS has granted an export license.
  
  
• An OFAC license doesn’t automatically clear BIS requirements. Even with OFAC authorization—whether a specific or general license—exporters may still need a BIS license or must rely correctly on an EAR License Exception.
  
  
• Banks apply both frameworks. U.S. and non-U.S. financial institutions routinely factor in BIS and OFAC rules when reviewing transactions, which affects whether they choose to process or reject a payment.

 

Illustrative Case Studies: BIS Licensing and OFAC Overlap

(Hypothetical examples)

Case Study 1: Entity List Distributor and Majority-Owned Affiliate

Facts
A U.S. manufacturer of industrial sensors (ECCN 6A998) plans to sell $3.5 million worth of equipment to a distributor in a non-sanctioned European country. The distributor isn’t listed on any U.S. sanctions or export-control list. However, deeper due diligence shows that it is 60% owned by a company on the Entity List, based in a high-risk jurisdiction. The ultimate end-user is a state-owned enterprise involved in defense-sector projects.

Legal issues

• How Entity List restrictions apply to majority-owned affiliates
• Potential military end-use / military end-user issues under Part 744
• Bank risk tolerance and reputational concerns, even in the absence of OFAC sanctions

Analysis
Since the distributor is majority-owned by an Entity List entity, BIS is likely to treat it as an extension of the listed company. That means tougher license requirements and a license review policy tilted toward denial. The defense-related end-user raises further national-security concerns and implicates the EAR’s military end-use / military end-user rules, significantly increasing the risk of diversion.

Outcome
BIS denies the license application on national-security grounds. The transaction is prohibited under the EAR, regardless of any OFAC considerations. Following the denial, the company strengthens its onboarding process by requiring ownership-chain mapping and enhanced due diligence for major distributors.

 

Case Study 2: OFAC General License in Place, BIS License Still Required

Facts
A U.S. software company plans to export 256-bit encrypted communication software (ECCN 5D002) to a telecommunications firm in a country under an OFAC sanctions program. The company notices that OFAC has issued a general license allowing certain telecom and internet-related services, and initially assumes that the general license alone makes the export permissible.

Legal issues

• How OFAC general licenses interact with EAR encryption controls
• Determining whether a BIS license is needed, or if License Exception ENC can be used
• Potential enforcement risk from misinterpreting the scope of OFAC authorization

Analysis
OFAC’s general license addresses only sanctions—it doesn’t override Commerce Department rules. The software remains controlled under the EAR (ECCN 5D002). Further review shows that the destination and end-user don’t qualify for License Exception ENC, meaning a BIS license is required even though OFAC authorization exists.

Outcome
The company submits a SNAP-R application and receives a BIS license with conditions. The export proceeds lawfully only after satisfying both regimes: OFAC (via the general license) and BIS (via the individual license). The firm updates its internal compliance checklists to require separate sign-offs for OFAC and BIS, ensuring no future assumptions are made about overlapping regulations.

 

Case Study 3: BIS License Granted, OFAC SDN Designation Blocks Transaction

Facts
A European subsidiary of a U.S. company plans to supply EAR-controlled drilling equipment (ECCN 8A992) to an energy company in a non-embargoed country. The subsidiary successfully obtains a BIS license after a full interagency review. However, just before shipment, OFAC designates the foreign energy company as a Specially Designated National (SDN) under a corruption-related sanctions program.

Legal issues

• What happens when an OFAC designation occurs after a BIS license has already been issued
• Whether an OFAC license is now required despite BIS approval
• The practical impact of banks blocking payments and trade-finance instruments

Analysis
The BIS license authorizes the transaction under the EAR but does not override the new OFAC SDN designation. Once a party is listed as an SDN, U.S. persons—and many foreign affiliates that use the U.S. financial system—are generally prohibited from dealing with them without a specific OFAC license. Banks will typically block payments and refuse to process trade-finance instruments involving the SDN, making shipment practically impossible.

Outcome
Without an OFAC license, the transaction cannot legally proceed. The company cancels the shipment, updates its contracts and sanctions clauses, and implements a policy requiring last-minute screening of counterparties before shipment or payment to avoid similar issues in the future.

 

Case Study 4: EAR99 Item, High-Risk End-Use, and Coordinated Self-Disclosure

Facts
A U.S. distributor ships EAR99 industrial valves to a trading company in a third country. Based on the destination and ECCN, no license seems required. Months later, the distributor discovers that the valves were diverted to a facility suspected of supporting a foreign ballistic missile program already under OFAC sanctions.

Legal issues

• How EAR end-use controls apply even to EAR99 items
• The “know or reason to know” standard for prohibited end-uses
• Potential liability under both BIS and OFAC rules
• The role of voluntary self-disclosure (VSD) in mitigating enforcement risk

Analysis
Even though the valves are classified as EAR99, exports that support missile technology programs can still require a license—or be prohibited outright—if the exporter knew or should have known the actual end-use. In this case, initial due diligence was superficial and failed to catch obvious red flags.

After an internal review, the company works with counsel to submit coordinated Voluntary Self-Disclosures (VSDs) to both BIS and OFAC. The submissions outline the facts, detail remedial measures taken, and describe enhanced compliance controls to prevent future issues.

Outcome
The agencies credit the company’s prompt self-disclosure, cooperation, and remedial actions. BIS imposes a reduced civil penalty, a portion of which is suspended contingent on future compliance; OFAC declines formal enforcement. Internally, the company strengthens end-use questionnaires, mandates escalation of red flags, and improves contract clauses addressing diversion and end-use assurances.

 

Conclusion

BIS licensing is at the heart of U.S. export-control law, and any company engaged in cross-border trade of technology, equipment, software, or technical services cannot afford to overlook it. For businesses in sectors like advanced manufacturing, telecommunications, aerospace, energy, and high-tech, export compliance isn’t a niche requirement—it’s a core part of day-to-day operations.

A strong export-control program does more than check boxes. It:

• Accurately classifies your products and technology
• Screens destinations, counterparties, and ownership structures
• Evaluates end-uses carefully to avoid prohibited applications
• Uses License Exceptions cautiously and correctly
• Manages license applications efficiently and strategically
• Coordinates BIS compliance with OFAC sanctions
• Quickly addresses any potential violations

Doing this well can dramatically reduce legal, financial, and reputational risk.

Experienced law firms regularly guide companies and individuals through BIS licensing, EAR classification, and internal compliance programs, while also helping align strategies with OFAC sanctions. In high-risk or complex transactions, consulting counsel early can be the difference between seizing a business opportunity and facing costly enforcement action.