Export Controls

U.S. export control regulations restrict the sending of commodities, software, and technical information outside the U.S. as well as the sharing of certain technical information to foreign nationals within the U.S.

The U.S. Department of State and the U.S. Department of Commerce each administers different export control regulations. The restrictions vary depending on what is being exported, where it is going, who is receiving it, and the purpose for which it is being used.  In addition, the U.S. Department of Treasury’s Office of Foreign Assets Control ("OFAC") imposes additional restrictions against countries, entities and individuals who are subject to U.S. economic sanctions.

Update: Covid-19 & Export Controls

Update: Covid-19 & Export Controls

Columbia’s Office of Research Compliance & Training is monitoring the Covid-19 situation as it pertains to Export Controls and will continue to inform the Columbia University community as additional information becomes available. Please visit the Covid-19 & Export Controls web page for information. 

Commerce and State Export Regulations (EAR and ITAR)

Under both the Commerce Department's EAR and the State Department's ITAR, if research involves controlled technology or equipment, Columbia University may be required to obtain prior U.S. government approval (known as a license) before allowing foreign nationals to participate in the research, partnering with a foreign entity, or sharing (including by publication or presentation at conferences) the technology in any manner with foreign nationals. ("Foreign Nationals" is defined as persons who are not U.S. citizens or legal permanent residents or legally-recognized asylees and refugees). As discussed in greater detail below, many University activities in the U.S. qualify for an "exemption" from or "exceptions" to export control regulations. Often this is because the information involved is publicly available or in the public domain, is considered "fundamental research" (as defined below), or is taught as part of a listed catalogue course at the institution. If an exception applies, no license is required.


"Input" versus "Output" Technology; Classification 

One important question is whether the technology at issue is the "output" of Columbia research, or whether it is "input technology" that we receive from a third party. Examples of "input technology" include instrumentation or software we purchase; or unpublished technical specifications about an instrument used for research, including operating manuals, blueprints, drawings, photographs, plans, instructions or documentation; and materials licensed in or borrowed from a collaborator. The distinction between "input" and "output" technology matters because certain exceptions to export control regulations typically only apply to the output of University research, and do not apply to "input technology." Determining whether an instrument or technology is subject to export controls can involve a nuanced analysis. It may require obtaining information from the vendor that makes the instrument or technology. It may also require a technical comparison of the specifications for the instrument at issue against the descriptions of controlled technology in the Commerce and State Department lists. Finally, the University has licensed a web-based tool called "Visual Compliance" that can facilitate classification.


Deemed Exports

Sharing export controlled information with a foreign national inside the U.S. is known as "deemed export." A deemed export occurs when technology or technical information regulated under the federal export control regulations is "exported," not by shipping it overseas but by "transferring" it to a foreign national in the United States. If you receive export controlled information or technology from any external party, a license may be required from the federal government before the information or technology may be shared with a foreign national (as defined above). For this reason, if you receive any information that is marked or determined to be subject to export controls, you should not disclose it to any foreign national, including international students, without guidance from the Research Compliance Export Control Officer or the Office of the General Counsel.


Fundamental Research

The data and information generated through many University research activities may be exempted from export controls because of a general exception for "Fundamental Research." Fundamental Research is defined as "basic and applied research in science and engineering, the results of which ordinarily are published and shared broadly within the scientific community, as distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary or national security reasons." In accordance with University Statutes, research at Columbia is performed without accepting publication restrictions and its results are ordinarily published (University Statute XLIII, Externally Funded Research and Instruction). As a result, most research conducted in the U.S. at Columbia meets the definition Fundamental Research, and the results of our research are typically excluded from the export regulations. Importantly, there are some limitations to the Fundamental Research exception. For example, the exception would not apply to research conducted under an agreement that restricts either publication or foreign national participation in the project. In addition, "input technology" that is subject to export controls can never be Fundamental Research. The exemption refers to "data and information" and not to tangible items that may be produced. Finally, in general, the Fundamental Research exception does not apply to research conducted outside the United States.


Physical Exports of Controlled Equipment

Export controls also limit the ability to transport controlled equipment abroad, without obtaining U.S. federal government licenses. U.S. export laws are triggered even if a controlled item leaves the U.S. temporarily and even if the item is being transferred to a wholly-owned subsidiary of Columbia University in an overseas country. In addition, U.S. export laws are triggered when an item controlled under U.S. laws is sent from one foreign country to another. This is called a "re-export." Even where the export of an item to the host country does not require a license, the re-export of the item to another country could trigger the need for another round of review. In addition, host country export control regulations may also apply to technology being used outside the United States.


Laptops, Mobile Phones, and Other Personal Electronic Devices 

Columbia researchers who travel outside the United States, whether to a conference, a Columbia Global Center, for field work, or to collaborate with another institution, must be aware that their laptops, mobile phones, and other electronic devices are subject to U.S. export controls. However, with the exception of travel to designated sanctioned countries, depending on the country of travel (see section on Economic Sanctions), individuals traveling outside the United States with personal electronic devices will generally not require a license, so long as the devices are: Routinely available from commercial vendors; Kept in the traveler's immediate control while outside the U.S.; and Brought back to the U.S. within one year of the initial departure. On the other hand, licenses are likely to be required for a device that holds encryption software or contains software, materials, or information that are themselves controlled under U.S. export controls. For more information on protecting your devices and data while traveling internationally please review CUIT's data security guidelines for international travel.


Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI) is information that the U.S. Government creates or possesses (or that an entity creates or possesses on behalf of the U.S. Government) that requires safeguarding or dissemination controls. The National Archives & Records Administration (NARA) administers the U.S. Government’s CUI Program. Examples of CUI include export-controlled information, controlled technical (CTI), health information, inventions among others. A complete list of CUI categories is posted on NARA’s CUI Registry.

The US Government has set minimum safeguarding standards to protect CUI. NIST 800-171 refers to National Institute of Standards and Technology Special Publication 800-171, which governs CUI.  More information about safeguarding CUI and the NIST 800-171 standard is available on NARA’s CUI website.

In certain circumstances, Columbia researchers may be asked to receive CUI from outside parties for use on a research project.  Alternatively, outside parties may ask Columbia researchers to provide CUI or NIST 800-171 management plans.  Please contact Research Compliance and Training (RCT) immediately if -

  • You are asked to receive CUI;
  • You receive information marked as CUI; or
  • You are asked questions about safeguarding CUI or the NIST 800-171 standard.

RCT, SPA and other administrative units within Columbia will work with you to determine how to move forward.  Be aware that failure to comply with CUI requirements can result in severe penalties. 

More information about data security and data management is available on RCT’s ReaDI Program website. 


Those performing research or accessing export controlled items, technology or software at Columbia are responsible for understanding the controls applicable to their activities and the interplay with the various exceptions. This may involve reviewing the portfolio of items, technical information or software accessed or developed in research against the USML and CCL lists (found directly below), understanding the role of foreign nationals and the impact of travel outside the U.S., and reviewing any applicable exceptions. Often this involves a complex nuanced analysis. While the principal investigator is responsible for compliance in this area, the University - and in particular, the Office of Research Compliance and Training and the Office of the General Counsel ­- support the research community in this challenging area, and should be freely consulted for guidance and other assistance.



Penalties for violation of export laws are severe, and can involve civil and criminal penalties for both the University and individuals. Criminal violations of EAR carry potential penalties of the greater of $50,000-$1,000,000 or five times the value of the export, and up to 10 years of imprisonment; civil penalties include fines of $10,000-$120,000. Criminal violations of ITAR can entail fines of up to $1,000,000 and up to 10 years' imprisonment; civil penalties include fines of up to $500,000.