Semiconductor Export Controls: What Engineers and Hardware Founders Need to Know About the EAR

You design chips or manage a hardware team. Export controls feel like a trade lawyer's problem — border paperwork for physical goods leaving the country. That assumption is wrong, and acting on it can cost you or your company hundreds of thousands of dollars per violation, criminal exposure, and access to the US financial system.

The Export Administration Regulations (EAR), administered by the Bureau of Industry and Security (BIS) within the Department of Commerce, govern the export, reexport, and domestic transfer of dual-use technology. Semiconductor technology — chips, design tools, fabrication equipment, and the engineering knowledge in your engineers' heads — sits at the center of this framework. Since 2018, and dramatically since October 2022, BIS has redefined what "export" means and who it reaches. This post walks through the full framework.

The EAR's Basic Architecture

The EAR is codified at 15 C.F.R. Parts 730–774. Its operational core is the Commerce Control List (CCL), a taxonomy of items — commodities, software, and technology — organized into ten categories and three columns (what the item is, why it's controlled, who it can go to). Category 3 is electronics, and it's where semiconductor technology lives.

Every item on the CCL has an Export Control Classification Number (ECCN) — a five-character alphanumeric code. The first digit is the category; the second is the product group (A = commodities, B = test and production equipment, C = materials, D = software, E = technology). So ECCN 3A001 covers electronic components including integrated circuits. ECCN 3D001 covers software for the development or production of those components. ECCN 3E001 covers the underlying technology — the engineering knowledge used to develop or produce them.

Items not on the CCL are classified EAR99. Most commercial semiconductors used in consumer products are EAR99. But advanced chips, high-performance computing ICs, and the design and fabrication technology behind them almost certainly carry ECCN classifications — and those classifications determine whether you need a license to ship, share, or use them in particular contexts.

ECCNs That Matter for Semiconductor Work

The CCL's Category 3 runs approximately 16 pages. For semiconductor engineers and hardware founders, the most operationally significant ECCNs are:

• 3A001 — Electronic components, including integrated circuits: microprocessors, FPGAs, ASICs, memory devices, and other ICs with performance characteristics above specified thresholds. This is the primary classification for controlled chips themselves.
• 3A090 — High-performance integrated circuits, including advanced GPUs, TPUs, neural processors, and HBM (high-bandwidth memory). BIS added this ECCN in October 2022 as part of the China chip controls; it now captures the cutting edge of AI-accelerating silicon.
• 3B001 / 3B991 / 3B993 / 3B994 — Semiconductor manufacturing equipment: lithography, deposition, etch, inspection, and metrology tools above specified performance parameters. The 2024 rules added 3B993 and 3B994 to capture equipment enabling advanced-node IC production.
• 3D001 / 3D991 — Software for the development or production of controlled semiconductor items. EDA tools (electronic design automation software) can fall here depending on their capabilities.
• 3E001 / 3E002 — Technology for the development or production of controlled items. This is where engineering know-how, design methodologies, process recipes, and technical data live. ECCN 3E001 is the catch-all for advanced semiconductor process technology; 3E002 specifically covers microprocessor and microcomputer design technology.
• 3E992 / 3E993 / 3E994 — Technology controls added in 2024 for production processes at advanced-node fabs, including technology that increases wafers-per-hour on specified equipment by more than 1 percent.

If you're working on advanced-node chips (sub-14nm logic, leading-edge DRAM, or HBM), AI accelerators, or the equipment and software that produces them, your work almost certainly touches one or more of these ECCNs. Classification is not optional — it's a legal determination, and getting it wrong in either direction creates risk.

The Emerging and Foundational Technologies Mandate

The Export Control Reform Act of 2018 (ECRA), codified at 50 U.S.C. § 4817, created a standing mandate for BIS to identify "emerging and foundational technologies" essential to national security and establish controls on their export. This was a significant structural change: before ECRA, controls required a formal rulemaking process tied to specific items. Section 4817 created an ongoing review pipeline.

For semiconductor technology, the practical effect has been a steadily expanding perimeter. Technologies that were EAR99 or lightly controlled five years ago have been pulled onto the CCL as BIS exercises its designation authority. Advanced semiconductor manufacturing processes — particularly those enabling sub-10nm logic or 3D NAND above certain layer counts — have been expressly targeted. The September 2024 rulemaking added controls on semiconductor manufacturing technology, quantum computing items, and additive manufacturing in one batch, implementing controls consistent with multilateral partner agreements while also acting unilaterally where BIS determined US technology leadership warranted it.

The implication for hardware founders and engineers is that the control universe is not static. Technology you build today on a given set of assumptions about what's controlled may be reclassified within your product's life cycle. Running a product classification review at formation or initial design freeze and then never revisiting it is insufficient. BIS publishes Federal Register notices when new controls take effect; tracking those is part of competent export compliance.

The Deemed Export Rule: The Compliance Risk Inside Your Building

Most engineers think of export controls as applying to physical items crossing borders. The deemed export rule eliminates that intuition as a compliance anchor.

Under 15 C.F.R. § 734.13, the release of controlled technology or software to a foreign national inside the United States is treated as an export to that person's country of most recent citizenship or permanent residency. "Release" is broadly defined — it includes visual inspection of controlled items, oral briefings on controlled technology, and hands-on access to equipment. When a Chinese national engineer at a US chip company is shown a process recipe for a controlled fabrication step, that is a deemed export to the People's Republic of China, regardless of whether anything physically left the building.

The compliance obligation arises when two conditions are both true: (1) the technology being shared is controlled under the EAR for the destination country (i.e., a license would be required to export it to that country), and (2) the foreign national's most recent citizenship or permanent residency is in that country. For semiconductor technology shared with nationals of countries subject to comprehensive controls — including China, Russia, Iran, and Venezuela — the analysis is almost always license-required absent an applicable exception.

The deemed export rule affects hiring, onboarding, day-to-day engineering collaboration, contractor relationships, and university research partnerships. Lattice Semiconductor was assessed nearly $560,000 for deemed export violations. The pattern — sharing controlled chip design technology with foreign national employees without a license or documented exception — is one of the most common enforcement scenarios BIS pursues in the semiconductor sector.

US persons working in a shared technical environment with foreign national colleagues need to understand what technology in their environment is controlled, at what ECCN, and whether the colleague's citizenship/residency creates a license requirement. HR processes that collect citizenship information for export compliance purposes are legal, necessary, and increasingly standard at companies operating in advanced semiconductor space.

The Entity List: When Your Customer or Supplier Becomes Off-Limits

The Entity List (15 C.F.R. Part 744, Supplement 4) identifies foreign parties — companies, research institutions, individuals, government agencies — for which there is reasonable cause to believe they present unacceptable risk of diversion to weapons programs or other activities contrary to US national security interests. Shipments, reexports, and transfers to Entity List parties require a license, and BIS's stated policy for most such parties is "presumption of denial."

Huawei's May 2019 addition to the Entity List is the canonical case study. When Huawei was listed, it immediately disrupted supply relationships across the global semiconductor ecosystem. BIS subsequently expanded the rule through the Foreign Direct Product Rule (FDPR) for Huawei (the "Footnote 1" designation): even non-US-origin chips, if produced using US equipment or software, could be subject to the EAR for Huawei transactions. The practical effect was that essentially any advanced chip in the world — produced using equipment with US content — required a BIS license to ship to Huawei.

For hardware engineers and founders, the Entity List creates several concrete obligations:

• Customer and partner screening. Before entering a supply relationship with any foreign entity — particularly in China — you must screen against the Entity List. A transaction with a listed party without a license is a violation even if you didn't know the party was listed, provided you had "reason to know."
• Downstream diversion risk. If you know or have reason to know that an unlisted customer intends to supply your controlled technology to a listed party, that transaction also requires a license.
• The "footnote 1" FDPR problem. If your fab or EDA vendor uses US-origin equipment or software (and essentially all leading-edge fabs do), your chips may be subject to EAR controls even if you're a non-US company. The jurisdictional reach of US export controls through the FDPR is one of the most important structural developments in the field since 2020.

The October 2022 Rules and Their Successors

On October 7, 2022, BIS published what has become the most sweeping set of semiconductor export controls in the modern era (87 FR 62186, effective October 13, 2022 for most provisions). The rule operated on three simultaneous tracks:

Advanced computing controls. BIS created ECCN 3A090 to capture high-performance chips above specified TOPS (trillion operations per second) and bandwidth thresholds. Exporting these chips to China — or reexporting them, or transferring them to Chinese-owned entities — requires a license with a presumption of denial.

Semiconductor manufacturing equipment controls. Controls were expanded on equipment capable of producing advanced-node chips, with a specific focus on equipment usable for sub-16nm logic, sub-18nm DRAM, and NAND above 128 layers. The goal was to prevent China from acquiring the manufacturing base to produce leading-edge chips domestically.

US persons restriction. This is the provision that most directly affects people, not just companies. Effective October 12, 2022, BIS restricted the ability of "US persons" — US citizens, US permanent residents (green card holders), and entities organized under US law — to support the development or production of advanced semiconductors at Chinese fabrication facilities without a license. The rule applies regardless of whether the activity involves EAR-controlled items and regardless of the US person's knowledge of whether the fab meets the relevant technical criteria. The burden is on the US person to make that assessment and either obtain a license or cease the activity.

This provision forced a genuine choice: US citizens and green card holders employed at or consulting for advanced-node fabs in China had to obtain a BIS license (essentially impossible under the presumption-of-denial policy) or leave. Numerous engineers at SMIC, YMTC, and other Chinese fabs resigned their positions following the rule's effective date.

October 2023 updates closed loopholes in the 2022 rule, extending restrictions to companies from additional prohibited jurisdictions and tightening the definition of which fabs trigger the US persons restriction. The December 2024 rulemaking added controls on HBM memory (3A090.c), new fab equipment ECCNs (3B993, 3B994), and Foreign Direct Product Rule expansions. The January 2025 AI Diffusion IFR layered in additional controls on advanced IC exports tied to AI model training use cases.

The consistent direction of travel since 2022 has been tighter controls, broader jurisdictional reach, and faster-moving designation cycles. Hardware engineers and founders who calibrated their compliance posture to 2021-era rules are operating with outdated assumptions.

Licensing Exceptions That Actually Apply in Semiconductor R&D

A license requirement doesn't automatically mean the activity is prohibited — it means you need either a license or an applicable exception. Several exceptions are relevant in semiconductor R&D contexts:

Technology and Software — Unrestricted (TSU), 15 C.F.R. § 740.13. TSU authorizes the export of operation technology (the minimum technology necessary to install, operate, maintain, or repair lawfully exported equipment), sales technology, software updates, and mass market software. For universities, TSU authorizes the release of technology and source code to bona fide, full-time regular employees. The key limitation: TSU is not available for technology controlled for national security (NS) reasons at the relevant control threshold for the destination country, and most advanced semiconductor technology controlled for NS reasons to China will not qualify.

Fundamental Research Exclusion (FRE), 15 C.F.R. § 734.8. Technology arising from fundamental research — basic and applied research at an accredited US institution with results intended to be published and actually shared without restriction — is excluded from EAR controls. The FRE applies to academic research but not to industry R&D, not to research with publication restrictions, and not to research conducted under contracts that give the sponsor control over whether results are published. Engineers who collaborate with universities may benefit from the FRE for the academic component, but it does not protect proprietary development activities.

License Exception STA (Strategic Trade Authorization), 15 C.F.R. § 740.20. STA authorizes exports to a set of lower-risk destinations (primarily US treaty allies and close partners) for certain controlled items without a license. STA is available for some semiconductor technology going to allied destinations, but is categorically unavailable for items destined for China and other higher-risk destinations under most NS-controlled ECCNs.

The practical lesson is narrow: for most advanced semiconductor technology transfers involving Chinese entities or foreign nationals from countries subject to NS controls, available exceptions are limited and the compliance burden is high. When in doubt, a formal license application or an export counsel opinion letter is the right move.

Red Flags vs. Routine Activity

Not every cross-border semiconductor interaction is a compliance event. The following indicators move a transaction from routine to red-flag territory:

• The counterparty's country of operations or domicile is a destination for which NS controls apply to your ECCN (China, Russia, Iran being the most common in semiconductor contexts)
• The counterparty is on the Entity List, Denied Persons List, or Unverified List
• The technology being shared relates to sub-14nm logic, advanced DRAM, NAND above 128 layers, or AI-accelerating silicon
• The sharing is with a foreign national whose citizenship or permanent residency is in a controlled-destination country
• The foreign national will gain hands-on access to controlled equipment or will receive technical briefings on controlled process technology
• A foreign-based employer, customer, or collaborator is asking for detailed process documentation, mask files, design files, or equipment specifications beyond what is commercially standard
• Payment structures, shipping addresses, or end-user representations don't match the stated commercial purpose
• A request to omit ECCN classification or shipper's export declaration data from documentation

Routine activity that generally does not require separate license analysis includes: shipping EAR99-classified commercial chips to non-restricted destinations with no red flags; sharing publicly available technical information (datasheets, published papers, publicly available EDA documentation); discussing general engineering concepts at conferences without disclosing controlled proprietary technology; and standard customer support for lawfully exported products under TSU.

The US Persons Rule and Your Team

For hardware companies with employees who hold Chinese citizenship or permanent residency — and this includes a substantial fraction of the engineering talent at Austin-based semiconductor companies including Arm, NXP, Samsung Austin, TI, and others — the US persons restriction deserves specific attention.

The restriction does not automatically prohibit employing Chinese nationals. It restricts US persons (including the company itself, as a US-organized entity) from providing support to certain advanced-node Chinese fabs. The question is whether your company's products or technology flow into those fabs in ways that constitute "support." If your chips are fabbed at TSMC or Samsung Foundry under contract, and those fabs are not themselves subject to the restriction, the analysis is different from a scenario where your technology is being transferred to a Chinese fab directly.

But the deemed export analysis remains independent of the US persons rule. A Chinese national employee — even one working entirely in Austin — who receives controlled semiconductor technology in the course of their employment triggers a deemed export analysis. The questions are: what ECCN controls the technology, does China require a license for that technology, and does a license exception apply? These questions must be answered at onboarding and revisited as the employee's responsibilities change.

Practical Compliance Checklist for Hardware Engineers and Founders

The following checklist is a starting framework, not a substitute for counsel. But it reflects the minimum steps any hardware company or engineer operating in advanced semiconductor space should be taking:

Product and technology classification

• Classify all products, software, and technology by ECCN. Engage export counsel or a compliance specialist for items near the boundary of CCL Category 3 entries.
• Document your classification rationale in writing. Self-classification is permissible; undocumented self-classification is a liability.
• Schedule periodic reclassification reviews — at minimum annually, and whenever BIS publishes a significant rulemaking affecting Category 3 items.
• Confirm whether any of your products are subject to the Foreign Direct Product Rule (i.e., whether your chips are produced using US-origin equipment or software, which extends EAR jurisdiction even to non-US-origin items).

Deemed export management

• Identify every foreign national employee or contractor who has access to controlled technology. Determine their country of most recent citizenship and permanent residency.
• For each such person, analyze whether the technology they access requires a license to export to their home country. This analysis should be done at onboarding and updated when job responsibilities change.
• Where a license would be required and no exception applies, restrict access pending a license application — or restructure job responsibilities to avoid access to controlled technology.
• Train all employees on the deemed export rule. Engineering managers in particular need to understand that technical briefings and working demos can be deemed exports.

Customer and partner screening

• Screen all foreign customers, partners, distributors, and end users against the Entity List, Denied Persons List, and Unverified List before entering a transaction. Tools such as Visual Compliance and Amber Road automate this.
• Conduct Know Your Customer (KYC) diligence sufficient to identify red flags suggesting diversion or misrepresentation of end use.
• Include end-user certifications and export compliance representations in customer contracts and purchase orders.

US persons restriction

• Assess whether any current or planned activities involve supporting advanced semiconductor development or production at Chinese fabs. If yes, obtain export counsel analysis of whether a license is required and the likely outcome of an application.
• For employees who are US persons and who previously worked or consulted for Chinese fabs, assess the timeline and scope of that activity relative to the October 12, 2022 effective date.

Written compliance program

• Maintain a written Export Compliance Program (ECP) that documents your classification methodology, screening procedures, deemed export policy, training schedule, and audit processes.
• Designate an Export Compliance Officer — even at a small company, someone needs to own this function.
• Conduct annual internal audits of export transactions and deemed export scenarios.
• If you identify a past violation, consult counsel immediately about voluntary self-disclosure to BIS. VSD is a heavily mitigating factor in enforcement and can reduce penalties by 50 percent or more.

The Stakes

Civil penalties under the EAR can reach the greater of $368,136 per violation (adjusted periodically for inflation) or twice the value of the transaction. Criminal penalties for willful violations reach $1,000,000 per violation and 20 years imprisonment. BIS can also deny export privileges — effectively barring a company from participating in transactions involving any EAR-controlled item — which is an existential sanction for a semiconductor company.

Enforcement has accelerated. BIS's Office of Export Enforcement has added resources and increased its coordination with the Department of Justice on criminal referrals. The semiconductor sector is a stated enforcement priority. Companies that treat export compliance as a back-office checkbox function rather than an engineering and legal discipline are operating with significant unpriced risk on their balance sheet.

What This Means If You're Building a Semiconductor Startup

If you're a hardware founder — particularly one spinning out of a large semiconductor company, or one building chips that will be fabbed at a foundry with global operations — export compliance is a formation-stage issue, not a later-stage one. The decisions you make about hiring, customer targeting, foundry relationships, and IP sharing all have export compliance dimensions that are much cheaper to address at the design stage than after a violation has occurred.