ITAR-Free Defence Software: Why EU Vendors Have a Competitive Advantage

When European defence organisations procure software from US vendors, they inherit a set of legal obligations that do not apply when they procure from European vendors. The International Traffic in Arms Regulations (ITAR) — the US export control regime that governs defence articles and services — creates constraints on how US-origin defence software can be used, shared, modified, integrated, and transferred that persist throughout the software's operational life. These constraints are not hypothetical: they have blocked specific multinational programmes, delayed technology transfers, and created operational situations where allied forces could not share systems because one nation's software was ITAR-controlled and could not be transferred to another.

The growing awareness of ITAR as an operational constraint rather than merely a compliance burden has created a structural advantage for European software vendors, particularly in multinational programmes and coalition operations where the ability to share technology freely across participating nations is an operational requirement, not a commercial preference.

What ITAR Is and How It Limits Defence Software

ITAR is administered by the US State Department's Directorate of Defense Trade Controls (DDTC). It controls the export, import, temporary import, temporary export, re-export, transfer, and brokering of defence articles, defence services, and related technical data. Software that is specifically designed, developed, configured, adapted, or modified for military application and that meets the thresholds defined in the US Munitions List (USML) is subject to ITAR.

For software products specifically, ITAR controls apply not just to compiled executables but to source code, design documentation, technical specifications, and training materials if these contain ITAR-controlled content. This means that sharing documentation about an ITAR-controlled software product's architecture with a foreign national — even a national of an allied country — is a controlled activity that requires either a specific license or the application of an exemption. The most commonly used exemption for allied country transfers is the NATO exemption (22 CFR 126.14), which allows transfer of certain categories of unclassified technical data to NATO members without a license, but this exemption has significant limitations and does not cover all software categories.

The practical operational constraints created by ITAR in multinational settings are concrete. When a NATO coalition operation involves forces from both ITAR-constrained nations (where systems include US-origin ITAR software) and non-ITAR-constrained nations, the ability to share situational awareness data, communications software, and decision-support tools is limited by the export control status of the underlying technology. This is not a theoretical problem — it has occurred in actual operations and has required workarounds that degraded interoperability.

EAR vs ITAR: The Difference for Software Products

Not all US export controls are created equal. The Export Administration Regulations (EAR), administered by the Commerce Department's Bureau of Industry and Security (BIS), control a broader range of dual-use goods and technologies, including many software products with both commercial and military applications. EAR is generally less restrictive than ITAR — the license requirements are less onerous, more exemptions are available, and the administrative burden of compliance is lower.

The distinction matters for software vendors because a product that is EAR-controlled rather than ITAR-controlled has significantly more flexibility in multinational markets. EAR-controlled software can often be exported to most allied countries without a license under the EAR's licence exception technology and software — unrestricted (TSU), or under the strategic trade authorisation (STA) for exports to specific countries including most NATO members. ITAR-controlled software requires a State Department license for most foreign government end-user transfers.

For European software vendors, neither ITAR nor EAR applies unless the product incorporates US-origin controlled components (hardware, software libraries, or technical data). Maintaining a clean supply chain — free of US-origin controlled components — is therefore a specific design and procurement objective for European vendors who want to offer ITAR-free products. This includes careful management of open-source components: some open-source software includes US-origin technical data that may be subject to export controls, though the practical enforcement of this is inconsistent and contested.

Advantages of EU Vendors: Freedom of Movement, Coalition Flexibility

The commercial case for ITAR-free defence software rests on several specific advantages that European vendors can offer to European and allied customers:

Coalition sharing without transfer authorisation. EU-origin software can be shared between allied forces in a coalition operation without requiring a US export license or State Department authorisation. For programme offices managing multinational systems, this eliminates an entire category of compliance management burden and removes a potential blocking dependency on US administrative processes.

Integration flexibility. Defence software systems are rarely deployed in isolation — they are integrated with other systems, sensors, and networks. ITAR restrictions create constraints on how US-origin software can be integrated with non-US components, particularly if those integrations involve sharing source code, APIs, or technical data with non-US integrators. EU-origin software can be integrated without these constraints, which creates significant programme delivery flexibility.

Modification rights. ITAR-controlled software cannot be modified by the end user or by a third-party contractor in a third country without a license. EU-origin software, subject only to its commercial licence terms, can be modified, extended, and maintained by any contractor the customer chooses, without reference to US export control authorities. For defence customers who want to maintain long-term sovereign capability to maintain and adapt their software, ITAR-free European software provides a fundamentally more sustainable model.

What to Check When Choosing a Non-ITAR Alternative

Selecting a European software vendor as an ITAR-free alternative requires verification of several specific claims. "ITAR-free" is a statement about the product's supply chain and origin — not about its capability — and the claim requires verification, not assumption.

Component provenance. Ask the vendor for documentation of the supply chain provenance of all significant components in the product, including software libraries, development tools, and hardware reference platforms. Any US-origin component that meets the USML thresholds creates an ITAR obligation for the overall product. Vendors who cannot provide this documentation should be treated as unverified.

Legal opinion letter. For significant procurements, it is standard practice to obtain a legal opinion from a qualified US export control attorney confirming that the specific product as configured does not constitute a defence article under ITAR. This opinion letter provides a defensible basis for a procurement decision and documents the due diligence performed.

EU dual-use check. EU-origin products are subject to the EU Dual-Use Regulation (2021/821) for exports outside the EU, though with significantly less onerous requirements than ITAR. Verify that the product's EU dual-use classification is appropriate for the intended end uses and export destinations. Products in certain technology areas (encryption, radar, electronic warfare) may require EU export authorisation even though they are not ITAR-controlled.