It was an early morning in November of 1988. On a launch pad in the middle of nowhere, a massive space shuttle — an orbiter — sat waiting to lift off. From a distance, it looked like one of those plastic model kits that many of us pieced together as kids, but up close, its immense scale and intricate design revealed the sophisticated engineering work that went into this moment. This amazing technological accomplishment was just seconds away from thrusting upward out of the Earth’s atmosphere. The countdown commenced, and the engineers held their breath, silently asking themselves, “Did we get it right?” Just then, the countdown ended, and the vehicle launched into the air, slowly disappearing into space.

Was this the U.S. Space Shuttle Columbia, Discovery, or Atlantis? None of the above: This was the Soviet Union orbiter known as the Buran — a spacecraft that, as the story goes, may have been designed and built using technology taken from NASA.¹

The need to protect the know-how behind advanced technology is not new. Countries have sought to obtain the secrets of their enemies for thousands of years. In fact, one of the earliest documented instances of industrial espionage dates to the 1700s, when a Catholic missionary visited China and slowly leaked details about Chinese porcelain manufacturing back to Europe. Porcelain manufacturing may not seem that consequential in 2026, but in the 1700s, it was a big deal. The Chinese had a significant advantage in porcelain manufacturing, but then saw a shift in power as it began to be manufactured in the West.

Technology controls

Protecting power, whether it is for reasons of national security, foreign policy, or economic competitiveness, can come down to how well we control our sensitive technology. Companies may discount the risks related to technology controls for several reasons, including not knowing their products, processes, or the rules well enough. Many of the items, and their associated technology, that companies design, develop, test, or manufacture may be controlled for export.

Compliance with technology control requirements becomes more complicated with the concept of “deemed exports,” making compliance increasingly challenging as global talent is relied on for engineering collaboration. Also, the tools available today for collaboration on projects like this are ingrained in our culture in a way that makes implementing controls difficult. So, is it possible that we stick our heads in the sand?

Could this happen to you?

I urge you to consider whether you or your team can see yourselves in the following story.

It is a beautiful day in California, and inside a nondescript office building sits a compliance leader nervously waiting to inform his leadership that the company’s best option is to self-disclose a violation of the U.S. Export Administration Regulations. As he waits, he cannot help but think about how he got to this point.

Two years before this moment, the company hired a Russian engineer to support a high-profile project involving semiconductor manufacturing. The human resources (HR) department followed its typical onboarding process, but somehow overlooked assessing the hire for deemed export risks.

The company needed this employee to get to work quickly, and so the engineering manager did not hesitate to give his engineer access to sensitive project files, including technical drawings and blueprints. This did not raise any trade compliance red flags or cause any hesitation at the time, because why would it? Nothing was being shipped to Russia.

The trade compliance team was not aware of this Russian engineer or the work he was doing until a year later. They then connected the dots on what technology this Russian engineer had access to, and the potential issues involved.

After extensive discussions, the trade compliance team determined that the technology fell within Export Control Classification Number 3E001. Since this Russian engineer had access to this technology, an export license would have been required. At this point, the trade compliance team realized they did not yet have an export license, and the trade compliance leader shared that information with his leadership. Pressure from leadership and the engineering team mounted, and the trade compliance leader decided to allow the Russian engineer to continue to have access to the semiconductor technology while the company waited for the license.

What now?

Six years after hiring the Russian engineer, the U.S. Bureau of Industry and Security (BIS) announced to the company that it must pay a six-figure penalty for export control violations. Given that this was one of BIS’s first enforcement actions targeting deemed export violations and because it was self-disclosed, the company may very well have avoided a stiffer penalty.

The point of this story is that failures like this could happen to anyone. Here is a summary of the mistakes the company made:

• Their hiring process did not include an export control assessment for high-risk positions, nor were their HR department and engineering manager properly trained to identify potential deemed export control risks.

• Their engineering processes did not have proper controls in place to identify deemed export risks or to ensure that only approved individuals had access to export-controlled technology.

• Their trade compliance leader allowed the Russian engineer to continue accessing this export-controlled technology despite knowing that an export license was required.

Protecting power, whether it is for reasons of national security, foreign policy, or economic competitiveness, can come down to how well we control our sensitive technology.

An ounce of prevention is worth a pound of cure

When talking about international trade risks, we typically focus on physical goods or economic sanctions against certain countries. Corporations do not always consider the growing risks involved in exporting technology or information, which may require unique strategies for assessments, processes, and training.

Starting with a technology assessment, the key is knowing the right starting point and the right questions to ask. Technology assessments are a critical program element and require a unique relationship between trade compliance and business functions. Learning how research and development or engineering is done at the company is critical, as well as having in-depth awareness of the type of technology involved. This can get really complicated quickly, which is why it takes a solid relationship with the business and a firmly embedded trade compliance program.

It was an early morning in November of 1988. On a launch pad in the middle of nowhere, a massive space shuttle — an orbiter — sat waiting to lift off. From a distance, it looked like one of those plastic model kits that many of us pieced together as kids, but up close, its immense scale and intricate design revealed the sophisticated engineering work that went into this moment. This amazing technological accomplishment was just seconds away from thrusting upward out of the Earth’s atmosphere. The countdown commenced, and the engineers held their breath, silently asking themselves, “Did we get it right?” Just then, the countdown ended, and the vehicle launched into the air, slowly disappearing into space.

Was this the U.S. Space Shuttle Columbia, Discovery, or Atlantis? None of the above: This was the Soviet Union orbiter known as the Buran — a spacecraft that, as the story goes, may have been designed and built using technology taken from NASA.¹

The need to protect the know-how behind advanced technology is not new. Countries have sought to obtain the secrets of their enemies for thousands of years. In fact, one of the earliest documented instances of industrial espionage dates to the 1700s, when a Catholic missionary visited China and slowly leaked details about Chinese porcelain manufacturing back to Europe. Porcelain manufacturing may not seem that consequential in 2026, but in the 1700s, it was a big deal. The Chinese had a significant advantage in porcelain manufacturing, but then saw a shift in power as it began to be manufactured in the West.

Technology controls

Protecting power, whether it is for reasons of national security, foreign policy, or economic competitiveness, can come down to how well we control our sensitive technology. Companies may discount the risks related to technology controls for several reasons, including not knowing their products, processes, or the rules well enough. Many of the items, and their associated technology, that companies design, develop, test, or manufacture may be controlled for export.

Compliance with technology control requirements becomes more complicated with the concept of “deemed exports,” making compliance increasingly challenging as global talent is relied on for engineering collaboration. Also, the tools available today for collaboration on projects like this are ingrained in our culture in a way that makes implementing controls difficult. So, is it possible that we stick our heads in the sand?

Could this happen to you?

I urge you to consider whether you or your team can see yourselves in the following story.

It is a beautiful day in California, and inside a nondescript office building sits a compliance leader nervously waiting to inform his leadership that the company’s best option is to self-disclose a violation of the U.S. Export Administration Regulations. As he waits, he cannot help but think about how he got to this point.

Two years before this moment, the company hired a Russian engineer to support a high-profile project involving semiconductor manufacturing. The human resources (HR) department followed its typical onboarding process, but somehow overlooked assessing the hire for deemed export risks.

The company needed this employee to get to work quickly, and so the engineering manager did not hesitate to give his engineer access to sensitive project files, including technical drawings and blueprints. This did not raise any trade compliance red flags or cause any hesitation at the time, because why would it? Nothing was being shipped to Russia.

The trade compliance team was not aware of this Russian engineer or the work he was doing until a year later. They then connected the dots on what technology this Russian engineer had access to, and the potential issues involved.

After extensive discussions, the trade compliance team determined that the technology fell within Export Control Classification Number 3E001. Since this Russian engineer had access to this technology, an export license would have been required. At this point, the trade compliance team realized they did not yet have an export license, and the trade compliance leader shared that information with his leadership. Pressure from leadership and the engineering team mounted, and the trade compliance leader decided to allow the Russian engineer to continue to have access to the semiconductor technology while the company waited for the license.

What now?

Six years after hiring the Russian engineer, the U.S. Bureau of Industry and Security (BIS) announced to the company that it must pay a six-figure penalty for export control violations. Given that this was one of BIS’s first enforcement actions targeting deemed export violations and because it was self-disclosed, the company may very well have avoided a stiffer penalty.

The point of this story is that failures like this could happen to anyone. Here is a summary of the mistakes the company made:

• Their hiring process did not include an export control assessment for high-risk positions, nor were their HR department and engineering manager properly trained to identify potential deemed export control risks.

• Their engineering processes did not have proper controls in place to identify deemed export risks or to ensure that only approved individuals had access to export-controlled technology.

• Their trade compliance leader allowed the Russian engineer to continue accessing this export-controlled technology despite knowing that an export license was required.

Protecting power, whether it is for reasons of national security, foreign policy, or economic competitiveness, can come down to how well we control our sensitive technology.

An ounce of prevention is worth a pound of cure

When talking about international trade risks, we typically focus on physical goods or economic sanctions against certain countries. Corporations do not always consider the growing risks involved in exporting technology or information, which may require unique strategies for assessments, processes, and training.

Starting with a technology assessment, the key is knowing the right starting point and the right questions to ask. Technology assessments are a critical program element and require a unique relationship between trade compliance and business functions. Learning how research and development or engineering is done at the company is critical, as well as having in-depth awareness of the type of technology involved. This can get really complicated quickly, which is why it takes a solid relationship with the business and a firmly embedded trade compliance program.

In the story above, a robust technology assessment process would have helped by identifying and documenting the export-controlled nature of the role and the technology early in the process.

The next step is to build or enhance processes to identify, control, and protect any sensitive technology. This works best when embedded in the existing stage-gate research and development or engineering processes, rather than expecting those teams to step outside their normal workflow and follow a separate trade compliance process.

 
Since engineering and product development teams widely use processes like these, why not embed technology classification as part of an early stage within the process? This would take coordinating with research and development or engineering to modify processes and develop tools to simplify technology classification. This sounds simple, but it takes planning, knowledge, and collaboration. In the story above, a process like this could have helped identify the export classification of this technology early in the project, and it could have helped prevent the engineering manager from granting access without raising concerns. 

Lastly, when implementing any process, training is important. Technology controls training should focus not only on general awareness of export compliance but also on the processes and tools specifically for technology classification. An effective way to help train your workforce on technology controls is by utilizing a  champions network  that includes employees serving as a force multiplier for trade compliance across functions like research and development, engineering, and manufacturing.

Champions can help implement these processes and guide other employees on technology classification and spotting technology controls. In the story above, improved training for the HR department and engineering manager could have given them the knowledge necessary to spot these potential issues early on. 

In summary 

History has shown a consistent positive correlation between technology and economic competitiveness. Protecting that power by protecting technology (or information) is how compliance leaders can contribute to our national security, foreign policy, or economic conditions. From the porcelain wars through the space race, and now into the age of AI and quantum computing, technology controls have always and will always be important. The effectiveness of our organizations in controlling our technology is directly connected to the effectiveness of our trade compliance programs. This may require a shift in mindset to acknowledge and benefit from the interconnected systems that exist within our organization to understand our technology, establish embedded processes, and conduct effective training. 

 

View all articles     Read the next article

 

Earn CEUs for this article. Log in with your username and password to take the quiz.