octubre 01 2025

New US Commerce Department Global License Requirements for Transactions Involving Affiliates of Listed Entities

Share

The US Department of Commerce, Bureau of Industry and Security (BIS) on Monday, September 29, 2025, released the Affiliates Rule, which draws unnamed entities around the world into BIS’s entity-specific controls. BIS intends this rule to close paths of diversion to blacklisted entities. The implications are immediate: BIS now requires screening of technology recipients beyond named parties to ownership chains, and the Consolidated Screening List is no longer exhaustive for Export Administration Regulations (EAR) due diligence purposes.

Under the Affiliates Rule, all parties outside the United States that are 50% or more owned, directly or indirectly, by one or more entities listed on one of three BIS lists are now subject to the export control restrictions of their listed owners. The three lists are BIS’s Entity List, Military End-User (MEU) List, and the list of Specially Designated Nationals (SDNs) identified in BIS’s regulations. As a result, BIS requires authorization for exports, reexports and transfers (in-country) of all goods, software or technology subject to US export controls whenever such an unlisted entity is a party to the transaction.

For most companies, the Interim Final Rule went into effect upon release on September 29. A 60-day Temporary General License (TGL) offers limited transition relief for certain operations connected to companies in 45 close partner and allied destinations (Country Groups A:5 or A:6).

BIS has also published Frequently Asked Questions to assist with navigating these changes.

Key Takeaways

  • BIS states that there is now an “affirmative duty to determine the ownership of other parties to [a] transaction in order to comply” with its regulations.
  • The new regulations significantly expand the due diligence and license application responsibilities required of companies–wherever located–that trade in commodities, software, and technology that are subject to the EAR. (This includes all items produced outside the United States and subject to the EAR through a Foreign Direct Product Rule or the de minimis provisions of US law.)
  • All exports, reexports, and in-country transfers of items subject to the EAR, including through intangible technology transfers, now must be screened to determine if the ownership structure of a party to the export, reexport, or transfer transaction creates a licensing requirement.
  • If a provider of an item subject to the EAR knows or has reason to know that the counterparty in its transaction is owned by a listed entity but does not know the percentage of such ownership, it is the provider’s responsibility to determine the percentage of ownership. BIS will accept license applications in such circumstances, but requires that the applicant identify the steps it took to independently conduct due diligence, including an explanation for why it could not determine percentage of ownership.
  • BIS advises that providers of items subject to the EAR should “act with caution” in circumstances when one or more listed entities have a direct or indirect ownership that is less than 50% or the transaction involves the parent of listed entities. Additional due diligence is necessary for a transaction party that has “other significant ties” such as common board membership “or other indicia of control” with a listed entity.
  • The Entity List, MEU list, and the list of SDNs are enforceable on a strict liability basis, so knowledge is not required to trigger the end user requirements. Knowledge is a factor that is considered when determining penalty calculations.
  • The Entity and MEU Lists affirmatively list over 3,000 entities, while substantially more SDNs are included by reference to OFAC’s lists. With the Affiliates Rule, this number likely has grown well into the tens of thousands. While many listed parties are in China and Russia, hundreds are in other jurisdictions, including the European Union, United Kingdom, Japan, Switzerland, India, and others. Traditionally lower risk locations do not eliminate 50%-rule exposure.
  • Public comments are due on October 29, 2025.

Regulatory Provisions

BIS’s interim final Affiliates Rule extends the EAR’s end-user controls to foreign entities that are at least 50% owned, directly or indirectly, by one or more parties on the Entity List, the MEU List, or specific SDN programs under EAR § 744.8.

The rule aligns the EAR with OFAC’s long-standing 50% ownership standard for SDNs, creating greater consistency across US sanctions and export control regimes. Screening unnamed parties for potential ownership by listed entities is already consistent with OFAC’s requirements. However, the new Affiliates Rule now means a more complex set of considerations for compliance practitioners, and broader coverage of transactions that might fall outside OFAC jurisdiction. This is particularly true given that BIS’s expansive jurisdiction extends directly to both US and non-US transactions involving goods, software, or technology that have a sufficient nexus to the United States (whether based on origin, content, or derivation from US technology).

Foreign affiliates that were not previously named now automatically become subject to the same licensing scope and license application review policies as their listed owners, with a strict “most restrictive owner” rule where multiple listed owners are involved. With respect to applicable foreign direct product (FDP) rules, affiliates are subject to all rules that apply to their listed owners. This includes the Entity List FDP and the Russia/Belarus-MEU/Procurement FDP rules.

If an exporter, reexporter, transferor (in-country), or R&D partner cannot determine the percentage ownership but knows or has reason to know one or more listed entities has an interest, new Red Flag 29 obligates the party to resolve the ownership question or obtain a BIS license before proceeding. (In certain limited circumstances, a license exception may be available.) The rule also adds a new mandatory red-flag resolution obligation when ownership cannot be determined.

University collaborations with Entity List institutions or their non‑listed foreign affiliates warrant caution. Fundamental research is not subject to the EAR and remains permissible if strictly limited to that scope. Any activity involving the export, reexport, or transfer of an item subject to the EAR requires a license.

Exports, reexports, and in-country transfers of items subject to the EAR require a license whenever a newly covered affiliate is a party to the transaction to the same extent as if the listed owner were the party. A party to the transaction includes parties identified in 15 C.F.R § 748.5 (e.g., purchaser, intermediate consignee, ultimate consignee, end-user).

  • For Entity List affiliates, the applicable license requirement, exception eligibility, and review policy mirror the listed owner, and where multiple owners are implicated, the most restrictive owner controls.
  • For MEU List affiliates, a license is required for items in Supplement No. 2 to Part 744 with no license exceptions other than narrowly defined GOV, and the same affiliate and most-restrictive constructs apply; the rule does not extend MEU license requirements to affiliates owned solely by unlisted MEUs unless the affiliate itself meets the MEU definition.
  • For SDN programs identified in § 744.8(a)(1), any affiliate owned 50 percent or more by one or more such SDNs is subject to § 744.8’s license requirement for all items subject to the EAR, complementing OFAC’s blocking authorities and reaching deemed exports and non-US person transactions beyond OFAC’s jurisdiction.

If the level of ownership cannot be determined but there is knowledge, including reason to know of a listed owner, a license is required unless a license exception is available. License applications involving affiliates must identify the listed owners, their ownership percentages, and the methodology used to determine ownership; if ownership cannot be determined, the application must detail the due diligence steps and why the percentage could not be confirmed.

Affiliates may seek modification to exclude themselves from their owner’s entry following the processes specified in EAR § 744.16(e) and § 744.21(b)(2).

BIS also clarifies that address-only entries on the Entity List do not automatically capture all entities operating at that address unless specifically identified.

Effective Date Considerations

The interim final rule went into effect on Monday, September 29, 2025, at the same time that it was publicly released. However, the rule introduces a TGL that, for 60 days until November 29, 2025, authorizes transactions with (1) newly captured affiliates in Country Groups A:5 and A:6 and (2) joint ventures in non-Country Group E countries that involve Country Groups A:5 and A:6 companies.

New Due Diligence Measures

Compliance programs must expand screening beyond named entities to identify direct and indirect ownership sufficient to apply the 50% test, recognizing that private and opaque structures may require enhanced inquiry and third-party data solutions. Given strict liability under the EAR and the Consolidated Screening List’s new non-exhaustive nature, companies should adopt a risk-based process to map ownership chains through intermediate entities, aggregate common listed ownership across multiple owners, and document determinations.

Red Flag 29 imposes an affirmative duty where there is knowledge, including reason to know, of listed ownership to resolve the percentage; inability to do so demands a license or a qualifying exception before any export, reexport, in-country transfer, or deemed export/reexport proceeds. R&D collaborations must incorporate EAR screening at onboarding and throughout the project lifecycle for counterparties and their owners, with particular attention to access to controlled technology by affiliate personnel, project data environments, lab access, cloud repositories, and technical discussions that could constitute deemed exports.

Recordkeeping must reflect affiliate determinations and use of the Temporary General License, and license applications should follow the new submission guidance in an effort to avoid unnecessary returns of applications and other delays.

Heightened caution is warranted where minority ownership by listed parties is significant but below 50%, where there are other indicia of control such as overlapping boards or management, or where ownership information is incomplete or conflicting. BIS flags these scenarios as diversion risks requiring additional due diligence even if the Affiliates Rule is not technically triggered, and notes that such entities may become listed in the future. Particular care is necessary in jurisdictions with corporate secrecy or frequent use of nominee arrangements, where resolving Red Flag 29 may be difficult.

Address-only Entity List entries continue to present diversion concerns; while the Affiliates Rule does not automatically extend from such addresses, entities connected to those addresses merit added diligence.

For deemed exports and R&D collaboration, even informal technical exchanges with personnel of newly covered affiliates can require licensing; proceed only after affirmative ownership resolution or licensing, and design technical controls accordingly.

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.
Subscribe