Employers operating in the national security space often face tension when navigating compliance obligations at the intersection of export control and anti-discrimination laws. This alert updates Covington’s April 2019 guidance on how to maintain compliance under both legal regimes when recruiting and hiring new employees. Since that time, the U.S. Department of Justice (“DOJ”) has continued to investigate companies that misinterpret their compliance obligations under the International Traffic in Arms Regulations (“ITAR”) and the Export Administration Regulations (“EAR”) by discriminating against non-U.S. citizens in violation of the Immigration and Nationality Act (“INA”).
This update builds on our prior alert by summarizing recent enforcement activity and government guidance, which continue to serve not only as a caution for employers, but also a roadmap for compliance. Companies can take several steps to comply with both export control and anti-discrimination laws, as discussed in the Guidance section below.
Legal Background
The Department of State and the Department of Commerce regulate the export, reexport, and in-country transfer of technology, technical data, and software source code to foreign persons under the ITAR and EAR, respectively. The ITAR regulates defense services, defense articles, and technical data, while the EAR regulates commercial goods, software, and technology, including “dual-use” items that may have both commercial and military applications, as well as certain less sensitive defense items.
Both the ITAR and the EAR impose limitations on who may access regulated technology and software source code, even within the United States. Specifically, the ITAR limits the disclosure or transfer of ITAR-controlled technical data to “U.S. persons” unless authorized by the State Department, while the EAR similarly considers the release or disclosure of technology or software source code that are subject to the EAR to foreign persons in the United States to be a “deemed” export that may require licensing. Under both the ITAR and the EAR, “U.S. persons” are defined as, inter alia, U.S. citizens, U.S. lawful permanent residents (i.e., “green card” holders), or any individual granted protected status under the INA (8 U.S.C. § 1324b(a)(3)), including asylees and refugees.
Limitations on who can access technology or software source code under export control regulations must be harmonized with anti-discrimination considerations under federal law. Specifically, the INA, as amended by the Immigration Reform and Control Act (“IRCA”), prohibits employers from discriminating in hiring or recruitment based on a person’s citizenship, immigration status, or national origin. Title VII of the Civil Rights Act of 1964 also prohibits discrimination in hiring on the basis of national origin.
The tension between these two types of legal regimes is apparent: one places status-based restrictions on access to certain technology and software source code within the United States, while the other prohibits treating applicants for employment and employees differently on those bases. Both U.S. export regulations and employment law contain exceptions, however, which can be applied to reconcile the two regimes.
The anti-discrimination laws permit certain types of discrimination under limited circumstances. For example, under the INA, employers may consider protected characteristics if there is a legal basis for doing so, such as a law, regulation, or government contract that requires citizenship restrictions. The regulations also permit preferential recruitment and hiring of U.S. citizens or nationals over foreign persons where the two are equally qualified. Title VII contains a national security exception, which permits national origin discrimination under certain circumstances where national security laws apply. Additionally, both Title VII and the INA recognize a bona fide occupational qualification (“BFOQ”) exception when a protected characteristic, such as citizenship, must be considered as a specific job requirement. These exceptions suggest that an employer may disqualify employees or applicants based on ITAR and EAR requirements.
However, the ITAR and EAR introduce complexity into the analysis, given that neither contains a flat prohibition on transfers of technology/technical data or software source code to foreign persons. Instead, both the ITAR and EAR provide for licenses and license exceptions that may enable the transfer or release of sensitive technology/technical data or software source code to foreign persons under certain circumstances. Under the ITAR, for example, an exporter may apply to the State Department for a license to share technical data with a non-U.S. party. Similarly, where technology or software source code is controlled by the EAR, an export license may be obtained from the Department of Commerce’s Bureau of Industry and Security (“BIS”) for transfer to non-U.S. persons. The EAR also provides a variety of license exceptions that enable access to controlled technologies or software source code by non-U.S. persons if certain conditions are met. Employers are not required to obtain a license or rely on one of the license exceptions, and are in fact permitted to implement a policy that the company will not obtain licenses for any employee. Employers could risk violating applicable anti-discrimination laws, however, if they do not issue any such policy and instead apply a blanket presumption that a candidate is automatically ineligible for a position that requires access to controlled technology or software source code based on citizenship alone.
Further, recent DOJ enforcement actions demonstrate that the interaction between employment law and export laws is far from straightforward, and there is little authoritative guidance explaining the precise contours of how these laws interact. Consequently, companies can inadvertently violate provisions of either employment laws or export control laws through attempts to comply with the other, particularly if the requirements and exceptions are not fully understood.
DOJ Enforcement and Guidance
Settlements in recent years between DOJ and certain employers are instructive. In May 2021, Aerojet Rocketdyne Inc. (“Aerojet Rocketdyne”) settled a claim with DOJ after it allegedly restricted 12 mechanic positions to U.S. citizens only. DOJ concluded that the company mistakenly assumed that the ITAR imposed restrictions on Aerojet Rocketdyne’s ability to hire non-U.S. citizens. DOJ assessed a $37,008 penalty and required Aerojet Rocketdyne to implement certain training on the INA’s anti-discrimination provisions as part of the settlement.
In April 2023, General Motors (“GM”) settled a claim with DOJ after its export compliance assessments unnecessarily required lawful permanent residents to provide an unexpired foreign passport as a condition of employment. DOJ’s investigation revealed that GM had improperly combined its I-9 process for verifying an employee’s ability to work in the United States with its export compliance assessment. This resulted in GM requiring non-U.S. citizens to provide unnecessary documents to prove their U.S. work authorization. DOJ assessed a $365,000 penalty and required GM to train its personnel, modify its employment policies, and separate its I-9 form and export compliance assessment processes as part of the settlement.
And in August 2023, DOJ sued Space Exploration Technologies Corporation (“SpaceX”), claiming that the company regularly discriminated against refugees and asylees in violation of the INA. DOJ alleged that SpaceX had incorrectly assumed it could only hire U.S. citizens and lawful permanent residents because of export control laws, and therefore discouraged asylees and refugees from applying for positions, failed to consider their applications, and only hired U.S. citizens and lawful permanent residents from September 2018 to September 2020. Although the case is currently stayed based on jurisdictional grounds, it nonetheless demonstrates DOJ’s continued interest in this area.
These enforcement actions build on the examples from 2018 and 2019, highlighted in our prior article, including the settlements between DOJ and Honda Aircraft, Setpoint Systems, Inc., and Clifford Chance US LLP that included penalties ranging from $17,457 to $132,000. DOJ’s continued enforcement activity in this space reflects its sustained interest in addressing this issue. Together, these actions demonstrate that employers must limit the collection, review, and use of citizenship information when making employment decisions to defined export control review standards or other national security restrictions as described in the guidance section below.
DOJ also published a fact sheet in April 2023 (revised in March 2024) designed to help employers avoid prohibited discrimination under the INA when complying with U.S. export control laws. The fact sheet recommends that employers avoid imposing specific citizenship, national origin, or immigration status requirements when recruiting or hiring unless such requirements are tied to a specific law, regulation, government contract, or executive order. The fact sheet also emphasizes the importance of making clear that the term “U.S. persons” includes more than just U.S. citizens. Additionally, the fact sheet recommends separating the I-9 review process from any export compliance processes, including those aimed at determining whether an applicant or employee will require an export license.
This fact sheet largely follows an existing March 2016 guidance memo from DOJ that explains when and how employers may ask questions about citizenship or immigration status for the purpose of complying with the ITAR and EAR. According to the memo, employers should limit the scope of inquiries about protected characteristics to positions actually involving access to export-controlled information, and should use those inquiries to determine whether the individual’s access to sensitive information will require an export license rather than as a disqualifying tool. The guidance recommends that employees responsible for assessing ITAR and EAR considerations during the hiring process be specially trained and perhaps even separated from the standard human resources function.
Guidance for Employers
DOJ guidance and enforcement actions provide employers with insight on how to balance obligations under export control and anti-discrimination laws. Perhaps most importantly, these enforcement actions remind companies that the legal term “U.S. persons” encompasses protected individuals, including refugees and asylees, in addition to U.S. citizens and lawful permanent residents. Employers seeking to comply with export controls must be cognizant that absent an exception, the ITAR and EAR do not permit hiring practices based on a narrower definition.
Further, because both the ITAR and EAR provide for the possibility of licenses and license exceptions, even non-U.S. persons may be able to work with export-controlled technology or software source code. Therefore, restricting job postings on the basis of citizenship or immigration status can be considered a violation of the INA or Title VII, even when made in a good faith attempt to comply with the ITAR and EAR, if the focus appears to be the applicant’s or employee’s citizenship status or national origin instead of on the need to obtain a license or identify an applicable license exception for the contemplated release of technology or software source code.
There are several steps employers can take to assess the export control implications of a particular hire without running afoul of the anti-discrimination laws, and importantly, employers are not prohibited from inquiring about citizenship and immigration status entirely.
- Employers should implement a consistent assessment strategy tailored to evaluating candidates against the company’s legitimate business needs. For example, companies should designate ahead of time—ideally before applications are received—which positions will require access to export-controlled technology or software source code. If appropriate, employers can include language in the posted job description making it clear that the position may include access to technology and/or software source code that is subject to U.S. export controls restrictions.
- Consider sending a form letter (perhaps an auto-response) to applicants explaining that the position may be subject to U.S. export control restrictions under the ITAR or the EAR. The form letter can indicate that employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license/confirming the availability of a license exception, that the applicant will be required to answer certain questions for export control purposes, and that the information will be reviewed by compliance personnel to ensure compliance with federal law. This letter should also state that the employer may choose not to apply for a license or use a license exception (if available) for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
- The export control evaluation process should be bifurcated from the rest of the hiring process. Companies can further reduce legal risk by conducting an evaluation process or compliance assessment only for workers whose positions would require working with export-controlled items. To conduct the compliance assessment, companies can develop a standalone document that asks citizenship and immigration status questions and explains information sought in conjunction with requirements under U.S. export control laws. This compliance assessment should take place separately from the Form I-9 process, which is used to evaluate whether an employee has permission to work in the United States. Though not required by law, compliance assessment forms should be submitted to an export control or compliance officer who does not serve in a human resources function to best ensure compliance with anti-discrimination requirements. The forms should also be stored separately from a worker’s I-9 forms and documentation. The compliance officer can request and verify appropriate documentation and report to human resources whether an export license or license exception would be required for the individual applicant without providing human resources or other hiring decision-makers with any information about citizenship, immigration status, or national origin.
- A company can reduce its legal risk by waiting to assess export control issues until after it extends a conditional offer of employment. If a job offer is made contingent on assessing whether a license or license exception will be needed by a person hired into a specific role, this information should be made clear in the offer letter and a process similar to the one described above should be used. Of course, the possibility that an offer to a candidate chosen after a lengthy application process may need to be rescinded if the employer is not able to obtain a license or decides not to seek one or to utilize a license exception (if available) may be burdensome for employers, and is not a requirement in order to comply with the law.
- Assess strategies for other national security screening outside the export controls context. As noted above, the INA permits employers to consider protected characteristics like citizenship if there is a permissible basis for doing so, such as under a law, regulation, government contract, or executive order. Examples of other national security-related restrictions can include security clearance requirements, sanctions restrictions related to particular countries, CFIUS mitigation agreement restrictions that impose various citizenship and national origin restrictions, or specific provisions in a government contract. Unlike in the export controls context, screening under these other national security regimes may permit unrestricted assessment of a candidate’s citizenship or national origin information, depending on the applicable legal or contractual standards. While the particular nature of screening will depend on the relevant national security restriction, we generally recommend that employers implement a screening process similar to that described in the preceding steps. Notably, employers may need to institute separate or different screening processes for different roles based on each role’s particular restrictions. This approach is also true for other exceptions, such as the national security and BFOQ exceptions under Title VII.
In sum, employers have discretion to decide whether or not they are willing to pursue an export license for a particular position or seek to identify and rely on a license exception. If an employer decides at the outset that it is not willing to seek export licenses for a position or utilize a license exception (if available), then it may decline to consider or hire applicants for whom a license would be required. However, employers must identify that requirement in the job posting, and any decision not to proceed with or hire an applicant should be based on (and refer to) the need for the license/license exception and not on the individual’s citizenship or status as a U.S. person.
The nexus between export control law and employment law is dynamic. The recent DOJ enforcement actions and fact sheet highlight the importance of understanding the interaction between these legal regimes to ensure an appropriate approach is undertaken to mitigate risk with respect to both anti-discrimination and export control law. Complying with the suggestions outlined above should mitigate risks associated with compliance. However, it remains essential that companies stay up to date and vigilant with regard to potential legal changes in this area.
Covington has strong capabilities in both export control and employment law. We will continue to monitor developments in this area, and we are well-positioned to advise companies who may wish to review their existing hiring practices in light of these recent DOJ actions. If you have any questions concerning the material discussed in this client alert, please contact members of our employment and trade controls practices.
Back
