Who We ServeDefense Tech and Dual-Use Startups

Defense Tech and Dual-Use Startups

Defense tech and dual-use startups making physical products for both the DoW market and the commercial sector. If your company sells or plans to sell into defense programs while also pursuing commercial customers, the compliance frameworks below apply to your product, your customers, your investors, and your supply chain simultaneously. Managing both markets at once creates unique compliance friction that does not exist for purely commercial or purely defense companies.

The Compliance Challenge

Defense tech startups face a compliance stack that most commercial technology companies never encounter. ITAR registration, export classification, FOCI mitigation, CFIUS screening, CMMC certification, NDAA supply chain requirements, and entity screening of investors and customers all interact with each other and all need to be managed in parallel. A single misstep, including the wrong investor in your cap table, a foreign national engineer accessing controlled technical data, or a component supplier with a restricted entity in its ownership chain, can delay or kill a government contract, trigger an enforcement investigation, or block a fundraising round. The dual-market tension is real. Becoming ITAR-registered simplifies some government procurement but creates licensing obligations for international commercial sales and restricts which foreign nationals can access your engineering team and technical data. Raising capital from international investors accelerates growth but can trigger CFIUS review and create FOCI conditions that disqualify you from classified work. Getting these decisions right early, before they are locked into corporate structure or cap table, is far less costly than remediation after the fact.

Core Compliance Requirements

NDAA Section 889: Prohibited Telecommunications Equipment

If you sell into federal programs or are a subcontractor to a defense prime, Section 889 Part A flows down to your product and your internal operations. Your product may not contain telecommunications or video surveillance equipment from Huawei, ZTE, Hikvision, Dahua, Hytera, or their affiliates. This applies to any component in which covered equipment is a substantial or essential element, not just products whose primary function is telecommunications.

NDAA Section 1260H: Chinese Military Companies

Effective June 30, 2026, DoW may no longer directly procure from any 1260H-listed Chinese Military Company or their affiliates. Effective June 30, 2027, the prohibition extends to indirect procurement across supply chains. For defense tech startups, this creates two risk vectors: your own company's investors or partners may appear on the list, and your sub-tier component suppliers may have 1260H-listed entities in their ownership chains. The FY 2025 NDAA's ownership penetration clause allows DoW to designate parent companies and subsidiaries of listed entities as Chinese Military Companies under a 50% equity threshold.

OFAC Sanctions and BIS Entity List

Sanctions programs covering Russia, Iran, North Korea, and others apply to any transaction in your commercial or defense supply chain. International customers, investors, and distributors must be screened against the OFAC SDN List and relevant country programs before transactions occur. BIS Entity List screening is required for any export. Both lists are updated frequently and a counterparty that was clean at one point may not remain clean. FAR 52.225-13 requires OFAC compliance to flow down to all subcontracts for government contractors.

BIS EAR Section 744.16

FOCI: Foreign Ownership, Control, or Influence

Any company seeking a facility security clearance or performing certain DoW-sensitive work must demonstrate that foreign ownership, control, or influence does not compromise national security. FOCI arises from foreign equity stakes, board membership, financing arrangements, contractual relationships, or technology licensing agreements. A proposed DFARS rule (May 2026) would expand FOCI review and mitigation to unclassified contractors performing sensitive manufacturing, engineering, logistics, or supply chain work, potentially subjecting an estimated 37,000 or more additional entities to FOCI review. Startups should structure their cap tables and board with FOCI implications in mind before, not after, pursuing government contracts.

SBIR and STTR: Foreign Ownership Disclosure

The SBIR and STTR Extension Act of 2022 requires companies receiving SBIR and STTR awards to disclose any foreign stake of 5% or more, participation in foreign government talent recruitment programs (including China's Thousand Talents Plan), and connections to foreign-backed investors. Triggers include U.S. venture funds with foreign limited partners, syndicates with foreign co-investors, and management or board members with dual roles at foreign-owned companies.

EAR: Export Administration Regulations

Products not on the USML but with dual-use potential fall under EAR. Every product must be classified against the Commerce Control List before export. Products classified EAR99 have minimal controls; products with an Export Control Classification Number require license analysis for each destination and end-user. End-user screening against the BIS Entity List, Military End User List, and Unverified List is required before shipment. The BIS Affiliates Rule, suspended through November 9, 2026, will when reinstated automatically extend Entity List restrictions to unlisted subsidiaries and affiliates of named entities, expanding the universe of restricted customers substantially.

ITAR: International Traffic in Arms Regulations

If your product, technology, or technical data appears on the U.S. Munitions List, you must register with the State Department's Directorate of Defense Trade Controls before any controlled activity, including manufacturing, exporting, or sharing technical data with foreign nationals inside the U.S. (deemed exports). Registration is annual. Export licenses are required for most international transfers of ITAR-controlled items or data. The USML was significantly revised in September 2025 and further revisions are planned for 2026 covering semiconductors and circuit boards (Category XI), space systems (Categories IV and XV), and the definition of defense services (Category IX). Startups in these technology areas may find their classification changes significantly.

CFIUS: Committee on Foreign Investment in the United States

CFIUS reviews foreign investments in U.S. businesses for national security risk. For defense tech startups operating in technology, infrastructure, or data sectors (known as TID US businesses), certain foreign investments trigger mandatory filing requirements, not just voluntary notice. CFIUS has forced divestitures in defense tech space companies and reviews investments from Chinese, Russian, Iranian, and North Korean entities with heightened scrutiny. The FY 2026 NDAA expanded CFIUS jurisdiction over sensitive technology sectors and real estate near defense installations. Even U.S.-based venture capital funds with substantial foreign limited partners can trigger CFIUS concerns. The Trump administration is developing a Known Investor Program to streamline review for allied-country investors, but scrutiny of adversary-linked capital is intensifying.

Timeline

Upcoming Regulatory Changes and Deadlines

In effect

ITAR registration: Required before any USML-related activity

If your product or technology touches the U.S. Munitions List, you must register with DDTC before manufacturing, exporting, or sharing controlled technical data, including with foreign nationals inside the U.S. Registration is annual and must precede any controlled activity.

In effect

EAR: Export classification required for all products

Every product must be classified against the Commerce Control List before export. EAR99 products have minimal controls; products with an ECCN number require license analysis for each destination. Misclassification is one of the most common enforcement triggers for startups.

In effect

NDAA Section 889: Prohibited telecom flowdown

If you are a subcontractor to a defense prime, Section 889 Part A flows down to you. Your product may not contain telecommunications or video surveillance equipment from covered Chinese entities. Applies to any component, not just the primary function of your product.

In effect

OFAC sanctions: Applies to all commercial transactions

Any transaction with a Specially Designated National or entity in a comprehensively sanctioned jurisdiction is prohibited. For startups with international customers or investors, OFAC screening is a baseline obligation, not an advanced compliance step.

In effect

FOCI: Foreign ownership screening for DoW contracts and clearances

Any company with foreign ownership, control, or influence that seeks a facility security clearance or certain DoW contracts must disclose and mitigate FOCI. A proposed DFARS rule (May 2026) would expand FOCI review to unclassified contractors performing sensitive work. Even U.S.-based VC funds with foreign limited partners can create FOCI concerns.

In effect

CFIUS: Mandatory filing for certain foreign investments in TID US businesses

Startups working in technology, infrastructure, or data (TID) sectors face mandatory CFIUS filing requirements when receiving foreign investment above defined thresholds. CFIUS has forced divestitures in defense tech space companies. Chinese, Russian, Iranian, and North Korean investors trigger heightened scrutiny. The FY 2026 NDAA expanded CFIUS jurisdiction over sensitive technology sectors.

In effect

SBIR/STTR: Foreign ownership disclosure requirements

Under the SBIR and STTR Extension Act of 2022, companies receiving SBIR/STTR awards must disclose any foreign stake of 5% or more, participation in foreign government talent recruitment programs, and connections to foreign-backed investors.

June 30, 2026

NDAA Section 1260H: Direct procurement ban

DoW may no longer directly procure goods, services, or technology from any 1260H-listed Chinese Military Company or their affiliates. If your company, any investor, or a sub-tier supplier appears on the list, your products may be disqualifying for DoW programs.

Nov 10, 2026

BIS Affiliates Rule reinstated

Any entity 50% or more owned by a BIS Entity List company becomes automatically restricted. Startups with international commercial customers or supply chain vendors must verify ownership structures are clean before the suspension expires.

2026

ITAR USML revisions: Semiconductors, space, defense services

DDTC has signaled three USML revisions for 2026: semiconductor and circuit board controls (Category XI), space-related systems (Categories IV and XV), and a redefinition of defense services (Category IX). Startups in these sectors may find their product classification changes significantly.

Our Solution

How SolidIntel Helps Defense Tech and Dual-Use Startups

Investor and Cap Table Screening

Screen existing and prospective investors against OFAC SDN, BIS Entity List, CFIUS watch categories, and 1260H Chinese Military Companies. Identify foreign LP exposure in domestic VC funds. Map ownership structures to determine FOCI and CFIUS filing obligations before they become deal-closing problems.

Customer and Partner Entity Vetting

Screen international customers, distribution partners, and technology licensees against all relevant restricted party lists before transactions or technology transfers occur. ITAR and EAR violations frequently originate from inadequate end-user screening, not intentional evasion.

FOCI Determination Support

Map foreign ownership, investor relationships, and board-level influence to determine whether a FOCI condition exists and what mitigation instrument (Special Security Agreement, Proxy Agreement, or Board Resolution) DCSA is likely to require.

Supply Chain Entity Screening

Screen component suppliers and sub-tier vendors against all relevant restricted party lists. A Chinese-origin component supplier chosen for cost efficiency can become an ITAR or NDAA Section 889 violation when discovered during a prime contractor purchasing system review.

BIS Affiliates Rule Readiness

Identify unlisted affiliates of BIS Entity List companies among your international customers and suppliers before the Affiliates Rule reinstates November 10, 2026. Ownership tracing through Chinese holding structures and variable interest entities is core to SolidIntel's capability.

Continuous Monitoring

Entity designations and restricted party lists change constantly. SolidIntel monitors your investor base, customer list, and supplier relationships in real time and escalates new risk flags as OFAC, BIS, UFLPA, and 1260H lists update.

Automated Compliance Documentation

Generate timestamped, citation-backed entity screening reports documenting investor vetting, customer screening, and supply chain reviews in the format DCSA FOCI reviewers, CFIUS staff, DoW contracting officers, and prime contractor auditors expect.

Ready to verify your supply chain?

Request a demo to see how SolidIntel handles compliance for Defense Tech and Dual-Use Startups.