Companies as well as universities have for many years been required to comply with export control laws. Technology or source code is considered to be exported not only under the traditional sense of shipping it overseas; an export of technology or source code can also be "deemed" to take place when it is released to a foreign national within the United States. Deemed exports must be authorized through an export license issued by the responsible Government agency. Technology or code is considered "released" for export when it is "available to foreign nationals for visual inspection (such as reading technical specifications, plans, blueprints, etc.); when technology is exchanged orally; or when technology is made available by practice or application under the guidance of persons with knowledge of the technology.
The Export Administration Regulations (EAR) (15 CFR Parts 770-774) and the International Traffic in Arms Regulations (ITAR) (22 CFR Parts 120-130) require U.S. persons to seek and receive authorization from the U.S. Government before releasing to foreign persons in the United States controlled technology or technical data. Under both the EAR and the ITAR, release of controlled technology or technical data to foreign persons in the United States--even by an employer--is deemed to be an export to that person's country or countries of nationality.
The U.S. Government requires each company or other entity to certify that it has reviewed the EAR and ITAR and determined whether it will require a U.S. Government export license to release controlled technology or technical data for the foreign national. If an export license is required, then the company or other entity must further certify that it will not release or otherwise provide access to controlled technology or technical data to the beneficiary until it has received from the U.S. Government the required authorization to do so.