What Is the BIS Entity List?
The BIS Entity List is a critical U.S. export control tool targeting foreign entities engaged in activities deemed contrary to U.S. national security or foreign policy interests. Businesses must screen all export, re-export, and technology transfer transactions against this list—even those involving intangible items like software or visual inspections. Non-compliance risks are substantial, including hefty fines, criminal charges, and loss of export privileges. Effective compliance requires more than basic screening: firms must implement risk-based programs, classify items accurately, evaluate licensing needs, and maintain robust due diligence processes. As the Entity List changes frequently and can overlap with other sanctions lists, organizations should integrate automated, multi-list screening tools and stay up to date with evolving regulatory guidance to protect their global operations.
The Bureau of Industry and Security (BIS), part of the U.S. Department of Commerce, maintains the Entity List as a key tool for controlling the export, re-export, and transfer of U.S.-origin goods, software, and technology. The list identifies foreign individuals, businesses, research institutions, and government entities involved in activities contrary to U.S. national security or foreign policy interests.
Entities listed are subject to specific licensing requirements, often resulting in a presumption of denial for any export-related activity. This means that engaging in transactions with listed parties can lead to significant legal and reputational risk for U.S. and non-U.S. firms alike. The Entity List is distinct from sanctions lists maintained by OFAC, but often intersects in practice.
{{snippets-guide}}
Why Entities Are Added to the BIS List
The BIS Entity List is used to restrict access to sensitive U.S. technologies and prevent their use in activities such as military end-use, weapons proliferation, surveillance abuses, or human rights violations. Examples include Chinese tech companies allegedly involved in surveillance of minority populations, or Russian firms linked to military procurement.
Additions to the list are typically based on interagency reviews involving the Departments of Defense, State, Energy, and Homeland Security. The reasons for listing may not always be fully disclosed, but BIS publishes a justification for each addition in the Federal Register. These entries detail the nature of the threat or activity prompting the designation.
Compliance Implications for Businesses
Once an entity is listed, U.S. firms and those dealing in U.S.-origin items must seek a license before engaging in virtually any export, re-export, or transfer. In most cases, BIS applies a "presumption of denial," meaning license requests are rarely approved. Even support services such as training or software access can fall under these restrictions.
Non-U.S. firms using U.S. components or technology in their supply chains must also comply, or risk violating the Export Administration Regulations (EAR). This extraterritorial reach underscores the global impact of BIS actions. Businesses must review their vendor, customer, and partner lists against the Entity List to ensure they do not inadvertently engage restricted parties.
When Do I Need to Check the BIS Entity List?
Firms must check the BIS Entity List for every transaction involving an export, re-export, or transfer of a U.S.-origin item to a foreign person or entity. This includes deemed exports, where sensitive technology is shared with foreign nationals within the United States. Due diligence must be thorough and documented, even for low-value or non-commercial transfers.
Exporters and re-exporters are responsible for understanding their obligations under EAR and for determining whether licensing requirements apply. Failure to screen appropriately can result in severe penalties, including fines of up to $250,000 or twice the value of the transaction, as well as potential criminal charges and loss of export privileges.
Screening Against the Entity List
Screening counterparties against the Entity List is a critical first step in compliance. While the list is publicly available, screening should be integrated into automated systems and risk-based onboarding processes. Screening should occur not only during customer intake but also when reviewing suppliers, agents, and service providers.
Because entity names may appear with variations, firms should use tools that support fuzzy matching and alias recognition. BIS typically provides the legal name, location, and other identifying details, which can help differentiate between entities with similar names. It is essential to monitor updates, as the list is amended frequently.
What Is Covered by the BIS Entity List?
The BIS Entity List covers any export, re-export, or in-country transfer of items subject to the EAR, regardless of the method of transfer or value. Items do not need to be physical goods—software, source code, schematics, and even visual inspection of documents by a foreign national may be considered an export.
Transactions covered by the BIS Entity List restrictions include electronic transfers, cloud access, hand-carried equipment, and technical assistance. Restrictions can apply based on the nature of the item, its intended use, its destination, and the parties involved. This broad scope means exporters must be vigilant in identifying and assessing all potential export control triggers.
Best Practices for Managing Entity List Risk
To manage BIS Entity List exposure effectively, companies should implement a structured export compliance program. This includes assigning export control officers, maintaining updated internal lists, and conducting periodic training for relevant staff. A centralized compliance function can help ensure consistent application across departments and geographies.
Due diligence is especially important when dealing with distributors, resellers, or overseas agents, who may act on a company’s behalf. Contracts should include export compliance clauses, and high-risk transactions should undergo enhanced review. If a match is found, businesses should seek legal counsel before proceeding with any engagement.
How Do I Check Export Licensing Requirements?
Checking export licensing requirements begins with understanding the item’s classification. Products, technology, or software subject to the EAR may appear on the Commerce Control List (CCL) and have an associated Export Control Classification Number (ECCN). Items not listed on the CCL are classified as EAR99, but even EAR99 items may require a license depending on end use, end user, or destination.
Exporters must evaluate licensing requirements using a combination of factors: the item’s technical characteristics, destination country, end user, and end use. Additional regulatory regimes, such as ITAR, OFAC sanctions, and the FDA or NRC, may also apply. Firms should document their licensing assessments and consult relevant agencies when in doubt.
Differences Between BIS Entity List and OFAC Lists
While both BIS and OFAC impose restrictions on foreign entities, the legal frameworks and enforcement mechanisms differ. OFAC lists often include asset freezes and strict prohibitions, while BIS Entity List restrictions revolve around licensing requirements for exports and technology transfers.
An entity can appear on both lists, but not always. Therefore, firms must screen against multiple government lists—including the BIS Entity List, OFAC SDN List, and Denied Persons List—to capture the full range of compliance risk. Integrating multi-list screening tools is a best practice for avoiding gaps in coverage.
Consequences of Non-Compliance
Violations of BIS restrictions can lead to severe penalties, including civil fines, loss of export privileges, and even criminal prosecution. In 2019 alone, BIS levied over $19 million in penalties and obtained 36 convictions resulting in a combined 1,038 months of imprisonment. Penalties may apply even in cases of inadvertent violations.
Regulators consider a company’s internal controls and response actions when determining penalties. Having a strong compliance framework, self-reporting violations, and cooperating with investigations may mitigate outcomes. Nonetheless, the reputational damage from non-compliance can be long-lasting and commercially costly.
{{snippets-case}}
Final Thoughts: Navigating the BIS Entity List Responsibly
The BIS Entity List is a dynamic regulatory instrument with global implications. Companies operating internationally, particularly in high-tech sectors, must proactively monitor and respond to list changes. Ensuring awareness across commercial, procurement, and legal teams is essential for effective compliance.
Screening, due diligence, licensing awareness, and documentation should all form part of an integrated export compliance strategy. By treating BIS compliance as a core business function rather than a legal checkbox, companies can reduce risk, maintain regulatory alignment, and protect their global operations from enforcement exposure.
sanctions.io is a highly reliable and cost-effective solution for real-time screening. AI-powered and with an enterprise-grade API with 99.99% uptime are reasons why customers globally trust us with their compliance efforts and sanctions screening needs.
To learn more about how our sanctions, PEP, and criminal watchlist screening service can support your organization's compliance program: Book a free Discovery Call.
We also encourage you to take advantage of our free 7-day trial to get started with your sanctions and AML screening (no credit card is required).
