The scope of European Union (EU) dual-use and arms export controls has expanded in recent years to cover a wider range of goods, technologies and activities. This means that a broader range of sectors and actors are now affected by controls. This expansion has been accompanied by efforts by governments and the EU to incentivize the adoption of internal compliance programmes (ICPs) by companies and other affected entities. An ICP is an arrangement that a company or other entity puts in place to ensure that it is complying with dual-use and arms export controls. However, while the requirement to have an ICP is becoming more mainstream, the guidance available on how one should be established and maintained is often generic and fails to take into account the specific needs of different affected sectors and actors.
This SIPRI Best Practice Guide outlines the sector-specific compliance- related guidance material that is available to companies and other actors in the information and communications technology (ICT) sector that might be subject to the European Union’s arms and dual-use export controls. It covers guidance material produced by national governments, the EU and other bodies, as well as publicly available Internal Compliance Programmes (ICPs) produced by companies in the ICT sector.