The independent resource on global security

Internal compliance and export control guidance documents for the information and communications technology sector

The scope of European Union (EU) dual-use and arms export controls has expanded in recent years to cover a wider range of goods, technologies and activities. This means that a broader range of sectors and actors are now affected by controls. This expansion has been accompanied by efforts by governments and the EU to incentivize the adoption of internal compliance programmes (ICPs) by companies and other affected entities. An ICP is an arrangement that a company or other entity puts in place to ensure that it is complying with dual-use and arms export controls. However, while the requirement to have an ICP is becoming more mainstream, the guidance available on how one should be established and maintained is often generic and fails to take into account the specific needs of different affected sectors and actors.

This SIPRI Best Practice Guide outlines the sector-specific compliance- related guidance material that is available to companies and other actors in the information and communications technology (ICT) sector that might be subject to the European Union’s arms and dual-use export controls. It covers guidance material produced by national governments, the EU and other bodies, as well as publicly available Internal Compliance Programmes (ICPs) produced by companies in the ICT sector.

 

ABOUT THE AUTHOR(S)/EDITORS

Dr Sibylle Bauer is the Director of Studies, Armament and Disarmament, at SIPRI.
Kolja Brockmann is a Senior Researcher in the SIPRI Dual-Use and Arms Trade Control programme.
Dr Mark Bromley is the Director of the SIPRI Dual-Use and Arms Trade Control Programme.
Giovanna Maletta is a Senior Researcher in the SIPRI Dual-Use and Arms Trade Control Programme.