🛡️ ITAR

ITAR-Registered Injection Molders for Defense-Controlled Parts

ITAR is not a quality standard, it is U.S. export-control law, and that distinction changes everything about sourcing a molded part. A defense program molding a controlled enclosure, a USML-listed component, or a part built from a controlled drawing needs a molder that is DDTC-registered, controls technical data behind a compliant infrastructure, and restricts shop-floor access to U.S. persons. This page explains what ITAR registration covers, when a molded plastic part falls under the USML, how technical-data control works on a molding floor, and how to verify a molder's standing.

ITARAS9100ISO 9001

Registration vs. Certification: What ITAR Actually Is

There is no 'ITAR certificate.' The International Traffic in Arms Regulations (22 CFR Parts 120-130) are administered by the U.S. State Department's Directorate of Defense Trade Controls (DDTC), and what a defense molder holds is a DDTC registration under Part 122, renewed annually, evidenced by a registration code and an expiration date. Registration is mandatory for any U.S. person who manufactures or exports defense articles or furnishes defense services, even if they never physically export anything, manufacturing a USML-controlled part domestically still triggers the obligation. Treat any supplier claiming an 'ITAR certificate' as a red flag; the correct artifact is the DDTC registration. The regulated thing is not the molding process but the article and its technical data. A molded part becomes ITAR-controlled when it is specifically designed, developed, or modified for a defense article enumerated on the United States Munitions List (USML), or when the drawing, specification, or model that defines it is itself controlled technical data. A generic commercial enclosure is not ITAR; the same enclosure designed to house a USML-listed fire-control system is. Because ITAR is law rather than a managed standard, there is no third-party audit body and no public registry of who is 'compliant.' Compliance is the molder's own legal responsibility, which is why buyers must verify registration directly and assess the molder's compliance program rather than relying on a framed certificate.
01

When a Molded Plastic Part Falls Under the USML (and the EAR Boundary)

Jurisdiction is the first question, and it is frequently misjudged. A molded part is ITAR-controlled if it is a defense article under the USML, captured either by a specific category entry (for example, parts and components specially designed for items in Categories such as VIII for aircraft, XI for military electronics, or others) or because it is built to controlled technical data. The phrase 'specially designed' is a defined term and the usual trigger: an off-the-shelf plastic part used in a weapon system may not be controlled, but one designed or modified specifically for that system typically is. Many defense-adjacent molded parts actually fall under the Export Administration Regulations (EAR) and the Commerce Control List rather than ITAR, especially after the Export Control Reform moved numerous '600 series' military components from State to Commerce jurisdiction. Getting jurisdiction right matters because it dictates which rules govern the data, the personnel, and any export. When in doubt, the customer or prime should provide a jurisdiction-and-classification determination, or request a Commodity Jurisdiction (CJ) from DDTC. For the molder, the practical implication is that the controlled element is usually the drawing and any associated models, fixtures, or process data tied to the defense design. Even when the plastic resin itself is mundane, the engineering data that makes the part what it is can be the controlled defense article, and that is what the molder must protect.

02

Technical-Data Control and US-Person Access on the Floor

ITAR's core operational burden for a molder is controlling technical data so that no unauthorized export occurs, including a 'deemed export', which happens the moment a foreign person inside the United States gains access to controlled data without authorization. That means the controlled drawing, CAD model, GD&T, and process documentation must live behind access controls limited to U.S. persons (citizens, lawful permanent residents, and certain protected individuals as defined in 22 CFR 120.62), with foreign-national employees, visitors, and IT administrators walled off. In practice an ITAR-aware molder runs a documented technology control plan: segregated or access-controlled engineering systems, ITAR-compliant data storage and email (often a sovereign or FedRAMP/ITAR-boundary cloud, or on-premises), visitor and photography controls on the production floor, and employee citizenship verification and training. Tooling and fixtures built from controlled data, and even the molded parts themselves, are handled and stored under the same export-control discipline. Cross-border activity, sending a tool offshore, using a foreign subcontractor, or shipping parts internationally, requires a DDTC license or a qualifying exemption and cannot be done casually. For the buyer, the consequence is that an ITAR molding job stays domestic and stays inside a controlled boundary. You should expect the molder to sign or flow down the relevant nondisclosure and export-control terms, to confirm in writing that only U.S. persons will access your data, and to handle the returned tool and parts under the same controls. Mishandling is not a quality nonconformance; an unauthorized export is a federal violation carrying criminal and civil penalties.

03

Verifying Registration and Building a Defensible Supply Chain

Because there is no public 'ITAR registry,' verification is direct rather than database-driven. Ask the molder for evidence of current DDTC registration: the registration code and the expiration date, which you can have your own empowered official or trade-compliance team validate. Confirm registration is current for the present period, since it must be renewed annually and lapses are common. A molder that cannot produce a registration code, or that offers an 'ITAR certificate' instead, has not done the work. Beyond the registration, assess the compliance program itself, because registration is necessary but not sufficient. Ask to see (in summary) the technology control plan, evidence of U.S.-person verification, the ITAR-boundary IT environment, export-control training records, and how the molder handles controlled tooling and parts. Many serious defense molders also hold AS9100 and may be CMMC-aligned for handling controlled unclassified information, useful corroborating signals even though they are separate frameworks. Confirm any subcontracting (secondary operations, painting, assembly) stays inside the controlled, U.S.-person boundary. Finally, paper the relationship correctly. Flow down ITAR clauses in the purchase order, execute an NDA with export-control language, confirm jurisdiction and classification of the part and its data in writing, and document that no offshore tooling or foreign-person access will occur without proper authorization. On ManufacturingBase you can filter for ITAR-registered molders to start with the right pool, but the registration check and program assessment are steps you still own as the buyer, because the legal exposure for an unauthorized export is shared across the supply chain.

Frequently Asked Questions

No, and that is one of the most useful red flags in defense sourcing. ITAR is U.S. export-control law (22 CFR Parts 120-130) administered by the State Department's Directorate of Defense Trade Controls, not a quality standard with an audit body. What a compliant molder holds is a DDTC registration under Part 122, which is mandatory for any U.S. manufacturer or exporter of defense articles or services, renewed annually, and evidenced by a registration code and expiration date. There is no third-party certificate, no accreditation body, and no public registry of 'ITAR-compliant' shops. So when a supplier offers you an 'ITAR certificate,' it usually means they do not actually understand the regime. The correct verification is to request their current DDTC registration code and expiration, validate that it is active for the present period, and then assess their actual compliance program, technology control plan, U.S.-person access controls, ITAR-boundary IT, and export-control training. Registration alone proves they are in the system; the program is what proves they can actually protect your controlled technical data on the molding floor.
Jurisdiction turns on the article and its design intent, not the molding process or the resin. A molded part is ITAR-controlled when it is a defense article on the United States Munitions List, captured either by a specific USML category entry or because it is 'specially designed' for a USML item, or when the drawing, model, or specification that defines it is itself controlled technical data. The defined term 'specially designed' is usually the trigger: a commodity plastic part used in a system may not be controlled, while one designed or modified specifically for that defense system typically is. Importantly, after Export Control Reform many military components moved to Commerce jurisdiction under the EAR's Commerce Control List, often the '600 series', so a defense-adjacent molded part may be EAR-controlled rather than ITAR-controlled. Getting this right matters because it determines which rules govern the data, the personnel, and any export. Do not guess: have the customer or prime provide a jurisdiction and classification determination, or request a Commodity Jurisdiction determination from DDTC. The molder generally relies on the customer's determination and protects whatever the controlled technical data turns out to be.
A deemed export occurs when a foreign person inside the United States gains access to ITAR-controlled technical data, the law deems that access an export to the person's home country, even though nothing physically crossed a border. For a molder this is the central daily compliance risk, because the controlled element is usually the engineering data: the drawing, CAD model, GD&T, and process documentation tied to a defense design. If a foreign-national employee, contractor, visitor, or even an offshore IT administrator can view that data without authorization, an unauthorized export has occurred. That is why ITAR-aware molders restrict access to controlled data to U.S. persons as defined in 22 CFR 120.62 (citizens, lawful permanent residents, and certain protected individuals), run an ITAR-boundary IT environment, control floor access and photography, and verify employee citizenship. Tooling and parts built from the data carry the same controls. The consequence for a buyer is concrete: an ITAR molding job stays domestic and inside a controlled boundary, and any foreign access, offshore tooling, or international shipment requires a DDTC license or a qualifying exemption. Violations are federal offenses with criminal and civil penalties, not quality nonconformances.
Since there is no public registry, verification is direct. Request the molder's current DDTC registration code and expiration date and have your empowered official or trade-compliance function validate it, confirming it is active for the current annual period, because registrations must be renewed yearly and lapses happen. A supplier that cannot produce a registration code, or that hands you an 'ITAR certificate,' has not done the work. Registration is necessary but not sufficient, so also assess the compliance program: ask for a summary of the technology control plan, evidence of U.S.-person verification, the ITAR-boundary IT and data-storage setup, export-control training records, and how controlled tooling and parts are stored and handled. Many serious defense molders also carry AS9100 and may be CMMC-aligned for controlled unclassified information, useful corroborating signals though separate frameworks. Confirm any secondary operations or subcontracting stay inside the U.S.-person controlled boundary. Then paper it correctly: flow down ITAR clauses in the purchase order, execute an NDA with export-control language, confirm the part's jurisdiction and classification in writing, and document that no offshore tooling or foreign-person access will occur without authorization. The export-control liability is shared across the chain, so these steps remain the buyer's responsibility even after filtering for ITAR-registered molders.

Last updated: July 2026

Find ITAR-Certified Injection Molding Suppliers

Search verified injection molding shops that hold ITAR.

No logins. No email gates. Just results.