🛡️ ITAR

ITAR Registered Laser Cutting for Defense-Controlled Hardware

ITAR is the one item on a laser shop's wall that is not a quality certificate at all, it is a federal registration, and confusing the two has put more than one buyer on the wrong side of an export-control violation. When a controlled drawing for a defense article reaches a cutting table, the technical data, the material, and the people who can lawfully see them are governed by the International Traffic in Arms Regulations, not by an audit clause. ManufacturingBase lets you filter for laser cutting suppliers that are DDTC registered and have the access controls in place so your USML hardware never crosses a line you cannot uncross.

ITARAS9100ISO 9001

Registration is not certification, and why that distinction matters

ITAR registration means a manufacturer or exporter has filed with the Directorate of Defense Trade Controls (DDTC) at the State Department, paid the annual fee, and holds a registration code. It is mandatory under 22 CFR 122 for anyone who manufactures defense articles on the United States Munitions List, even if they never export. Critically, registration is not a quality system, not an audit, and not a license to export; it is the baseline acknowledgment that the shop is in the regulated population and subject to ITAR obligations. A laser shop can be ITAR registered and still be a poor fabricator, or a superb fabricator that is not registered and therefore unable to lawfully cut your USML part. For a laser cutting job the controlled item is usually the technical data, the drawing, model, or NC program that defines a defense article, which is itself an ITAR-controlled export the moment it is shared with a foreign person, even one standing on US soil. So the registration matters less as a quality signal than as the entry ticket that allows the shop to receive and act on controlled technical data at all. Pair it with an actual quality cert like AS9100 to cover the dimensional and process side, because ITAR says nothing about whether the cut will be in tolerance.

Controlling the file: technical data, deemed exports, and the floor

The day-to-day ITAR burden in a laser shop is controlling who can access the technical data and the in-process parts. Under the deemed export rule, releasing controlled technical data to a foreign person inside the United States, an engineer on a work visa, a contractor without US-person status, counts as an export to that person's country and requires authorization. That means the NC programmer who opens your controlled DXF, the operator who runs the nest, and anyone who can view the drawing on a shop terminal must be a US person or covered by a license or exemption. A compliant shop segregates ITAR jobs: access-controlled servers, marked travelers, restricted areas around the machine, and a documented technology control plan. The physical part matters too. A laser-cut blank for a USML component is a defense article and cannot be shipped to a foreign destination or person without authorization, and scrap and remnants that reveal controlled geometry need controlled disposal. Cloud storage, offshore IT support, and overseas subcontracting of the cutting or any data handling are classic traps. A buyer should expect the shop to have a technology control plan, US-person verification on the personnel touching the job, and physical and digital access controls, none of which an ISO certificate guarantees.

Verifying ITAR status and avoiding the common traps

Verification starts with confirming the shop holds a current DDTC registration. The DDTC registration itself is not publicly searchable the way an ISO certificate is, so you confirm it by requesting the registration code and, more usefully, by auditing the shop's compliance posture: ask for the technology control plan, the empowered official's name, how US-person status is verified, where controlled data lives, and how scrap is handled. A shop that cannot speak fluently about deemed exports, the technology control plan, and data segregation is registered on paper but not compliant in practice, which is the dangerous middle ground. The traps that catch buyers are usually data-handling, not fabrication. Sending a controlled drawing through a consumer email or file-sharing service, letting an offshore IT vendor administer the server where the file sits, or assuming a quote portal is ITAR-safe can all constitute unauthorized exports before a single part is cut. On the supplier side, watch for shops that subcontract overflow laser work without flowing down ITAR requirements, or that store NC programs in an unrestricted cloud. The right posture is an end-to-end controlled chain: controlled transmittal of the file, US-person-only handling, marked and segregated parts, and documented disposal, with the registration as the legal foundation under all of it.

Materials and the AS9100 overlap on real defense parts

ITAR laser work tends to ride alongside aerospace and defense alloys because the parts are defense articles by nature: titanium 6Al-4V, 4130 and 4340 alloy steels, armor plate such as MIL-A-46100 and MIL-DTL-12560, 17-4 PH and 15-5 PH stainless, and aluminum 7075 for structural detail. The cutting itself is conventional fiber or CO2 laser work, but the material may carry DFARS 252.225-7009 specialty metals restrictions on top of ITAR, requiring qualifying-country melt sourcing with documented traceability. That is two distinct regulatory regimes stacked on one part. Because ITAR is silent on quality, defense buyers almost always pair the registration with AS9100 for flight and structural hardware or ISO 9001 for support items, so the part is both lawfully handled and dimensionally controlled. When you source on ManufacturingBase, treat ITAR registration as a gating filter for whether the shop can legally touch your controlled file, then layer the quality certification and the material traceability your part actually needs. The combination, registration plus quality system plus melt traceability, is what makes a laser shop genuinely viable for USML hardware rather than just eligible to receive the drawing.

Frequently Asked Questions

No. ITAR registration with the Directorate of Defense Trade Controls confirms only that the shop is in the regulated population and is legally permitted to manufacture defense articles and handle controlled technical data. It says nothing about whether the shop can hold your tolerances, control its laser process, or produce conforming parts. Registration is a federal filing and an annual fee, not an audit of capability or quality. Plenty of ITAR-registered shops are excellent fabricators, but the registration is not the reason, their quality system is. That is why defense buyers virtually always require ITAR registration plus a quality certification: AS9100 for flight and structural hardware, or ISO 9001 for non-flight support items. The ITAR side ensures your controlled drawing and the resulting parts are handled lawfully and never released to an unauthorized foreign person or destination. The quality side ensures the laser-cut part meets print. Treat them as two independent gates. If you only check the ITAR box, you may get a part that is legally clean but dimensionally wrong; if you only check the quality box on an unregistered shop, you may have committed an export violation just by sending the file. Verify both.
Because ITAR controls technical data, not just physical hardware, and the act of releasing that data to a foreign person is itself an export. If your drawing, 3D model, or NC program defines a defense article on the US Munitions List, it is controlled technical data. The deemed export rule means that showing or transmitting that data to a foreign person, even one physically present in the United States, such as an engineer on a work visa or a non-US-person contractor, counts as an export to that individual's home country and requires authorization. So the moment a controlled DXF lands on a shop server that an offshore IT contractor can administer, or gets opened by a programmer who is not a US person, or passes through a file-sharing service hosted abroad, an unauthorized export may have already occurred, with no part cut and nothing shipped. This is the single most common way buyers and suppliers stumble into ITAR violations. A compliant laser shop controls the entire data chain: a controlled method of receiving the file, US-person-only access to the drawing and the machine, access-controlled servers with no foreign IT administration, and a documented technology control plan governing who may view the data. Confirm that chain exists before you transmit a controlled file.
Confirm the registration code is current, then audit the compliance practice, because registration on paper without controls in place is the dangerous middle ground. Ask to see the technology control plan, the document that defines how the shop segregates and protects ITAR-controlled data and hardware. Identify the empowered official responsible for export compliance and confirm the role is real, not nominal. Ask how the shop verifies US-person status for everyone who can access controlled drawings and operate the machine, since deemed exports turn on personnel access. Establish where controlled technical data is stored and who administers that IT, ruling out offshore or unrestricted cloud administration. Walk the floor to confirm ITAR jobs are physically segregated, travelers are marked, and access to the cutting area is restricted. Ask how scrap, slugs, and remnants that reveal controlled geometry are dispositioned, because controlled material does not stop being controlled when it becomes scrap. Finally, ask whether the shop ever subcontracts overflow laser work and, if so, how it flows down ITAR requirements and verifies the subtier. A shop that answers all of these fluently is genuinely compliant; one that can only show you the registration certificate is not.
They are separate regimes that frequently apply to the same defense article at the same time, and meeting one does not satisfy the other. ITAR governs the control of the technical data and the defense article itself: who may see the drawing, who may handle the part, and where it may go. DFARS 252.225-7009 governs the origin of the metal: for many defense contracts the specialty metals, including titanium and titanium alloys, certain high-performance steels, and specific nickel and cobalt alloys, must be melted or produced in the United States or a qualifying country, and that must be proven with documented melt traceability back to the mill. So a laser-cut 6Al-4V titanium bracket on a USML assembly can simultaneously require ITAR-controlled handling of the drawing and the part, and DFARS-compliant melt sourcing with an EN 10204 3.1 mill certificate tracing the heat to a qualifying country. A compliant laser shop manages both: it controls the file and the floor under ITAR, and it procures and documents the material under DFARS, linking the heat lot to the finished parts. When you source, verify the ITAR registration and compliance posture for the data and hardware control, and separately verify the material traceability and specialty-metals compliance for the alloy. Missing either one can stop your parts at your prime contractor's incoming inspection.

Last updated: July 2026

Find ITAR-Certified Laser Cutting Suppliers

Search verified laser cutting shops that hold ITAR.

No logins. No email gates. Just results.