How export controls actually function
Export controls are not just lists of forbidden products. They are a system of licences, end-use certifications, and extraterritorial claims that operates very differently in practice than on paper.
Key fact
US Entity List additions, 2022-2024: over 600 entities
An export control restricts the cross-border transfer of specific goods, software, or technical information. The classic targets are weapons and dual-use items. Increasingly the targets include advanced semiconductors, semiconductor manufacturing equipment, and the design software used to make them.
The administrative machinery starts with the Commerce Control List. Each entry has an Export Control Classification Number that determines which destinations require a licence and which end-uses are restricted. A US exporter wanting to ship a controlled item files an application with the Bureau of Industry and Security. The application includes the buyer's identity, the end-use, and certifications from the buyer.
The Entity List is a separate instrument. It names specific foreign parties to whom exports are presumed denied. Adding an entity to the list does not require a new statute. It just requires interagency agreement among Commerce, State, Defense, and Treasury. That makes the tool fast and political.
The Foreign Direct Product Rule, expanded substantially in 2020 and 2022, extends US jurisdiction to foreign-made products that incorporate US technology or were produced with US-origin tools. In semiconductor terms, this means a chip made in Taiwan using American design software and American-designed equipment falls under US export control even though it never touched US soil.
This is the assertion that turned export controls into a strategic instrument. Pre-FDPR, the US could only block what it manufactured. Post-FDPR, the US can block much of what anyone manufactures using the global toolchain. The downstream effect on Chinese semiconductor ambitions has been significant — and so has the discomfort among allies who would prefer to make their own decisions about whom to sell to.
Enforcement at this scale is hard. The Bureau of Industry and Security has a few hundred enforcement agents tracking transactions worth trillions of dollars. Most enforcement runs through compliance obligations imposed on private firms. Companies in the supply chain must screen customers, certify end-use, and audit downstream. Penalties for failure run into hundreds of millions of dollars and have been applied to firms like Seagate and TSMC subsidiaries.
The strategic logic is that even imperfect enforcement raises costs and slows progress in the target sector. A Chinese semiconductor firm can still buy older equipment, hire experienced engineers, and make progress on yield. But each step takes longer than it otherwise would. The intent is to bend the development curve, not flatly halt it.
Critics argue that export controls accelerate the very thing they are meant to slow, because they incentivize the target country to build domestic alternatives at any cost. Supporters argue that the alternatives are years behind and that buying time is itself the strategic objective. Both readings are partly correct. The empirical question is how the lag dynamics actually play out, and that will take another decade to settle.
There is also a research-cooperation dimension worth noting. Export controls now extend to deemed exports — the release of controlled technology to foreign nationals on US soil, including students and visiting researchers. Universities and national laboratories operate under licensing requirements that affect who can work on what projects. The administrative cost is real, and some research collaborations have been disrupted. The policy question is how much of this is necessary to actually protect strategic capabilities versus how much amounts to self-imposed friction on US scientific output.
Allied coordination has its own institutional infrastructure. The Wassenaar Arrangement is a multilateral export-control regime covering dual-use technologies. Its 42 member states include most major economies but not China or Russia. Wassenaar operates by consensus, which means individual members can block broader controls. For some categories, the US has built parallel coordination outside Wassenaar — bilateral agreements with Japan and the Netherlands on chip equipment are recent examples. The proliferation of mini-frameworks is messier than a single multilateral regime but more responsive to specific strategic concerns.
End-use verification is the operational backstop. The Bureau of Industry and Security runs an end-use check program that sends verifiers to confirm that licensed exports are being used as described. The program covers a small fraction of total licensed exports, which means its deterrent effect runs through randomness rather than universal coverage. Companies that fail an end-use check face escalating consequences including removal of license eligibility. The threat is sufficient to shape behavior even though enforcement is partial.