The Compliance Officer’s Guide to Compliance with BIS’s Military End-Use and End-User (MEU) Rule

The Scope and Stakes of MEU Risk

As commercial technology, intellectual property, and manufacturing increasingly support military modernization efforts worldwide, compliance teams and trade counsel must be prepared to identify and manage military end-use and end-user (MEU) risk. This emerging risk adds complexity to a compliance officer’s role in safeguarding their organization. The U.S. government has made MEU regulations a compliance priority, aiming to prevent adversarial foreign militaries from gaining access to sensitive technologies, components, and equipment, particularly through internationally connected companies.

In early 2025, the U.S. Department of Defense doubled the size of its "Chinese military companies" list under Section 1260H of the National Defense Authorization Act (NDAA). Additionally, the U.S. Department of the Treasury maintains the Non-SDN Chinese Military-Industrial Complex Companies List (NS-CMIC List), which prohibits U.S. investments in named companies. And in March 2025, BIS added 80 entities located across Asia, the Middle East, and Africa to its Entity List for supporting Chinese and Russian military technology programs.

This last action underscores a critical reality: the exposure points are global. Risk isn’t limited to entities in China or Russia or other listed jurisdictions directly — firms must account for the broader ecosystem of intermediaries and third-country actors that can serve as conduits for restricted items or technologies.

BIS has emphasized in guidance that under its "knowledge standard,” firms must evaluate whether there is reasonable suspicion that a transaction will violate the Export Administration Regulations (EAR), and they cannot turn a blind eye to relevant information about a transaction or activity that is discoverable in the public domain. Willfully avoiding the discovery of information revealing potential MEU risk would not shield a company from liability, and would in fact typically be considered an aggravating factor in an enforcement action.

The MEU rule asserts broad authority that goes beyond reliance on formal government lists, which BIS has stated are not exhaustive. For compliance teams and trade counsel, identifying parties that present risk isn't as straightforward as simply monitoring parties added to government lists, as additional military, intelligence, and police bodies in jurisdictions of concern may fit the definition of a military end-user as per government guidance. MEU exposure also stems from entities with military-related commercial ties, entities that hold military or intelligence licenses, and entities that participate in tenders that have been issued by military end-users or that involve products or services at risk for military end-use.

Furthermore, MEU risk extends beyond the immediate counterparties in a transaction. Factors such as the nature of the goods, downstream supply chain actors, and geographic exposure can all introduce MEU concerns. This creates a complex environment for compliance teams and trade counsel and demands sophisticated tools and expertise to effectively implement a risk-based approach.
This guide breaks down the MEU rules, how to identify military end-users, and best practices for an effective MEU screening and enhanced due diligence (EDD) program — including how advanced intelligence and technology solutions can uncover risks that basic screening and customer attestations might miss.

Understanding Military End-Use and Military End-Users

At its core, MEU screening is the process of verifying whether exports, re-exports, and transfers of items subject to the EAR might be destined for military end-use, or for foreign parties that have been identified as or otherwise meet the definition of military end-users. In other words, if your product has military applications or may be used by or for the benefit of the military, intelligence, or police apparatus of a covered jurisdiction — even indirectly — the transaction may trigger a license requirement.

The BIS MEU Rule aims to restrict the availability of items subject to the EAR in certain jurisdictions to ensure that dual-use commodities, software, and technologies (i.e., items that have both civilian and military applications) are not diverted for military end-use in these covered countries, even if they are not controlled under the International Traffic in Arms Regulations (ITAR). Unlike ITAR, which exclusively regulates military items, the EAR covers a broader range of dual-use goods.

Covered jurisdictions currently include:

• Belarus
• Cambodia
• China
• Myanmar (Burma)
• Nicaragua
• Russia
• Venezuela

However, compliance teams shouldn’t focus solely on items or geographic indicators of risk. Entities outside of these covered jurisdictions, to include sellers, resellers, distributors, and other intermediaries, may also present MEU risk, particularly if they are listed by BIS, the Defense Department, or the Treasury Department. Furthermore, past trade activity or partnerships with military entities may signal involvement in a broader MEU procurement network.

This includes assessing both downstream customers — who may directly or indirectly use goods for military purposes — and intermediaries, who may also provide goods or services to military end-users.

Even if your product is not directly used in a defense context, exposure and licensing requirements can arise if your partners are engaged in, support, or are affiliated with military research, production, or procurement activities, including through dual-use technologies or intermediary channels.

What is a Military End-User?

A military end-user isn’t limited to a nation’s army or navy; according to BIS, it can include the national police and intelligence agencies of a covered jurisdiction, as well as any person or entity that supports or contributes to military end-uses. It also extends to private companies, universities, or other civilian businesses beyond the covered jurisdictions if they’re specifically involved in developing or supplying military projects.

Additional Frameworks

While MEU definitions originate from the EAR, the ITAR introduces a parallel — but stricter — framework.

• EAR (MEU Rule): Exporters must conduct due diligence when dual-use items (those with civilian and military applications) are involved, especially if destined for covered countries or military end-users. Specific licensing requirements apply based on the sensitivity of the item and the risk of military diversion.

• ITAR: Exporting items subject to ITAR — including defense articles, services, and technical data listed on the U.S. Munitions List (USML) — generally requires a license or other approval from the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC). Unlike under the EAR, exports of ITAR-controlled items require licensing regardless of destination or recipient. There is no general licensing exception based on end-use or user, and failing to obtain the proper license can result in severe civil and criminal penalties.

Together, the EAR and ITAR form the backbone of U.S. export controls, and compliance teams and trade counsel must evaluate which set of rules applies to each transaction.

The Treasury and Defense Departments also maintain lists of companies that are connected to the Chinese military. These lists carry restrictions for certain transactions and activities.

Key Challenges in Military End-Use and Military End-Users Compliance

One of the biggest challenges in MEU compliance is the risk of diversion — where third-party entities may funnel restricted items to military end-users or jurisdictions of concern. A consumer electronics firm, for example, may operate outside China but divert components to a Chinese defense contractor.
Organizations face additional hurdles in implementing effective MEU compliance, like:

• Constellation of U.S. regulations: MEU is a high-priority issue for the U.S. government, and multiple agencies have used their authorities to target MEU procurement globally. As a result, compliance officers must monitor a range of lists, rules, restrictions, and guidance documents to effectively manage MEU risk within their organizations.
• Hidden affiliations and intermediaries: Military end-users and the intermediaries who may supply them often operate under false pretenses through indirect channels that intentionally conceal their defense ties.
• Screening complexity: MEU risk extends far beyond listed entities, which represent only a fraction of the overall exposure. Geography, the nature of the item, and the counterparty’s broader supply chain can all introduce MEU exposure to your business.
• Opaque jurisdictions and non-traditional compliance sectors: Due to the nature of the items, technology, and equipment that militaries seek to procure, sectors that are not typically scrutinized by compliance teams and trade counsel may now require enhanced due diligence. Research institutions, universities, manufacturers, technology companies, trade intermediaries, freight forwarders, shippers, and investment companies may bring elements of MEU risk to your organization.

Why the Military End-User List is Only a Starting Point for Effective Risk Management

The BIS MEU List, which supplements the BIS Entity List, identifies foreign entities that are subject to additional export licensing requirements under the EAR. It’s a valuable starting point for compliance professionals and their overall export controls framework, but it’s explicitly non-exhaustive. Many high-risk entities don’t appear on it — even if they meet the criteria.

Like all government lists, the BIS MEU List provides a starting point for screening and historical insight into known MEU risks. However, fully understanding current and future MEU risk requires risk intelligence, contextual information, red flag indicators, and investigative due diligence.

Other blind spots that may exist for MEU due diligence:

• Front companies and intermediaries may act on behalf of listed entities
• Firms may have substantial ties to restricted military-industrial ecosystems
• Relationships may be obscured through ownership layers and affiliate networks
• A trading partner’s broader network may introduce risk not visible in the primary transaction

Reliance on the MEU List alone can create false confidence.

This is where Kharon’s MEU solutions provide critical value. Unlike many screening tools and datasets that rely exclusively on government-maintained lists and may only detect exact name matches, Kharon’s data and intelligence products identify deeper, harder-to-detect connections to offer the insight and context necessary to screen effectively and proactively mitigate exposure. Kharon is leveraged by some of the world's largest corporations to identify MEU risk.

Military End-Use and Military End-User Screening Best Practices

To build an effective compliance program, industry guidance recommends the following:

1. Take a risk-based approach to your customers, transactions, and trade relationships.
2. Avoid overreliance on government lists, which provides an incomplete picture of risk. Supplement them with proactive, independent research and contextual intelligence.
3. Use red flag indicators of export control evasion as a starting point to improve detection of potential MEU procurement activity, but take a more holistic, intelligence-based approach to investigating the full set of circumstances surrounding a transaction to determine whether an activity might be tied to evasion.
4. Leverage external intelligence. Risk intelligence, network analysis, contextual data, and an understanding of trade and evasion methodologies is critical for helping compliance teams and trade counsel make risk-based decisions with a full picture at hand. Inconsistent or inaccurate data can lead to false positives (unnecessary delays) or, more critically, false negatives (missed risks). Strong compliance programs integrate data feeds from reputable commercial providers that offer intelligence beyond government-issued lists and use comprehensive open-source intelligence (OSINT) resources and advanced analytics to surface risk.
5. As part of an enhanced due diligence program, use risk intelligence platforms — such as Kharon ClearView and Kharon GraphCast — to detect intermediaries, commercial fronts, and additional risk touchpoints within the broader networks of military end-users. 

The Future of Military End-Use and Military End-User Compliance

Because of geopolitical tensions, technological advancements, and increasingly sophisticated actors, the MEU regulatory landscape is constantly evolving.
In July 2024, BIS proposed a new rule that signals an expansion of oversight beyond traditional military end-users. It introduces three new categories of restricted end-users: “military-support end-users” (MSEUs), “military-intelligence end-users” (MIEUs), and “foreign-security end-users” (FSEUs) — encompassing entities that are indirectly supporting military capabilities. The proposed rule also aims to:

• Expand the jurisdictions subject to military end-use and end-user screening requirements beyond the current list.
• Apply restrictions to all items subject to the EAR, which would align controls more closely with the stricter rules already applied to Belarus and Russia.

Military End-Use and Military End-User Screening with Kharon

In an era of expanding MEU regulations and geopolitical uncertainty, intelligence-led screening will separate leaders in compliance from those falling behind.
Kharon equips compliance teams and trade counsel to:

• Detect diversion risk through indirect or circuitous trade routes that obscure the ultimate end-user
• Leverage enriched trade data that incorporates linkages to high-risk counterparties, military end-users, and evasion networks — far beyond standard shipment records
• Identify potential military end-users that are not on government lists
• Uncover potential front companies, intermediaries, and affiliates that may introduce MEU risk through their ongoing relationships and transactions
• Break down complex ownership structures that may span multiple layers or jurisdictions
• Investigate whether an entity’s participation in cross-border trade, government-issued bids, or technology or research collaborations may pose MEU risk
• Identify companies in restricted countries, like Russia and China, that may appear innocuous but actually have military ties, such as holding licenses for military production
• Strengthen documentation and due diligence protocols

With Kharon’s ClearView and GraphCast solutions, organizations can identify and visualize military-linked networks across jurisdictions — reducing the risk of export violations, reputational harm, and enforcement actions.

Stay ahead of MEU compliance challenges and use Kharon to build a comprehensive compliance program. Learn more about Kharon’s Military End-Use solutions here.