13th March 2025

Recently, on the 18th February 2025, a South Korean news outlet addressed Hanwha’s bid to export its Command, Control, Communication, Computer, and Intelligence (C4I) system to the Australian government.

Should Hanwha’s bid be successful, there is an often-overlooked implication for the relevant Australian defence project supply chain to be aware of: the international export control implications foreign sourced products bring, in this case, South Korean.

In today’s globalised defence landscape, managing multi-jurisdictional export controls is a critical part of any Australian defence project.

It’s no longer just about complying with US export control laws like the International Traffic in Arms Regulations (ITAR). With international supply chains becoming more prevalent, companies must navigate a range of export control regimes, including those from partner countries like South Korea. The recent example of Hanwha’s potential defence export to Australia illustrates the complexity and importance of multi-jurisdictional compliance.

A pertinent question is: As Australian defence projects increasingly rely on multijurisdictional supply chains—not just from our traditional capability partners, the U.S. and U.K.— how do export control practitioners in Australia manage the increased burden and complexity?

Start with a Baseline Export Control Assessment

An important first step in managing export controls in any defence project is conducting a baseline assessment of the project’s export control status. This means mapping out all foreign-sourced parts, components, and services to identify their origin and determine which export control regime applies. For each jurisdiction, companies must understand the applicable rules and restrictions.

Take Hanwha’s case as an example. If the South Korean company successfully exports defence capabilities to Australia, South Korean export control rules could apply around handling, access and reporting. South Korea’s export control system comprises four primary laws, each of which may have implications on cross-border management, depending on the equipment/technology and circumstance:

• Foreign Trade Act: This law serves as the principal framework for export controls, outlining licensing procedures and designating responsible authorities.
• Defense Acquisition Program Act: Governs the export of defence-related materials and technologies.
• Nuclear Safety Act: Addresses the control of nuclear materials and related technologies.
• Prohibition of Chemical and Biological Weapons Act: Regulates the export of specific chemicals and agents to prevent the proliferation of chemical and biological weapons.

These regulations and those of other countries might impose additional obligations on Australian companies to manage and control the imported technology properly. Without thorough due diligence, these “knowable unknowns” could become major compliance risks.

A common challenge with overseas suppliers…

One of the main challenges in projects with multi-jurisdictional supply chains is determining the origin of each part or component. This is particularly tricky when suppliers are unable or unwilling to disclose detailed information or don’t recognise that export controls may apply.

This occurs frequently in the case of dual-use components and technical data. Therefore, companies must work closely with their international supply chain partners to obtain the necessary data to ensure transparency. Clear communication, fostering relationships and contractual obligations are key to overcoming these issues.

South Korea also imposes strict controls on the re-export or retransfer of strategic items. Australian companies intending to re-export South Korean-origin items to third countries may in some circumstances be obligated to obtain prior authorisation from the South Korean government.

This ensures that the items do not end up in unauthorised destinations or with prohibited end-users. These requirements are outlined in the The Defense Acquisition Program Act and the Foreign Trade Act for the Exportation or Importation of Strategic Items.

Additionally, when importing South Korean-origin controlled items back into South Korea for repair or maintenance, specific procedures must be followed. These typically involve obtaining the necessary import licenses and ensuring that the items are returned to the original exporter or an authorised entity. While customs laws are separate and distinct from export controls, they are of equal importance as compliance with customs regulations is essential to facilitate smooth re-entry.

This scenario of extra-territorial export control is not only possible but likely for the majority of foreign countries that Australian companies rely on to source equipment.

Many jurisdictions also maintain robust mechanisms to ensure that exported items are used as intended, therefore it can be expected that as a part of buying integrating foreign components and technology in Australian platforms or equipment, end users will be thoroughly vetted. Post-export monitoring to detect and prevent unauthorised use or diversion of controlled items is also likely, facilitated through a country’s Australian local embassy representatives.

An internal compliance program is necessary –
but it will only be effective if it is tailored to your organisation

Once a baseline assessment has been completed, you know which country’s laws and rules apply to your organisation. These must all be incorporated into an Internal Compliance Program, so that your employees are aware of the regulatory environment they are operating in. A comprehensive compliance program should include fundamental policies and rules for export control compliance, touching on all facets of the organisation where export controls interact, for example, Human Resources, Procurement and Purchasing, Supplier Onboarding and Business Development to name a few.

For each specific project, it’s important to create or update a Technology Control Plan (TCP). The difference between an internal compliance program or framework and a TCP, is that the TCP just covers what is necessary for the particular project or controlled technology. It does not recreate or duplicate the organisation wide rules that are contained in an internal compliance program but rather references the rules that are applicable to the situation requiring the TCP. A TCP should list foreign-sourced parts or services and detail all applicable export control considerations, including factors like the US Persons Abroad (USPAB) requirements if you have a U.S. person providing a defence service to your organisation. The TCP should also clearly outline all authorisations and restrictions that apply to the project.

Training and Communication

Training project staff is essential to ensure they understand the TCP and their compliance obligations. All staff should be trained on what is controlled, how it is controlled, and the expectations applicable to those controls. In the case of situations where multijurisdictional export controls apply, it is particularly important to educate your staff. The prevailing perspective in Australia is that it is only U.S. export controls, notably, the ITAR, that apply extraterritorially. This is simply not the case, so the more education and awareness provided to staff through training, the better. Obtaining staff acknowledgement of the TCP can help document their understanding and agreement to follow the outlined procedures.

Given the complexity of multi-jurisdictional export controls, regular formal and informal discussions with project staff are recommended. These conversations can help reinforce expectations and clarify any misunderstandings. Export control compliance is not a one-and-done task but an ongoing process that requires constant attention.

Seeking Expert Support

Finally, companies should not hesitate to seek help from experts in international export controls. Consultants and advisors with experience in this area can provide valuable insights and guidance, helping organisations avoid costly compliance missteps.

In summary, managing export controls in Australian defence projects is a complex but necessary part of doing business in today’s international defence industry. By conducting thorough baseline assessments, developing tailored compliance programs, and ensuring ongoing training and communication, companies can navigate these challenges with confidence.

Author: Amanda Mason, Security Trade and Industry Consultant