By George Canovas, Vice President Compliance, FD Associates
The U.S. Department of Commerce Bureau of Industry and Security (BIS) has entered into an administrative enforcement settlement with Vizocom ICT, a California company, concerning an alleged violation of the Export Administration Regulations (EAR) involving the export of controlled technology to the People’s Republic of China (PRC).
The Alleged Export Conduct
According to the BIS Order, the charged conduct relates to a single transaction occurring on or about May 22, 2019, when Vizocom uploaded and transferred antenna specifications through a “Made in China” web portal operated by a Chinese manufacturer located in the Peoples Republic of China (PRC).
BIS determined the uploaded specifications were “technology” subject to the EAR because they contained information necessary for the production of a Very High Frequency and Ultra High Frequency (VHF/UHF) antenna. BIS further stated the antenna was designed for military radios and had no civilian applications.
BIS described the specifications as controlled under ECCN 3E611 (National Security and Regional Stability reasons), as technology for the production of an antenna controlled under ECCN 3A611. BIS also stated that a BIS license was required to export the specifications to the PRC under 15 C.F.R. §§ 742.4 and 742.6, and that no license exceptions were available for that export, but Vizocom did not seek or obtain a license.
Contract Context and Downstream Conduct Described by BIS
The Order provides additional context tying the export of specifications to a U.S. government procurement. Specifically, BIS states Vizocom bid on a U.S. Navy Request for Proposal for 450 antennas identified as being manufactured by a U.S. company, with the solicitation stating there was no substitute and requiring the awardee to be an authorized distributor or reseller. BIS states Vizocom obtained a quote from the U.S. manufacturer for $165,109.50, submitted a bid in the same amount, and received the award.
After award, BIS states that Vizocom personnel engaged the Chinese manufacturer through the portal and conducted correspondence regarding antenna details, appearance, and pricing, ultimately agreeing to a price of $6 per antenna for 500 antennas, including emphasis that the finish and external appearance match the requested antenna.
BIS further states that the Chinese manufacturer mailed three sample antennas to the residence of Vizocom’s CEO for evaluation. Following receipt of the samples, Vizocom agreed to purchase 500 antennas from the Chinese supplier and arranged for a separate U.S. company to test and repackage the antennas in the United States under the name of the U.S. manufacturer identified in the Navy solicitation and from whom Vizocom had originally obtained its quotation. According to the Order, Vizocom subsequently supplied 450 of the repackaged PRC-manufactured antennas to the U.S. Navy under the awarded contract.
BIS also states Vizocom emailed the Navy a technical specification sheet altered to represent that the antennas were produced by the U.S. company, and that Vizocom provided 450 repackaged PRC-manufactured antennas to the Navy and received $165,109.50 in payment.
Settlement Terms
The BIS Order states the matter was resolved through a settlement in which Vizocom agreed to a civil penalty of $374,474, the maximum penalty and more than twice the transaction amount, payable over five years in 20 quarterly installments beginning March 15, 2026, with the final installment due December 15, 2030.
The Order also imposes a five-year denial of export privileges, suspended during a five-year probationary period, and subject to activation if Vizocom fails to make timely payments or commits another violation of ECRA, the EAR, or related orders, licenses, or authorizations.
Parallel Pattern Under ITAR – The Same Operational Failure with a Different Rulebook
Although Vizocom is an EAR case, the enforcement posture aligns with a recurring theme seen in major ITAR matters, where the core compliance breakdown is not a “shipment problem” but the unauthorized release of controlled technical data in the normal rhythm of program execution and supply-chain coordination.
For example, the U.S. Department of State announced a $13 million consent agreement with Honeywell to resolve alleged export violations involving the release of ITAR controlled technical data for several highly sensitive military platforms to China under the Arms Export Control Act and ITAR, under a multi-year compliance framework.
More recently, the State Department announced a $200 million consent agreement with RTX Corporation (Raytheon’s parent), again under a multi-year remedial structure, in a matter involving alleged export violations that included the release of controlled technical data to China and related compliance failures.
Why This Keeps Happening, and Why Generic Training is not Enough
Taken together, these matters illustrate a recurring enforcement theme across both regulatory regimes: unauthorized transfers of production or design information during vendor engagement or program support activities. The issue affects organizations of varying size because modern engineering and procurement processes routinely require technical data disclosure to confirm manufacturing capability, conduct testing, or coordinate system integration. In many such situations, the transfers occurs during routine operational exchanges where personnel may not recognize that the information being shared constitutes controlled technology or a regulated export or the export classification is misunderstood or the Order of Review process has not been conducted properly.
A reasonable interpretation from these cases is that the true compliance exposure point often sits much earlier in the workflow than most training assumes. Across enforcement actions and internal investigations, this recurring pattern highlights the limitations of generalized export compliance training that focuses primarily on shipping procedures, licensing forms, or high-level regulatory awareness. In many cases, the individuals closest to the risk are engineers, sourcing specialists, program managers, and technical support personnel whose day-to-day responsibilities require sharing drawings, tolerances, test procedures, build specifications, photos, or production instructions with vendors. The compliance moment is often an upload, an email attachment, a collaboration portal invitation, or a supplier onboarding step, not a physical shipment out the door.
That is why effective programs increasingly require job-specific training built around actual workflow decision points, for example:
- Engineering and product teams, what counts as controlled “technology” or “technical data” when it is “necessary for production,” and when an upload or portal exchange becomes an export event.
- Procurement and vendor-management teams, how to route vendor RFQs and capability assessments through a technology release check before specifications are transmitted to foreign vendors.
- Program teams supporting defense or sensitive programs, how “get it built fast” pressures create predictable failure modes, and how to escalate before sharing controlled information outside the company’s authorized perimeter.
In other words, organizations reduce this risk less by repeating generic rules, and more by training people on the precise moments their jobs create export events.
Bottom Line
The Vizocom settlement confirms that export controls attach to technical information itself, and electronic transmission of production specifications may be a regulated export even without a physical shipment. The practical and material lesson here is operational: the real compliance trigger often occurs during routine engineering collaboration and vendor engagement, not at the moment goods leave the facility.
Knowledge is king here, it is clear that organizations need to look at all the touch points where export decisions are being made and address those touchpoints with specific/specialized training. Programs built only around shipping controls will overlook the primary exposure point. Controls must extend upstream to technical data sharing and workflow decision points.
~SYNOPSIS~
This article uses the recent BIS Settlement with Vizocom to explain how export control violations often arise not from physical shipments, but from routine sharing of technical information during engineering collaboration, supplier engagement, and production support. The key takeaway is that export controls attach to the data itself, meaning uploads, drawings, specifications, or troubleshooting exchanges can trigger regulated exports long before anything ships.
FD Associates brings decades of export compliance experience helping organizations identify these real operational touch points, map where export events actually occur, and train the specific personnel most exposed to the risk. By aligning compliance controls and role-based training with day-to-day workflows, FD Associates helps companies reduce exposure, prevent violations, and avoid costly enforcement outcomes.