Export compliance for small defense suppliers

Export compliance for defense shops that don't have a compliance department.

Your prime says the part is controlled — now you're on the hook for the same export laws as Lockheed. DepChain reads your drawings and BOMs, tells you exactly which rules apply to each part, and keeps controlled data out of the wrong hands and the wrong tools.

Built by a sourcing engineer who's qualified shops like yours for a decade.
Bay Area shops get early access first. No spam, ever.

Technical data package TDP-DPC-4471-002 Draft · you confirm Synthetic example

Determination ITAR · USML Category IV(h)

Reasoning

Part is a component of a launch vehicle / missile system described on the U.S. Munitions List. Material, function, and customer program point to a defense article, not a dual-use item — so jurisdiction is State (ITAR), not Commerce (EAR).

Controlling regulation: 22 CFR 121.1 — USML Cat IV · reference edition 2026.06.22

Foreign-person access AI-tool exposure Non-US service

3 deemed-export risks flagged · draft Technology Control Plan generated Decision support — not legal advice

The problem

A six-person machine shop is under the same export law as a prime — with no one whose job is compliance.

When a prime wins a defense contract, it must "flow down" the government's export rules to everyone who touches the work. So the shop making the part inherits obligations written for companies with whole legal departments — and the penalties are real.

$1.27M

Maximum ITAR penalty — per violation. (EAR: up to $377,700 or twice the deal value.)

1 login

A single foreign-national employee viewing controlled data is a "deemed export" — even inside the U.S.

1 paste

One controlled drawing dropped into a general-purpose AI tool can be an unauthorized export.

The AI angle barely existed two years ago, and nobody is watching it. DepChain turns this from a stack of PDFs and guesswork into a clear, defensible call — with the reasoning shown and the controlling regulation cited every time.

How it works

Read the data. Catch the risk. Generate the record.

One loop, built for a non-expert under pressure. Every consequential call is a draft a human confirms — DepChain assists, it doesn't adjudicate.

Classify every part

Ingest the drawings, specs, and BOM and determine each part's export jurisdiction and code — with the reasoning shown and the controlling regulation cited. What it can't read, it flags instead of guessing.

ITAR / USML EAR / ECCN EAR99

Catch deemed-export risk

Track who and what touches controlled data and flag exposure the moment it happens — a foreign-person login, a non-US cloud service, or a controlled file sent to a general-purpose AI tool.

Foreign person AI tool Non-US service

Generate the record

Produce the Technology Control Plan your customer requires and keep an immutable, hash-chained audit trail of every access and every determination — the proof, not just the policy.

Control Plan Audit trail

Who it's for

Machine shops Injection molders PCB / board houses Finishers & platers 2–50 people No compliance staff

Why now

The rules just changed, the clock is running, and the exposure is new.

The USML was rewritten

Targeted revisions to the U.S. Munitions List took effect September 2025 — shifting what's controlled and how.

CMMC enforcement is phasing in

Cybersecurity requirements are rolling out across defense contracts through November 2026 — and flowing down to suppliers.

AI-tool exposure is exploding

Engineers paste controlled drawings into AI assistants without a second thought. No one sells the fix — until now.

Primes are pushing hard

Supplier-development teams are forcing these requirements down the chain and want their shops compliant fast.

Early access

Get DepChain on your toughest part.

We're onboarding a first group of Bay Area shops on synthetic data now, and real technical data packages in a controlled environment next. Join the waitlist or grab a quick call.

Join the waitlist Book a 15-min call