US export controls are entering a new phase. By November this year, companies exporting goods, software or technology subject to US regulations will face significantly expanded compliance obligations under new rules introduced by the Bureau of Industry and Security (BIS).
At the centre of these changes is the so-called "50 percent affiliates rule" – a shift that moves export controls beyond named entities and into ownership structures.
What is changing and why it matters
Under current export control frameworks, restrictions typically apply to entities explicitly listed on government watchlists such as the Entity List or Military End User (MEU) List.
The new BIS rule changes this approach. It extends export restrictions to any company that is 50 percent or more owned, directly or indirectly, by a listed entity, even if that company does not appear on any restricted party list.
This represents a shift from a name-based system to an ownership-based model, closing what regulators see as a major loophole where restricted parties could operate through subsidiaries or affiliates.
The number of entities subject to export controls could increase dramatically, potentially multiplying several times over, many of which will not appear on traditional screening lists.
A significant expansion of compliance risk
The rule has a substantial practical impact, where exporters must now consider:
- Indirect ownership structures, not just direct customer
- Aggregated ownership (multiple restricted parties combining to reach 50 percent)
- Entities that may not be publicly linked to restricted parties
In some cases, exporters will have an affirmative obligation to investigate ownership. If ownership cannot be determined, companies may need to treat the transaction as restricted or seek a license. Companies relying solely on list-based checks risk missing prohibited transactions and facing potential penalties.
Implementation timeline
Although enforcement of the rule has been temporarily paused until November 2026, this delay is intended to give companies time to prepare. When implemented, the rule is expected to:
- Increase the number of restricted entities from a few thousand to potentially tens of thousands globally.
- Apply across all transactions subject to US export regulations.
- Impact both US and non-US companies dealing with US-origin goods or technology.
Key areas firms must address now
Preparation will take time. Companies that wait until enforcement begins risk disrupted shipments, licensing delays and compliance breaches. To plan effectively, companies should focus on these three core areas:
- Ownership visibility: Understanding beneficial ownership becomes critical, requiring a deeper look into who ultimately controls entities. This involves enhanced due diligence on customers and partners, collecting ownership declarations and maintaining ongoing monitoring of corporate structures as they evolve.
- Screening and data capabilities: Traditional screening tools need to expand beyond basic name checks to remain effective. This means incorporating ownership linkages, identifying indirect affiliations and using broader risk indicators that go beyond standard restricted-party lists.
- Internal processes and governance: Export control workflows must adapt to handle increased complexity in ownership structures. This includes establishing clear escalation procedures for unclear ownership cases, updating compliance policies and providing targeted training for trade and legal teams.
The role of export control and DPS tools
Given the scale and complexity of these changes, automation and advanced compliance tools will be critical.
Modern export control and denied party screening (DPS) solutions can:
- Map ownership structures across global entities
- Identify hidden affiliations with restricted parties
- Provide real-time screening against evolving regulatory requirements
- Maintain audit trails for regulatory review
Manual processes are unlikely to keep pace with the level of analysis required. Companies will need centralized, data-driven systems to ensure consistent and scalable compliance.
Compliance is becoming more proactive, data-intensive and dependent on visibility across the entire supply chain. Those that invest early in the right processes and tools will be better positioned to navigate the transition, while those that delay may face significant disruption when the rule comes into force.