On August 30, 2024, the U.S. Department of State’s Directorate of Defense Trade Controls (“DDTC”) announced the settlement of a record $200 million administrative enforcement action with RTX Corporation—a multinational aerospace and defense conglomerate—for 750 separate violations of the Arms Export Control Act (“AECA”) and accompanying International Traffic in Arms Regulations (“ITAR”). As described in the context of a charging letter released by DDTC, RTX Corporation and its various subsidiaries—including, most notably, Collins Aerospace (a successor-by-merger to Rockwell Collins, Inc.)—engaged in seemingly systemic violations of the ITAR when they facilitated the unlicensed export of defense articles and technical data (including classified defense articles) to a number of prohibited destinations abroad, including the People’s Republic of China (“PRC”) from approximately August 2017 to September 2023.

The charging letter reveals that most of the underlying violations stem from improper jurisdiction and classification efforts that were undertaken by Collins Aerospace personnel. According to the letter, on a number of occasions from 2014 through 2023, Collins Aerospace employees routinely engaged in unauthorized exports of controlled technical data to foreign person employees based on a misapplication of the ITAR’s “specially designed” definition and release criteria. As a result, Collins Aerospace personnel caused data related to USML Category VIII(i), and connected to the production of Boeing’s E-3 Sentry Airborne Early Warning and Control Aircraft, as well as the Embraer KC-390 Millennium, and F-22 Raptor, to be released to Chinese nationals employed at its facilities in Cedar Rapids and Shanghai. In a related incident, RTX Corporation also illegally exported technical data connected to the “aluminum display housing component” of the F-22 Raptor to at least four (4) entities physically situated in the PRC as part of a formal request for quotation (“RFQ”), operating under the false assumption that both the component and related technical data were actually controlled under the auspices of the Export Administration Regulations (“EAR”). In a separate series of incidents that occurred between March 2015 and May 2023, Collins Aerospace personnel further illegally exported Category XI(d) technical data to a number of entities located in the PRC, again as part of its RFQ process. An internal investigation into the root cause of the latter violation ultimately revealed that Collins Aerospace personnel had erroneously relied on the contents of a 2015 memorandum contemplating the future commercial exploitation of certain circuit card assemblies in radio devices that never came to fruition.

The same improper jurisdiction and classification efforts—and tortured understanding of the ITAR’s “specially designed” definition and release criteria—also led Collins Aerospace personnel to export much more sensitive technical data controlled under USML Category XI(d) to entities situated in the PRC to facilitate its acquisition of approximately forty-five (45) distinct Category XI(c)(2) printed wiring boards (“PWBs”). These PWBs were subsequently integrated into a number of highly sophisticated domestic and foreign military platforms, including most conspicuously, the VC-25 series of Presidential Transport Aircraft (commonly utilized by the President as Air Force One), the B-52 Stratofortress, the F/A-18 Hornet, the F-16 Fighting Falcon, and the U-2 Reconnaissance Aircraft. In each instance, Collins Aerospace personnel erroneously assumed that the PWBs were EAR-controlled (“EAR99”) and that no license was required to facilitate the export of related technical data. Notably, the charging letter further indicates that Collins Aerospace failed to inform its customers of the PWBs’ true origin until months or even years had elapsed. Similar misclassification efforts also led RTX Corporation subsidiary Raytheon to export a number of parts, components, and technical data pertaining to “sensitive U.S. and foreign government military platforms” controlled under USML Categories IV(c), IV(h), VI(f), XI(c), XI(d), and XII(e) to a host of foreign jurisdictions, including, but not limited to, Australia, Belgium, Canada, France, Germany, Greece, Israel, Japan, Mexico, the Netherlands, the Republic of Korea, Saudi Arabia, Singapore, Sweden, Türkiye, the United Arab Emirates (“UAE”), and the United Kingdom, without the proper authorization. These parts, components, and technical data were tied to critical defense platforms, including the Tomahawk Cruise Missile, RIM-162 Evolved SeaSparrow Missile (“ESSM”), and PAVEWAY Laser-Guided Bomb, among others.

Separately, the charging letter reveals that RTX Corporation disclosed dozens of additional violations involving the unauthorized export, re-export, and transfer of defense articles—including classified defense articles controlled under USML Categories IV(h), IV(i), and XI(c)—to Australia, Germany, Norway, and the UAE. With respect to Norway, RTX Corporation personnel are alleged to have sent technical data controlled under USML Category IV(i) to undisclosed recipients in that country due to “confusion” over the specific document that was to have been sent. In a separate instance involving the temporary export of classified components related to the ESSM, RTX Corporation personnel improperly utilized a DSP-73 authorization to facilitate the export of classified ESSM components designated as “Significant Military Equipment” (“SME”) to Germany for repair purposes, based on the erroneous assumption that the classified components had been removed from the defense article prior to shipment. The charging letter further reveals that RTX Corporation personnel illegally exported a single hard drive controlled under USML Category XI(c)—and connected to the MK698 Guided Missile system—to Australia, following the failure of a technical lead to ensure that the hard drive (utilized in connection with an oscilloscope) had been appropriately sanitized. In addition to incidents involving classified defense articles, the charging letter alleges that since 2019, all of RTX Corporation’s various U.S. subsidiaries illegally exported unclassified defense articles (including commodities designated as SME) to at least twenty-five (25) different foreign nations, including the PRC.  

Finally, the charging letter contends that on at least three (3) separate occasions since 2019, RTX Corporation personnel engaged in the unauthorized export of ITAR-controlled technical data when they traveled to destinations proscribed by 22 C.F.R. Section 126.1 for personal reasons. In 2021, RTX Corporation disclosed that an employee had traveled to Lebanon on at least two (2) occasions with his RTX-issued laptop, which itself contained ITAR-controlled technical data, and was also capable of accessing Raytheon’s U.S. network via a Virtual Private Network (“VPN”) connection. An examination of the files retrieved from the laptop revealed that, at the time the employee traveled to Lebanon, he had been in possession of technical data related to several Department of Defense (“DoD”) programs of record, including the Standard Missile-3, Standard Missile-6, and ESSM. In 2022, RTX Corporation also disclosed unauthorized exports of defense articles to the Russian Federation, when an employee hand-carried—and attempted to use—his RTX-issued laptop containing technical data related to the F-15 Eagle Fighter, F/A-18 Hornet, F-22 Raptor, and F-35 Lightning II Fighter in Saint Petersburg during a visit to his fiancée. RTX Corporation further disclosed that in March 2019, an employee in possession of a company-issued laptop traveled to Iran with information controlled by USML Category VIII(i) that was ultimately related to the production of components for the B-2 Spirit Bomber and F-22 Raptor.

To resolve the allegations contained in the charging letter as a whole, RTX Corporation entered into a consent agreement with DDTC that calls for the payment of a $200 million monetary penalty, $100 million of which may be used by RTX Corporation to fulfill its remedial obligations. Among other things, the consent agreement also calls on RTX Corporation to appoint a “special compliance officer” to oversee the implementation of remedial efforts designed to improve RTX Corporation’s AECA and ITAR compliance posture by adopting policies and procedures sufficient to prevent, detect, report, investigate, and remediate violations. The special compliance officer will be tasked with ensuring that the company establishes effective internal controls and compliance mechanisms, including the enhancement of cybersecurity protocols, data management practices, and export compliance training programs for employees. The officer will also have the authority to ensure that corrective actions are taken swiftly in response to any identified deficiencies.

The consent agreement further mandates regular reporting to DDTC on the company’s progress in adopting these measures, requiring RTX Corporation to submit detailed status updates and any necessary corrective action plans. These reports will serve as a key accountability measure, allowing DDTC to closely monitor the company’s ongoing compliance efforts. Periodic audits will also be conducted by independent third-party auditors to assess the effectiveness of its remedial activity. These audits will evaluate the company’s overall adherence to AECA and ITAR regulations, the efficacy of its compliance policies, and its ability to prevent future violations. Any deficiencies uncovered during these audits must be promptly addressed, and the results will be reported to DDTC. Failure to comply with the requirements set forth in the consent agreement—including audit obligations—could lead to additional penalties or enforcement actions by DDTC.