BIS Expands Export Controls to Affiliates of Listed Entities

If export compliance used to feel like checking a list and moving on with your day, BIS showed up in late 2025 like a professor handing out a surprise final exam. The Bureau of Industry and Security expanded export controls so they could reach certain affiliates of listed entities, not just the names printed neatly on the Entity List or Military End-User List. In plain English: if a company was majority-owned by a listed party, BIS wanted industry to stop pretending that a fresh logo, a new office, or a cousin-company in another country magically solved the national security problem.

That shift mattered. It turned ownership analysis into a front-and-center compliance issue, pushed exporters to look beyond simple list screening, and forced legal, sales, procurement, logistics, and IT teams to start speaking the same language. Sometimes that language was “due diligence.” Sometimes it was “Please do not ship that yet.” Both were correct.

This article breaks down what changed, why BIS did it, what it means for exporters and global supply chains, and why the rule’s later suspension does not make the underlying compliance lesson disappear. Because in export controls, the phrase “temporary pause” rarely means “time to nap.”

What BIS Actually Changed

The big development was BIS’s move to expand end-user controls to cover certain non-listed foreign affiliates of listed entities. Under the new framework announced in September 2025, a foreign company could become subject to the same export restrictions as a listed entity if it was owned 50 percent or more, directly or indirectly, individually or in the aggregate, by one or more covered parties.

That was a major departure from the older “legally distinct” approach. Before the change, Entity List and MEU List restrictions generally applied to the named party itself and its non-legally distinct branches, but not automatically to separate affiliates, subsidiaries, or sister companies just because they sat in the same corporate family tree. In practice, that left room for diversion risk. A listed entity could still have meaningful ties to an affiliate that was not itself named on the list. BIS decided that gap was too generous and too easy to exploit.

The rule was widely described as BIS’s version of a 50 percent rule, similar in concept to the ownership-based approach long familiar in sanctions compliance. For trade compliance teams, that meant screening stopped being only about names and started being much more about structure. If your process ended with “not on the list,” congratulations: you had finished Step One of a much longer scavenger hunt.

The Lists and Restrictions Involved

The expansion touched several categories of restricted parties. Most importantly, it captured foreign entities majority-owned by parties on the Entity List and the Military End-User List. It also interacted with certain EAR provisions tied to specially designated sanctioned parties identified in BIS regulations. That meant companies could not treat these restrictions as a narrow niche issue for one industry or one region. The compliance ripple effect was broader than many businesses first hoped.

For many listed entities, the applicable license standard is already extremely restrictive, often including a presumption of denial. So when those restrictions flow down to a covered affiliate, the practical result is not a mild paperwork inconvenience. It can be a hard stop, a licensing bottleneck, or a business decision to walk away from the transaction entirely.

Why BIS Expanded Export Controls

BIS’s stated rationale was straightforward: the old standard was not doing enough to protect U.S. national security and foreign policy interests. Regulators were concerned that listed entities could use affiliates, ownership layers, opaque corporate structures, or newly formed foreign companies to keep receiving items subject to the EAR. In other words, the government was not interested in watching controlled goods stroll through the back door while everyone politely stared at the front gate.

This policy move also reflected a larger trend in U.S. export enforcement. The government has become more aggressive about diversion, circumvention, and corporate restructuring that appears designed to preserve access to sensitive technology. In that environment, BIS was signaling that substance matters more than clever corporate paperwork. If ownership ties create real risk, compliance systems are expected to find them.

A Rule Built Around Ownership, Not Vibes

One important detail is that the BIS expansion focused on ownership, not general influence or vague commercial closeness. That distinction matters. A company does not become automatically covered just because it works closely with a listed party, shares customers, or attends the same trade conference. The ownership threshold is the trigger.

Still, BIS did not ignore other warning signs. Significant minority ownership, overlapping control indicators, or other meaningful ties were treated as red flags requiring additional diligence. So while the rule is ownership-driven, companies that think “We are safe at 49 percent” may be confusing legal scope with enforcement risk. That is not the same thing, and it is not a fun lesson to learn after the shipment leaves the warehouse.

How the Rule Changed Day-to-Day Compliance

The most immediate effect was operational. Compliance teams now had to look past the named customer, distributor, or end user and ask a more difficult question: who ultimately owns this party? For public companies in transparent jurisdictions, that might be annoying but manageable. For private companies in opaque jurisdictions, it can feel like solving a jigsaw puzzle made entirely of fog.

BIS underscored that exporters, reexporters, and transferors must conduct due diligence to determine whether a foreign entity falls under the affiliate standard. That includes situations where the party is not named on the Consolidated Screening List. In fact, one of the biggest practical consequences of the rule is that the CSL is no longer exhaustive for this issue. Businesses can no longer treat list screening as a complete answer. It is now more like a useful opening move.

Red Flag 29 and the New “Figure It Out” Problem

BIS also added a new compliance concept often discussed as Red Flag 29. The message was simple but demanding: if you know a foreign party has one or more listed or otherwise restricted owners, you have an affirmative duty to determine the ownership percentage. If you cannot determine it, you may need to resolve the red flag, obtain a license, or identify an available license exception before proceeding.

That turns uncertainty into a real compliance issue. Under the older, simpler mindset, incomplete information might have led some companies to shrug and continue with the transaction. Under the expanded BIS approach, unresolved ownership is not a harmless blank space. It is a flashing warning light with paperwork attached.

Even more serious, BIS emphasized that these end-user restrictions are enforceable on a strict liability basis. In practical terms, a company does not need perfect bad intent to end up with a problem. A weak diligence process, poor escalation, or casual approach to ownership screening can be enough to create exposure.

The “Rule of Most Restrictiveness”

Because multinational ownership structures love complexity with the passion of a soap opera writer, BIS also had to explain what happens when multiple listed owners are involved. The answer was not especially cuddly: the most restrictive applicable requirements can flow down.

Suppose one affiliate is owned in the aggregate by more than one covered party, and those owners sit under different licensing conditions. BIS’s approach means the strictest applicable licensing requirement, license exception eligibility, and review policy may govern. That matters because companies cannot assume a more favorable owner somehow cancels out a harsher one. Export controls are not a math class where averaging helps your grade.

This also matters for foreign direct product rule analysis in some scenarios. If one covered owner carries especially strong FDP implications, that can affect how the downstream affiliate must be treated. So the ownership exercise is not just about finding a percentage. It is about understanding which restrictions come with it.

Temporary Relief Did Not Erase the Message

When BIS rolled out the expansion, it also provided limited transitional relief through a temporary general license for certain transactions involving some non-listed foreign affiliates of listed entities. That signaled that BIS understood companies needed a short runway to adjust systems, contracts, and shipments already in motion.

Then came the policy plot twist: in November 2025, BIS imposed a one-year suspension of the Affiliates Rule, effective November 10, 2025, through November 9, 2026. On paper, that pause stayed the changes previously made by the September rule. For anyone writing about the topic today, that pause is essential. Ignoring it would be like reviewing a movie and forgetting to mention the ending.

But the suspension does not make the original lesson irrelevant. First, BIS expressly preserved the broader policy concern about diversion through affiliates. Second, the rule’s publication showed the agency’s appetite for ownership-based controls. Third, companies that used the brief effective period as a wake-up call probably improved their compliance posture anyway. Frankly, that is not wasted effort. Export controls have a habit of rewarding the prepared and embarrassing the optimistic.

What This Means for Exporters, Manufacturers, and Tech Companies

For exporters, the practical takeaway is that due diligence must be deeper, earlier, and more documented than before. Screening software alone is not enough. Businesses need processes for beneficial ownership review, affiliate mapping, escalation protocols, and hold decisions when information is incomplete.

Manufacturers and technology companies feel this most sharply because they often sell through distributors, integrators, resellers, contract manufacturers, and regional partners. The farther the supply chain stretches, the easier it becomes for ownership questions to hide in plain sight. That is exactly why BIS focused on affiliates in the first place.

Four Smart Compliance Moves

First, upgrade screening workflows. Name screening should be paired with ownership checks where the customer profile, geography, product, or end use raises risk.

Second, document diligence. If you ask who owns a customer and what percentage is held by a listed or restricted party, keep the record. Good documentation may not make the problem vanish, but bad documentation can make it much worse.

Third, train commercial teams. Sales staff do not need to become export lawyers, but they should know that “new affiliate,” “joint venture,” “same shareholders,” or “we use a different company for this market” are not innocent little throwaway comments.

Fourth, revisit contracts and distributor terms. Certifications, audit rights, notification obligations, and end-use commitments all become more valuable when ownership-based restrictions are in play.

Specific Examples That Show Why the Rule Matters

Imagine a semiconductor equipment supplier in the United States selling to a Malaysian company that is not named on any restricted party list. Under a basic old-school screening approach, the transaction might look clean. But if that Malaysian company is 50 percent or more owned, directly or indirectly, by a listed Chinese entity, BIS’s expansion would treat the affiliate as subject to the listed entity’s restrictions. Suddenly the “clean” transaction is not clean at all.

Or imagine a cloud infrastructure provider contracting with a foreign joint venture. One owner holds 48 percent and is tied to a highly restricted listed party through another covered owner. Another owner holds 2 percent but carries a stricter license standard. Under BIS’s aggregate and most-restrictive logic, the result may still be a licensing minefield. This is why modern export compliance can feel less like a checklist and more like corporate archaeology.

Historical BIS actions involving large multinational groups such as Huawei also explain why regulators care about affiliate structures so much. The U.S. government has long shown concern that named entities can continue operating through non-U.S. affiliates or changing structures. The 2025 expansion did not appear out of nowhere. It was part of a broader regulatory story in which listed-party controls became more sophisticated, more extraterritorial in effect, and much less impressed by clever org charts.

Experience From the Real World: What Companies Usually Feel When a Rule Like This Lands

In the real world, a rule like this rarely arrives as a neat legal memo and then politely waits for everyone to catch up. It lands in the middle of quarter-end deals, supply shortages, board presentations, and somebody’s very confident promise that the goods will ship Friday. Then the compliance team reads the rule, looks at the org chart, and suddenly Friday becomes “Let’s revisit that.”

A common experience inside companies is the immediate shift from list screening to ownership panic. Sales asks whether the customer is on a list. Compliance says, “Not exactly the right question anymore.” Procurement asks whether existing suppliers are affected. Legal asks whether contract reps are still good enough. IT gets pulled in because screening tools need new logic. Finance gets dragged into the room because nobody understands ownership percentages faster than the people who live inside cap tables and corporate records.

Another real-world experience is discovering how uneven corporate transparency is from one country to another. In some jurisdictions, ownership records are relatively accessible. In others, finding the ultimate owners of a private company can feel like trying to open a locked filing cabinet with a spoon. That is when companies learn the uncomfortable truth behind BIS’s message: not knowing is not the same as being safe.

There is also the practical stress of business timing. A customer may be legitimate, commercially important, and entirely frustrated that your company suddenly wants ownership documentation, board details, affiliate information, and written certifications. From the customer’s point of view, it can feel excessive. From the exporter’s point of view, it is the difference between a controlled transaction and a future enforcement headache. Nobody loves that conversation, but mature compliance programs learn how to have it without sounding accusatory or chaotic.

One more recurring experience is cultural. Rules like this expose whether a company truly treats export compliance as an enterprise function or as a lonely corner-office hobby. The businesses that handle these shifts best usually already have cross-functional coordination, escalation pathways, and enough internal credibility for compliance to stop a shipment when needed. The ones that struggle are often the businesses where compliance is invited into the conversation after the quote is issued, the contract is signed, and the truck is warming up outside.

So while the BIS affiliate expansion may sound technical, the lived experience is very human: uncertainty, urgency, negotiation, data gaps, and a lot of urgent calendar invites. Behind every elegant regulatory summary is a team somewhere saying, “Wait, who owns this company, and why are there five versions of the answer?”

Final Takeaway

BIS’s expansion of export controls to affiliates of listed entities was more than a technical amendment. It was a statement about how the U.S. government now views corporate ownership, diversion risk, and compliance responsibility. Even with the later one-year suspension, the policy direction is hard to miss. BIS expects companies to look beyond names on lists, understand ownership chains, investigate red flags, and document the effort.

For businesses that touch cross-border technology, components, software, or equipment, the safest assumption is not that the pause makes the issue disappear. The safest assumption is that ownership-based diligence is now part of serious export compliance. Companies that treat this as a temporary curiosity may eventually discover that BIS has an excellent memory and very little patience for “We thought the affiliate didn’t count.”