Export control is the system of rules that restricts or makes the export of certain goods, technology, and software subject to a license. At Musch Legal, we regularly advise technology companies, machine builders, and chemical exporters who face dual-use regulations. Since the revision in 2021, the scope has been extended to cyber surveillance and certain new technologies.

What is the legal issue? (Which goods are subject to export control?)

Dual-use goods are products and technology that are applicable for both civilian and military purposes. Regulation 2021/821 covers a long list of goods — from certain chemicals to specific chips, telecommunications equipment, surveillance software, and encryption. Export outside the EU requires a license. Military goods are subject to the separate Weapons and Ammunition Act and the Strategic Goods Decree. Non-compliance leads to criminal prosecution and administrative measures.

What does the law say? (Which regulations affect you?)

Regulation (EU) 2021/821 (recast Dual-Use Regulation, in force since 9 September 2021) governs EU-wide export control. Annex I contains the list of controllable goods. Dutch implementation is via the Import and Export Act and the Economic Offences Act. CDIU (part of Customs) handles license applications. For cyber-surveillance items, Article 5 of Regulation 2021/821 (catch-all control) applies additionally. For military goods, Weapons and Ammunition Act and Strategic Goods Decree 2012.

Category

Example

License requirement

Cat 1-2: nuclear, chemical

Specific reagents

Always individual license

Cat 3: electronics

Certain chips, FPGAs

Individual license per destination

Cat 5: telecom + encryption

Encryption modules

Often EU general authorisation

Cat 9: space/air

Specific components

Individual permit

Cyber ​​surveillance

Surveillance software

Permit + catch-all

Category

Example

License requirement

Cat 1-2: nuclear, chemical

Specific reagents

Always individual license

Cat 3: electronics

Certain chips, FPGAs

Individual license per destination

Cat 5: telecom + encryption

Encryption modules

Often EU General Authorisation

Cat 9: space/air

Specific components

Individual license

Cyber ​​surveillance

Surveillance software

License + catch-all

What risks do companies face? (What damage threatens in the event of a violation?)

Criminal prosecution under the Economic Offences Act with fines up to millions and imprisonment up to six years. Administrative fines under the General Administrative Law Act. License revocation with permanent exclusion. Reputational damage and banks terminating business relationships. Personal liability for directors under Section 51 of the Dutch Criminal Code. Damages caused by product recalls and market exclusion can impact operational continuity.

Practical example from our practice (How did Musch Legal save a chip technology exporter?)

Musch Legal advised a Dutch chip technology supplier that was supplying components to China without a license. CDIU initiated an investigation. We guided the voluntary notification, ongoing compliance implementation, and license application for future deliveries. Criminal prosecution was avoided; the client received an administrative fine of 35,000 euros instead of the estimated scenario of 850,000 euros plus reputational damage. The compliance program has since become part of the procurement process.

What can you do? (What steps are you taking now?)

Classify all your export products against Annex I of Regulation 2021/821. Apply for permits via CDIU in a timely manner for dual-use exports outside the EU. Implement the Internal Compliance Programme (ICP) under the EU ICP Directive. Train sales and purchasing staff. Document end-user statements and destination certificates. For cyber surveillance: exercise extra care under the Article 5 catch-all. Engage Musch Legal for export control audits.