7 Export Compliance Mistakes Small Exporters Keep Making — and How to Avoid Them
Most export violations don't start with bad intent. They start with a small company shipping a normal-looking order on a busy Tuesday.
U.S. export rules apply to companies of every size, but the mistakes cluster differently at small scale. Large exporters have compliance departments, counsel on retainer, and screening software. Lean teams have a founder wearing six hats. After reviewing enforcement actions, BIS guidance, and recurring compliance issues facing lean teams, the same seven patterns keep showing up.
1. Assuming "no license required" means "no compliance required"
Many products ship under EAR99 or with license exception eligibility, and no license is ever filed. That can be perfectly fine — but it often gets remembered as "we don't do export compliance." The obligations to screen parties, watch for red flags, and keep records typically apply even when no license is needed. "License-free" describes the shipment, not the company's duties.
2. Screening the customer once — and never again
A buyer screened clean in 2024 may appear on the Entity List in 2026. Restricted-party lists change continuously, and additions sometimes cover affiliates and subsidiaries rather than just the named entity. A single screening at onboarding, with no re-screening at order or shipment time, is one of the most common gaps in small-company processes — and one of the easiest to close.
3. Treating the freight forwarder as the compliance department
A freight forwarder does not replace the exporter's own compliance responsibilities. Exporters/USPPIs are generally expected to provide accurate classification and authorization information, while responsibilities for filing and other steps depend on the transaction structure — including whether the transaction is routed or non-routed. BIS guidance is explicit that exporters and forwarders are expected to work together, each with their own obligations; hiring a forwarder is a logistics decision, not a transfer of compliance duties.
4. Guessing the ECCN — or copying a competitor's
Classification drives everything downstream: license requirements, exception eligibility, destination analysis. Small teams often inherit an ECCN from an old invoice, a supplier's datasheet, or a competitor's website and never revisit it. Products change, the Commerce Control List changes, and a stale classification can quietly invalidate every decision built on top of it.
5. Ignoring deemed exports at home
Releasing controlled technology or source code to a foreign person inside the United States can constitute an export to that person's most recent country of citizenship or permanent residency. Not every foreign employee's access triggers a license requirement — it depends on whether the technology is controlled and whether a license would be required to export it to that person's home country. But startups hiring globally, especially into engineering roles with access to technical data, frequently have no process for asking that question at all — because nothing ever "ships."
6. Missing the red flags in plain sight
A freight destination that doesn't match the customer's address. A buyer indifferent to specifications but insistent on delivery routing. Payment from a third country. None of these automatically means a violation — but they are classic red flags that regulators expect exporters to notice and resolve before shipping, not after.
7. Keeping records in inboxes
When a question arrives — from a bank, a partner, or an agency — the difference between a stressful week and a routine reply is documentation: who was screened, when, against which lists, who reviewed the flag, and why the shipment proceeded. The EAR's recordkeeping rules (Part 762) generally require retaining export records for five years. Scattered emails are not an audit trail; the habit of recording decisions at the moment they're made is what makes a compliance posture defensible.
What this means for lean teams
None of these mistakes requires an enterprise budget to fix. They require structure: re-screening tied to shipments rather than onboarding; classifications reviewed on a schedule; red flags logged and resolved in writing; decisions recorded by a person, not assumed by a process.
That's the design philosophy behind EGS AI: software should do the heavy reading — checking documentation for completeness and consistency, surfacing findings — while a human makes and records every call that matters.
See what structured, human-in-the-loop compliance review looks like in practice. The interactive demo opens a workspace with sample documents in about two minutes — no signup, no sales call.
Try the live demo →For regular analysis of export-control developments, follow along on LinkedIn.