EU Dual-Use Export Controls for HW 2026

Q: What changed in EU dual-use rules in 2025?

Delegated Regulation EU 2025/2003 (adopted 15 November 2025) is the most significant update to dual-use controls in years. It expanded controlled items to include quantum computing components (any system with over 34 physical qubits, cryogenic electronics designed below 77K), advanced semiconductor manufacturing equipment (EUV lithography, ALD tools, epitaxial deposition), and user-configurable FPGAs above certain performance levels. High-end FPGAs like AMD Versal and Intel Agilex 9 are now explicitly covered under entry 3A001.

Q: Do EU export controls apply to FPGA development boards?

Generally no — most commercial FPGA development boards fall under consumer goods exceptions (EU Control List Note 2) or are below the control thresholds in entry 3A001. However, if you add custom signal processing firmware or defense-specific IP to a development board, the resulting system may become controlled. Classification depends on the complete system, not just the FPGA chip alone.

Q: What happens if I export FPGAs or hardware without a license?

Penalties for unauthorized dual-use exports vary by EU Member State but typically include criminal prosecution, fines of up to €500,000 or more per violation, imprisonment of up to 5–10 years, and denial of future export privileges. Companies may also face reputational damage and loss of government contracts. Repeat violators can have all export activity suspended by national authorities.

Q: Does providing FPGA design services to a non-EU company require a license?

Potentially yes. If the design services involve controlled technology (signal processing algorithms, cryptographic implementations, radar designs) and the recipient is outside the EU, this constitutes a transfer of technology under EU Regulation 2021/821. The license requirement depends on the specific technology, destination, and end-use. Even sharing VHDL or Verilog source code with a non-EU subcontractor can count as a deemed export of controlled technology.

Q: How do I know if my FPGA falls under EU dual-use controls?

Check Annex I Control List entries 3A001 (electronics) and 4A003 (computers) of EU Regulation 2021/821, plus the November 2025 update via Delegated Regulation 2025/2003. The control thresholds specify parameters like logic element count, processing speed, encryption capability, and interface bandwidth. Your FPGA vendor's datasheet provides the technical parameters needed for classification. When in doubt, request a formal classification opinion from your national export control authority.

Q: What is an EU General Export Authorization (GEA)?

GEAs are pre-approved authorizations that allow license-free dual-use exports under specific conditions. EU001 covers most Annex I items to trusted destinations (Australia, Canada, Japan, New Zealand, Norway, Switzerland, UK, USA). EU002 covers repair or replacement of previously exported items, EU003 covers temporary export for trade fairs. Using a GEA does not mean the export is uncontrolled — you must still meet conditions and maintain detailed records for the required retention period (typically 10 years).

Q: Are intra-EU transfers of dual-use items controlled?

Most intra-EU movement of dual-use items does not require a license. However, exceptions exist for Annex IV items, including stealth technology, certain cryptographic items, and specific MTCR-listed technologies. EU dual-use controls primarily target exports outside the EU customs territory, which is why end-to-end EU development and manufacturing significantly simplifies compliance for sensitive hardware projects.

Q: Does the dual-use regulation apply to FPGA IP cores and HDL source code?

Yes — software and technology are explicitly covered under categories 3D001 and 4D001 of Annex I. FPGA IP cores delivered as VHDL or Verilog source code can be controlled if they implement controlled functionality (signal processing, cryptography, certain communications protocols). The deemed export rule means that even granting non-EU engineers access to a repository containing controlled IP can trigger licensing requirements.

Inovasense

What are EU dual-use export controls?

Dual-use export controls are EU regulations (based on Regulation EU 2021/821) that restrict the export of goods, software, and technology that can be used for both civilian and military purposes. As of November 2025, Delegated Regulation EU 2025/2003 expanded controlled items to include advanced FPGAs, quantum computing components, and semiconductor manufacturing equipment. European hardware developers must classify their products against the EU Control List and obtain export licenses when shipping to certain destinations. For dual-use compliant design services, see our Defense & Dual-Use capabilities.

The 2025 Update: Why Hardware Developers Should Pay Attention

On November 15, 2025, the EU adopted Delegated Regulation 2025/2003, the most significant update to dual-use controls in years. This regulation amended Annex I of the EU Dual-Use Regulation (2021/821) to align with changes from the Wassenaar Arrangement, the Missile Technology Control Regime (MTCR), the Australia Group, and the Nuclear Suppliers Group.

For hardware developers, this matters because the update added entirely new categories of controlled items that directly affect the electronics industry — including components you may already be using in your designs.

What’s New in the 2025 Control List

The following technology categories were expanded or introduced:

Quantum Computing Components

Controlled Item	Control Number	Threshold
Quantum computers	4A005	Any system with >34 physical qubits
Cryogenic electronics	3A002	Components designed to operate below 77K
Parametric signal amplifiers	3A002	Designed for quantum computing signal chains
Cryogenic cooling systems	—	Designed for quantum computing applications
Cryogenic wafer probers	3B001	For testing at cryogenic temperatures

Advanced Semiconductor Manufacturing

Controlled Item	Control Number	Why Controlled
EUV lithography systems	3B001	Critical for sub-7nm fabrication
EUV masks, reticles, pellicles	3B001	Essential consumables for EUV process
Atomic Layer Deposition (ALD) equipment	3B001	Advanced thin-film deposition
Epitaxial deposition tools	3B001	Semiconductor crystal growth
Dry etching equipment	3B001	Advanced pattern transfer
Scanning electron microscopy (SEM)	3B001	Metrology and inspection

High-Performance Electronics

Controlled Item	Control Number	Threshold
Advanced CMOS ICs	3A001	Specific performance/feature thresholds
User-configurable FPGAs (FPLDs)	3A001	Above certain logic element counts or performance levels
Advanced integrated circuits	3A001	Specified by performance parameters
High-entropy alloys	1C002	Refractory metal compositions for defense applications

Critical for FPGA designers: High-end FPGAs from AMD/Xilinx and Intel are now explicitly covered. If your product uses a Versal, Agilex 9, or equivalent device and is exported outside the EU, you may need an export license depending on the destination and end-use.

Understanding the Dual-Use Control Framework

The EU dual-use system operates on three levels of control:

1. List-Based Controls (Annex I)

Your product is on the EU Control List (10 categories from nuclear materials to electronics to software). If it meets or exceeds the technical parameters specified for a listed item, it requires an export license for most non-EU destinations.

2. Catch-All Controls (Article 4)

Even if your product is NOT on the list, an export license may be required if:

You are aware (or have been informed by authorities) that the items are intended for weapons of mass destruction (WMD)
The items are intended for military end-use in embargo destinations
The items involve cyber-surveillance tools that could be used for internal repression

3. Sanctions and Embargoes

Separate from dual-use controls, EU sanctions (e.g., against Russia, Belarus, Iran, North Korea) impose outright export bans on many dual-use and advanced technology items, regardless of end-use.

How This Affects FPGA-Based Products

FPGAs occupy a unique position in dual-use controls because they are inherently reconfigurable — a single FPGA can be reprogrammed for civilian signal processing or military radar. This dual-use nature means:

Classification Challenges

Scenario	Classification	License Required?
FPGA development board sold for education	May fall under Note 2 exceptions	Usually no (general consumer exception)
Custom FPGA-based signal processing module for industrial use	Potentially 3A001 or 4A003	Depends on FPGA specs and destination
FPGA-based radar processing unit for defense customer	Almost certainly 3A001 or Category 6	Yes — may require individual license
FPGA IP core (HDL source code) for signal processing	3D001 or 4D001 (technology/software)	Yes — technology transfer controls apply
FPGA design services provided to non-EU defense entity	Category 3E or 4E (technology)	Yes — deemed export of controlled technology

Key Considerations for FPGA Developers

Check your FPGA family against the control list. The control thresholds specify logic element counts, performance levels, and interface speeds. High-end FPGAs (Versal, Agilex 9) are more likely to fall under controls than mid-range (Artix, Cyclone) or low-power (Lattice iCE40) devices.
Technology transfer counts as export. If you share VHDL/Verilog source code, design documentation, or technical know-how with a non-EU entity, this may constitute a “deemed export” of controlled technology, even if no physical goods leave the EU.
End-use matters. A civilian-use FPGA board shipped to a defense contractor as part of a weapons system changes the export control analysis entirely, even if the FPGA itself is below control thresholds.
Intra-EU transfers are generally free. EU dual-use controls primarily apply to exports outside the EU. Intra-EU movement of most dual-use items does not require a license, though some exceptions exist (e.g., Annex IV items like stealth and cryptographic technology).

The Export Licensing Process

1. Product Classification
   ├── Determine if your product falls under an Annex I entry
   ├── Check technical parameters against control thresholds
   └── If unsure, request classification from national authority

2. Destination Assessment
   ├── Check EU sanctions lists (consolidated list of persons/entities)
   ├── Identify destination country risk level
   └── Determine applicable EU General Export Authorizations (GEAs)

3. End-Use Verification
   ├── Obtain end-user statement/certificate
   ├── Verify stated end-use is plausible
   └── Screen against denied party lists

4. License Application (if required)
   ├── Submit to national licensing authority
   ├── Include technical specifications, end-user certificate, and contract details
   └── Processing time: 30–90 days typical

5. Compliance Documentation
   ├── Maintain records for minimum 10 years (some Member States: 5 years)
   ├── Implement Internal Compliance Program (ICP)
   └── Regular training for staff involved in export activities

EU General Export Authorizations (GEAs)

The EU provides several General Export Authorizations that allow license-free exports under specific conditions:

GEA	Destinations	Items	Conditions
EU001	Australia, Canada, Japan, New Zealand, Norway, Switzerland, UK, USA	Most Annex I items	Low-sensitivity items to trusted destinations
EU002	Multiple	Certain electronics, computers, telecom	Repair/replacement of previously exported items
EU003	Multiple	Certain electronics after temporary export	Re-export after trade fairs/demonstrations
EU005	Multiple	Telecommunications equipment	Specific telecom items under conditions
EU006	Multiple	Dual-use chemicals	Specific chemical precursors

Important: GEAs have specific conditions and record-keeping requirements. Using a GEA does not mean the export is uncontrolled — it means you don’t need an individual license, but you must still comply with all conditions and maintain detailed records.

Compliance Best Practices for Hardware Developers

1. Implement an Internal Compliance Program (ICP)

The EU strongly recommends ICPs for all companies dealing with dual-use items. An effective ICP includes:

Management commitment — Senio