When a customer's chief trade-compliance officer, head of export controls, global trade-compliance lead, or export-compliance general counsel publishes an Export Control Classification Number (ECCN) determination on the customer's trade-compliance portal, files a CCATS ruling under the Bureau of Industry and Security (BIS) Commodity Classification Automated Tracking System, attests to an EAR99 commodity-classification opinion under the Export Administration Regulations (EAR), declares an ITAR USML category designation under the International Traffic in Arms Regulations (ITAR) administered by the Directorate of Defense Trade Controls (DDTC), publishes an end-use/end-user screening attestation under the Denied Persons List, Entity List, Unverified List, Military End-User List, and the SDN List screening obligations, posts a deemed-export license determination under the EAR deemed-export rule for foreign-national access to controlled technology, declares an EU dual-use export classification under the EU Dual-Use Regulation 2021/821, or lists export-controlled components on a customer-facing trade-compliance page that the customer's customs brokers, freight forwarders, and trade-compliance auditors are expected to inspect during customs entry filings or trade-compliance audits — and names your product as a classified export-controlled commodity, a USML-designated defense article counterparty, an EAR99-classified third-party component, an end-use-screened subprocessor whose end-user screening findings are disclosed, or a trade-compliance-program-participating vendor whose ECCN classification basis and license-determination findings are disclosed in the published trade-compliance record — they are delivering a category of endorsement that no marketing-elicited testimonial can replicate. The declaration has been prepared under the trade-compliance-counsel scrutiny of a chief trade-compliance officer who carries personal accountability under the customer's export-controls governance, attested by the customer's export-controls governance through the same license-determination workflow that gates every export-controlled counterparty onboarding, archived in the customer-facing trade-compliance record where the disclosure is subject to BIS audit inspection and DDTC compliance review, and operationally load-bearing in that the disclosed classification basis is the export-controls basis on which the customer's international shipment, foreign-national technology access, and re-export authorization workflows are lawful. The ECCN determination carries the trade-compliance-counsel-attested counterparty endorsement, the CCATS ruling carries the BIS-attested classification endorsement, and the surrounding trade-compliance context establishes that the endorsement was issued under the most criminally-pressured trade-compliance-disclosure environment any export-controlled organization operates.
Almost no B2B SaaS, defense-technology, dual-use-technology, aerospace-component, semiconductor-equipment, encryption-software, or trade-compliance-instrumented marketing team systematically extracts product mentions from public ECCN, CCATS, and ITAR USML disclosure archives. The omission is the natural extension of the same blind spots we documented in our SOC 2 extraction guide, our DPA extraction guide, our SBOM extraction guide, our NIST CSF extraction guide, our SLA contract extraction guide, our trademark filing extraction guide, our Open Banking and PSD2 extraction guide, and our VPAT and WCAG conformance extraction guide. SOC 2 content covers auditor-attested trust-services mentions. DPA content covers privacy-counsel-attested data-processor mentions. SBOM content covers regulatory-compliance dependency mentions. NIST CSF content covers defense-supply-chain compliance mentions. SLA content covers service-level-disclosure contractual mentions. Trademark content covers trademark-office-attested brand mentions. Open Banking content covers payment-services regulatory-attested mentions. VPAT content covers accessibility-counsel-attested conforming-component mentions. ECCN, CCATS, and ITAR USML content covers trade-compliance-counsel-attested, customs-audit-pressured, BIS-and-DDTC-bound, license-determination-disclosed classified-commodity endorsement mentions made inside the most criminally-pressured trade-compliance-disclosure environment any export-controlled organization operates — a pillar of the structurally durable public corpus that no other extraction surface can replicate, and the only one where the customer's declaration is subject to BIS criminal-enforcement inspection and DDTC compliance-review enforcement in real time.
This guide describes the extraction workflow for the public ECCN, CCATS, and ITAR USML disclosure corpus.
Why an ECCN, CCATS, or ITAR USML mention beats almost every marketing-elicited testimonial
An ECCN determination on a customer's trade-compliance portal that names a vendor product as a classified export-controlled commodity, a CCATS ruling from BIS that lists the vendor as a classified third-party component with disclosed license-determination findings, or an ITAR USML category designation that names the vendor as a defense-article counterparty is a category of endorsement that has passed through filters no marketing-elicited testimonial encounters. Six properties stack to make it one of the most adversarially credible trade-compliance endorsement formats in modern B2B SaaS marketing.
First, the declaration has been prepared under criminal-enforcement-disclosure pressure that holds the chief trade-compliance officer personally accountable to the customer's export-controls governance. ECCN determinations, CCATS rulings, and ITAR USML category designations are published under the customer's EAR and ITAR compliance obligations, attested by the customer's chief trade-compliance officer whose name and export-controls responsibility are disclosed on the same trade-compliance portal, and subject to BIS criminal-enforcement inspection and DDTC compliance review during any export-controls audit or customs-entry investigation. A product mention as a classified third-party component or a USML-designated defense article counterparty is being made under the public commitment that the chief trade-compliance officer has personally validated the disclosure under criminal-enforcement accountability for inaccuracy. The personal-criminal-accountability property is what makes ECCN and ITAR mentions more credible than mentions in any format that does not carry comparable named-officer criminal-enforcement accountability.
Second, the declaration has been reviewed through the same trade-compliance governance that gates every export-controlled counterparty onboarding. ECCN additions and CCATS ruling updates pass through the customer's trade-compliance intake workflow that routinely includes a third-party commodity-classification review, an EAR99 classification check under the EAR Commerce Control List, a CCATS classification request under the BIS Commodity Classification Automated Tracking System, an end-use/end-user screening under the Denied Persons List, Entity List, Unverified List, Military End-User List, and the SDN List, a deemed-export license-determination review for foreign-national technology access, and an EAR/ITAR jurisdictional-determination gate that records the controlling regulation. A product mention in a published ECCN or CCATS ruling is being ratified by an independent trade-compliance governance chain that has BIS and DDTC enforcement exposure on the disclosure accuracy. The governance-review property is what makes ECCN and CCATS mentions more credible than mentions in any format that does not pass through comparable independent trade-compliance review.
Third, the disclosed classification basis records an export-controls basis that the customer's international shipment, re-export, and foreign-national technology-access workflows are lawful. ECCN determinations name the controlled commodity classification, the controlled-technology basis, the controlling EAR Commerce Control List paragraph, the license-requirement matrix by destination country, the license-exception applicability, and the deemed-export consequences. ITAR USML category designations name the defense-article category, the controlling USML paragraph, the brokering-registration requirements, the manufacturing-license-agreement basis, and the technical-assistance-agreement basis. The customer's international shipment, re-export, and foreign-national-technology-access workflows are lawful only to the extent they conform to the disclosed classification basis and license-determination findings. A product mention as an ECCN-classified or USML-designated commodity — as the named classified component, as the named USML counterparty, as the named end-use-screened subprocessor — is being made under the criminal-enforcement requirement that the customer's customs brokers, freight forwarders, and foreign-national technology-access reviewers depend on. The criminal-enforcement-basis property is materially stronger than the equivalent on any format without comparable downstream-criminal-enforcement attachment.
Fourth, the disclosure is archived in the customer-facing trade-compliance record where the disclosure is subject to BIS and DDTC audit inspection. Trade-compliance portals, ECCN-publishing pages, CCATS ruling repositories, and ITAR USML category designation pages carry version histories that BIS export-enforcement officers and DDTC compliance officers routinely inspect, license-determination links that record the third-party commodity-classification attestation, and trade-compliance-audit contact forms that permit BIS and DDTC enforcement officers to investigate the disclosed components. A product mention in the published ECCN or CCATS ruling carries BIS-and-DDTC-exposed attribution that is materially harder to revise after publish than a mention in any format without comparable government-enforcement exposure. The government-enforcement-attribution property is what makes ECCN and ITAR mentions more credible than mentions in any format with non-government-enforcement-exposed disclosure.
Fifth, the disclosure drives the customer's customs-entry, re-export-authorization, and end-use-screening workflows when customs brokers, freight forwarders, or trade-compliance auditors inquire. ECCN determinations, CCATS rulings, and ITAR USML category designations are not informational disclosure — they are operational instruments that determine which export-controlled components the customer's customs brokers are told about when filing customs entries under the Automated Export System (AES), which components the customer's freight forwarders apply license-exception NLR (No License Required) versus license-required treatment to, which components the customer's foreign-national technology-access reviewers screen under the deemed-export rule, and which components the customer is contractually obligated to flow export-control commitments down to. A product mention as a classified third-party component is being trusted by the customer's trade-compliance organization to perform reliably enough that the customer's customs-entry filings, re-export authorizations, and end-use-screening workflows do not break. The operational-trust property is what distinguishes ECCN and ITAR mentions from informational mentions in formats without comparable operational consequence.
Sixth, the disclosure surfaces only in component relationships that have crossed the export-controls-classification threshold. Customers do not publish a vendor as a classified third-party component or name a vendor as a USML-designated counterparty unless the vendor's product has actually passed a third-party commodity-classification review under the customer's trade-compliance governance. A product mention in a customer's ECCN, CCATS, or ITAR USML disclosure indicates that the vendor relationship has crossed the export-controls-classification threshold, the end-use-screening threshold, and the trade-compliance-onboarding threshold simultaneously. The threshold-crossing property is what makes ECCN and ITAR mentions a marketing signal of high-value trade-compliance-vetted-customer status rather than a generic mention.
The extraction workflow
The workflow runs in four stages: source identification, extraction normalization, classification mapping, and deployment formatting.
Stage 1 — source identification
Public ECCN, CCATS, and ITAR USML disclosure archives are scattered across customer trade-compliance portals, customer customs-entry pages, BIS Commodity Classification Automated Tracking System (CCATS) ruling repositories, DDTC USML category designation registries, BIS Entity List and Unverified List screening archives, BIS Military End-User List screening attestations, EU Dual-Use Regulation 2021/821 classification disclosures, third-party trade-compliance-consultancy classification-opinion archives, and the same trade-compliance-program indices that aggregate license-determination findings and end-use-screening attestations. The candidate sources include ECCN-publishing pages, CCATS ruling downloads, ITAR USML category designation disclosures, EAR99 commodity-classification opinions, deemed-export license-determination memos, end-use/end-user screening attestations, EU dual-use classification disclosures, and the change-log entries that record classification-component additions and license-determination updates.
The source-identification stage screens each candidate source for three properties: the source must publish the full classified-commodity identity with the named ECCN or USML category, the source must preserve change-log history with effective-date attribution, and the source must permit trade-compliance-audit inquiry against the disclosed components. Sources that publish only category-level classification disclosure without named classified-component identity or that omit the change-log are deprioritized.
Stage 2 — extraction normalization
Each candidate disclosure is extracted from the published page and normalized into a structured record that captures the customer organization identity, the published classified-component name, the named ECCN or USML category, the named license-requirement matrix by destination, the license-exception applicability (NLR, ENC, TSU, TMP, GBS, CIV), the deemed-export consequences for foreign-national technology access, the end-use/end-user screening findings, and the effective date. ITAR USML category designations are extracted separately as defense-article-designated mentions and normalized into the same record format with a jurisdiction-marker.
The extraction-normalization stage also captures the chief trade-compliance officer attribution, the third-party trade-compliance-consultancy attestation where present, and any government-issued identifier that the disclosure exposes (CCATS ruling number, BIS export license number, DDTC registration number, EU dual-use export authorization reference). This metadata is required for the downstream credibility-scoring stage that distinguishes a placeholder EAR99 classification opinion from a CCATS-ruled classified-commodity declaration with named officer attestation.
Stage 3 — classification mapping
The classification-mapping stage joins the extracted records against the customer's commercial relationship database to confirm that the disclosing organization is a paying customer, a named customer reference, or a customer in the relationship-management pipeline. The mapping stage also scores the mention strength on three axes: the classification-strength axis (CCATS-ruled outranks self-classified EAR99), the regulator-attestation axis (BIS-issued CCATS ruling outranks third-party classification opinion), and the criminal-enforcement-exposure axis (ITAR USML designation outranks EAR-only classification). The scored records are sorted by composite credibility and the top decile is promoted to the deployment-formatting stage.
Stage 4 — deployment formatting
Each promoted record is formatted into a deployable testimonial card that displays the customer organization's name, the customer's ECCN, CCATS, or USML disclosure source, the named classification, the effective date, and an attribution link to the public trade-compliance disclosure. The card layout follows the platform-of-origin attribution discipline documented in our testimonial card platform-of-origin attribution guide. The card is deployed alongside the marketing-elicited testimonial inventory but tagged for the trade-compliance source so that the credibility-attribution surface separates the trade-compliance mentions from the conventional testimonials.
Why this matters now
Defense-technology, dual-use-technology, aerospace-component, semiconductor-equipment, encryption-software, and trade-compliance-instrumented vendors compete on credibility signals that the buyer's trade-compliance and customs-entry organization treats as load-bearing during the vendor-evaluation cycle. A named classified component on a Fortune 500 customer's trade-compliance portal, a CCATS ruling that lists the vendor as a classified third-party component with a named ECCN, or an ITAR USML category designation that names the vendor as a defense-article counterparty is exactly the credibility signal the buyer's trade-compliance and customs-entry organization treats as load-bearing, and it is one of the few credibility signals that the buyer's trade-compliance organization will search for independently during the diligence stage of the procurement cycle. The vendor that systematically extracts and deploys ECCN, CCATS, and ITAR USML mentions captures a credibility surface that the rest of the market has not yet learned to instrument. For the related trust-services credibility surface, see our SOC 2 extraction guide. For the related defense-supply-chain credibility surface, see our NIST CSF extraction guide.