Hello, this is Hamamoto from TIMEWELL. Today I want to walk through "ECCN," a keyword that no export control team can avoid, and put it into a shape that is actually useful on the ground.
Trading company staff and quality assurance managers in manufacturing often ask me, "Where exactly do I look to figure out an ECCN?" It is one of the central mechanisms of the US Export Administration Regulations (EAR), yet Japanese-language explanations tend to be fragmented and it is hard to know where to start. Through building TRAFEED, our export control AI agent, I have personally worked through several thousand ECCN classification cases, and I want to bring that field experience to the issues worth knowing as of April 2026.
My bottom line up front: an ECCN is a mechanism where "just staring at a five-digit code tells you nothing." The number only becomes useful once you combine it with the technical parameters behind it and the conditions that apply when the item is reexported from a country other than the United States. The first real step, then, is to understand "who decides, for what purpose, and in what forum," rather than the code itself.
Reading an ECCN Correctly, and the EAR99 Trap
An ECCN is made up of five alphanumeric characters. People sometimes confuse it with a ten-digit code, but that is the Schedule B or HTS number used at the import-clearance stage—a completely different animal from an export control classification. The first digit is a number from 0 through 9: 0 is nuclear, 3 is electronics, 4 is computers, 5 is telecommunications and information security, and 9 is aerospace and propulsion. The second digit is a letter from A through E that represents the product group: A is equipment and systems, B is test equipment, C is materials, D is software, and E is technology. So "9A001" reads as "aerospace, equipment and systems, number 001," which refers to civilian gas turbine engines. The third through fifth digits, along with sub-paragraphs such as .a or .b.1, specify more detailed performance thresholds.
The concept you absolutely need to know here is EAR99. Even if an item is not individually listed on the Commerce Control List (CCL), it remains subject to the EAR as long as it is a US-origin item or technology. EAR99 is the bucket that catches everything that is "subject to the EAR but not on the list." Most commercial items fall into EAR99 and can typically be exported without a license. But once General Prohibitions 4 through 10 are triggered—exports to embargoed countries, deals with restricted end-users, or items destined for weapons of mass destruction end-uses—a license is required even for EAR99 items. In my view, this structure, where "something that looks harmless can suddenly fall into scope based on end-use," is the single biggest trap in ECCN work.
You also cannot ignore the "catch-all" rules. If you know, or have reason to suspect, that an item will be used for a concerning end-use, you have an affirmative obligation to obtain a license regardless of the item's ECCN. Confirming the ECCN is not the end of your job; classification only completes once you have also confirmed "who the counterparty is" and "what they will do with it." Export control is less about hunting down a number and more about reading context.
How to solve export compliance challenges?
Learn about TRAFEED (formerly ZEROCK ExCHECK) features and implementation benefits in our materials.
How Classification Actually Works in the Field
The Japanese term 該非判定 (gaihi hantei) is used in domestic export control as well, but in an EAR context it refers specifically to "the act of classifying an item against the CCL." The process follows guidance published by BIS[^1]. The first question is always, "Is this item within the scope of the EAR at all?" That includes items manufactured in the US, items shipped from the US and later arriving in Japan, items containing US-origin content, and items produced using US-origin technology. If you can conclude at this gate that the item is out of scope, you do not even need to hunt for an ECCN.
From there, you work through the CCL with the technical specs in hand. In practice, most of the hard calls sit in Categories 3 (electronics), 4 (computers), and 5 (telecommunications), and they usually hinge on whether quantitative thresholds such as frequency ranges, compute performance, or cryptographic strength are crossed. The recently added 4A906 for quantum computers, for example, requires you to check whether qubit count and gate error rate exceed the specified limits. The mistake I see most often in the field is when "catalog values do not quite match the actual spec." The catalog advertises performance right up against the regulatory ceiling, but the shipped unit has factory-set limits below that line—and the classification outcome shifts depending on who certifies that in which document.
There is also an escape hatch when you are genuinely stuck. BIS operates the Commodity Classification Automated Tracking System (CCATS), an online classification request process that, once you file, returns an official ECCN in roughly four to six weeks. Japanese manufacturers do hold CCATS rulings, and suppliers will sometimes answer with, "For this model number the CCATS is Gxxx." Personally, I think CCATS is worth serious consideration precisely for the low-frequency, edge-case items. The administrative load is not trivial, but it operates as insurance against discovering later that "we should have been licensing this all along." On the Japanese side, classification results also underpin customs documents, so pairing this with our guide to non-applicability certificates will help round out the picture.
Three Scenarios Japanese Companies Keep Running Into
The EAR is a US law, but extraterritoriality brings it into the Japanese business environment in wide-ranging ways. In practice, three patterns come up repeatedly. The first is incorporating US-sourced components or software into your own product, then exporting that product to a third country. Here the de minimis rule takes over: if US-origin content is at or below 25 percent, EAR reexport controls do not reach most destinations. But the threshold drops to 10 percent for embargoed countries such as Cuba, Iran, North Korea, and Syria, and to 0 percent for state sponsors of terrorism, so the calculation has to be redone for each destination. CISTEC has noted that the toughest part of this calculation, in practice, is "establishing country of origin at the component level"[^2].
The second pattern involves domestic transactions that look unrelated to the US but end up inside the EAR net through indirect routes. A classic example is buying a semiconductor manufacturing tool through a Japanese trading company, later discovering it was produced with US technology, and then triggering reexport controls when you relocate that tool to an overseas plant. In December 2024, BIS added 140 companies—including entities in Japan, South Korea, and Singapore—to the Entity List in one sweep[^3]. Without a process to continuously monitor whether your counterparties are on the Entity List, the odds of stumbling into a violation unknowingly are very high.
The third pattern concerns dual-use technology. Materials for R&D, test and measurement equipment, and data analytics software may have been developed for civilian purposes, yet remain inherently capable of military application. What I personally find most troublesome in this space is the "should have known" standard of liability. You are expected to read the totality of counterparty information, stated end-use, and prior transaction history, and to stop the transaction if the signals look wrong—"we did not notice that far" is not a defense after the fact. For export control teams, the broader policy currents discussed in pieces like National Security Information Council and the blocked acquisition of Makino Milling are also useful inputs when sharpening your own judgment bar.
Making ECCN Classification Efficient with TRAFEED
If you have read this far, you will sense that ECCN work is a patient accumulation of "someone reads the documents, checks them against a standard, and makes a call at the right moment." The problem is that as transaction volume grows to hundreds or thousands per month, human capacity simply cannot keep up. TRAFEED is the world's first export control AI agent, and we built it specifically to break that bottleneck.
Concretely, it completes counterparty screening in roughly five seconds. It cross-references multiple denial and restriction lists—Entity List, Denied Persons List, SDN List, and others—and uses machine learning to score variations of similar names, so gray-zone counterparties do not slip through. Alongside this, our classification AI engine proposes candidate classifications aligned with both METI's framework and the US CCL. Field teams constantly get fuzzy questions such as, "This part number is probably EAR99, but I want a gut-check"; hand it to TRAFEED, and it parses the catalog and technical spec and comes back with a candidate ECCN plus the supporting rationale. Multilingual support also matters more than I expected at the implementation stage—English-language documents from overseas subsidiaries can be processed as-is.
One design choice I cared about deeply was the guardrail that "a human always makes the final call on an AI output." Export control ultimately sits at the level of executive accountability, so whether the AI says "black" or "white," the rationale has to be legible enough for a human to read and agree with. The TRAFEED UI shows the decision side by side with the statutes and clauses consulted, the technical parameters checked, and similar prior cases, so a reviewer can close the loop in about five minutes. Export control is a race against the clock, and finishing your review quickly to move on to the next transaction translates directly into business agility. For more, please take a look at the TRAFEED page.
The 2026 Regulatory Outlook: The Affiliate Rule and the Frontier Tech Wave
You cannot discuss the 2026 export control landscape without the Affiliate Rule. This rule automatically pulls subsidiaries and affiliates that are 50 percent or more owned by an Entity List company into the same scope of control—a major change published by BIS on September 30, 2025[^4]. Roughly a month after publication, enforcement was suspended, and the rule is currently on hold until November 9, 2026. From November 10, 2026, however, the rule will go back into effect indefinitely, which leaves only about half a year of runway.
Once the Affiliate Rule returns, the operational load will jump. Subsidiaries of counterparties that you have historically treated as separate legal entities will be treated on par with Entity List designations depending on the ownership chain. JETRO's analysis has highlighted the difficulty of continuously tracking ownership at or above 50 percent[^5]. My read is that from late 2026 into 2027, a large number of Japanese companies will be forced into a "root-and-branch rework of the counterparty master." The companies that start that preparation early versus those that do not will diverge sharply in their resilience against shutdown risk.
The other major wave is the acceleration of controls on semiconductors, AI, and quantum. Between the end of 2024 and 2025, eight new ECCNs were added across high-bandwidth memory (HBM), AI hardware, and quantum computing. For 4A906 on quantum computers, the concrete thresholds are qubit count and gate error rate. On the semiconductor manufacturing equipment (SME) side, expiration dates have been extended through December 2026, and similar transitional fine-tuning continues. From April 13, 2026, the certification standard for authorized IC designers will also tighten, with applications only valid for 180 days. In this corner of the rulebook, the frequency with which "what was legal last month requires a license next month" is unusually high, and a management framework that assumes continuous information updates is essential.
Where Things Stand as of April 2026, and Three Steps to Start Today
Zooming out, ECCN classification is not a one-off task but an ongoing management cycle that an organization has to run continuously. Here are the three steps I suggest you can start today.
First, inventory the country-of-origin information and ECCNs for your top 100 items. Suppliers will, in most cases, provide non-applicability certificates or an ECCN summary on request. When you hit items where the information simply does not come together, treat that as a warning sign that the supplier relationship is weaker than it should be.
Second, increase the cadence of counterparty screening. An annual refresh cannot keep up with the monthly updates to the Entity List. Shift to monthly screening or, ideally, screening at each transaction. If deploying an AI tool such as TRAFEED is not in the cards, at minimum bookmark the BIS Legacy Lists page internally and build a handover routine so the practice survives a change of personnel.
Third, prepare an ownership map for the return of the Affiliate Rule. Map out parents, subsidiaries, and sibling entities for your main counterparties, and make the 50-percent-or-more ownership linkages visible. You have roughly seven months until November 2026, but the moment you start digging, the data is more tangled than most people expect. The earlier you start, the more quietly you will ride out the turbulence in the second half of the year.
Export control can feel like a bottomless swamp when you first wade in. What I have seen repeatedly in the field, though, is that "once the system is in place, day-to-day operations become surprisingly light." If you want a partner for that first climb, please get in touch with the TRAFEED team.
References
[^1]: Bureau of Industry and Security, "Classify Your Item / Licensing." https://www.bis.gov/licensing/classify-your-item [^2]: Center for Information on Security Trade Control (CISTEC), "Introduction to US Reexport Controls." https://www.cistec.or.jp/service/beikoku_saiyusyutukisei/index.html [^3]: WilmerHale, "BIS Issues Sweeping Additional Restrictions on Semiconductors and Advanced Computing, Entity List Designations" (December 2024). https://www.wilmerhale.com/en/insights/client-alerts/20241206-bis-issues-sweeping-additional-restrictions-on-semiconductors-and-advanced-computing-entity-list-designations [^4]: Federal Register, "Expansion of End-User Controls To Cover Affiliates of Certain Listed Entities" (2025-09-30). https://www.federalregister.gov/documents/2025/09/30/2025-19001/expansion-of-end-user-controls-to-cover-affiliates-of-certain-listed-entities [^5]: JETRO, "The Trump Administration Expands the Scope of Export Controls to Cover Subsidiaries of Entity List Companies" (2025-09). https://www.jetro.go.jp/biznews/2025/09/c92c704c4b353243.html [^6]: METI, "Quick Guide to Security Export Control." https://www.jetro.go.jp/ext_images/world/security_trade_control/pdf/guide/202401_v2.pdf