[Effective November 10, 2026] U.S. BIS Affiliate Rule (50% Rule) Complete Guide — Five-Step Supply Chain Audit for Japanese Companies and TRAFEED Workflow

Hello, I'm Ryuta Hamamoto from TIMEWELL.

On November 10, 2026, after a one-year stay, the U.S. Bureau of Industry and Security (BIS) Affiliate Rule (50% Rule) will finally take effect. It is a rule that automatically extends Entity List restrictions to any entity in which a listed party holds 50% or more ownership.

If your first reaction is "we don't trade directly with the U.S., so this doesn't concern us," I have to say that thinking no longer holds in June 2026. Any Japanese company handling products that incorporate even a small amount of U.S.-origin semiconductors, software, or design tools is almost certainly in scope.

In this guide, I will lay out the timeline from the September 2025 publication through the one-year stay, the structural reasons Japanese companies are pulled in through re-export controls, a five-step internal assessment, the penalties for violations, the preparation work to do before the effective date, and how TRAFEED visualizes the "50% capital chain" — all grounded in primary sources as of June 2026. About five months remain. Now is the time to start moving.

What Is the Affiliate Rule (50% Rule)? (From publication to the one-year stay)

The Affiliate Rule (50% Rule) is a U.S. regulation that automatically subjects subsidiaries and affiliates owned 50% or more by parties on the Entity List — the strictest trade restriction list under the U.S. Export Administration Regulations (EAR) — to the same restrictions as the listed parties themselves[^bisaff2509].

Until now, the Entity List only covered "the entity whose name appeared on the list." Listed entities could circumvent restrictions, at least for a while, by creating new subsidiaries or operating under different corporate names until those new names were also added. The Affiliate Rule is designed to close that "subsidiary-based workaround" by tracing capital relationships back through the ownership structure and automatically re-applying the net.

Timeline from publication to the one-year stay

Date	Event
September 30, 2025	BIS publishes the final Affiliate Rule in the Federal Register[^bisaff2509]
October–November 2025	Industry feedback concentrates on the rule being "too broad" and the capital-chain determination being "practically impossible"
November 10, 2025	BIS announces a one-year stay (suspension of effectiveness)[^bisaff2511]
November 10, 2026	Scheduled effective date (no postponement or withdrawal announced as of this writing)

The loudest industry reaction immediately after publication came from the semiconductor and electronic components sector: "Tracing five layers of capital relationships for a single counterparty, across tens of thousands of transactions per year, is practically impossible." BIS responded by introducing a one-year stay, effectively giving companies time to build out a capital-relationship database. From what I have seen, the gap in post-effective response cost between companies that used the stay to build the infrastructure and those that did not will be at least one order of magnitude.

Comparison with the OFAC 50% Rule

The "50% rule" itself is not a new concept. The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has long applied a similar 50% rule to its Specially Designated Nationals (SDN) List.

What makes the BIS Affiliate Rule decisively different is that it operates inside the EAR regime, which governs technology exports. OFAC stops "the flow of money." BIS stops "the flow of technology and goods." Combined with EAR's extraterritorial reach (the Foreign Direct Product Rule, discussed below), the Affiliate Rule cuts much wider and deeper into Japanese supply chains.

Why Japanese Companies Are in Scope (Re-export, FDPR, group entity determination)

"Isn't the Affiliate Rule purely a U.S. domestic matter?" I get this question almost every week. Unfortunately, the answer is "No — most Japanese companies are in scope."

The structure of re-export (reexport) controls

U.S. EAR continues to govern transactions after U.S.-origin goods, technology, or software have left U.S. territory. When a Japanese company resells a U.S.-made chip stored in a Japanese warehouse to a third-country buyer, the transaction is classified as a "reexport" under U.S. EAR.

If the reexport destination is an Entity List party — or a 50%-or-more subsidiary of one — the Japanese company cannot proceed without a BIS license[^bisentity]. And the licensing regime is designed around a "Presumption of Denial," meaning that in practice, applications rarely get through.

The expansion of the Foreign Direct Product Rule (FDPR)

Even more problematic is the Foreign Direct Product Rule (FDPR)[^fdpr]. This rule pulls products manufactured overseas using U.S.-origin manufacturing equipment or design tools into the EAR regime.

For example, a semiconductor manufactured in Japan using U.S.-made semiconductor manufacturing equipment becomes subject to EAR under FDPR — even if the chip contains zero U.S.-origin components. Once the Affiliate Rule takes effect, selling that FDPR-covered product to a 50%-owned subsidiary of an Entity List party is a violation.

The "direct + indirect + aggregated" 50% determination

The trickiest part of the Affiliate Rule determination is the aggregation rule. The following cases also trigger the 50% threshold:

• Entity List party A owns 30% of counterparty X, and a separate Entity List party B owns 25% of X. Aggregate ownership is 55%, so X is in scope.
• Listed party A owns 60% of intermediate holding company C, and C owns 80% of counterparty X. Indirect ownership is 48%. If listed party B then holds an additional 5% directly in X, aggregate ownership is 53%, and X is in scope.

In other words, for each counterparty, you must aggregate the direct and indirect ownership held by every Entity List party. As of June 2026, the Entity List includes roughly 3,000 entities, and performing this exhaustive cross-check manually is simply not realistic[^biscompliance].

Five Steps to Determine Whether Your Company Is Affected

Here is where it gets practical. I have organized "where do I even start" into five steps.

Step 1: Refresh your counterparty database

Audit two years' worth of customers, distributors, and suppliers. Consolidate the counterparty information scattered across spreadsheets owned by sales and procurement, and standardize the following keys:

• Legal entity name (official Japanese and English)
• Country / region
• DUNS Number (Dun & Bradstreet entity identifier)
• UEI Number (used in U.S. federal procurement)
• Annual transaction value
• Share of U.S.-origin products and technology

DUNS numbers are the starting point for capital-relationship investigations, so prioritize obtaining them at least for the top 500 counterparties by transaction value.

Step 2: Investigate shareholder structure and ownership percentages

For each counterparty, investigate the shareholder structure and ownership percentages. The main sources are:

• SEC EDGAR (10-K, 10-Q, Schedule 13D and similar filings for U.S.-listed companies)
• Crunchbase and PitchBook (startup funding history)
• National commercial registries (e.g., China's National Enterprise Credit Information Publicity System)
• D&B Hoovers and Bureau van Dijk (commercial databases)

For unlisted entities, and for counterparties in jurisdictions like China and Russia, public sources often will not be enough to map capital relationships. In those cases, I recommend introducing a process that obtains a written declaration from the counterparty covering "parent companies, major shareholders, and the direct and indirect control structure."

Step 3: Cross-check against multiple Entity Lists

Cross-check the collected shareholder and parent-company information against the following lists:

List	Authority	Scope
Entity List	U.S. BIS	Trade restrictions under EAR
Military End User (MEU) List	U.S. BIS	Military end-user restrictions
Validated End User Program	U.S. BIS	Qualified end users
Unverified List	U.S. BIS	End-use verification incomplete
SDN List	U.S. OFAC	Economic sanctions targets
Foreign End-User List	METI (Japan)	WMD-concern counterparties[^userlist]
China "Export Control Management List" / "Watch List"	China MOFCOM	40-entity restriction targeting Japan (effective Feb 24, 2026)[^cistec0225]

For Affiliate Rule purposes, always run the Entity List and the Military End User List as the first two checks.

Step 4: 50% determination (direct + indirect + aggregated)

For each counterparty, aggregate the ownership held by Entity List parties:

• Direct ownership: ownership held by a listed party directly in the counterparty
• Indirect ownership: trace each step from the listed party through intermediate holding companies to the counterparty, multiplying the ownership percentages at each step
• Aggregation rule: sum the direct and indirect ownership held by multiple listed parties

If the aggregated number reaches 50% or more, or if a single listed party can be shown to exercise dominant control directly or indirectly, the counterparty is "Affiliate Rule covered." If you build the determination engine in-house, a graph database such as Neo4j is the realistic choice.

Step 5: Documenting and approving the determination

"We made a determination" is not enough. If BIS audits you in the future, you have to be able to produce the underlying rationale for every determination. At minimum, document:

• Determination date and the person who performed it
• Databases referenced (version and date of retrieval)
• Lists cross-checked (version and date of retrieval)
• Calculation basis for the ownership percentages (URLs or files of the primary sources)
• Determination result and the internal approver

Then build a mechanism into your internal compliance program (CP) to re-run this determination every quarter.

[Impact Assessment Checklist] Five items to verify internally before the Affiliate Rule takes effect

• Any major component supplier 50%+ owned by an Entity List party?
• Possibility of indirect delivery to Entity List parties through your distributors?
• Are parent, subsidiary, and group ownership maps up to date?
• Does your compliance program (CP) cover Affiliate Rule obligations?
• Can Entity List updates flow into your internal systems within 24 hours?

If any of these are unresolved, a 30-minute TRAFEED consultation can map out next steps.

Penalties and Past Cases

"So what actually happens if we violate?" Underestimating this part is what turns the effective date into a catastrophe.

Civil and criminal penalties

EAR violation penalties are as follows:

Category	Detail
Civil penalty	Up to USD 1 million per violation, or twice the value of the transaction, whichever is greater
Criminal penalty (entity)	Up to USD 1 million per violation
Criminal penalty (individual)	Up to USD 1 million per violation + 20 years' imprisonment
Administrative action	Denial Order (export ban) or revocation of U.S. export licenses

The truly frightening sanction is the Denial Order. A company under a Denial Order is cut off from receiving any U.S.-origin goods or technology. Semiconductor manufacturing equipment, design tools (EDA), even cloud services stop flowing. For semiconductor, electronics, automotive, and aerospace companies alike, a Denial Order threatens business continuity itself.

Representative Entity List violation cases

It is worth reviewing some past BIS enforcement actions:

• Huawei-related: after the 2020 FDPR expansion, several semiconductor foundries and distributors were caught for indirect transactions.
• SMIC-related: after the December 2020 Entity List addition, multiple suppliers of U.S. manufacturing equipment were fined.
• Russia-related: following the large-scale Entity List additions from 2022 onward, enforcement against circumvention transactions routed through Dubai and Turkey has continued.
• Iran-related: a Japanese trading house that re-routed U.S.-made chips through a third country to Iran reportedly received a Warning Letter from BIS.

Japanese cases tend to stay below the surface, but according to METI, Japan's Foreign Exchange Act violations increased year-over-year in FY2024, with most of them attributable to "errors in classification (gaitou/higaitou) determinations" and "insufficient end-user verification"[^meti2024]. After the Affiliate Rule takes effect, I expect "missed 50% determinations against the U.S. Entity List" to become a new addition to that list of violation patterns.

Five Preparation Steps Before the Effective Date

About five months remain until the effective date. The window is now. Work through the following five items in order.

1. Refresh your counterparty database (DUNS / UEI numbers)

Consolidate the spreadsheets that sales, procurement, and logistics each maintain separately, and link them to DUNS Numbers. At minimum, prioritize the top 500 counterparties by transaction value. Without this base, none of the downstream automation works.

2. Build a capital relationship map (visualize direct and indirect ownership)

For major counterparties, visualize shareholder structures, parent companies, and group-company trees. BIS's own compliance guidance recommends understanding the capital chain across the entire supply chain[^biscompliance].

3. Add Affiliate Rule provisions to your internal compliance program (CP)

METI guidance also identifies maintaining a Compliance Program (CP) as a foundational element of security trade control[^metiguide]. At minimum, the Affiliate Rule provisions should cover:

• Screening frequency (at order intake and a quarterly sweep)
• Handling when the Affiliate Rule applies (transaction suspension and escalation to executive management)
• Retention period for determination evidence (seven years recommended at minimum)

4. Build the 50% determination flow and internal approval process

Decide in advance how to handle "grey-zone determinations" produced by the automated screening system. Map out the escalation path — to the sales director, legal, or executive management — in a flowchart.

5. Build a real-time Entity List update mechanism (automation recommended)

The Entity List is updated one or two times per month. If you cannot reflect those updates inside your organization within 24 hours, you risk continuing to execute violating transactions without knowing it. Build either RSS-feed monitoring or automated ingestion via the BIS API.

[Mid-article CTA] If your capital relationship mapping is still manual

Manually checking the 50% capital chain takes 3–5 hours per counterparty. For a portfolio of 1,000 counterparties, that's 3,000–5,000 hours per year.

TRAFEED lets you upload a counterparty list and returns a 50% capital chain in seconds, with cross-referencing against the Entity List included.

→ Book a 30-minute TRAFEED consultation

How TRAFEED Visualizes the 50% Capital Chain with AI

The export control AI agent TRAFEED, developed by TIMEWELL, includes the capabilities required for Affiliate Rule (50% Rule) compliance (with features in continued development toward the November 2026 effective date).

Bulk counterparty screening (results in seconds)

Upload a counterparty list as CSV, and TRAFEED cross-references each entity against the following lists, returning results in under five seconds:

• BIS Entity List (~3,000 entities)
• BIS Military End User List
• BIS Unverified List
• OFAC SDN List
• METI Foreign End-User List, 835 organizations[^userlist]
• China "Export Control Management List" / "Watch List" (40 Japanese companies and universities)[^cistec0225]

Automatic expansion of parent, subsidiary, and group ownership

From a DUNS Number or legal entity name, TRAFEED automatically builds up to a five-layer capital-relationship tree. It then computes aggregated direct and indirect ownership held by Entity List parties at each layer and performs the 50% determination. Work that takes 3–5 hours per counterparty by hand runs in seconds.

Structured storage of determination evidence (for audit)

Every determination result is stored as structured data, automatically generating evidence that withstands BIS audits, customs investigations, and internal audits. Determination date, referenced data sources, list versions, and the calculation basis for ownership percentages can all be exported in one batch.

Covers both METI and BIS list and catch-all controls

Beyond the Affiliate Rule (U.S. EAR), TRAFEED covers METI's catch-all control amendment effective October 9, 2025[^meti1009], the U.S. revision of license review policy for advanced computing commodities such as H200 (January 15, 2026)[^h200], and China's 40-entity restriction targeting Japan — letting you see multiple jurisdictions' regulations in a single view.

---

[Who this is for]

• You re-export products or technology of U.S. origin
• Your counterparty database exceeds 10,000 entries, making manual 50% chain checks impractical
• You don't yet have a process to push Entity List updates into your systems
• You haven't completed self-checks against China's 40-entity restriction list (effective Feb 24, 2026) or the 835-entry Foreign End-User List
• Your CP (internal compliance program) hasn't been updated in 3.5+ months

The Affiliate Rule takes effect on November 10, 2026 — roughly five months away. Preparation typically takes 2–3 months, so now is the moment to start.

→ Book a 30-minute TRAFEED consultation ／ → View TRAFEED service details

---

Related Articles

• China's Export Restrictions Targeting Japan: 40-Entity Watchlist Complete Guide
• List Controls vs Catch-All Controls: 2025 Amendments and Practical Compliance
• Dual-Use (Civil-Military) Technology and Export Control Complete Guide
• 52% of FY2024 Foreign Exchange Act Violations Stem from Classification Errors
• Non-Applicable Certificate Complete Guide

[^bisaff2509]: Federal Register "Expansion of End-User Controls To Cover Affiliates of Certain Listed Entities" (September 30, 2025) https://www.federalregister.gov/documents/2025/09/30/2025-19001/expansion-of-end-user-controls-to-cover-affiliates-of-certain-listed-entities [^bisaff2511]: Federal Register "One Year Suspension of Expansion of End-User Controls for Affiliates of Certain Listed Entities" (November 12, 2025) https://www.federalregister.gov/documents/2025/11/12/2025-19846/ [^bisentity]: BIS Entity List https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/entity-list [^fdpr]: BIS "Foreign Direct Product Rules Update" https://www.bis.doc.gov/index.php/documents/compliance-training/3476-foreign-direct-product-rules-update-fdprs-clean-3-19-24-513pm/file [^biscompliance]: BIS "Compliance Note Foreign Persons" https://www.bis.doc.gov/index.php/documents/enforcement/3461-tri-seal-compliance-note-foreign-persons-3-6-24-final/file [^h200]: Federal Register "Revision to License Review Policy for Advanced Computing Commodities" (January 15, 2026) https://www.federalregister.gov/documents/2026/01/15/2026-00789/ [^meti1009]: METI "Revision of the Complementary Export Controls (Effective October 9, 2025)" https://www.meti.go.jp/policy/anpo/apply-01/20251009_catchminaoshi/20251009catchall.html [^userlist]: METI "Revision of the Foreign End-User List" (September 29, 2025) https://www.meti.go.jp/press/2025/09/20250929006/20250929006.html [^meti2024]: METI "Analysis of Foreign Exchange Act Violations (Security Trade Control), FY2024" (December 2025) https://www.meti.go.jp/policy/anpo/gaitameho_document/ihanjireigaitamehou6.pdf [^metiguide]: METI "Security Trade Control Guidance, Introduction, v3.0" (March 2026) https://www.meti.go.jp/policy/anpo/guidance/guidance.pdf [^cistec0225]: CISTEC "Chinese authorities place Japanese companies and universities on the Export Control Management List and the Watch List" (February 25, 2026) https://www.cistec.or.jp/service/keizai_anzenhosho/china/data/20260225.pdf