ITAR-Aware Websites: What to Publish and What to Gate
The compliance officer reading your site with a red pen
Before a prime adds you as a supplier, someone in their compliance function takes a careful look at your public presence. They are not admiring the design. They are checking whether you understand export control, because a supplier who publishes the wrong thing on a public page is a liability they do not want in their supply chain. If your site treats ITAR casually, or worse, if it shows technical detail that should never have been public, that reviewer flags you before an engineer ever gets to evaluate your capabilities.
So the aerospace website has a tension built into it. You need to show enough capability to win the work, and you need to withhold enough to stay compliant and look like a serious steward of controlled information. Getting that balance right is itself a signal that you belong in the sector.
The line between marketing and controlled information
The point that trips up suppliers is that ITAR does not care about your intent to market. The International Traffic in Arms Regulations control technical data related to defense articles, and technical data can absolutely include the kind of detail a proud engineer wants to put on a capabilities page. Drawings, specifications, processes tied to a controlled article, and certain performance parameters can all fall under control regardless of how helpful they would be to a prospect.
This is not legal advice, and your export-control counsel or empowered official has to make the actual determinations. But the design principle is clear: a public website is, by definition, a release to every foreign national on the internet. Anything that would be a controlled export if you emailed it abroad does not belong on a page anyone in the world can load.
What is safe to publish
The good news is that everything a buyer needs to qualify you at the first stage is almost always publishable, because it is general capability rather than controlled technical data. A well-built aerospace and defense site can and should present:
- General capabilities: the processes you run, the classes of material you work, the size envelopes and tolerance ranges you routinely hold.
- Certifications and registrations: AS9100, NADCAP scopes, ISO 9001, and the fact of your ITAR registration and compliance posture.
- Industries and markets served, described at a level that does not tie you to a specific controlled program.
- Company stability, history, and general quality practices.
That set is enough to pass the first gate. It tells a buyer what you can make and that you are qualified, without exposing anything a compliance officer would object to.
What to gate, and how
The controlled and program-specific material still has a role. It just belongs behind a control, not on an open page. The right pattern is to publish the general capability openly and hold the specifics for a channel where you can verify who is receiving them.
In practice that means program details, controlled specifications, and anything that could constitute technical data live behind a gated request, a direct conversation, or a secure exchange that happens only after you have established that the recipient is a US person or an authorized party. The public site’s job is to get a qualified buyer to raise their hand. The controlled exchange happens after, through a channel your compliance process governs. This is a place where web design and development has to work hand in glove with your export-control policy, so the site is built to keep controlled data off public pages by design rather than by after-the-fact cleanup.
Showing you take control seriously
There is a quieter benefit to getting this right. A site that clearly states an ITAR compliance posture, keeps controlled detail off public pages, and routes sensitive requests through a verified channel is itself evidence of discipline. It tells a prime that you understand your obligations and that adding you will not create an export-control headache. In a sector where a compliance failure can cost a company its ability to do business at all, that reassurance is worth as much as any capability.
The suppliers who get this wrong tend to err in one of two directions. Some over-publish, putting controlled detail on open pages in a rush to look impressive, and create real risk. Others over-gate, hiding even general capabilities behind forms, and fail the vetting because a buyer cannot confirm they are qualified without filling out a contact form first. The right posture is generous with general capability and strict with controlled specifics.
Where North Sea comes in
We are a small studio, and we build aerospace sites that respect this line. We work with what your export-control counsel and empowered official tell us is publishable, present your general capabilities and certifications openly enough to pass vetting, and structure the site so controlled and program-specific detail stays off public pages and moves through a channel you control. We are not your compliance advisor, but we build as though a compliance officer will read every page, because one will.
If you want a site that shows enough to win the work and gates what has to stay controlled, start a project with us.
More on Aerospace & Defense
Let’s build something that performs.
Tell us where you are and where you want to go — we’ll come back with a plan, not a calendar invite.