EU Dual-Use Export Controls 2026: What Hardware Developers Must Know About FPGAs, Quantum, and Semiconductors

The 2025 Update: Why Hardware Developers Should Pay Attention

On November 15, 2025, the EU adopted Delegated Regulation 2025/2003, the most significant update to dual-use controls in years. This regulation amended Annex I of the EU Dual-Use Regulation (2021/821) to align with changes from the Wassenaar Arrangement, the Missile Technology Control Regime (MTCR), the Australia Group, and the Nuclear Suppliers Group.

For hardware developers, this matters because the update added entirely new categories of controlled items that directly affect the electronics industry — including components you may already be using in your designs.

What’s New in the 2025 Control List

The following technology categories were expanded or introduced:

Quantum Computing Components

Controlled Item	Control Number	Threshold
Quantum computers	4A005	Any system with >34 physical qubits
Cryogenic electronics	3A002	Components designed to operate below 77K
Parametric signal amplifiers	3A002	Designed for quantum computing signal chains
Cryogenic cooling systems	—	Designed for quantum computing applications
Cryogenic wafer probers	3B001	For testing at cryogenic temperatures

Advanced Semiconductor Manufacturing

Controlled Item	Control Number	Why Controlled
EUV lithography systems	3B001	Critical for sub-7nm fabrication
EUV masks, reticles, pellicles	3B001	Essential consumables for EUV process
Atomic Layer Deposition (ALD) equipment	3B001	Advanced thin-film deposition
Epitaxial deposition tools	3B001	Semiconductor crystal growth
Dry etching equipment	3B001	Advanced pattern transfer
Scanning electron microscopy (SEM)	3B001	Metrology and inspection

High-Performance Electronics

Controlled Item	Control Number	Threshold
Advanced CMOS ICs	3A001	Specific performance/feature thresholds
User-configurable FPGAs (FPLDs)	3A001	Above certain logic element counts or performance levels
Advanced integrated circuits	3A001	Specified by performance parameters
High-entropy alloys	1C002	Refractory metal compositions for defense applications

Critical for FPGA designers: High-end FPGAs from AMD/Xilinx and Intel are now explicitly covered. If your product uses a Versal, Agilex 9, or equivalent device and is exported outside the EU, you may need an export license depending on the destination and end-use.

Understanding the Dual-Use Control Framework

The EU dual-use system operates on three levels of control:

1. List-Based Controls (Annex I)

Your product is on the EU Control List (10 categories from nuclear materials to electronics to software). If it meets or exceeds the technical parameters specified for a listed item, it requires an export license for most non-EU destinations.

2. Catch-All Controls (Article 4)

Even if your product is NOT on the list, an export license may be required if:

• You are aware (or have been informed by authorities) that the items are intended for weapons of mass destruction (WMD)
• The items are intended for military end-use in embargo destinations
• The items involve cyber-surveillance tools that could be used for internal repression

3. Sanctions and Embargoes

Separate from dual-use controls, EU sanctions (e.g., against Russia, Belarus, Iran, North Korea) impose outright export bans on many dual-use and advanced technology items, regardless of end-use.

How This Affects FPGA-Based Products

FPGAs occupy a unique position in dual-use controls because they are inherently reconfigurable — a single FPGA can be reprogrammed for civilian signal processing or military radar. This dual-use nature means:

Classification Challenges

Scenario	Classification	License Required?
FPGA development board sold for education	May fall under Note 2 exceptions	Usually no (general consumer exception)
Custom FPGA-based signal processing module for industrial use	Potentially 3A001 or 4A003	Depends on FPGA specs and destination
FPGA-based radar processing unit for defense customer	Almost certainly 3A001 or Category 6	Yes — may require individual license
FPGA IP core (HDL source code) for signal processing	3D001 or 4D001 (technology/software)	Yes — technology transfer controls apply
FPGA design services provided to non-EU defense entity	Category 3E or 4E (technology)	Yes — deemed export of controlled technology

Key Considerations for FPGA Developers

1. Check your FPGA family against the control list. The control thresholds specify logic element counts, performance levels, and interface speeds. High-end FPGAs (Versal, Agilex 9) are more likely to fall under controls than mid-range (Artix, Cyclone) or low-power (Lattice iCE40) devices.

2. Technology transfer counts as export. If you share VHDL/Verilog source code, design documentation, or technical know-how with a non-EU entity, this may constitute a “deemed export” of controlled technology, even if no physical goods leave the EU.

3. End-use matters. A civilian-use FPGA board shipped to a defense contractor as part of a weapons system changes the export control analysis entirely, even if the FPGA itself is below control thresholds.

4. Intra-EU transfers are generally free. EU dual-use controls primarily apply to exports outside the EU. Intra-EU movement of most dual-use items does not require a license, though some exceptions exist (e.g., Annex IV items like stealth and cryptographic technology).

The Export Licensing Process

1. Product Classification
   ├── Determine if your product falls under an Annex I entry
   ├── Check technical parameters against control thresholds
   └── If unsure, request classification from national authority

2. Destination Assessment
   ├── Check EU sanctions lists (consolidated list of persons/entities)
   ├── Identify destination country risk level
   └── Determine applicable EU General Export Authorizations (GEAs)

3. End-Use Verification
   ├── Obtain end-user statement/certificate
   ├── Verify stated end-use is plausible
   └── Screen against denied party lists

4. License Application (if required)
   ├── Submit to national licensing authority
   ├── Include technical specifications, end-user certificate, and contract details
   └── Processing time: 30–90 days typical

5. Compliance Documentation
   ├── Maintain records for minimum 10 years (some Member States: 5 years)
   ├── Implement Internal Compliance Program (ICP)
   └── Regular training for staff involved in export activities

EU General Export Authorizations (GEAs)

The EU provides several General Export Authorizations that allow license-free exports under specific conditions:

GEA	Destinations	Items	Conditions
EU001	Australia, Canada, Japan, New Zealand, Norway, Switzerland, UK, USA	Most Annex I items	Low-sensitivity items to trusted destinations
EU002	Multiple	Certain electronics, computers, telecom	Repair/replacement of previously exported items
EU003	Multiple	Certain electronics after temporary export	Re-export after trade fairs/demonstrations
EU005	Multiple	Telecommunications equipment	Specific telecom items under conditions
EU006	Multiple	Dual-use chemicals	Specific chemical precursors

Important: GEAs have specific conditions and record-keeping requirements. Using a GEA does not mean the export is uncontrolled — it means you don’t need an individual license, but you must still comply with all conditions and maintain detailed records.

Compliance Best Practices for Hardware Developers

1. Implement an Internal Compliance Program (ICP)

The EU strongly recommends ICPs for all companies dealing with dual-use items. An effective ICP includes:

• Management commitment — Senior leadership support for export control compliance
• Compliance officer — Designated person responsible for export control matters
• Product classification — Systematic classification of all products against the control list
• Screening procedures — Checks against sanctions lists, denied parties, and end-use concerns
• Record-keeping — All export-related documents retained for the required period
• Training — Regular awareness training for engineering, sales, and logistics staff
• Audit — Periodic internal audits of compliance procedures

2. Classify Your Products Proactively

Don’t wait until you have an export order to classify your products. Maintain a classification database that maps each product (including FPGA designs, IP cores, and design services) to the relevant control list entries. Update this database when:

• New products are developed
• Existing products are upgraded (higher-spec FPGA, new interfaces)
• The control list is amended (annually, aligned with Wassenaar updates)

3. Screen Every Transaction

Before fulfilling any non-EU order, screen:

• The end-user against EU consolidated sanctions lists
• The destination country for applicable sanctions or embargoes
• The stated end-use for plausibility and red flags
• The intermediaries (shipping agents, distributors) for sanctions compliance

4. Manage Technology Transfers Carefully

For hardware design companies, the most overlooked risk is technology transfer. This includes:

• Sharing design files (VHDL, Verilog, schematics) with non-EU subcontractors
• Providing technical assistance or training to non-EU engineers
• Presenting controlled technical data at international conferences
• Storing controlled designs on servers accessible from outside the EU

Frequently Asked Questions

Do export controls apply to FPGA development boards?

Generally, no — most commercial FPGA development boards fall under “consumer goods” exceptions (Control List Note 2) or are below control thresholds. However, if you add custom signal processing firmware or defense-specific IP to a development board, the resulting system may become controlled. The classification depends on the complete system, not just the FPGA chip.

What happens if I export without a license?

Penalties for unauthorized dual-use exports vary by EU Member State but typically include criminal prosecution, fines (up to €500,000 or more per violation in some jurisdictions), imprisonment (up to 5–10 years), and denial of future export privileges. Companies may also face reputational damage and loss of government contracts.

Does providing FPGA design services to a non-EU company require a license?

Potentially, yes. If the design services involve controlled technology (e.g., signal processing algorithms, cryptographic implementations, radar designs) and the recipient is outside the EU, this constitutes a “transfer of technology” under dual-use regulations. The need for a license depends on the specific technology, the destination, and the end-use.

How do I know if my FPGA falls under controls?

Check the Annex I Control List entries 3A001 (electronics), 4A003 (computers), and related categories. The control thresholds specify parameters like logic element count, processing speed, encryption capability, and interface bandwidth. Your FPGA vendor’s datasheet provides the technical parameters needed for classification. When in doubt, request a formal classification opinion from your national export control authority.

Our Dual-Use Compliance Experience

At Inovasense, we design hardware for defense and dual-use applications with full awareness of export control requirements:

• Product classification expertise for FPGA-based systems
• Design-for-compliance — ensuring products can be clearly classified
• Documentation packages supporting export license applications
• EU-based development — all design work performed within the European Union, simplifying intra-EU transfer

We understand the intersection of advanced hardware design and regulatory compliance. Contact us to discuss your dual-use project requirements.