EAR expands: What the new 50% affiliates rule means for workplace compliance
Your compliance perimeter just got bigger. The latest EAR update doesn’t just cover who’s named on U.S. export control lists—it now extends restrictions to the companies they own.
The Bureau of Industry and Security (BIS) has adopted what’s called the Affiliates Rule, extending restrictions to affiliates that are 50% or more owned by entities on the Entity List or Military End User (MEU) List. Not sure what this means for your organization? Below, we’ll walk through how the rule works, why it matters, and what your team needs to stay compliant.
Understanding the Entity and MEU lists
Before we get into the new rule, it helps to understand the two lists it builds on:
- Entity List: Identifies foreign companies, organizations, and individuals subject to U.S. export restrictions. For instance, a biotech firm linked to prohibited research may appear here.
- Military End User (MEU) List: Flags parties that support military end-use activities. For example, a manufacturer supplying parts to a foreign defense program could be included.
These lists guide which people and organizations U.S. workplaces are allowed to engage.
How the Affiliates Rule changes compliance—and expands your screening obligations
The new Affiliates Rule builds on the Entity and MEU lists by extending restrictions to subsidiaries and affiliates that meet ownership thresholds. This means compliance teams must go beyond parent companies to identify potential risks.
Here’s what that looks like in practice:
- Automatic restrictions. Any entity 50% or more owned, directly or indirectly, by a listed party now falls under EAR restrictions
- Minority stakes as red flags. Even minority ownership can signal risk and trigger enhanced due diligence
- Immediate impact. The rule took effect immediately, though BIS issued a temporary 60-day general license to give organizations time to adjust
In short, screening parent companies alone isn’t enough. You need to trace ownership through subsidiaries and affiliates and evaluate whether they meet the 50% threshold to stay compliant.
Protect your workplace from hidden affiliate risks with Envoy
Envoy makes this process manageable. With automated screening, customizable watchlists, and integrations, you can identify subsidiaries or affiliates tied to listed entities—empowering you to escalate or deny access before it becomes a risk. Missing these connections can lead to penalties, operational disruptions, or reputational damage.
How it works in practice: Flag a visitor connected to a subsidiary of a listed party. Envoy automatically escalates the access request for review before approval, keeping your workplace secure and your compliance program audit-ready.
—
The Affiliates Rule may widen your compliance obligations—but it doesn’t have to complicate your workplace operations. Envoy helps you with workplace safety and compliance so you stay ahead of evolving regulations to protect your people, your data, and your reputation.
Ready to dive deeper into how Envoy can help your team stay audit-ready and compliant with evolving regulations? Explore more articles.
Read more
Searching for a visitor management solution? Learn what to look out for and how to choose the best tech for your team.
Managing your space well doesn’t have to be difficult. But if you want to be successful, you need the right approach.
A well-run workplace can set your team up for success. Learn why workplace management matters and how to do it right.
Workplace security is critical to the future of your business. Learn why it matters, what threats to watch for, and how to strengthen your workplace security plan.
In this post, we’ll explore what workplace compliance is and how to build a compliance culture for your organization.
With more folks sending personal packages to the workplace, having a sound mailroom management system in place is key.