Semiconductor export controls in 2026: BIS Entity List, FDPR, EU dual-use, and the quarterly compliance churn

Export controls on advanced semiconductors became the most volatile compliance category in hardware procurement during 2023 and 2024 and have continued to tighten through 2026. The BIS Entity List, Foreign Direct Product Rule, EU dual-use updates, Japan and Netherlands export controls aligned with the US, and NDAA Section 1260H restrictions on certain Chinese-controlled suppliers all change on roughly quarterly cycles. Lean SupplAI was built to track this churn at the supplier-and-component level, because the procurement implication of a list update can be sourcing disruption within days, not the months that traditional compliance cycles assume.

The cost of getting export controls wrong is asymmetric and severe. A single shipment to a controlled entity, even through an unintended re-export path, triggers BIS enforcement actions that can reach criminal charges for individuals and lifetime debarment for companies.

The US export-control stack, briefly

The Bureau of Industry and Security (BIS) maintains three primary lists: the Entity List (entities subject to additional license requirements), the Unverified List (entities BIS has been unable to verify), and the Military End User List. Items are classified under Export Administration Regulations (EAR) with Export Control Classification Numbers (ECCNs). The Foreign Direct Product Rule (FDPR) extends US jurisdiction to foreign-made items produced using US technology, dramatically widening the controlled population.

The 2024 and 2025 chip-specific actions

October 2022 controls established the modern US semiconductor export-control regime, restricting exports of advanced compute chips, AI accelerators, and certain semiconductor manufacturing equipment to China. October 2023 updates added HBM memory, expanded the AI accelerator definition, and extended FDPR to additional fabs. The 2024 and 2025 updates added more entities, tightened thresholds, and extended controls to advanced lithography components. The cumulative effect is that any program touching advanced AI compute or HBM memory must verify export-control posture at every shipment.

EU and allied alignment

The EU updated dual-use Regulation 2021/821 in 2024 to align more closely with US controls on advanced semiconductors. Japan added measures restricting semiconductor manufacturing equipment exports starting July 2023. The Netherlands restricted ASML EUV and certain DUV equipment exports to China starting 2023, with tightening through 2024 and 2025. The practical effect for procurement teams is that the controlled-supplier list is now multi-jurisdictional, with US, EU, Japanese, and Dutch entities all needing review.

The supplier-side compliance burden

Suppliers shipping under export-controlled regimes need to know their customers' end-use (what the product is being used for), end-user (who actually receives it), and country of ultimate destination. Re-export rules apply even to second-tier shipments, which means a supplier shipping to a non-controlled customer who then re-exports to a controlled entity carries liability. Most suppliers manage this with classification reviews, end-use certificates, and license filings, but the burden has grown substantially since 2022.

Practical compliance for procurement teams

Programs that pass export-control audits cleanly do five things:

• Maintain ECCN classification per part, refreshed against current EAR updates.
• Track Entity List, Unverified List, and Military End User List status for every supplier and every customer.
• Maintain end-use and end-user certificates from suppliers, with expiry dates flagged.
• Run quarterly export-control compliance reviews, not annual ones.
• Coordinate with legal counsel on FDPR exposure for any product touching US-origin technology.

How Lean SupplAI tracks export-control status

Lean SupplAI maintains export-control attribution at the supplier and component level: ECCN classification, BIS list status, FDPR exposure, EU dual-use classification, Japan and Netherlands restriction status, and NDAA Section 1260H exposure. Updates run continuously as US, EU, Japanese, and Dutch authorities publish list changes. For procurement teams sourcing into chip or AI compute programs, Lean SupplAI surfaces export-control posture at sourcing time rather than at shipment time.

What sets Lean SupplAI apart