$36 Million And 116 Violations: What The GE Aerospace ITAR Consent Agreement Means For Defense Exporters

A DTS practitioner read of the GE Aerospace ITAR settlement, the four failure categories behind the charging letter, and the compliance lessons defense exporters should not ignore.

$36M
Civil Penalty
116
ITAR Violations
36 Months
Consent Agreement
103
Charges Tied To Authorization Mismanagement

  • On April 17, 2026, GE Aerospace agreed to a $36 million civil penalty to settle 116 ITAR violations.
  • The violations spanned April 2018 through November 2024 and involved unauthorized exports, DDTC authorization mismanagement, unauthorized exports of defense articles, and missed DDTC registration notifications.
  • The GE Aerospace Consent Agreement runs for 36 months and requires an external Special Compliance Officer, at least one independent external compliance audit, and $18 million in suspended penalty funds for approved remedial compliance measures.

Why This Matters To The Rest Of The Industry

When DDTC announced the GE Aerospace Consent Agreement on April 17, 2026, the headline numbers were hard to miss: a $36 million civil penalty, 116 ITAR violations, and a six-year violation window from April 2018 through November 2024.

But this is not just a GE story.

The failure categories in the GE Aerospace Consent Agreement are the same kinds of gaps that can exist quietly inside defense export programs of many sizes: authorization activity that continues after approval, technical data moving through weak controls, classification decisions that do not trigger review, and DDTC registration changes that no one owns.

For mid-sized exporters, the risk is not that their program looks exactly like GE’s. The risk is that smaller control gaps can compound faster when teams are lean, reviews are informal, and ownership is unclear.

This post breaks down the four failure categories, what DDTC credited and aggravated, and one practitioner signal worth reading closely.

The Four Failure Categories Behind The GE Aerospace ITAR Violations

The most visible facts in the GE Aerospace Consent Agreement involved China, sensitive technical data, and major defense platforms. But the largest share of the violations came from authorization management, where routine compliance obligations continued long after the original approval.

That distinction matters. In many ITAR programs, enforcement risk does not come from one dramatic event. It comes from control gaps that repeat across shipments, parties, agreements, systems, and years.

Failure CategoryChargesCore Issue
Unauthorized exports of technical data to China3Laptop hand-carry, F118 misclassification (ITAR-as-EAR), F110 transshipment through proscribed country.
Mismanagement of DDTC authorizations103Retransfers, proviso violations, offshore procurement, congressional notification failure — SOPs unrevised for 10+ years.
Unauthorized exports of defense articles2F404 SME mis-shipment to Sweden; F-35 chassis temp-export to Israel via wrong ECCN.
Failure to report material changes to DDTC registration322 C.F.R. §122.4 notifications missed; weaknesses in registration management procedures self-cited.
TOTAL116Six-year violation window (April 2018 – November 2024). Twelve voluntary disclosures across five years.

1. Unauthorized Exports Of Technical Data To China

GE disclosed three China-related incidents involving ITAR-controlled technical data:

  • An employee hand-carried a company laptop to China with more than 45 files of USML VIII(i) and XIX(g) technical data, including F-35 and F414 engine design data. The laptop was also left unattended with university officials for approximately 90 minutes.
  • An employee exported an F118 engine drawing to a Chinese supplier through GE’s data transfer system after selecting an EAR license instead of recognizing the data as ITAR-controlled.
  • Compact discs containing an ITAR-controlled F110 engine maintenance manual were transshipped through China en route to Singapore three separate times.

Each incident was preventable through a different control point. The laptop incident points to traveler controls and technical data transfer safeguards. The F118 drawing points to ITAR/EAR classification review before controlled data can leave the company. The F110 manual points to freight forwarder instructions, routing controls, and logistics and customs compliance.

Compliance Lesson: Technology Control Plans, traveler briefings, data-transfer review, and freight routing instructions are not administrative extras. They are the controls that prevent technical data from reaching destinations, systems, or parties that should never receive it.

2. Mismanagement Of DDTC Authorizations

This is the headline within the headline: 103 of the 116 charges came from DDTC authorization mismanagement.

The violations included:

  • Unauthorized retransfers to parties such as the UK Ministry of Defence, South Africa, and 31 Japanese sublicensees
  • Exports outside the scope of TAA build-to-print restrictions
  • Repeated proviso violations
  • Offshore procurement license issues under 22 C.F.R. §124.13
  • Unauthorized defense services
  • Failure to notify Congress of a TAA transaction involving the F414-GE-39E engine for the Swedish Armed Forces

The practitioner detail worth pausing on is GE’s own root cause. The company cited a lack of sufficient policies, procedures, and controls, along with authorization management SOPs that had not been updated in more than 10 years.

That matters because DDTC authorizations are not static approvals. TAAs, MLAs, licenses, provisos, sublicensees, authorized values, expiration dates, and scope restrictions all require active lifecycle management. The failures also point to ITAR record keeping and reporting expectations under 22 C.F.R. §122.7, because an exporter needs complete, current records to show what was authorized, what was exported, who received it, and whether provisos were followed.

Compliance Lesson: Authorization management is not complete at approval. It has to be owned, documented, and monitored from application through expiration.

3. Unauthorized Exports Of Defense Articles

GE also disclosed two unauthorized exports of defense articles tied to classification and documentation failures.

In one incident, a USML XIX(f)(2) F404 combustion liner, identified as significant military equipment, was shipped to Sweden instead of the intended U.S. recipient because commercial documentation was attached to the wrong shipment box.

In another, 15 USML VIII(h)(1) machined F-35 chassis were temporarily exported to Israel because an employee applied the wrong ECCN. That incorrect classification did not trigger trade compliance review before export.

These incidents show how a single error can become an unauthorized export. A mislabeled box, an incorrect ECCN, or a missing pre-shipment review step may look operational in the moment. Under the ITAR, those errors can determine whether a controlled defense article leaves the United States without proper authorization.

Compliance Lesson: Classification verification and shipment documentation review are last-line controls. When they fail, the company may not get another opportunity to catch the issue before the export occurs.

4. DDTC Registration Maintenance Failures

The final category involved DDTC registration maintenance. GE disclosed three violations under 22 C.F.R. §122.4, which requires registrants to notify DDTC of material changes within five business days.

These obligations can be easy to miss because they often sit outside the day-to-day licensing process. Material changes may be triggered by ownership changes, restructuring, M&A activity, or key personnel changes. GE Aerospace’s April 2024 launch as an independent public company, following completion of the GE Vernova spin-off, is a high-profile example of the kind of corporate event that should trigger an immediate DDTC registration review.

These were not the most dramatic facts in the Consent Agreement. But they were stacked on top of more serious violations involving China, SME technical data, unauthorized exports, and authorization mismanagement. Once DDTC is already reviewing the program, missed registration notifications can become another sign that compliance ownership was not working as intended.

Compliance Lesson: DDTC registration is not a back-office filing. Corporate changes need a defined owner, a trigger review process, and a five-business-day response plan before the company is already under scrutiny.

What DDTC Rewarded, And What It Did Not

The GE Aerospace Consent Agreement also shows how DDTC weighed cooperation against the seriousness of the violations, and why ITAR penalties can remain significant even when a company receives mitigation credit.

What DDTC Credited:

  • Voluntary self-disclosures
  • Cooperation with information requests
  • Remedial compliance improvements
  • Tolling agreements that kept the enforcement window open

What DDTC Aggravated:

  • Exports to China
  • Unauthorized exports of SME technical data
  • Harm to U.S. national security
  • The systemic nature of the violations across multiple business units

The practitioner takeaway is straightforward: voluntary self-disclosure matters, but it is a damage-control mechanism, not a compliance strategy. Cooperation can reduce exposure, shape the enforcement posture, and demonstrate accountability. It cannot undo the operational failure once controlled technical data, defense articles, or unauthorized services have already moved outside the bounds of the ITAR.

One Practitioner Signal Worth Reading Closely

The external Special Compliance Officer requirement may be one of the most important details in the GE Aerospace Consent Agreement.

DDTC required GE Aerospace to engage an external SCO for a minimum of 24 months. That distinction matters. DDTC could have allowed GE Aerospace to manage implementation internally. Instead, it required outside oversight.

For DTS, that reads as more than an administrative requirement. It is an institutional signal that GE Aerospace’s internal compliance function, despite the company’s size and sophistication, was not viewed as sufficient to self-manage remediation after years of violations across business units, authorizations, technical data controls, and registration obligations.

That is the point exporters should not miss. When compliance failures appear systemic or long-running, independent oversight can become part of the remedy.

There are six more signals like this in the Consent Agreement. DTS unpacks all of them in the companion analysis.

What This Means For Your Program

Most mid-sized exporters will not have the most dramatic facts in the GE Aerospace Consent Agreement. But many will recognize the quieter risks: authorizations tracked across spreadsheets, SOPs that have not kept pace with the program, unclear ownership of provisos and sublicensees, classification decisions that rely on one person, freight routing instructions that are not consistently documented, or registration triggers that sit between legal, HR, corporate development, and trade compliance.

If you cannot confidently explain how your controls would hold up across these four failure categories, that uncertainty is the finding. The issue may not be whether a violation has already happened. It may be whether your controls are strong enough to prove what happened, who approved it, and whether the authorization was followed.

The companion analysis was built to help with that review.

Get the full practitioner read, including the seven hidden signals in the GE Aerospace Consent Agreement and a 12-question scorecard mapped to the four failure categories

Talk to DTS about your program 

Frequently Asked Questions

The GE Aerospace ITAR Consent Agreement is a 36-month settlement between GE Aerospace and the U.S. Department of State resolving 116 violations of the Arms Export Control Act and ITAR. The agreement includes a $36 million civil penalty, an external Special Compliance Officer requirement, and at least one independent external compliance audit.

The main GE Aerospace ITAR violations involved unauthorized exports of technical data to China, mismanagement of DDTC authorizations, unauthorized exports of defense articles, and failure to report material changes to DDTC registration. The largest category was authorization mismanagement, which accounted for 103 of the 116 charges.

About Defense Trade Solutions

Defense Trade Solutions is the leading professional service provider to the U.S. defense industry across security cooperation, technology security & foreign disclosure, global trade authorizations, global trade compliance, and logistics and customs compliance.

Defense Insights