Start free trial
BISexport controlsguides

What is the BIS Entity List (and who needs to check it)

The BIS Entity List restricts exports to specific foreign parties for national-security reasons. Here is what it covers, how it differs from OFAC SDN, and who needs to screen against it.

Kleerance Editorial
What is the BIS Entity List (and who needs to check it)

The BIS Entity List is one of the most misunderstood watchlists in U.S. compliance. Companies routinely screen against OFAC SDN and assume they are done. They are not. If you export anything — hardware, software, technology, even some services — the Entity List almost certainly applies to you.

Informational only, not legal advice.

What it is

The Entity List is maintained by the U.S. Department of Commerce's Bureau of Industry and Security (BIS). It is published as Supplement No. 4 to Part 744 of the Export Administration Regulations (EAR). It identifies foreign persons — companies, research institutions, government and private organizations, and individuals — subject to specific license requirements for the export, re-export, or in-country transfer of items subject to the EAR.

In plain English: even if a party is not on OFAC SDN, if they are on the BIS Entity List you generally need a license to ship them EAR-controlled items, and the presumption is that BIS will deny that license.

The authoritative source is bis.doc.gov/entity-list.

How the Entity List differs from OFAC SDN

This is the confusion that costs companies money:

OFAC SDNBIS Entity List
AgencyTreasury (OFAC)Commerce (BIS)
Legal basisSanctions (IEEPA, TWEA, etc.)Export controls (EAR)
EffectAssets blocked; U.S. persons prohibited from dealingLicense required for EAR-controlled exports; usually denied
ScopeFinancial and commercial dealings broadlySpecifically exports/re-exports of controlled items
Blocking?YesNo (it is a license requirement, not asset blocking)

You can transact with an Entity List party for many non-export purposes. You generally cannot ship them a controlled item without a BIS license. The two lists overlap for some designations (a party can be on both) but they are separate regimes with different obligations.

Who needs to screen against the Entity List

You need to check the Entity List if you:

  • Export or re-export any item subject to the EAR (which includes essentially all commercial hardware and much software originating in the U.S., and many foreign-made items with U.S. content)
  • Provide cloud services, SaaS, or technology transfers to foreign parties
  • Ship electronics, semiconductors, telecom equipment, dual-use items, or anything on the Commerce Control List
  • Support customers in China, Russia, Iran, or other jurisdictions where Entity List additions have accelerated

If your business is entirely domestic and involves no export activity, the Entity List is a lower priority — but you should still know what it is, because supply-chain due diligence often surfaces it.

What "screening" against the Entity List looks like

The screening pattern is similar to OFAC SDN screening, with two important differences:

  1. You screen for export decisions, not just onboarding. A one-time onboarding screen is not enough — you re-screen at the time of shipment.
  2. A hit is not automatically a block. A hit means "check the license requirement" — which may require a BIS license, which may or may not be granted.

Practical workflow:

  • Screen at onboarding (rule out obviously prohibited counterparties)
  • Screen again at the time of any shipment or technology transfer
  • Log the license determination for every export
  • Retain records for 5 years (the EAR record-keeping requirement)

Common mistakes

  • Assuming SDN screening covers the Entity List. It does not.
  • Screening only the immediate buyer. Entity List issues often surface in end-users, ultimate consignees, or downstream customers.
  • Ignoring re-exports. Non-U.S. distributors selling U.S.-origin items to Entity List parties are still your problem.
  • Skipping software and cloud services. SaaS can be an export.

Where the Entity List fits in a broader program

Most SMB compliance programs need at least four lists live in their screening workflow:

  • OFAC SDN
  • OFAC Consolidated (Sectoral Sanctions, etc.)
  • BIS Denied Persons List
  • BIS Entity List

For non-U.S.-focused programs, add UN, EU, and UK Consolidated lists. Kleerance indexes all of these — see the comparison of OFAC, BIS, and SAM.gov for guidance on which lists to prioritize.

How Kleerance helps

Kleerance ingests the full BIS Entity List every six hours, normalizes it into the same schema as OFAC SDN and other watchlists, and returns matches with confidence scores and links back to the primary BIS record. Browse the BIS Entity List coverage or start a free trial.

This article is for informational purposes only and is not legal advice. Consult a qualified sanctions or export-controls attorney for guidance on your specific obligations.

Related articles