Export Controls for Australian Tech Companies After the Reforms
Summary
The Defence Trade Controls Amendment Act 2024 rewrote Australian export controls, and the companies most exposed are the ones that never thought of themselves as defence exporters. If you build dual-use software, AI or hardware, your offshore staff and cloud arrangements may already be the legal question.
Key Takeaways
- The Defence Trade Controls Amendment Act 2024 (Cth) reformed Australian export controls, including a licence free environment for many exports to the United States and United Kingdom under AUKUS.
- The Defence and Strategic Goods List determines what is controlled, and it reaches dual-use technology built for civilian markets.
- US ITAR obligations can overlay the Australian rules, so clearing one regime does not clear the other.
- Offshore staff and cloud arrangements can constitute controlled supplies without a single physical export.
- An Australian first not for profit export controls group has launched to help industry and academia navigate the system, which says something about how navigable it is unaided.

Australia rewrote its export controls with the Defence Trade Controls Amendment Act 2024 (Cth), and the companies with the most to think about are the ones that never thought of themselves as defence exporters. If you build software, AI or advanced hardware with dual-use potential, the question is no longer whether the regime applies to companies like yours. It is whether your current operating model, your offshore developers, your cloud architecture and your hiring, has already answered the question without you noticing.
In Brief
- The Defence Trade Controls Amendment Act 2024 (Cth) reformed Australian export controls, including a licence free environment for many exports to the United States and United Kingdom under AUKUS.
- The Defence and Strategic Goods List (DSGL) determines what is controlled, and it reaches dual-use technology built for civilian markets.
- US ITAR obligations can overlay the Australian rules. Clearing one regime does not clear the other.
- Offshore staff and cloud arrangements can constitute controlled supplies without a single physical export.
- An Australian first not for profit export controls group has launched to help defence industry and academia navigate the system. That launch is itself the evidence of how hard the system is to navigate alone.
The Reform Cuts Both Ways
The headline of the reform is the opening: a licence free environment for many exports to the United States and United Kingdom under AUKUS. For an Australian company selling into those markets, that is a genuine commercial shift. Transactions that once needed individual approvals can now move inside a trusted framework.
But a licence free environment is a defined space, not an open field. It has boundaries, and everything the reform did to smooth the inside of those boundaries makes the edges matter more. The companies that benefit are the ones that know precisely which of their products, people and transfers sit inside the environment and which do not. The companies at risk are the ones that read the headline and stopped there.
The DSGL Decides, Not Your Marketing
The Defence and Strategic Goods List determines what is controlled. Not your industry classification, not your customer list and not the language on your website. The DSGL is a technical instrument, and whether your encryption, your autonomy stack, your sensing capability or your manufacturing process falls within it is a technical legal question with a specific answer.
This is where dual-use technology companies get surprised. A product built entirely for civilian customers can still be a controlled item. Founders tend to assume that defence regulation attaches to defence intent. It does not. It attaches to capability, and capability is assessed against the list, not against your pitch deck. The stakes of guessing wrong run in both directions: treat controlled technology as uncontrolled and you have a compliance problem, treat uncontrolled technology as controlled and you carry cost and friction your competitors do not.
The ITAR Overlay
For companies with United States technology, components or partners in the chain, US ITAR obligations can overlay the Australian rules. That means two regimes, two regulators and two sets of consequences applying to the same product and the same people, and satisfying Canberra does not satisfy Washington. The interaction between the Australian reforms and the American overlay is one of the least understood corners of the system, and it is exactly where companies with transpacific supply chains or investors need the analysis done once, properly, rather than twice, badly.
Your Org Chart Is an Export
Here is the part that catches technology companies most often. Offshore staff and cloud arrangements can constitute controlled supplies. Nothing needs to leave the building. A developer in another country with access to a repository, a support engineer with production credentials, a cloud architecture that replicates data across regions: each of these can amount to a supply of controlled technology, depending on what the technology is and who can touch it.
That turns ordinary operational decisions into export controls decisions. The hiring plan, the outsourcing arrangement, the choice of cloud region and the acquisition of a company with an offshore team are all moments where the regime can be engaged. Companies that map this before they build their operating model keep their options. Companies that map it afterwards discover that the remediation conversation is harder than the design conversation would have been.
Nobody Finds This Easy
If this sounds like a lot, the sector agrees. An Australian first not for profit export controls group has launched specifically to help defence industry and academia navigate the system. When practitioners and companies organise a dedicated body just to make sense of the rulebook, that is not a sign the rulebook is intuitive. It is a sign that the difference between companies that navigate it well and companies that do not is becoming a competitive line, and that unaided entry is the expensive way in.
The reform created real opportunity for Australian technology companies, particularly those selling into the United States and United Kingdom. Capturing it is a sequencing exercise: know what is controlled, know where your people and infrastructure sit and know which regime is watching before the commercial commitments are made. There is a navigable path. It just is not the default path.
Frequently Asked Questions
Does the licence free environment mean we can send anything to the US or UK?
No. The environment covers many exports, not all, and the DSGL still determines what is controlled. US ITAR obligations can also overlay the Australian position. Which side of each boundary your specific technology sits on is the analysis that matters.
We only sell to civilian customers. Are we outside the regime?
Not necessarily. The DSGL controls technology by what it is and what it can do, not by who buys it. Dual-use technology built for civilian markets can be squarely within the list.
Can hiring an offshore developer really engage export controls?
Yes. Offshore staff and cloud arrangements can constitute controlled supplies. Access to controlled technology can itself be a supply, which is why hiring, outsourcing and infrastructure decisions deserve a controls check before they are made.
When should we get advice?
Before the operating model hardens. The cheapest time to assess your position is before the offshore hire, the cloud migration or the overseas customer conversation, because the alternatives narrow once the arrangement exists.
If your technology might sit within the DSGL, find out before your structure decides the answer for you. Start with our defence industry entry page, then Contact Astris Law for a fixed fee assessment or call (07) 3519 5616.
Sources and References
- LegislationDefence Trade Controls Amendment Act 2024 (Cth)
- LegislationDefence and Strategic Goods List
This article is for general information purposes only and does not constitute legal advice and should not be relied on as such. While we take reasonable care to ensure the accuracy of the information provided, we make no representations or warranties as to its completeness, currency or reliability. We accept no liability for any loss or damage arising directly or indirectly from the use of, or reliance on, this website's content. You should always seek professional advice tailored to your specific circumstances before acting on any information in this article. Liability limited by a scheme approved under Professional Standards Legislation.