Can offshore suppliers complete FAI work on ITAR-restricted aerospace parts?

No, not by default. An offshore supplier generally cannot receive the drawings, models, specifications, inspection plans, or completed First Article Inspection records for an ITAR-restricted aerospace part unless the transfer and use of that technical data are covered by valid export authorization or an applicable exemption. FAI is not just paperwork; it usually requires access to controlled technical data.

AS9102 does not override ITAR. A supplier may be capable of performing the measurement work, may hold aerospace quality approvals, and may be listed on a purchase order, but that does not by itself authorize export-controlled data access.

Why FAI creates an export-control issue

FAI work commonly involves ballooned drawings, CAD models, dimensional characteristics, material and process requirements, special process references, acceptance criteria, and inspection results. For an ITAR-controlled defense article, those records can expose design, production, or verification information that is treated as technical data.

That means the risk is not limited to manufacturing the part offshore. Sending the drawing package, uploading the FAI to a supplier portal, allowing foreign-person review, or granting access to a PLM, MES, QMS, or Net-Inspect-style system may also be an export or re-export event depending on the facts.

When offshore FAI may be possible

Offshore FAI may be possible when the program has the right authorization, the supplier and location are within scope, and the controls are actually implemented. In practice, this usually requires defined responsibility across export compliance, quality, engineering, procurement, and IT.

Typical prerequisites include:

• Export authorization or exemption reviewed for the specific data, part, destination, activity, parties, and nationalities involved.
• Clear flowdown of ITAR, customer, and program restrictions to the supplier.
• Supplier procedures for controlled technical data handling, access control, record retention, and subcontractor restrictions.
• Validated system controls in portals, PLM, MES, QMS, ERP, file-transfer tools, and collaboration platforms.
• Traceable review and approval of FAI records under the applicable AS9102 and customer requirements.

These controls are site-specific. A license or agreement may allow one supplier, one facility, or one scope of work but not another. Provisos and customer restrictions can also limit who may inspect, approve, store, transmit, or view the FAI package.

Common false assumptions

Do not assume the work is allowed just because the offshore supplier is qualified, AS9100-certified, or already performing commercial aerospace work. Quality approval and export authorization are separate issues.

Do not assume a U.S.-owned offshore affiliate is automatically acceptable. A foreign location and foreign-person access can still matter.

Do not assume redacting a drawing solves the problem. Redaction must be evaluated against the actual data needed to perform the inspection, complete the forms, and maintain traceability. Poor redaction can either fail to protect controlled data or make the FAI technically unusable.

Do not assume a cloud portal is neutral. If FAI attachments, drawings, models, characteristic data, or approvals are stored in systems with offshore hosting, offshore support access, uncontrolled replication, or weak role controls, the system design can create an export-control problem even if the inspection itself is sound.

Brownfield system impact

In established aerospace plants, FAI data often moves across PLM, MES, ERP, QMS, supplier portals, document control systems, and shared drives. Full replacement of those systems is usually unrealistic because of validation cost, qualification burden, downtime risk, integration complexity, and long program lifecycles.

The practical approach is usually controlled segregation and workflow design: restrict controlled attachments, limit access by role and authorization, preserve audit trails, prevent uncontrolled replication, and define which system is the record of authority for FAI evidence. Manual checks may still be required where legacy systems cannot enforce the needed controls.

If authorization is not in place

If the required export authorization is not in place, the safer operational answer is to keep the ITAR-controlled FAI work with an authorized U.S. or otherwise approved party. Offshore suppliers may still support non-controlled activities if an export-cleared data set exists, but that boundary must be deliberately defined and controlled.

Acceptance of the FAI by the customer or prime contractor remains separate from export-control compliance. Neither AS9102 completion nor customer acceptance should be treated as proof that ITAR handling was proper.