An export control question for services performed and tests conducted on various types of hardware:

How do we know if the results are export controlled or not?  Great question and potentially complicated to work through.
A simple rule of thumb (and fair rule) is to treat the results at the “highest” export level.

Four Simple Scenarios

Starting Definitions:
Non-controlled – Not ITAR and no ECCN thus EAR99
Controlled – ITAR or ECCN (like 8A992(e))

Scenario 1

A non-controlled item with non-controlled test results or software is non-controlled.

Example – Baseball bat tested for basic impact strength.

Results – Bat and test results are not controlled.

Scenario 2

A controlled item with non-controlled test results or software is controlled.

Example – Military Tank tested for basic impact strength.

Results – Military Tank and results are controlled.

Scenario 3
A non-controlled item with controlled test results or software is controlled.

Example – Baseball bat tested for “special” ballistics normally done on military tanks.

Results – Bat is not controlled, but results are controlled as they may reveal something about the test itself.

Scenario 4

A controlled item with controlled test results or software is controlled.

Example – Military Tank tested for “special” ballistics normally done on tanks etc.

Results – Tank and results are controlled.