An export control question for services performed and tests conducted on various types of hardware:

How do we know if the results are export controlled or not?  Great question and potentially complicated to work through.
A simple rule of thumb (and fair rule) is to treat the results at the “highest” export level.

Four Simple Scenarios

Starting Definitions:
Non-controlled – Not ITAR and no ECCN thus EAR99
Controlled – ITAR or ECCN (like 8A992(e))

Scenario 1

Non-controlled item with non export-controlled test results or software is not controlled

Example – Baseball bat tested for basic impact strength

Results – Bat and test results are not controlled

Scenario 2

Controlled item with non export-controlled test results or software is controlled

Example – Military Tank tested for basic impact strength

Results – Military Tank and results are controlled

Scenario 3
Non export-controlled item with controlled test results or software is controlled

Example – Baseball bat tested for “special” ballistics normally done on military tanks

Results – Bat is not controlled, but results are controlled as they may reveal something about the test itself

Scenario 4

Controlled item with controlled test results or software is controlled

Example – Military Tank tested for “special” ballistics normally done on tanks etc.

Results – Tank and results are controlled