The BIS 50% Rule Is Here: What Compliance Teams Need to Know About Ownership Data

The new BIS "50% rule" is in effect. For anyone working in export controls, sanctions, or supply chain compliance, this is one of the bigger changes in recent years.

If you need the details, BIS has published the interim final rule, press release, and updated FAQs. In short, entities that are 50 percent or more owned, directly or indirectly, by parties on the Entity List or MEU List are now also restricted.

The practical effect is clear: companies must now understand not just who they are dealing with, but who owns them. And that presents a challenge, because there is no official list of these affiliated entities.

The Data Gap Everyone Is Dealing With

To fill the gap, several data vendors have created "50 percent rule" datasets. These are built by starting with the known restricted entities and tracing ownership outward through corporate filings, registries, and other sources. The work is manual and detailed, and when information exists, the results are usually excellent.

The main problem is that coverage is never complete. Many companies around the world do not publish full ownership information, and structures change constantly through acquisitions, reorganizations, and joint ventures. Even a well-researched dataset can become outdated quickly.

This is not a criticism of those providers; it is the reality of the data. The best datasets provide a solid foundation, but they are snapshots in time. Compliance teams that rely only on those lists risk missing entities that fall under the new rule but have not yet been identified.

Using Real-Time Network Discovery to Fill the Gaps

Our team built DiligenAI to approach the problem differently. Instead of relying solely on static lists, DiligenAI performs automated, ongoing research using open-source intelligence and global media. The system maps ownership networks and related parties in real time, identifying when entities are connected through ownership or control relationships that might raise compliance risks.

The Network Report feature takes this further by performing recursive analysis on each connected party, checking for sanctions, adverse media, and other red flags. Every finding is linked back to its public source for auditability and transparency.

Because the process is automated it updates as new information appears online. Running the process on demand means results can always reflect the latest available data, giving teams a broader and more timely view when it matters.

The system is also available through an API, which allows organizations or other solution providers to integrate this research directly into their existing compliance workflows, screening systems, or case management tools.

A Combined Approach Works Best

There is no single perfect source of ownership data. Manually curated datasets provide depth and accuracy when information is available. Automated network research provides coverage and speed when the landscape shifts.

The best compliance programs will use both. Static data gives structure and reliability. Automated discovery fills the gaps between updates and helps identify new risks sooner.

The BIS 50 percent rule is forcing every company to look deeper into who they are doing business with. The ones that combine these approaches will be the best equipped to meet the new expectations and avoid surprises.