If you sell software to launch service providers, satellite ground system operators, spacecraft manufacturers, or space situational awareness platforms, you operate inside one of the most legally complex tech verticals on earth — and the fastest compliance clock carries criminal exposure from the first second.
ITAR 22 CFR §127.1 has no reporting window. No corrective period. No grace. The moment controlled technical data reaches an unauthorized foreign national — including at a cloud provider — you have a violation.
This post covers the 5 n8n automations every SpaceTech and Launch SaaS vendor needs to manage ITAR, EAR, FAA Part 460, FCC Part 25, and OFAC compliance — and explains why cloud iPaaS is structurally incompatible with ITAR's deemed-export rule.
The SpaceTech SaaS Compliance Stack
| Tier | Example Customer | Primary Regulations |
|---|---|---|
| ENTERPRISE_LAUNCH_SERVICES_VENDOR | Orbital launch provider platform | ITAR 22 CFR §120-130, EAR 15 CFR §730, FAA 14 CFR Part 460, FCC Part 25 |
| SATELLITE_GROUND_SYSTEMS_SAAS | Ground station command & control SaaS | ITAR §120.50 deemed export, EAR ECCN 9x515, FCC Part 25 orbital coordination |
| SPACECRAFT_SYSTEMS_SAAS | Satellite bus & payload design SaaS | ITAR §121 USML Cat XV, EAR §740/742, DDTC registration §122.1 |
| SPACE_SITUATIONAL_AWARENESS_SAAS | SSA/space traffic management SaaS | ITAR dual-use data controls, EAR ECCN 9E515, OFAC SDN screening |
| LAUNCH_OPERATIONS_SAAS | Range safety & operations software | FAA Part 460 launch license, 14 CFR §460.51 mishap reporting |
| SMALLSAT_CONSTELLATION_PLATFORM | Constellation management & scheduling | FCC Part 25.283 orbital debris, EAR ECCN 9A515/9E515 |
| SPACE_STARTUP_MVSS | Minimum Viable Space SaaS | ITAR registration §122.1, EAR classification, FAA launch license roadmap |
Compliance Flags
Your n8n workflows segment customers by these flags:
-
ITAR_REGISTERED— registered with DDTC under 22 CFR §122.1 -
EAR_CONTROLLED_TECH— subject to EAR ECCN controls (9x515, 9A515, 9E515) -
FAA_LAUNCH_LICENSED— holds active FAA launch or reentry license (14 CFR Part 431/435/460) -
FCC_SPACE_STATION_LICENSED— licensed under FCC Part 25 for satellite operations -
OFAC_SCREENING_REQUIRED— counterparty or end-user screening required -
CMMC_L2_REQUIRED— handles Controlled Unclassified Information (CUI) for DoD programs -
DDTC_EXPORT_AUTHORIZED— holds a DSP-5 export license or Technical Assistance Agreement (TAA)
The Fastest Clock in SpaceTech: ITAR Unauthorized Disclosure
ITAR_UNAUTHORIZED_DISCLOSURE = IMMEDIATE — 22 CFR §127.1
There is no reporting window. No corrective period. The violation is the disclosure itself — not the failure to report it. Once ITAR-controlled technical data reaches an unauthorized foreign national, you have a §127.1 criminal violation regardless of intent.
Criminal penalties: up to 20 years imprisonment and $1,000,000 per violation (22 U.S.C. §2778(c)).
Voluntary disclosure (22 CFR §127.12) substantially mitigates civil penalties but does not eliminate criminal exposure. The DDTC voluntary disclosure process requires immediate self-reporting — which means your incident detection and escalation pipeline must trigger the moment a potential violation is identified, not after internal deliberation.
Second-fastest: EAR_UNAUTHORIZED_EXPORT = IMMEDIATE — 15 CFR §764.3. BIS voluntary self-disclosure (15 CFR §764.8) provides mitigation credit but must be filed within 180 days of discovery.
Third: OFAC_SDN_MATCH = IMMEDIATE — 31 CFR §501.603. Freeze before transaction completes. Tipping off the sanctioned party is itself a violation under IEEPA anti-structuring provisions.
FAA_SERIOUS_MISHAP = 8 hours — 14 CFR §460.51(a). Verbal notification to FAA Office of Commercial Space Transportation (AST) within 8 hours of a serious mishap. Written report due 30 days later.
Why Cloud iPaaS Is an ITAR Export Risk
22 CFR §120.50 defines 'export' to include:
'Releasing or otherwise transferring technical data to a foreign person in the United States (a deemed export).'
Cloud iPaaS vendors employ foreign nationals — US persons and non-US persons — who may have access to data flowing through the platform. If your automation layer processes ITAR-controlled technical data (spacecraft parameters, launch trajectories, propulsion specs, cryptographic keys for satellite command) through a cloud iPaaS, you may be making an unlicensed deemed export to every foreign national at that provider.
The State Department's 2020 ITAR Technical Data Guidance makes this explicit: data uploaded to cloud systems accessible by foreign nationals constitutes a deemed export under §120.50 unless a DSP-5 license or Technical Assistance Agreement covers each foreign national with access.
Self-hosted n8n inside a US-person-only approved network eliminates this exposure: the automation layer is part of your controlled environment, not a cloud subprocessor outside your ITAR perimeter.
The EAR parallel: 15 CFR §734.13 similarly defines 'export' to include release of technology or source code to a foreign national in the US. Cloud iPaaS with foreign national employees = deemed export of any EAR-controlled data in the workflow.
5 n8n Automations for SpaceTech Compliance
1. Tier-Segmented ITAR/EAR Onboarding Drip
Routes each new customer to the right compliance context on Day 0, based on their ITAR registration status, EAR classification, FAA license, and FCC authorization.
{
"name": "SpaceTech Customer Onboarding Drip",
"nodes": [
{
"id": "1",
"name": "Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
250,
300
],
"parameters": {
"httpMethod": "POST",
"path": "spacetech-onboarding",
"responseMode": "onReceived"
}
},
{
"id": "2",
"name": "Set Tier & Flags",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
450,
300
],
"parameters": {
"jsCode": "const d=items[0].json;const tierMap={ENTERPRISE_LAUNCH_SERVICES_VENDOR:{day0:'Your ITAR Technical Data handling guide and DDTC registration renewal checklist (22 CFR 122.1) are attached. ITAR_UNAUTHORIZED_DISCLOSURE carries no corrective window.',itarNote:true},SATELLITE_GROUND_SYSTEMS_SAAS:{day0:'Your EAR export control classification guide (ECCN 9x515) and FCC Part 25 space station coordination checklist are enclosed.',itarNote:true},SPACECRAFT_SYSTEMS_SAAS:{day0:'ITAR 22 CFR 120.50 deemed-export briefing and DDTC registration guide attached. All technical data flows must stay within approved US-person-only systems.',itarNote:true},SPACE_SITUATIONAL_AWARENESS_SAAS:{day0:'EAR 15 CFR 730-774 dual-use controls and OFAC SDN screening integration guide enclosed. SSA data may carry ITAR controls.',itarNote:false},LAUNCH_OPERATIONS_SAAS:{day0:'FAA 14 CFR Part 460 launch license milestone checklist and mishap reporting guide (8-hour clock for serious mishaps) attached.',itarNote:false},SMALLSAT_CONSTELLATION_PLATFORM:{day0:'FCC orbital debris mitigation plan template (Part 25.283) and OFAC screening integration guide enclosed.',itarNote:false},SPACE_STARTUP_MVSS:{day0:'Welcome! ITAR registration guide, EAR ECCN classification checklist, and FAA launch license roadmap attached.',itarNote:true}};const t=tierMap[d.tier]||tierMap.SPACE_STARTUP_MVSS;return [{json:{...d,tierNote:t.day0,itarNote:t.itarNote,enrolledAt:new Date().toISOString()}}];"
}
},
{
"id": "3",
"name": "Gmail Day 0 Welcome",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
650,
300
],
"parameters": {
"operation": "send",
"toList": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 your SpaceTech compliance automation is live",
"message": "=Hi {{$json.name}},\n\nYour FlowKit account is active. {{$json.tierNote}}\n\nIMPORTANT: ITAR 22 CFR 120.50 defines 'export' to include making technical data accessible to foreign nationals in the US. Ensure your automation layer runs inside a US-person-only controlled environment.\n\nStore: https://stripeai.gumroad.com\n\nBest,\nAlex Kane / FlowKit"
}
},
{
"id": "4",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
850,
300
],
"parameters": {
"operation": "append",
"documentId": "YOUR_SHEET_ID",
"sheetName": "spacetech_onboarding",
"columns": {
"mappingMode": "defineBelow",
"value": {
"email": "={{$json.email}}",
"name": "={{$json.name}}",
"tier": "={{$json.tier}}",
"enrolled": "={{$json.enrolledAt}}",
"itar_flag": "={{$json.itarNote}}",
"day3_sent": "False",
"day7_sent": "False"
}
}
}
},
{
"id": "5",
"name": "Wait 3 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1050,
300
],
"parameters": {
"amount": 3,
"unit": "days"
}
},
{
"id": "6",
"name": "Gmail Day 3",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1250,
300
],
"parameters": {
"operation": "send",
"toList": "={{$json.email}}",
"subject": "Day 3 check-in \u2014 have you configured your ITAR/EAR compliance integrations?",
"message": "=Hi {{$json.name}},\n\nChecking in: have you connected your DDTC registration API and OFAC SDN screening endpoint?\n\nReminder: ITAR_UNAUTHORIZED_DISCLOSURE carries no corrective window. Any technical data accessible to a foreign national outside your approved network is a \u00a7127.1 violation.\n\nReply with any questions.\n\nAlex / FlowKit"
}
},
{
"id": "7",
"name": "Wait 4 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1450,
300
],
"parameters": {
"amount": 4,
"unit": "days"
}
},
{
"id": "8",
"name": "Gmail Day 7 Features",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1650,
300
],
"parameters": {
"operation": "send",
"toList": "={{$json.email}}",
"subject": "5 FlowKit automations your SpaceTech compliance team needs this week",
"message": "=Hi {{$json.name}},\n\nHere are the 5 workflows your team should deploy this week:\n\n1. ITAR Unauthorized Disclosure Alert (IMMEDIATE clock \u2014 \u00a7127.1)\n2. EAR Export Authorization Expiry Tracker\n3. FAA Launch License Milestone Monitor\n4. FCC Orbital Debris Incident Pipeline\n5. Weekly SpaceTech KPI Dashboard\n\nFull JSON at https://stripeai.gumroad.com\n\nAlex / FlowKit"
}
}
],
"connections": {
"Webhook": {
"main": [
[
{
"node": "Set Tier & Flags",
"type": "main",
"index": 0
}
]
]
},
"Set Tier & Flags": {
"main": [
[
{
"node": "Gmail Day 0 Welcome",
"type": "main",
"index": 0
}
]
]
},
"Gmail Day 0 Welcome": {
"main": [
[
{
"node": "Log to Sheets",
"type": "main",
"index": 0
}
]
]
},
"Log to Sheets": {
"main": [
[
{
"node": "Wait 3 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 3 Days": {
"main": [
[
{
"node": "Gmail Day 3",
"type": "main",
"index": 0
}
]
]
},
"Gmail Day 3": {
"main": [
[
{
"node": "Wait 4 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 4 Days": {
"main": [
[
{
"node": "Gmail Day 7 Features",
"type": "main",
"index": 0
}
]
]
}
}
}
What this does: Day 0 email injects ITAR §120.50 deemed-export context for ITAR_REGISTERED customers. Day 3 follow-up checks OFAC and DDTC API connectivity. Day 7 delivers the full workflow deployment guide. Google Sheets logs enrollment, flag status, and email sequence state.
2. SpaceTech Regulatory API Health Monitor
Polls DDTC registration, BIS SNAP export screening, FAA launch licensing, FCC IBFS, and OFAC SDN APIs every 5 minutes. Uses $getWorkflowStaticData to suppress duplicate alerts — you get one alert per outage, not one per poll cycle.
{
"name": "SpaceTech API & Integration Health Monitor",
"nodes": [
{
"id": "1",
"name": "Every 5 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "*/5 * * * *"
}
]
}
}
},
{
"id": "2",
"name": "Load Endpoints",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
450,
300
],
"parameters": {
"jsCode": "return [{json:{api_name:'ddtc_registration_api',health_url:'https://www.pmddtc.state.gov/sys_public/healthcheck',compliance_note:'ITAR 22 CFR 122.1 annual registration. Lapse = unlicensed exporter status.'}},{json:{api_name:'bis_snap_export_screening',health_url:'https://efts.bis.doc.gov/complete-search-service/search',compliance_note:'EAR 15 CFR 740 \u2014 export license check. Downtime = blind to denied party hits.'}},{json:{api_name:'faa_launch_license_api',health_url:'https://www.faa.gov/space/launch_and_reentry/healthcheck',compliance_note:'FAA 14 CFR Part 460 \u2014 license status. Downtime = launch go/no-go decision gap.'}},{json:{api_name:'fcc_ibfs_space_station',health_url:'https://licensing.fcc.gov/myibfs/healthcheck',compliance_note:'FCC 47 CFR Part 25 \u2014 orbital coordination. Downtime = frequency conflict blind spot.'}},{json:{api_name:'ofac_sdn_screening_api',health_url:'https://api.ofac.api/v1/health',compliance_note:'OFAC 31 CFR 501 \u2014 SDN screening. Downtime = unscreened transaction risk.'}}];"
}
},
{
"id": "3",
"name": "Split Endpoints",
"type": "n8n-nodes-base.splitInBatches",
"typeVersion": 3,
"position": [
650,
300
],
"parameters": {
"batchSize": 1
}
},
{
"id": "4",
"name": "HTTP Health Check",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
850,
300
],
"parameters": {
"method": "GET",
"url": "={{$json.health_url}}",
"timeout": 5000,
"continueOnFail": true
}
},
{
"id": "5",
"name": "Classify Status",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
1050,
300
],
"parameters": {
"jsCode": "const e=items[0].json;const statusCode=e.$response?.statusCode||0;const latency=parseInt(e.$response?.headers?.['x-response-time']||'0');let status='OK';let detail='';if(statusCode===0||statusCode>=500){status='DOWN';detail='No response or server error';}else if(statusCode>=400){status='DEGRADED';detail='HTTP '+statusCode;}else if(latency>3000){status='DEGRADED';detail='High latency: '+latency+'ms';}const lastState=$getWorkflowStaticData('global');const key='state_'+e.api_name;const alreadyAlerting=lastState[key]==='alerting';if(status!=='OK'){if(!alreadyAlerting){lastState[key]='alerting';return [{json:{...e,apiStatus:status,statusCode,detail,shouldAlert:true}}];}return [{json:{...e,apiStatus:status,shouldAlert:false}}];}lastState[key]='ok';return [{json:{...e,apiStatus:'OK',shouldAlert:false}}];"
}
},
{
"id": "6",
"name": "Alert If Down",
"type": "n8n-nodes-base.if",
"typeVersion": 2,
"position": [
1250,
300
],
"parameters": {
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{$json.shouldAlert}}",
"operator": {
"type": "boolean",
"operation": "true"
}
}
]
}
}
},
{
"id": "7",
"name": "Slack Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1450,
250
],
"parameters": {
"channel": "#compliance-ops",
"text": "=:red_circle: SPACETECH API {{$json.apiStatus}}: *{{$json.api_name}}* \u2014 {{$json.compliance_note}} Detail: {{$json.detail}}. Review immediately \u2014 ITAR/EAR/OFAC compliance clock may be running blind."
}
},
{
"id": "8",
"name": "Log Incident",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
1450,
380
],
"parameters": {
"operation": "append",
"documentId": "YOUR_SHEET_ID",
"sheetName": "spacetech_api_incidents",
"columns": {
"mappingMode": "defineBelow",
"value": {
"ts": "={{new Date().toISOString()}}",
"api": "={{$json.api_name}}",
"status": "={{$json.apiStatus}}",
"detail": "={{$json.detail}}",
"compliance": "={{$json.compliance_note}}"
}
}
}
}
],
"connections": {
"Every 5 Minutes": {
"main": [
[
{
"node": "Load Endpoints",
"type": "main",
"index": 0
}
]
]
},
"Load Endpoints": {
"main": [
[
{
"node": "Split Endpoints",
"type": "main",
"index": 0
}
]
]
},
"Split Endpoints": {
"main": [
[
{
"node": "HTTP Health Check",
"type": "main",
"index": 0
}
]
]
},
"HTTP Health Check": {
"main": [
[
{
"node": "Classify Status",
"type": "main",
"index": 0
}
]
]
},
"Classify Status": {
"main": [
[
{
"node": "Alert If Down",
"type": "main",
"index": 0
}
]
]
},
"Alert If Down": {
"main": [
[
{
"node": "Slack Alert",
"type": "main",
"index": 0
},
{
"node": "Log Incident",
"type": "main",
"index": 0
}
],
[]
]
}
}
}
What this does: Each alert includes the specific compliance obligation at risk during API downtime (e.g., 'FAA Part 460 launch license — downtime = launch go/no-go decision gap'). Deduplication via $getWorkflowStaticData prevents alert floods for sustained outages. Incidents logged to Google Sheets for audit trail.
3. ITAR/EAR/FAA/FCC/OFAC Deadline Tracker
Runs daily at 8AM. Reads a Google Sheet of compliance deadlines, classifies urgency by days remaining, and routes OVERDUE/CRITICAL to immediate Slack + email, WARNING to Slack ops channel, NOTICE to calendar channel.
{
"name": "SpaceTech Compliance Deadline Tracker",
"nodes": [
{
"id": "1",
"name": "Daily 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * *"
}
]
}
}
},
{
"id": "2",
"name": "Read Deadlines Sheet",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
450,
300
],
"parameters": {
"operation": "read",
"documentId": "YOUR_SHEET_ID",
"sheetName": "spacetech_compliance_deadlines"
}
},
{
"id": "3",
"name": "Classify Urgency",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
650,
300
],
"parameters": {
"jsCode": "const today=new Date();return items.map(i=>{const d=i.json;const due=new Date(d.due_date);const days=Math.round((due-today)/(1000*60*60*24));let urgency='UPCOMING';if(days<0)urgency='OVERDUE';else if(days<=3)urgency='CRITICAL';else if(days<=7)urgency='URGENT';else if(days<=30)urgency='WARNING';else if(days<=60)urgency='NOTICE';const deadlineMap={ITAR_DDTC_REGISTRATION_RENEWAL:'22 CFR 122.1 \u2014 annual by March 1. Lapse = unlicensed export of any ITAR-controlled item.',ITAR_TECHNICAL_DATA_ANNUAL_REVIEW:'22 CFR 120.50 \u2014 review all data flows for foreign national access. Each gap = deemed export.',EAR_LICENSE_EXPIRATION:'15 CFR 740/742/748 \u2014 export without valid license = \u00a7764.3 civil/criminal.',FAA_LAUNCH_LICENSE_RENEWAL:'14 CFR Part 431/435 \u2014 launch without valid license = \u00a7460.53 civil penalty.',FAA_MISHAP_FOLLOW_UP_REPORT:'14 CFR \u00a7460.51 \u2014 written report due 30 days after mishap notification.',FCC_SPACE_STATION_ANNUAL_REPORT:'47 CFR Part 25 \u2014 annual milestone report. Missing = license condition violation.',DDTC_DS2032_COMMODITY_JURISDICTION:'State Dept CJ determination \u2014 60-day response clock once submitted.',CMMC_L2_TRIENNIAL_ASSESSMENT:'DFARS 252.204-7021 \u2014 assessment due every 3 years for DoD contracts.',OFAC_SCREENING_QUARTERLY:'31 CFR 501 \u2014 quarterly full-list rescan of all customers and counterparties.',ITAR_TECHNICAL_ASSISTANCE_AGREEMENT_EXPIRY:'22 CFR 124 \u2014 TAA expiry = all activities under it stop. Renewal pipeline must start 90d out.',SOC2_TYPE2_RENEWAL:'AICPA SOC 2 \u2014 annual audit window. Lapse = enterprise sales blocker.',PENTEST_ANNUAL:'Internal security requirement \u2014 annual penetration test for network boundary.'};return {json:{...d,daysUntil:days,urgency,deadlineNote:deadlineMap[d.deadline_type]||d.deadline_type}};}).filter(i=>i.json.urgency!=='UPCOMING'||i.json.daysUntil<=60);"
}
},
{
"id": "4",
"name": "Switch Urgency",
"type": "n8n-nodes-base.switch",
"typeVersion": 1,
"position": [
850,
300
],
"parameters": {
"dataType": "string",
"value1": "={{$json.urgency}}",
"rules": {
"rules": [
{
"value2": "OVERDUE",
"output": 0
},
{
"value2": "CRITICAL",
"output": 0
},
{
"value2": "URGENT",
"output": 1
},
{
"value2": "WARNING",
"output": 2
},
{
"value2": "NOTICE",
"output": 3
}
]
}
}
},
{
"id": "5",
"name": "Slack CRITICAL",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1050,
200
],
"parameters": {
"channel": "#compliance-critical",
"text": "=:rotating_light: SPACETECH COMPLIANCE {{$json.urgency}}: *{{$json.deadline_type}}* for {{$json.entity_name}} \u2014 due {{$json.due_date}} ({{$json.daysUntil}}d). {{$json.deadlineNote}}"
}
},
{
"id": "6",
"name": "Gmail CRITICAL",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1050,
320
],
"parameters": {
"operation": "send",
"toList": "={{$json.owner_email}}",
"subject": "=SPACETECH {{$json.urgency}}: {{$json.deadline_type}} due {{$json.due_date}}",
"message": "={{$json.urgency}} \u2014 {{$json.daysUntil}} days remaining.\n\nDeadline: {{$json.deadline_type}}\nRegulation: {{$json.deadlineNote}}\nEntity: {{$json.entity_name}}\nDue: {{$json.due_date}}\nOwner: {{$json.owner_email}}\n\nAction required immediately."
}
},
{
"id": "7",
"name": "Slack WARNING",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1050,
440
],
"parameters": {
"channel": "#compliance-ops",
"text": "=:warning: SPACETECH {{$json.urgency}}: {{$json.deadline_type}} for {{$json.entity_name}} in {{$json.daysUntil}} days ({{$json.due_date}}). {{$json.deadlineNote}}"
}
},
{
"id": "8",
"name": "Slack NOTICE",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1050,
560
],
"parameters": {
"channel": "#compliance-ops",
"text": "=:calendar: SPACETECH NOTICE: {{$json.deadline_type}} for {{$json.entity_name}} in {{$json.daysUntil}} days."
}
}
],
"connections": {
"Daily 8AM": {
"main": [
[
{
"node": "Read Deadlines Sheet",
"type": "main",
"index": 0
}
]
]
},
"Read Deadlines Sheet": {
"main": [
[
{
"node": "Classify Urgency",
"type": "main",
"index": 0
}
]
]
},
"Classify Urgency": {
"main": [
[
{
"node": "Switch Urgency",
"type": "main",
"index": 0
}
]
]
},
"Switch Urgency": {
"main": [
[
{
"node": "Slack CRITICAL",
"type": "main",
"index": 0
},
{
"node": "Gmail CRITICAL",
"type": "main",
"index": 0
}
],
[
{
"node": "Slack WARNING",
"type": "main",
"index": 0
}
],
[
{
"node": "Slack NOTICE",
"type": "main",
"index": 0
}
],
[]
]
}
}
}
12 deadline types tracked:
| Deadline Type | Regulation | Key Risk |
|---|---|---|
| ITAR_DDTC_REGISTRATION_RENEWAL | 22 CFR §122.1 | Lapse = unlicensed exporter status — all ITAR activities illegal |
| ITAR_TECHNICAL_DATA_ANNUAL_REVIEW | 22 CFR §120.50 | Each unreviewed data flow = potential deemed export |
| EAR_LICENSE_EXPIRATION | 15 CFR §740/742 | Export without valid license = §764.3 civil/criminal |
| FAA_LAUNCH_LICENSE_RENEWAL | 14 CFR Part 431/435 | Launch without license = §460.53 civil penalty + grounding |
| FAA_MISHAP_FOLLOW_UP_REPORT | 14 CFR §460.51 | 30d written report after 8h verbal notification |
| FCC_SPACE_STATION_ANNUAL_REPORT | 47 CFR Part 25 | License condition violation if missed |
| DDTC_DS2032_COMMODITY_JURISDICTION | State Dept CJ | 60-day determination clock once submitted |
| CMMC_L2_TRIENNIAL_ASSESSMENT | DFARS §252.204-7021 | DoD contract performance condition |
| OFAC_SCREENING_QUARTERLY | 31 CFR §501 | Full-list rescan required every quarter |
| ITAR_TECHNICAL_ASSISTANCE_AGREEMENT_EXPIRY | 22 CFR §124 | TAA expiry = all activities under it stop immediately |
| SOC2_TYPE2_RENEWAL | AICPA SOC 2 | Enterprise sales blocker if lapsed |
| PENTEST_ANNUAL | Internal security | Network boundary penetration test |
4. SpaceTech Incident Response Pipeline
Webhook-triggered. Receives incident events (ITAR disclosure, EAR export, OFAC match, FAA mishap, FCC orbital debris event, DoD CUI breach) and immediately routes to the right Slack channel, emails CCO and export counsel, and logs to Google Sheets.
{
"name": "SpaceTech Incident & Regulatory Breach Pipeline",
"nodes": [
{
"id": "1",
"name": "Incident Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
250,
300
],
"parameters": {
"httpMethod": "POST",
"path": "spacetech-incident",
"responseMode": "onReceived"
}
},
{
"id": "2",
"name": "Classify Incident",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
450,
300
],
"parameters": {
"jsCode": "const d=items[0].json;const incidentMap={ITAR_UNAUTHORIZED_DISCLOSURE:{sla:'IMMEDIATE \u2014 no corrective window. 22 CFR 127.1 criminal referral. Voluntary disclosure mitigates penalty.',slack:'#compliance-critical',regulation:'22 CFR Part 127 \u2014 criminal: up to 20 years/$1M per violation',action:'Engage ITAR export counsel immediately. Document scope. File voluntary disclosure with DDTC. Do NOT discuss externally until counsel clears.'},EAR_UNAUTHORIZED_EXPORT:{sla:'IMMEDIATE \u2014 15 CFR 764.3. BIS voluntary self-disclosure recommended.',slack:'#compliance-critical',regulation:'15 CFR Part 764 \u2014 civil: up to $365K/violation; criminal: up to $1M/20yr',action:'Stop all pending exports. Engage export counsel. File voluntary self-disclosure with BIS within 180 days for mitigation credit.'},OFAC_SDN_MATCH:{sla:'IMMEDIATE \u2014 freeze before transaction completes. 31 CFR 501.603.',slack:'#compliance-critical',regulation:'31 CFR Part 501 \u2014 civil: up to $1.5M/violation + criminal referral',action:'Freeze transaction immediately. Do NOT tip off customer (IEEPA anti-structuring). Report to OFAC within 10 business days via OFAC SDN reporting portal.'},FAA_SERIOUS_MISHAP:{sla:'8 hours \u2014 14 CFR 460.51(a) immediate verbal notification to FAA AST.',slack:'#compliance-critical',regulation:'14 CFR Part 460 \u2014 launch operator liability + license suspension risk',action:'Notify FAA Office of Commercial Space Transportation verbally within 8 hours. Written report within 30 days. Preserve all telemetry and launch data.'},FAA_MINOR_MISHAP:{sla:'30 days \u2014 14 CFR 460.51(b) written report.',slack:'#compliance-ops',regulation:'14 CFR Part 460 \u2014 minor mishap reporting',action:'Document incident immediately. File written report with FAA AST within 30 days. Assess for license condition implications.'},FCC_ORBITAL_DEBRIS_INCIDENT:{sla:'24 hours \u2014 47 CFR Part 25.283 notify FCC of debris-generating event.',slack:'#compliance-critical',regulation:'47 CFR Part 25.283 \u2014 orbital debris mitigation. License condition violation.',action:'Notify FCC International Bureau within 24 hours. Document orbital parameters at incident time. Engage space law counsel.'},DDTC_UNAUTHORIZED_BROKERING:{sla:'IMMEDIATE \u2014 22 CFR 129.6 criminal referral.',slack:'#compliance-critical',regulation:'22 CFR Part 129 \u2014 brokering registration. Criminal: up to 20yr/$1M.',action:'Stop all brokering activity. Engage ITAR counsel. File voluntary disclosure with DDTC. Do NOT continue pending transactions.'},CMMC_CUI_BREACH:{sla:'72 hours \u2014 DFARS 252.204-7012(c)(2) report to DoD CIO.',slack:'#compliance-critical',regulation:'DFARS 252.204-7012 / NIST SP 800-171 \u2014 CUI breach on defense contracts',action:'Notify DoD CIO and DCSA within 72 hours via DIBNet portal. Preserve all logs. Assess contract performance impact.'}};const cfg=incidentMap[d.incident_type]||{sla:'Review required',slack:'#compliance-ops',regulation:'Unknown',action:'Escalate to CCO and export counsel'};return [{json:{...d,sla:cfg.sla,slackChannel:cfg.slack,regulation:cfg.regulation,action:cfg.action,ts:new Date().toISOString()}}];"
}
},
{
"id": "3",
"name": "Slack Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
650,
200
],
"parameters": {
"channel": "={{$json.slackChannel}}",
"text": "=:rotating_light: SPACETECH COMPLIANCE INCIDENT: *{{$json.incident_type}}*\nSLA: {{$json.sla}}\nRegulation: {{$json.regulation}}\nAction: {{$json.action}}\nEntity: {{$json.entity_id}} | Program: {{$json.program_name}}\nDetected: {{$json.ts}}"
}
},
{
"id": "4",
"name": "Gmail CCO & Export Counsel",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
650,
340
],
"parameters": {
"operation": "send",
"toList": "cco@yourcompany.com,exportcounsel@yourfirm.com",
"subject": "=SPACETECH COMPLIANCE INCIDENT: {{$json.incident_type}} \u2014 {{$json.sla}}",
"message": "=Incident: {{$json.incident_type}}\nSLA clock: {{$json.sla}}\nRegulation: {{$json.regulation}}\nRequired action: {{$json.action}}\n\nEntity: {{$json.entity_id}}\nProgram: {{$json.program_name}}\nDetected: {{$json.ts}}\n\nThis notification is automatically generated. Engage ITAR/export counsel immediately for any DDTC/BIS/OFAC matter."
}
},
{
"id": "5",
"name": "Log Incident",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
650,
480
],
"parameters": {
"operation": "append",
"documentId": "YOUR_SHEET_ID",
"sheetName": "spacetech_incident_log",
"columns": {
"mappingMode": "defineBelow",
"value": {
"ts": "={{$json.ts}}",
"incident_type": "={{$json.incident_type}}",
"entity_id": "={{$json.entity_id}}",
"program_name": "={{$json.program_name}}",
"sla": "={{$json.sla}}",
"regulation": "={{$json.regulation}}",
"action_taken": "pending",
"cco_notified": "True",
"counsel_notified": "True"
}
}
}
}
],
"connections": {
"Incident Webhook": {
"main": [
[
{
"node": "Classify Incident",
"type": "main",
"index": 0
}
]
]
},
"Classify Incident": {
"main": [
[
{
"node": "Slack Alert",
"type": "main",
"index": 0
},
{
"node": "Gmail CCO & Export Counsel",
"type": "main",
"index": 0
},
{
"node": "Log Incident",
"type": "main",
"index": 0
}
]
]
}
}
}
8 incident types with pre-configured SLA clocks:
| Incident Type | SLA | Regulation | Key Action |
|---|---|---|---|
| ITAR_UNAUTHORIZED_DISCLOSURE | IMMEDIATE | 22 CFR §127.1 — 20yr/$1M criminal | Engage ITAR counsel + DDTC voluntary disclosure |
| EAR_UNAUTHORIZED_EXPORT | IMMEDIATE | 15 CFR §764.3 — $365K civil/criminal | Stop exports + BIS voluntary self-disclosure within 180d |
| OFAC_SDN_MATCH | IMMEDIATE | 31 CFR §501.603 | Freeze + OFAC report within 10 business days (no tip-off) |
| FAA_SERIOUS_MISHAP | 8 hours | 14 CFR §460.51(a) | Verbal notification to FAA AST within 8h |
| FAA_MINOR_MISHAP | 30 days | 14 CFR §460.51(b) | Written report to FAA AST within 30d |
| FCC_ORBITAL_DEBRIS_INCIDENT | 24 hours | 47 CFR Part 25.283 | Notify FCC International Bureau within 24h |
| DDTC_UNAUTHORIZED_BROKERING | IMMEDIATE | 22 CFR §129.6 — criminal | Stop all brokering + DDTC voluntary disclosure |
| CMMC_CUI_BREACH | 72 hours | DFARS §252.204-7012(c)(2) | Notify DoD CIO via DIBNet within 72h |
5. Weekly SpaceTech SaaS KPI Dashboard
Runs every Monday at 8AM. Queries KPIs, builds an HTML report, emails CEO with CCO and VP Compliance on BCC, and posts a Slack summary to #executive-summary.
{
"name": "Weekly SpaceTech SaaS KPI Dashboard",
"nodes": [
{
"id": "1",
"name": "Monday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
}
},
{
"id": "2",
"name": "Query KPIs",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
450,
300
],
"parameters": {
"operation": "executeQuery",
"query": "SELECT COUNT(DISTINCT customer_id) AS active_customers, SUM(mrr_usd) AS mrr_usd, SUM(CASE WHEN tier='ENTERPRISE_LAUNCH_SERVICES_VENDOR' THEN mrr_usd ELSE 0 END) AS enterprise_launch_mrr, COUNT(DISTINCT CASE WHEN itar_registered=true THEN customer_id END) AS itar_registered_customers, SUM(ofac_screenings_7d) AS ofac_screenings, COUNT(DISTINCT CASE WHEN faa_license_active=true THEN customer_id END) AS faa_licensed, COUNT(DISTINCT CASE WHEN itar_incident_open=true THEN customer_id END) AS itar_open_incidents, MIN(ddtc_renewal_days_remaining) AS nearest_ddtc_renewal_days FROM spacetech_metrics WHERE period_end >= NOW() - INTERVAL '7 days'"
}
},
{
"id": "3",
"name": "Build KPI Report",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
650,
300
],
"parameters": {
"jsCode": "const d=items[0].json;const prev=$getWorkflowStaticData('global');const mrrWoW=prev.mrr?(((d.mrr_usd-prev.mrr)/prev.mrr)*100).toFixed(1)+'%':'N/A';const custWoW=prev.customers?(((d.active_customers-prev.customers)/prev.customers)*100).toFixed(1)+'%':'N/A';const ddtcAlert=d.nearest_ddtc_renewal_days<90?'ALERT: DDTC renewal <90 days \u2014 '+d.nearest_ddtc_renewal_days+'d':'OK';const html='<h2>SpaceTech SaaS Weekly KPIs</h2><table border=\"1\" cellpadding=\"6\"><tr><th>Metric</th><th>Value</th><th>WoW</th></tr><tr><td>Active Customers</td><td>'+d.active_customers+'</td><td>'+custWoW+'</td></tr><tr><td>MRR</td><td>$'+Number(d.mrr_usd).toLocaleString()+'</td><td>'+mrrWoW+'</td></tr><tr><td>Enterprise Launch MRR</td><td>$'+Number(d.enterprise_launch_mrr).toLocaleString()+'</td><td>-</td></tr><tr><td>ITAR-Registered Customers</td><td>'+d.itar_registered_customers+'</td><td>-</td></tr><tr><td>OFAC Screenings (7d)</td><td>'+d.ofac_screenings?.toLocaleString()+'</td><td>-</td></tr><tr><td>FAA-Licensed Customers</td><td>'+d.faa_licensed+'</td><td>-</td></tr><tr><td>Open ITAR Incidents</td><td>'+d.itar_open_incidents+'</td><td>-</td></tr><tr><td>Nearest DDTC Renewal</td><td>'+d.nearest_ddtc_renewal_days+'d</td><td>'+ddtcAlert+'</td></tr></table>';$getWorkflowStaticData('global').mrr=d.mrr_usd;$getWorkflowStaticData('global').customers=d.active_customers;return [{json:{...d,html,mrrWoW,custWoW,ddtcAlert}}];"
}
},
{
"id": "4",
"name": "Gmail CEO + BCC CCO",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
850,
300
],
"parameters": {
"operation": "send",
"toList": "ceo@yourcompany.com",
"bccList": "cco@yourcompany.com,vp.compliance@yourcompany.com",
"subject": "=SpaceTech Weekly KPIs \u2014 MRR {{$json.mrrWoW}} WoW | ITAR incidents: {{$json.itar_open_incidents}}",
"message": "={{$json.html}}"
}
},
{
"id": "5",
"name": "Slack Summary",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
850,
420
],
"parameters": {
"channel": "#executive-summary",
"text": "=:rocket: SpaceTech Weekly: {{$json.active_customers}} customers | MRR ${{$json.mrr_usd?.toLocaleString()}} ({{$json.mrrWoW}} WoW) | ITAR customers: {{$json.itar_registered_customers}} | Open ITAR incidents: {{$json.itar_open_incidents}} | OFAC screenings 7d: {{$json.ofac_screenings}} | DDTC renewal: {{$json.ddtcAlert}}"
}
}
],
"connections": {
"Monday 8AM": {
"main": [
[
{
"node": "Query KPIs",
"type": "main",
"index": 0
}
]
]
},
"Query KPIs": {
"main": [
[
{
"node": "Build KPI Report",
"type": "main",
"index": 0
}
]
]
},
"Build KPI Report": {
"main": [
[
{
"node": "Gmail CEO + BCC CCO",
"type": "main",
"index": 0
},
{
"node": "Slack Summary",
"type": "main",
"index": 0
}
]
]
}
}
}
What this does: Tracks MRR by tier (with enterprise launch services segmented separately), ITAR-registered customer count, open ITAR incidents, FAA-licensed customer count, OFAC screening volume, and DDTC renewal calendar. The $getWorkflowStaticData WoW delta calculation catches MRR and customer-count inflections automatically.
Self-Hosting vs. Cloud iPaaS: The SpaceTech Compliance Argument
| Requirement | Cloud iPaaS | Self-Hosted n8n |
|---|---|---|
| ITAR §120.50 deemed export | Cloud employees = foreign national access = potential unlicensed export | Runs inside your ITAR-controlled network. No third-party access to technical data. |
| EAR §734.13 deemed export | Same risk as ITAR for EAR-controlled technology | Eliminated by network isolation. |
| FAA §460.51 mishap response | 8-hour clock requires zero latency in alert chain | On-premise automation = no cloud queue delays |
| FCC Part 25 orbital data | Orbital parameters + spectrum data in cloud = uncontrolled dissemination risk | Stays inside your network perimeter |
| CMMC Level 2 CUI | Cloud iPaaS = unassessed external system in CUI flow = DFARS §252.204-7012 violation | Self-hosted n8n inside CMMC enclave = within assessed boundary |
For SpaceTech SaaS vendors selling to launch operators, satellite operators, and defense contractors, self-hosted n8n is not a technical preference — it is an ITAR structural requirement.
Get the Full Workflow Bundle
All 5 workflows with full JSON, Google Sheets templates, and configuration guides are in the FlowKit n8n Automation Bundle:
FlowKit n8n Bundle — stripeai.gumroad.com
Individual templates: $12-$29. Bundle: $97.
FlowKit builds n8n automation templates for compliance-heavy SaaS verticals. Templates are starting points — always validate with qualified legal counsel for your specific regulatory obligations.
Top comments (0)