Liability for a project exposed to ITAR regulations

All thing aside, it's a US Law. Are you running a US based consultancy or dealing with a US based client?
In any case merely pointing that this is probably the wrong forum to ask as we don't have the slightest on how to deal with US Law.

I don't know the answer but I wouldn't get too hung up on the term 'Ignorance is no defence'. You have to be pretty bloody stupid to get in to that situation. Proof of reasonable diligence will get you out of this hole and make any problems much easier. I am not saying it is the answer and you can rest on your laurels particularly when it comes to this type of legislation but making a mistake due to perception of the rules or grey areas is a far cry from ignorance. Look at HMRC for example.. the same can be said for your tax returns and if they prove you have been ignorant they will throw the book at you. If you have tried to do something and made a mistake the penalties will be much less severe with the options to negotiate a resolution.

Maybe a start would be check your contract and see if any clauses such as your client owning any IP that might help you or be wary of clauses saying you are responsible for what you deliver or something.

I presume they insisted you had PI insurance before taking the gig as well?

I would be asking your client about this as well. They may believe the buck stops with them and have no policy to chase contractors. I would assume they have a set of lawyers to make sure they are covered so could they not consult them on your situation? I would have thought they would have a handle on compliance and subcontractors already.

Failing all that maybe speak to some law firm that specialises in it like the one below for example?

http://www.fluetlaw.com/ITAR-compliance#.UidnCdI3t8E

This seems to be an American regulation. Is your company incorporated in the USA? Are you an American citizen? Will you live and work in the USA? Do you travel to the USA a lot?

I would be inclined to think that the authorities would go for the biggest player and that would be the end client. I doubt that the client could just say "Oh, some consultancy hired some contractor with a fly-by-night UK LTD company to do that and we know nothing about what he did so it's not our fault" - that's probably what they mean by "ignorance is no excuse".

I'd check my PI insurance carefully though....

I am not sure this is right. I did ITAR clearance when working for a large UK defence company. I think anyone doing business with a US company still has to comply. I also thought the fact he said it has to be ITAR compliant means he was actually building to specs, not being subject to the regulations himself.

I read in to it if he designs a system that (I am guessing but as an example) shouldn't allow you to view a weapon design document without security being applied to the opening of every document and his system allows it cause he forgot to put it in can he be sued for the work he did on the system that failed to be compliant.... rather than actually breaking ITAR rules.

Very good example... and drilling down if the company said they did diligence and point the finger at the contractor and he says 'No idea about ITAR just designed a system like I normally do' 'ignorance is no excuse' would factor.

Thanks for your replies. I spoke to the legal dept of the end client who are willing to accept all responsibility to deliver a design to their specification.

The ITAR regulations are applied to all nationalities. This was what got that guy who sold batteries to the Iranians for use in missiles extradited to and jailed in the US. The client have given to my consultancy that they would not chase liability with us, and I am fairly happy I won't end up in Guantanamo anytime soon as the type of material is not high security stuff, but more like schematics for satellite insurance claims.

You are missing something fairly major here.... get it in writing!!!

The foreign and commonwealth office will help you in this matter. Give them a ring. It will be in their interest to make sure that whatever you are creating in this country does not get sent abroad where it can be misused.
I am guessing that your software would be able to pinpoint orbits of said satellites and do other quite complex computational modeling. Despite what your client might want there will be implications of this sort of stuff...

Talking to the FCO at least shows you were not Ignorant of the issue and did your best to cover yourself with the authorities and seek assistance...