Archive for the ‘ECCN Changes’ Category

Cyber-Surveillance Export Control Reform in the United States

2019/01/31

By: Peter Lichtenbaum (plichtenbaum@cov.com), David W. Addis (daddis@cov.com), and Doron O. Hindin (dhindin@cov.com) are attorneys in the International Trade practice at Covington & Burling LLP. Mr. Lichtenbaum previously served as Assistant Secretary of Commerce for Export Administration.

Based on recent US agency actions and statements, the US government is likely to update soon its export controls on intrusion software (including exploit research), network surveillance systems, and intelligence collection tools.

Collectively, these items consist of equipment, software, and technologies designed to gain access to, surveil, and control third-party electronic devices. These highly effective tools are increasingly being used for nefarious purposes, such as by ‘black hat’ hackers to steal sensitive information and extort corporations and private individuals, and by authoritarian government regimes to repress dissidents. However, such products are also routinely used by ‘white hat’ cybersecurity specialists to protect systems and data as well as by legitimate government intelligence and law enforcement agencies to achieve critical national security objectives.

As background, and as discussed further below, the US Commerce Department sought in 2014-15 to limit the proliferation of these items through proposed export control regulations on ‘intrusion software’ and ‘IP network communications surveillance systems,’ but that regulatory endeavour lapsed in 2016 in the face of resolute opposition by industry and civil society.

However, the US government has maintained its overall objective of regulating cyber-surveillance and intelligence-gathering tools through export controls. To that end, the Commerce Department and State Department are working toward a series of regulatory changes that, in the aggregate, would significantly change export controls over cyber and intelligence products.

This article surveys these regulatory developments and evaluates what to expect from the US government in the months ahead.

Wassenaar cyber-surveillance controls and  US exceptionalism

In December 2013, the cyber industry result of proposals by France and the United Kingdom, the Wassenaar Arrangement’s List of Dual-Use Goods and Technologies and the Munitions List (collectively, the ‘Wassenaar List’) was amended to cover, for the first time, ‘intrusion software’ and “IP network communications surveillance’ systems. This proposal was made a result of concerns from non-government organisations that certain repressive governments were able to use such software and systems to eavesdrop on dissidents and reporters within their societies.

The new 2013 language covered commodities, software, and technology for the generation, operation, or delivery of, or communication with, ‘intrusion software,’ defined as:

Software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network-capable device, and performing any of the following:

(a) The extraction of data or information, from a computer or network-capable device, or the modification of system or user data; or

(b) The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions.

(Notes and quotation marks omitted)

In addition, the updated 2013 Wassenaar List covered communications surveillance systems, and related commodities, software, and technologies, specially designed to extract, index, search, and map metadata from carrier class IP networks, such as national grade IP backbones.3

The controls over intrusion software and IP network communications surveillance systems were immediately implemented by the export control authorities of a number of countries for which the Wassenaar List is self- executing. In other countries, the Wassenaar List requires subsequent implementing legislation, but is then generally adopted verbatim, such as in the European Union.

By contrast, the United States does not automatically adopt Wassenaar List amendments. Rather, after amendments are adopted at annual Wassenaar plenary meetings, the US government launches an interagency review process, which routinely involves seeking industry comments, to determine national security, foreign policy, and economic impacts of the Wassenaar amendments. Following that process, the US government typically adopts the amendments, but frequently modifies the language to reflect US-specific interests and so that it fits neatly within either the Commerce Control List (‘CCL’) – administered by the US Department of Commerce, Bureau of Industry and Security (‘BIS’) pursuant to the Export Administration Regulations (‘EAR’) – or the US Munitions List (‘USML’) – administered by the Department of State, Directorate of Defense Trade Controls (‘DDTC’) pursuant to the International Traffic in Arms Regulations (‘ITAR’).

The US government took this approach with respect to Wassenaar’s 2013 cyber-surveillance amendments. Ultimately, in May 2015, BIS published a proposed rule to incorporate the 2013 Wassenaar intrusion software controls into CCL category 4 and the controls over IP network communications surveillance systems into CCL category 5 part 1.

BIS’s proposed rule elicited a deluge of public comments from industry and civil society. Many of the commenters expressed serious concern that because the Wassenaar language was, in their view, overly broad, its incorporation into the CCL would chill global ‘white hat’ exploit and vulnerability research and would otherwise undermine US national security and economic interests.6 For example, commenters presented BIS with hypothetical scenarios in which exploit researchers uncover vulnerabilities in software platforms of foreign vendors but are then prevented from immediately notifying those vendors of the risks, due to a requirement to first obtain export controls licensing from BIS. Similarly, commenters argued that the proposed rule could unjustifiably require victims of rootkit or other malicious software attacks to obtain licensing prior to sharing their infected device with non-US forensic specialists.7  Others explained that adopting the Wassenaar language would be counterproductive to US national security and economic interests by imprudently controlling general purpose programming environments, such as integrated design environments, and commonly used defensive cyber tools, such as penetration testing products, adaptable end point detection and response tools, auto-updating antivirus and antimalware programs, and forensic exploit toolkits.

The industry concerns prompted BIS to publish 32 clarifying frequently asked questions (‘FAQs’), which in turn prompted yet further industry pushback.9 Ultimately, the force of the industry concern resulted in a 2016 letter by then-Secretary of Commerce Penny Pritzker to cyber industry representatives notifying them that in light of industry feedback and input from Congress, academia, and civil society, the United States would not implement the Wassenaar 2013 intrusion software controls.10 The letter further committed that the US government would advocate at upcoming Wassenaar plenary meetings for the Wassenaar List to be amended by deleting the intrusion software controls in their entirety.

To date, the intrusion software controls in the Wassenaar List have not been eliminated.11 However, as explained by BIS in a recent FAQ, US government efforts have been successful in negotiating limited changes to the Wassenaar List, ‘in order to minimize the negative impact the [intrusion software] entries would have.

A particularly significant development that the FAQ attributes to US negotiation efforts is that as of 7 December 2017, the Wassenaar List now clarifies that the technology controls on intrusion software ‘do not apply to “vulnerability disclosure” or “cyber incident response”, new terms of art in the Wassenaar List with corresponding definitions. This important clarification provides welcome relief to vendors worldwide, who are often mandated by contract or by prevailing regulation to respond without delay to data breaches. The change also offers a needed safe- harbour for exploit researchers and cybersecurity   specialists   worldwide who can now receive, analyse, and remediate vulnerabilities without delay.

A second change to the Wassenaar List discussed in the BIS FAQ is that the list now clarifies that software that provides updates or upgrades that are authorised by the owner or operator of the target system would not be controlled as intrusion software, as long as the software itself was not specially designed to update intrusion software  or  command  and  delivery platforms for intrusion software.14 That clarification was necessary to avoid unnecessarily controlling general purpose design environments, auto- updating anti-virus tools, and other pervasive and commercially available software tools, while focusing controls only on more aggressive command and delivery platforms for intrusion software, such as exploit toolkits and penetration testing tools.

Shortly after these Wassenaar changes were agreed to, Rob Joyce, the White House cybersecurity coordinator at the time, praised the US negotiating achievements: ‘We applaud the hard work of the US interagency and our partners in industry, the research community, and foreign governments to clarify software and technology controls that could have had a negative impact on legitimate cybersecurity.’

However, notwithstanding these negotiation successes, BIS has acknowledged that they are only an initial step towards addressing the concerns raised in response to its 2015 rulemaking proposal, and that a number of alternative next steps remain possible:

‘We have not decided on a next step yet [concerning intrusion software]. There are a range of possible actions we could take, including returning to Wassenaar in 2018 to negotiate further changes to the text, publishing a rule to implement the text, or publishing a notice of inquiry or proposed rule for further comment.’17

Subsequently, on 24 October 2018, BIS finalised implementation of the

2017 Wassenaar List. To the continued relief of the cybersecurity industry, neither Wassenaar’s category 4 intrusion software nor its category 5 part 1 IP network communications surveillance entries were incorporated in the CCL.

However, BIS’s recent CCL update, which implements the most current Wassenaar List but continues to exclude that list’s controls over cyber- surveillance tools, by no means signals a retreat by the US government from asserting control over those tools. In fact, other regulatory developments, surveyed below, signal the opposite: cyber-surveillance applications, including exploit research, may be the subject of a broad regulatory reform.

ECRA foundational technologies– comment period

On 13 August 2018, Congress enacted the Export Control Reform Act of 2018 (‘ECRA’), which established a formal interagency process to identify and regulate emerging and foundational technologies that are deemed ‘essential to the US national security’ and are not otherwise controlled for export purposes.

The interagency process established under ECRA has already led to a 19 November 2018 publication in the Federal Register of an advance notice of proposed rulemaking for the ‘Review of Controls for Emerging Technologies. As described in the notice’s preamble, BIS‘ seeks   public   comment [by 10 January 2019] on criteria for identifying emerging technologies that are essential to US national security, for example because they have potential conventional weapons, intelligence collection, weapons of mass destruction, or terrorist applications or could provide the United States with a qualitative military or intelligence advantage. (Emphases added)

In addition, a specific category of representative emerging technologies proposed in the notice is: ‘Advanced surveillance  technologies,  such  as: Faceprint and voiceprint technologies.’ Commerce will publish a separate notice of proposed rulemaking related to ‘foundational’ technologies, which could   also   potentially   encompass cyber-surveillance tools and technologies.

The emphasis in the November notice’s preamble on intelligence collection and the US intelligence advantage, and the inclusion of a dedicated emerging technology category of ‘[a]dvanced surveillance technologies,’ relates directly to the government’s ongoing efforts at leveraging export controls to curtail the proliferation of intrusion software and surveillance technologies.

As discussed above, the 2013 Wassenaar cyber-surveillance amendments originated from proposals by European governments and the US government yielded to the barrage of public disapproval that they generated. By contrast, under ECRA, the US Congress has explicitly directed the US administration to identify, and impose export controls on, emerging and foundational technologies, which the government has in turn interpreted to include advanced surveillance technologies, including for intelligence collection purposes. With ECRA as its tailwind, the US government might be more determined to impose controls on cyber-surveillance items, particularly if these controls are limited based on the Wassenaar amendments discussed above.

Human rights export controls for the 21st Century

On 9 May 2018, and in parallel to ECRA developments, Senator Marco Rubio and Representative Chris Smith, on behalf of the Congressional- Executive Commission on China (‘CECC’), transmitted a letter to Secretary of Commerce Wilbur Ross identifying that compelling evidence indicates that, notwithstanding current US export controls, US companies are selling Chinese authorities advanced products used for ‘surveillance, detection, and censorship’.20 The congressmen in the letter explicitly asked the Secretary to explain what new legislation or new authorities [are] needed to revisit/revise export control regulations so they are consistent with the rapid evolution of technology,’ and whether any ‘software or technology which could be used for the purpose of domestic repression, [is] subject to export controls with respect to Chinese end-users of concern?

These concerns and the need to ‘revisit/reform export control regulations’ were echoed in CECC’s 2018 annual report, published on 10 October 2018, which recommends that the US administration ‘Revamp Export Controls,’ including by amending the USML to include ‘new technologies… [that] enhance surveillance and the ability of security forces to repress universally recognized human rights.’21

In response, the Secretary of Commerce reportedly informed CECC by letter that by the autumn of 2018, the Department of Commerce would propose new ‘human rights controls for the 21st century’. The concept would be to update the Commerce Department’s so-called ‘Crime Controls’, under which the department regulates items of traditional human rights concerns such as leg shackles, thumbscrews and police batons. The new proposal would focus on high-technology items that can facilitate human rights abuses. It is unclear how this development would relate to the ECRA rulemaking discussed above, but it may provide a more expedited vehicle for Commerce to control intrusion software platforms or surveillance tools, compared with the ECRA process. In particular, this could be the case with respect to software items that are long- established technologies, since the ECRA      process      for      identifying

‘foundational’ technologies has not yet even started. Even the ECRA ‘emerging’ technologies process will probably not result in an actual proposed rule until sometime in 2019. By contrast, the ‘human rights’ rulemaking is expected to involve publication of a proposed rule in December 2018.

USML category XI(b)

A further indication of forthcoming controls on intrusion software and surveillance technologies was DDTC’s announcement on 30 August 2018, of a 12-month extension of the application of USML category XI(b), in order to provide DDTC with the opportunity to complete a ‘wholesale revision of USML category XI.’

Category XI(b) – the scope of which has been the subject of ongoing interagency debate and numerous rulemaking processes23 – is the principal USML entry intended to capture national-level intelligence collection tools:

* [XI](b) Electronic systems, equipment or software, not elsewhere enumerated in this subchapter, specially designed for intelligence purposes that collect, survey, monitor, or exploit, or analyze and produce information from, the electromagnetic spectrum (regardless of transmission medium), or for counteracting such activities.

Currently, the broad formulation of category XI(b) serves as a strong hook for the US government to control sensitive intrusion software platforms or IP network surveillance technologies. At the same time, category XI(b)’s fairly abstract language has also historically provided exporters with tenable arguments to justify self-classifications of intelligence collection items under BIS jurisdiction, to the extent those items are more accurately described in the CCL. A discussion of the numerous surveillance- and intelligence-related export control classification numbers on the CCL, as well as BIS’s policies governing surreptitious listening and cryptographic or cryptanalytic items, is beyond the scope of this article. Nonetheless, it is worth noting that these Commerce Department controls and policies, and attendant licence exceptions, have proven relevant for various vulnerability software and surveillance tools that may routinely be sold to local law enforcement or private security firms and that are more precisely captured under the EAR, and not under the ITAR’s USML category XI(b) controls.

However, that all may change with the as-yet-unknown ramifications of DDTC’s ‘wholesale revision of USML Category XI’. The DDTC’s undertaking with respect to category XI should be viewed in conjunction with the Wassenaar, ECRA, and China Commission developments discussed above, which collectively signal forthcoming export controls over intrusion software and surveillance technologies.

Conclusion

The confluence of efforts by the US delegation at Wassenaar; pending ECRA rulemaking on emerging technologies, and the expected similar ECRA rulemaking on foundational technologies; encouragement by Congress for revised Commerce Department ‘human rights controls for the 21st century’; and impending revisions of USML category XI(b) by the State Department, collectively signal a forthcoming reform in US export controls over intrusion software (including potentially exploit research), network communications surveillance systems, and intelligence-collection tools.

Those likely to be most affected by such reforms should closely monitor the concurrent agency processes discussed above. Stakeholders should also consider proffering feedback and insights to government, so that the emerging rules appropriately reflect values of human rights, national security, foreign policy and economic interests.

More Information: https://www.cov.com/-/media/files/corporate/publications/2018/12/cybersurveillance_reform_in_the_united_states.pdf

Links and notes

1    The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Technologies is a multilateral organisation with 42 member states, and several other non-member observers, that collaborate on export controls.

2    Wassenaar List (2013), Category 4.A.5.

3    Wassenaar Category 5.A.1.j.

4    The European Union, for example, adopted the 2013 Wassenaar List controls on 22 October 2014. See: Commission delegated regulation, (EU) No. 7567/2014 (Oct. 22, 2014), at http://ec.europa.eu/transparency/regdoc/rep/3/2014/ EN/3-2014-7567-EN-F1-1.PDF, entering into force on December 31, 2014, pursuant to Commission delegated regulation (EU) No. 1382/2014, OJ L 371/1, (30 December 2014).

5    Department of Commerce, Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items, Proposed Rule with Request for Comments, 80 Fed. Reg. 28553 (20 May 2015).

6    See e.g., Comments to the US Department of Commerce on Implementation of 2013 Wassenaar Arrangement Plenary Agreements (RIN 0694-AG49) On Behalf Of Access, Center for Democracy & Technology, Collin Anderson, Electronic Frontier Foundation, Human Rights Watch, and New America’s Open Technology Institute (20 July 2015), available at https://www.eff.org/files/2015/07/21/jointwassenaarc omments-final-1.pdf.

7    See https://www.cs.dartmouth.edu/~sergey/drafts/ wassenaar-public-comment.pdf http://trade.ec.europa.eu/doclib/docs/2017/december /tradoc_156502.pdf

8    See e.g., BIS 2015 ‘Intrusion and Surveillance Items Frequently Asked Questions (‘FAQ’),’ at FAQs 8, 12, 16, and 29, available as an archived webpage at: https://web.archive.org/web/20150908025350/https://www.bis.doc.gov/index.php/policy- guidance/faqs?view=category&id=114#subcat200.

9    Id; See Mailyn Fidler, Proposed US Export Controls: Implications for Zero-Day Vulnerabilities and Exploits at Lawfareblog.com (10 June 2015), available at, https://www.lawfareblog.com/proposed-us-export- controls-implications-zero-day-vulnerabilities-and-exploits

10   Letter From The Honorable Secretary of Commerce, Ms. Penny Pritzker, To American Petroleum Alliance (API), et. al. (1 March 2016), available at https://www.bis.doc.gov/index.php/forms- documents/about-bis/newsroom/1434-letter-from-secre tary-pritzker-to-several-associations-on-the- implementation-of-the-wassenaar-arrang/file.

11   Tami Abdollah, US fails to renegotiate arms control rule for hacking tools, Associated Press (19 December 2016), available at https://apnews.com/c0e437b2e24c4b68bb7063f03ce892b5 (noting that initial attempts in 2016 at renegotiating the controls were unsuccessful); Garett Hinck, Wassenaar Export Controls on Surveillance Tools: New Exemptions for Vulnerability Research (5 January

2018), available at https://www.lawfareblog.com/wassenaar-export-controls-surveillance-tools-new-exemptions-vulnerability-r esear (surveying the US negotiating efforts to date and resultant changes in December 2017 to the Wassenaar List).

12   BIS, ‘Intrusion and Surveillance Items,’ FAQ No. 1, at, https://www.bis.doc.gov/index.php/policy- guidance/faqs#faq_62 (visited 20 November 2018).

13   Wassenaar List Category 4.E.1. (defining a ‘vulnerability disclosure’ as ‘the process of identifying, reporting, or communicating a vulnerability to, or analysing a vulnerability with, individuals or organizations responsible for conducting or coordinating remediation for the purpose of resolving the vulnerability’ and defining a ‘cyber incident response’ as ‘the process of exchanging necessary information on a cybersecurity incident with individuals or organizations responsible for conducting or coordinating remediation to address the cyber security incident’).

14   BIS, ‘Intrusion and Surveillance Items,’ FAQ No. 1, at, https://www.bis.doc.gov/index.php/policy- guidance/faqs#faq_62 (visited 20 November 2018).

15   See e.g., BIS 2015 ‘Intrusion and Surveillance Items Frequently Asked Questions (‘FAQ’),’ at FAQs 8, 12, 16, and 29, available as an archived webpage at: https://web.archive.org/web/20150908025350/https://www.bis.doc.gov/index.php/policy- guidance/faqs?view=category&id=114#subcat200.

16   Shaun Waterman, The Wassenaar Arrangement’s latest language is making security researchers very happy in cyberscoop.com (20 December 2017), available at, https://www.cyberscoop.com/wassenaar-arrangement- cybersecurity-katie-moussouris/.

17   BIS, ‘Intrusion and Surveillance Items,’ FAQ No. 1, at, https://www.bis.doc.gov/index.php/policy- guidance/faqs#faq_62 (visited 20 November 2018).

18   Department of Commerce, Review of Controls for Certain Emerging Technologies; Advance notice of proposed rulemaking (ANPRM), 83 Fed. Reg. 58201 (19 November, 2018).19   The comment period was initially scheduled to close on December 19, 2018, but was extended by three weeks in response to requests by leading technology companies that they be allotted additional time for drafting comments

20   See Letter From Senator Marco Rubio and Representative Chris Smith, Co-Chairs of the Congressional-Executive Commission on China, To The Honorable Wilbur Ross, Secretary of Commerce (9 May 2018), available at https://www.cecc.gov/media- center/press-releases/chairs-ask-commerce-secretary-ro ss-about-sale-of-surveillance-technology.

21   CECC, Annual Report, 2018, p. 16, available at https://www.cecc.gov/sites/chinacommission.house.gov/files/Annual%20Report%202018.pdf.

22   Department of State, Continued Temporary Modification of Category XI of the United States Munitions List; Final rule; notice of temporary modification, 83 Fed. Reg. 44224 (30 August 2018).

23   Department of State, Amendment to the ITAR: USML Category XI (Military Electronics), and Other Changes; Final Rule, 79 Fed. Reg. 37536, 37544 (1 July 2014) (proposing XI(b) controls that excluded the phrase

‘analyze and produce information from’ and that controlled only ‘systems or equipment,’ but not software); Department of State, Temporary Modification of Category XI of the USML; Final rule; notice of temporary modification, 80 Fed. Reg. 37974, 37975 (2 July 2015) (explaining that as a result of the 2014 version of XI(b), DDTC grew concerned ‘that exporters may read the revised control language [in Category XI(b)] to exclude certain intelligence analytics software that has been and remains controlled on the USML.’).

24   Department of State, Continued Temporary Modification of Category XI of the United States Munitions List; Final rule; notice of temporary modification, 83 Fed. Reg. 44224 (30 August 2018).


Export News: The Rules Are about to Change, What You Can Expect?

2019/01/31

By: Johanna Reeves, Esq., jreeves@reevesdola.com, +1 202-715-9941; and Katherine Heubert, Esq., kheubert@reevesdola.com, +1 202-715-9940. Both of Reeves & Dola, LLP. (Source: R/D Report)

Earlier this year, the U.S. Department of State, Directorate of Defense Trade Controls (DDTC) published a proposed rule in the Federal Register to amend the International Traffic in Arms Regulations (ITAR) and revise U.S. Munitions List (USML) Categories I, II, and III to better identify the articles the U.S. government believes warrants export and temporary import control on the USML. Those items deemed not to require control under the ITAR are proposed to be removed from the USML and would become subject to the U.S. Department of Commerce, Bureau of Industry and Security’s (BIS) Export Administration Regulations (EAR). BIS published a companion proposed rule at the same time to identify where those items removed from the USML will be controlled on the Commerce Control List (CCL). We covered the proposed transition rules in our alerts, dated May 23, June 1, June 8, and June 13, 2018, all of which can be accessed at reevesdola.com.

Soon the highly anticipated rules containing the final rewrites of U.S. Munitions List Categories I, II, and III should be published. In advance of their publication, companies should begin to prepare now in order to be best positioned to take advantage of the change in regulations as soon as they become effective. In this alert we seek to answer some basic questions about the transition and walk through the review process that companies will need to undertake to determine which set of controls will now apply to their goods and services.

What Will the Rewrites Do?

As many of you already know, USML Categories I, II, and III are the last USML categories to go through the revision process. All other USML Categories have been revised, some multiple times already as part of the previous Administration’s Export Control Reform (ECR) effort. What the upcoming final rules will do is to remove from the USML those items the U.S. government has determined to be of less military significance or of a more commercial nature. As explained in the proposed rule, DDTC’s intent is to revise these categories so that the scope of the respective USML Category is limited to those defense articles that provide the United States with a “critical military or intelligence advantage or are inherently for military end use.” (83 FR 24198). DDTC further explains in the proposed rule that the articles that would be removed from the USML do not meet this standard, and notes that many items are widely available in retail outlets in the United States and abroad. Those items removed from the USML will be subject to the EAR in new Export Control Classification Numbers (ECCNs) on the CCL.

Despite what many have claimed, this is not a decontrol of the items identified for removal from the USML. Rather, it is a right-sizing of U.S. export controls. Items that have historically required a license from DDTC will now be subject to the export licensing requirements of the EAR. However, this does not mean that companies will be able to ship firearms and ammunition throughout the world without a license. To the contrary, many items moving to the CCL will require an export license from BIS, even to Canada. It is also important to remember that the revisions to the USML have no impact on how the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) controls firearms and ammunition for permanent import into the United States under its regulations at 27 C.F.R. Part 447.

Has the Transition Already Taken Effect?

No! As of today, the revisions have not yet been published as a final rule and the USML currently remains unchanged for Categories I, II, and III. When the final rules are published in the Federal Register, they will provide an effective date for the implementation of the changes. If the previous USML Category rewrites are any indication, the rules will likely become effective 180 days after the final rule publishes, though the agencies could decide to provide a shorter implementation period. A delayed effective date, which has been provided in all the previous USML Category revisions, is intended to give impacted industry members the time to implement the revisions by reclassifying their inventory, making changes to internal processes and procedures, train employees on the new controls, update databases, notify customers, and other necessary compliance actions.

Is There Anything to do to Prepare for this?

Yes! Companies now can begin reviewing their inventory and internal procedures to identify those items and functions that may be impacted. While the proposed rules aren’t set in stone, they do provide a good roadmap of what is likely going to move off the USML and onto the CCL. Companies can use that to redline processes and procedures and identify any necessary changes to databases and systems that house jurisdictional determinations for products. The proposed rules can also help companies start walking through the jurisdictional review analysis to determine what export control regime will likely apply to their products after the revisions become effective. For a refresher on the proposed rules, please review our previous alerts.

The process for walking through this jurisdictional review is called the Order of Review. The Order of Review is the process by which one makes a jurisdiction and classification decision with respect to the export control regulation applicable to any piece of hardware, software, technology, or service. The Order of Review is completed by first reviewing the USML, followed by the CCL, and essentially asking a series of yes/no questions. The following outline is designed to walk you through the basic decision process for an Order of Review analysis.

Step 1: Review the ITAR

* If your item is enumerated by name or capability in a USML control paragraph, your review has ended. The item is ITAR controlled.

* If your item is described in a control paragraph that contains the “specially designed” modifier, you must perform the specially designed analysis in 22 C.F.R. §120.41 to determine whether your item is captured.

– If after performing the “specially designed” analysis the item is determined to be “specially designed,” then the item is controlled in that subparagraph of the USML. Your review has ended.

– If after performing the “specially designed” analysis the item is released (i.e., determined not to meet the “specially designed” criteria), then the item is not controlled on the USML and a review of the EAR is required. Proceed to Step 2 below.

* If the item is not described in any control paragraph on the USML, then the item is not captured by the ITAR and a review of the EAR is required. Proceed to Step 2 below.

Note: if an item appears to be listed in multiple paragraphs, any paragraph that is designated Significant Military Equipment (SME) takes precedence over a non-SME paragraph. In other words, always follow the highest applicable level of control.

Step 2: Review the EAR

Note: the EAR does not have a “see through” rule like the ITAR, so do not consider the individual parts inside of an item when classifying it. Instead, consider overall functions and characteristics to classify the item under review. Compare the characteristics of the item to the 10 CCL categories and then determine the applicable product group A-E.

* Start your CCL review with the “500-series” and “600-series” ECCNs. If your item is enumerated by name or capability in a “500-series” or “600-series” ECCN on the CCL, your review has ended. The item is controlled in that control paragraph of the CCL.

* If your item is described in a control paragraph that contain the “specially designed” modifier, then perform the “specially designed” analysis, described in Part 772 of the EAR.

– If after performing the “specially designed” analysis the item is determined to be “specially designed” then the item is controlled in that control paragraph of the CCL. Your review has ended.

– If after performing the “specially designed” analysis the item is released, then a review of the rest of the CCL is required.

* If you have reviewed the “500-series” and “600-series” ECCNs and your item is not captured, then proceed to review the rest of the CCL. If your item is enumerated by name or capability in a “non-600/500 series” ECCN on the CCL, then your item is controlled in that paragraph of the CCL. Your review has ended.

* If your item is described in a control paragraph that contains the “specially designed” modifier, then perform the “specially designed” analysis, described in Part 772 of the EAR.

– If after performing the “specially designed” analysis the item is determined to be “specially designed” then the item is controlled by the that paragraph of the CCL. Your review has ended.

– If after performing the “specially designed” analysis the item is released, proceed to Step 3.

* If your item is not described in any ECCN on the CCL, then proceed to Step 3 below.

Step 3: Item Not Captured by Specific ECCN

If the Order of Review is performed and the item is not captured by the USML and is not captured by any ECCN on the CCL, then the item is classified as ECCN EAR99. The Order of Review analysis has ended.

If, after performing the Order of Review, questions remain as to the proper jurisdiction and classification of an item, consider submitting a Commodity Jurisdiction (CJ) request to DDTC for an official jurisdictional determination for a product. When submitting a CJ request to DDTC, it is recommended to include a description of the Order of Review analysis that was conducted and a clear explanation as to why confusion remains. Also, indicate the USML Category(ies) or ECCN(s) that you believe is/are most likely applicable to the item under review. DDTC provides step-by-step instructions for preparing and submitting Commodity Jurisdiction requests on its website.

Additionally, both DDTC and BIS have developed Order of Review tools to aid industry in making a jurisdiction and classification analysis.

DDTC’s web-based decision tools:

* Order of Review: Use this tool to help you figure out where your item(s) is controlled on the USML.

* Specially Designed: Use this tool to help you determine if a particular item is “specially designed” or meets one of the five carve-outs. This tool applies ONLY to commodities and software related to USML Categories that have been revised in accordance with the President’s Export Control Reform initiative. DO NOT USE if your USML category has not yet been revised.

BIS web-based decision tools:

* CCL Order of Review: This tool will assist in understanding the steps to follow in reviewing the Commerce Control List when determining the classification of their item. (See Supplement No. 4 to part 774 of the EAR).

* Specially Designed: This tool will assist users in determining if an item is “specially designed” under the Export Administration Regulations. (See § 772.1 of the EAR).

Closing Thoughts

Of course, each jurisdictional determination is unique, with some being more complex than others. Additionally, the “specially designed” review is its own separate catch-and-release analysis. We will address the “specially designed” review in an upcoming alert. Please note that the “specially designed” analysis is slightly different between the two regulations, so do not assume that if an item is released from the ITAR, it is automatically classified as EAR99.

Even though the transition is not a decontrol of firearms and ammunition exports, the process will be radically different from what many are already accustomed. The rules of the game are about to change, and so it is vitally important that companies get ready. Many will need to learn a new set of export controls regulations (the EAR) that may never have applied to their products before. Whether it’s reclassifying products or retooling corporate policies and procedures, businesses must be prepared to adapt to the new rules to ensure export transactions remain compliant.


BIS Amends EAR & CCL to Implement Changes Made to the WA List

2018/11/26

The Bureau of Industry and Security (BIS) has implemented changes to the Export Administration Regulations (EAR) and the Commerce Control List (CCL) to implement changes made to the Wasaenaar Arrangement List of Dual-Use Goods and Technologies (WA List) which were agreed upon by all the governments participating in the Wassenaar Arrangement at the December 2017 Plenary meeting. This ruling also includes associated changes to the EAR and a few corrections. The rule became effective on October 24, 2018.

Relevant CCL Changes (final rule revised 50 ECCNS, ECCNs with editorial changes excluded below):

  • Category 0—Nuclear Materials, Facilities, and Equipment [and Miscellaneous Items] 0A617 Miscellaneous ‘‘Equipment’’, Materials, and Related Commodities
    • 0A617 paragraph y.3, containers for shipping or packing defense articles or items controlled by ‘‘600 series’’ ECCNs, is amended by narrowing the scope to International Organization for Standardization (ISO) intermodal containers or demountable vehicle bodies (i.e., swap bodies), but also expands the scope beyond ‘‘specially designed’’ by adding ‘‘or modified’’. As the term ‘modified’ is in single quotes, BIS is also adding the technical note that defines ‘modified,’ which was already existing text in Wassenaar Arrangement Military List of 2017 (WAML 17).
  • Category 1—Special Materials and Related Equipment, Chemicals, ‘‘Microorganisms’’, and ‘‘Toxins’’
    • 1C001: Subparagraph b is amended by moving the phrase ‘‘not transparent to visible light’’ to the beginning and adding more descriptive text ‘‘near-infrared radiation having a wavelength’’ to clarify the scope of the control. Also, the parameters are changed from ‘‘1.5 × 1014 Hz’’ to ‘‘810 nm’’ and ‘‘3.7 × 1014 Hz’’ to ‘‘2,000 nm (frequencies exceeding 150 THz but less than 370 THz)’’. (The frequency band is changed to the equivalent wavelength band to make the parameter easier to understand and not to change the scope of control.)
    • 1C608: WA agreed to add a Note specifying that WAML 8.c.1 does not apply to aircraft fuels—JP–4, JP–5 and JP–8. This rule adds this Note below 1C608.n ‘‘Any explosives, ‘propellants,’ oxidizers, ‘‘pyrotechnics’’, fuels, binders, or additives . . .’’ as well as bringing forth another Note from WAML 8.c.1 that specifies that aircraft fuels specified by WAML 8.c.1 are finished products, not their constituents.
  • Category 2—Materials Processing
    • 2A001 Note 2 at the beginning of the Items paragraph is amended by adding ‘‘(or national equivalents)’’, in order to help efficiently classify bearings using national standards that are equivalent to ISO 3290 as grade 5. 2B001 Machine Tools.
    • 2B006 heading is revised to add ‘‘position feedback units’’ and ‘‘electronic assemblies’’ to more accurately describe the scope of controls in Items paragraph .b.
      • Linear Variable Differential Transformer (LVDT) systems formerly in 2B006.b.1.b are moved to 2B206.d and no longer have a national security control.
    • 2B007 paragraph .a ‘‘[Robots] capable in real-time of full three-dimensional image processing or full three dimensional ‘‘scene analysis’’ to generate or modify ‘‘programs’’ or to generate or modify numerical program data’’ is removed and reserved because of insufficient connection to military capabilities. Robots of national security concern are controlled under 2B007.b, .c and .d.
    • 2B008 heading is amended by replacing ‘‘assemblies or units’’ with ‘compound rotary tables’ and ‘‘tilting spindles’’, as well as removing ‘‘or dimensional inspection or measuring systems and equipment’’ to align with revisions made to the List of Items Controlled in this ECCN.
      • Item paragraphs .a (linear position feedback units) and .b (rotary position feedback units) are removed and reserved, because this rule moves these items to 2B006.b.2 and .c, respectively.
      • Item paragraph .c is amended by replacing and cascading the parameter paragraphs, as well as moving the definition for ‘compound rotary table’ from part 772 to a Technical Note under this Item paragraph.
    • 2B206 is amended by adding Linear Variable Differential Transformer (LVDT) systems to Item paragraph .d, because this item is removed from 2B006.b.1.b. While LVDT systems are no longer controlled for national security reasons, they are still on the Nuclear Supplier’s Group (NSG) list under 1.B.3.b.2 and remain controlled for nuclear nonproliferation reasons on the CCL.
    • 2E003 paragraph .a (‘‘technology’’ for the ‘‘development’’ of interactive graphics as an integrated part in ‘‘numerical control’’ units for preparation or modification of part programs) is removed and reserved because of the advancement of technology.
      • Item paragraph .a is removed from License Exception TSR.
    • Category 3—Electronics Product Group A. ‘‘End Items’’, ‘‘Equipment’’, ‘‘Accessories’’, ‘‘Attachments’’, ‘‘Parts’’, ‘‘Components’’, and ‘‘Systems’’
      • 3A001 is amended by replacing ‘‘Electrical Erasable Programmable Read-Only Memories (EEPROMS), flash memories, and MRAMs’’ with ‘non-volatile memories’ and adding a Technical Note to define ‘non-volatile memories,’ to provide a more generic term for these types of memory integrated circuits.
        • Paragraph a.5.a ‘‘ADCs’’ and the Technical Note below a.5.a are amended by replacing the term ‘‘output rate’’ with the ‘‘sample rate’’ as measured points at the input, except for oversampling (defined as output sample rate), and the Technical Note identifies common ways manufacturers specify ‘sample rate.’ The definition for ‘‘sample rate’’ is added to part 772 ‘‘Definition of Terms. . . .’’
        • Item paragraph a.5.b.2.a, ‘‘settling time’’ parameter, is amended by adding ‘‘arrive at or within’’ to clarify the potentially ambiguous parameter with common usage and understanding of DAC specifications, so that it will not be misinterpreted to mean the time to deviate by the specific amount from the original level.
        • Intensity, amplitude, or phase electrooptic modulators, designed for analog signals, including electro-optic modulators having optical input and output connectors are added to new paragraph 3A001.i to address photonic components for analog Radio Frequency (RF) over fiber antenna remoting, and analog RF distribution of signals. One of the parameters for these items is ‘halfwave voltage’ (‘Vp’), which is defined in a Technical Note below the new paragraph. These items will be eligible for License Exception GBS; therefore, the GBS paragraph is revised to add Item paragraph .i.
      • 3A002 frequency parameter is raised from ‘‘exceeding 10 MHz’’ to ‘‘exceeding 40 MHz’’ for signal analyzers having a 3 dB resolution bandwidth (RBW) in Item paragraph c.1
      • 3B001 Mask ‘‘substrate blanks’’ with multilayer reflector structure consisting of molybdenum and silicon being ‘‘specially designed’’ for ‘Extreme Ultraviolet (EUV)’ lithography and being compliant with SEMI Standard P37 are added to new paragraph 3B001.j, because mask ‘‘substrate blanks’’ and the subsequent substrate blank with multilayer reflector structure are critical materials for EUV lithography 7. EUV lithography opens up integrated circuit fabrication at the most advanced state-of-the-art technology node. The definition for ‘Extreme Ultraviolet (EUV)’ is added to a Technical Note below Item paragraph j.2.
      • 3B002 Test Equipment ‘‘Specially Designed’’ for Testing Finished or Unfinished Semiconductor Devices Item paragraph .a is revised from ‘‘For testing S-parameters of transistor device at frequencies exceeding 31.8 GHz’’ to read ‘‘For testing S-parameters of items specified by 3A001.b.3’’ to remove potential overlapping controls for network analyzers (which measure Sparameters) described in 3A002.e, to harmonize the control text of equipment for testing S-parameters of transistors specified in paragraphs 3A001.b.3.a and 3A001.b.3.b (i.e., transistors that are below 31.8 GHz), and to remove ambiguity regarding the meaning of the phrase ‘‘transistor devices’’ by substituting the unambiguous reference to transistors specified by 3A001.b.3.
      • 3C002 wavelength for positive resists in Item paragraph a.1 is revised from ‘‘wavelengths less than 245 nm . . . .’’ to ‘‘wavelengths less than 193 nm . . . .’’ in order to match the material control with the lithography equipment parameters in 3B001.f.1.a.
      • 3C005 heading revised to move the items that were in the Heading to Items paragraph .a. Polycrystalline ‘‘substrates’’ or polycrystalline ceramic ‘‘substrates’’ are added to Item paragraph .b, because there are both military and commercial applications for microwave transistors fabricated on the engineered substrates. These newly added substrates will be controlled for NS:2 and AT:1 and have License Exception LVS ($3,000), GBS and CIV eligibility.
      • 3C006 heading is amended by adding ‘‘Materials, not specified by 3C001, consisting of a’’ at the beginning of the Heading in order to clarify the scope of the control.
        • The former language of 3C001, 3C005 and 3C006 has common elements that have led to some confusion around the control of silicon carbide wafers.
        • 3C992 heading is amended by replacing the wavelength range from ‘‘370 and 245 nm’’ to ‘‘370 and 193 nm.’’
      • 3E001 Note 3 is added to exclude from 3E001 ‘Process Design Kits’ (‘PDKs’) unless they include libraries implementing functions or technologies for items specified by 3A001. A Technical Note is added below Note 3 to define ‘Process Design Kit’ (‘PDK’). PDKs do not provide knowledge about production tools.
    • Category 4—Computers
      • 4A003 Adjusted Peak Performance (APP) is raised from ‘‘exceeding 16 WT’’ to ‘‘exceeding 29 WT’’ in Item paragraph .b and in accordance with this revision the APP is raised to 29 in the AT control text in the License Requirements table and in two places in the Note to the table.
      • 4D001 Adjusted Peak Performance (APP) is raised from 16 Weighted TeraFLOPs (WT) to 29 WT in License Exceptions TSR and STA in accordance with the new APP level in 4A003.b. The APP control level is raised from ‘‘exceeding 8 WT’’ to ‘‘exceeding 15 WT’’ in Item paragraph b.1. These revisions continue to address the need to track incremental (e.g., ‘‘Moore’s Law’’) improvements in microprocessor technology.
    • Category 5—Part 1— ‘‘Telecommunications’’
      • 5A001 In the NS Column 1 paragraph of the License Requirements table, the order of the referenced Item paragraphs is corrected. For telecommunications equipment specially designed to withstand transitory electronic effects or electromagnetic pulse effects, the temperature range parameters is changed from ‘‘to operate outside the temperature range from 218K (-55 °C) to 397 K (124 °C)’’ to ‘‘below 218K (-55°C)’’ in Item paragraph a.3 or ‘‘above 397 K (124 °C)’’ in new Item paragraph a.4, which does not change the scope of control, but seeks to make the text easier to understand.
        • Because of technology advances, phased array antennae are increasingly being developed for civil telecommunications applications, including cellular, WLAN, 802.15, and wireless HDMI. Exclusion Note 2 is added in order to remove from control phased array antennae specially designed for those purposes.
      • Category 5—Part 2
        • 5A002 Paragraph .a is amended by replacing the phrase ‘‘where that cryptographic capability is usable without ‘‘cryptographic activation’’ or has been activated’’ with the phrase ‘‘where that cryptographic capability is usable, has been activated, or can be activated by means of ‘‘cryptographic activation’’ not employing a secure mechanism’’. The revision clarified that an item is controlled if (1) the ‘cryptography for data confidentially’ is usable from the beginning regardless of ‘‘cryptographic activation’’ (i.e., not dormant), (2) the cryptographic capability was previously dormant but is now usable (whether by ‘‘cryptographic activation’’ or by other means; or (3) the ‘‘cryptographic activation’’ mechanism is not secure (i.e., the cryptographic capability is not securely kept dormant). Items paragraph .b is amended by replacing ‘‘to enable’’ an item with ‘‘for converting’’ an item and replacing ‘‘to achieve or exceed the controlled performance levels for functionality specified by 5A002.a that would not otherwise be enabled’’ with ‘‘not specified by Category 5 —Part 2 into an item specified by 5A002.a or 5D002.c.1, and not released by the Cryptography Note (Note 3 in Category 5—Part 2), or for enabling, by means of ‘‘cryptographic activation’’, additional functionality specified by 5A002.a of an item already specified by Category 5— Part 2’’. This clarifies that a ‘‘cryptographic activation’’ mechanism is controlled by 5A002.b in two situations: (1) It converts an item classified outside of Category 5—Part 2 into a 5A002.a item (e.g., by activating ‘cryptography for data confidentiality’ capability in an item that was previously limited to performing ‘‘authentication,’’ or by activating encryption capability which disqualifies a product from the Cryptography Note exclusion (Note 3 in Category 5—Part 2)); or (2) it enables additional functionality specified in 5A002.a in an item that was already classified in Category 5—Part 2 (e.g., making additional encryption algorithms usable by the item, or that would change the item from being eligible or described under § 740.17(b)(1) into an item described under § 740.17(b)(2) or (3)).
        • 5D002 Paragraph .b of ECCNs 5D002 and 5E002 is amended by replacing ‘‘enable’’ with ‘‘for converting’’ and replacing ‘‘to meet the criteria for functionality specified by 5A002.a, that would not otherwise be met’’ with ‘‘not specified by Category 5—Part 2 into an item specified by 5A002.a or 5D002.c.1, and not released by the Cryptography Note (Note 3 in Category 5—Part 2), or for enabling, by means of ‘‘cryptographic activation’’, additional functionality specified by 5A002.a of an item already specified by Category 5— Part 2’’. These revisions are made to create mirroring entries consistent with the changes being made to 5A002.b.
      • Category 6—Sensors and Lasers
        • 6A002 Paragraph .f is added to establish a control for Read-Out Integrated Circuits (ROICs) to ensure that certain ROICs not controlled on the Munitions List, but that provide night vision capability, are controlled. In order to maintain consistent paragraph placement with the WA List this rule adds and reserves Items paragraph .e, so that ROICs can be added to Item paragraph .f. For consistency, Items paragraph .f is added to the Regional Stability controls (RS Column 1) in the License Requirements section, because 6A990, where ROICs were formerly controlled, was controlled for RS Column 1.
        • 6A003 paragraphs a.1 (high-speed cinema recording cameras) and a.2 (mechanical high speed cameras) are removed and reserved because of the advancement of technology. Item paragraph a.3.a (mechanical streak cameras) is also removed because of the advancement of technology. As a result of this change, electronic streak cameras are moved from Item paragraph a.3.b to a.3.
        • 6A004 Dynamic wavefront measuring equipment is added to Item paragraph .f, with parameters in subparagraphs and a Technical Note at the end to define ‘‘frame rate’’. The purpose of wavefront sensing is to measure the level of the wavefront aberration as it is transferred through an optical system, regardless if the source of that aberration is the optical system itself or something external to that system. Wavefront sensors are principally used as one of the main components of adaptive optics systems where they serve to close the control loop and feed the information about the required correction to deformable mirrors and beam steering mirrors in real-time, which are also controlled in this ECCN.
        • 6A005 Item paragraph f.1 (dynamic wavefront (phase) measuring equipment) is removed and reserved, because this item is moved to ECCN 6A004.f, because of its close association to the mirrors controlled in 6A004. A Nota Bene is added to point to the new Item paragraph where this item is controlled. Item paragraph f.2 (‘‘Laser’’ diagnostic equipment) is amended by replacing ‘‘capable of measuring’’ with ‘‘specially designed for dynamic measurement of’’ and replacing ‘‘equal to or less than’’ with ‘‘and having an angular ‘‘accuracy’’ of’’ to refine the scope of the entry. The phrase ‘‘(microradians) or less (better)’’ is added after ‘‘10 mrad’’ to clarify the unit. Item paragraph f.3 (Optical equipment and components) is amended by moving the phrase ‘‘coherent beam combination’’ for better readability. The ‘‘accuracy’’ parameter is cascaded down to Item paragraph f.3.b and a new ‘‘accuracy’’ parameter is added to f.3.a, so that the equipment is controlled if it meets either of the ‘‘accuracy’’ parameters.
      • Category 9—Aerospace and Propulsion
        • 9A002 Heading is amended by revising and moving the parameter ‘‘with an ISO standard continuous power rating of 24,245 kW or more and a specific fuel consumption not exceeding 0.219 kg/ kWh in the power range from 35 to 100%’’ to the Items paragraph and adding ‘‘designed to use liquid fuel and having all of the following (see List of Items Controlled),’’ to the Heading. Two parameters are added for this ECCN: Maximum continuous power and ‘corrected specific fuel consumption’. (These revisions therefore do not change the scope of the existing control text, but rather clarify it by making it clear that the specific fuel consumption of concern applies at the ‘‘turndown performance’’ of 35%.)
        • 9A004 The scope of Item paragraph f.1 (Telemetry and telecommand equipment) is clarified by adding ‘‘specially designed’’ and two specific end uses in order to eliminate data processing equipment for mission data, such as GPS, science data, communication and broadcasting, since this data is not meant to be controlled under 9A004.f.1. The scope of Item paragraph f.2 (Simulators) is narrowed by adding ‘‘specially designed for ‘verification of operational procedures’ of ‘‘spacecraft’’.
        • 9D004 Paragraph .b (‘‘Software’’ for testing aero gas turbine engines, assemblies, ‘‘parts’’ or ‘‘components’’) is amended by removing the parameter and cascading subparagraphs with specific features or functions, such as ‘‘specially designed’’ for testing aero gas turbine engines . . . , to clarify and focus (narrow) the scope of control. A Note is added above Item paragraph .c to exclude software for operation of the test facility or operator safety, or production, repair or maintenance acceptance-testing . . .’’

Relevant EAR (Relevant changes listed below with editorial changes excluded):

  • Part 772: This rule removes 37 definitions from § 772.1 and adds them to the ECCNs where they are used. According to the WA drafting guidelines, if a term is only used in a single ECCN, then the definition must be in a Technical Note close to where that term is used.
  • Supplement No. 6 to Part 774: Sensitive List Paragraph (1)(i), ECCN 1A002, is amended by narrowing the scope from all of ECCN 1A002 to only subparagraph a.1 ‘‘ ‘‘Composite’’ structures or laminates made from an organic ‘‘matrix’’ and ‘‘fibrous or filamentary materials’’ specified by 1C010.c or 1C010.d’’, because the rest of the items in ECCN 1A002 do not warrant control on the Sensitive List as they are not key technologies.
  • Supplement No. 7 to Part 774: Very Sensitive List Paragraph (1)(i), ECCN 1A002, is amended by narrowing the scope from subparagraph .a to subparagraph a.1 (‘‘Composite’’ structures or laminates made from an organic ‘‘matrix’’ and ‘‘fibrous or filamentary materials’’ specified by 1C010.c or 1C0010.d), because the rest of the items in ECCN 1A002.a do not warrant control on the Sensitive List as they are not key technologies.
  • Section 740.16: License Exception APR is amended to remove a reference to ECCN 6A990 in paragraphs (a)(2) and (b)(2)(v), because ECCN 6A990 is removed from the CCL by this rule. ROICs are now specified in 6A002.f.
  • Section 740.20 License Exception STA is amended to remove reference to ECCNs 6A990 and 6E990 from paragraph (b)(2)(x), because these ECCNs are removed from the CCL. ROICs are now specified in 6A002.f and ROIC technology is specified in ECCNs 6E001 and 6E002.
  • Section 742.6: Regional Stability Paragraph (b)(1)(ii) is amended by removing reference to ECCN 6E990, because this ECCN is removed by this rule. ROIC technology is now controlled under ECCNs 6E001 and 6E002.
  • Section 744.9: Restrictions on Exports, Reexports, and Transfers (In-Country) of Certain Cameras, Systems, or Related Components Section 744.9 is amended by removing reference to ECCN 6A990 from paragraphs (a) and (b), because this ECCN is removed from the CCL. ROICs are now controlled under ECCN 6A002.f.

Federal Register Notice: https://www.govinfo.gov/content/pkg/FR-2018-10-24/pdf/2018-22163.pdf


The Export Control Reform Act and Possible New Controls on Emerging and Foundational Technologies

2018/09/27

By: Kevin Wolf, Partner, Akin Gump Strauss Hauer & Feld, kwolf@akingump.com

(Former) Assistant Secretary of Commerce for Export Administration (2010-2017)

Key Points

ECRA became law on August 13, 2018. It is the permanent statutory authority for the EAR, which is administered by the U.S. Department of Commerce’s BIS. The new law codifies long-standing BIS policies and does not require changes to the EAR, such as to its country-specific licensing requirements.

However, as part of the larger effort to reform the authorities governing CFIUS, the law effectively requires BIS to lead an interagency, regular order process to identify and add to the EAR controls on “emerging” and “foundational” technologies that are “essential to the national security of the United States.”

Although the types of emerging and foundational technologies to be identified are not yet publicly known, anyone involved in emerging and foundational technology areas, such as artificial intelligence, driverless vehicle technology, advanced computing, additive manufacturing or microelectronics, should begin preparing comments on possible new controls in line with the standards in the new law. Commerce will likely soon publish a notice seeking such comments, and the formal comment period will likely be short relative to the complexity and the significance of the issue. The submission of thoughtful and well-supported industry comments will be absolutely critical to the creation of properly scoped and clearly described controls that are consistent with the statutory standards.

  1. Introduction

The Export Control Reform Act of 2018 (ECRA) and the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) became law on August 13, 2018, as part of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA). One of the primary policy motivations behind both acts was the need to enhance U.S. export and investment controls to address concerns regarding the release of critical technologies to end uses, end users and destinations of concern, primarily China. (FIRRMA is described in a prior alert.)

Another motive behind ECRA was the creation of permanent statutory authority for the Export Administration Regulations (EAR). The EAR primarily control the export, reexport, and transfer of commercial, dual-use and less sensitive military items to end users, end uses and destinations of concern. They also include the antiboycott regulations that the Bureau of Industry and Security (BIS) administers. Part I of ECRA is titled “Export Controls Act of 2018” (ECA) and is the authority for the administration of the export controls that BIS administers. Part II of ECRA is titled “Anti-Boycott Act of 2018” and is the authority for the antiboycott regulations that BIS administers.

For most of the last two decades, the statutory authority for the EAR—the Export Administration Act of 1979—has been defunct. The EAR have been kept in effect through Executive Orders and an emergency declaration issued under the authority of the International Emergency Economic Powers Act (IEEPA) that was renewed by annual presidential notices. (A description of this issue, the export control system generally and the issues motivating the introduction of the legislation can be found in the March 2018 testimony of Kevin Wolf before the House Foreign Affairs Committee.)

The new law essentially codifies existing written and unwritten BIS practices, policies and definitions as they have evolved since 1979. It also gives BIS enforcement officials more authority to investigate possible violations of the EAR. Because the new law essentially preserves the status quo from an exporter’s perspective and does not, for example, change any country-specific licensing policies, it is primarily of interest to export control practitioners. It, however, includes one section, Section 1758, that should be of particular interest to those who do not normally consider themselves affected by the EAR (i.e., those involved in the development or export of emerging and foundational technologies that are not now identified in the EAR or other export control regulations).

  1. ECA Section 1758 Requires the Administration to Identify and Control in the Export Control Regulations Emerging and Foundational Technologies of Concern

BIS has always had the authority to impose unilateral controls on items for national security and foreign policy reasons. (Unilateral controls are those that only the United States imposes, as opposed to controls that BIS publishes to implement agreements of the multilateral export control regimes.) In 2012, BIS provided more structure around the process of identifying and imposing unilateral controls when it created the “0Y521” series. As further described in this notice, BIS has the authority to impose controls over the export of any previously uncontrolled commodity, software or technology that provides the United States with at least a significant military or intelligence advantage, or for any foreign policy reason, so long as the government works to make the controls multilateral within three years (i.e., to get our regime allies to control the same item). The 2012 notice stated that such items are “typically emerging technologies.”

Section 1758 of the ECA essentially codifies this regulatory process and gives the administration a statutory mandate to make the effort a priority. This statutory instruction evolved in response to concerns about a key element of the Committee on Foreign Investment in the United States (CFIUS) reform legislation, FIRRMA, which, as introduced, would have given CFIUS jurisdiction over outbound investments, such as overseas joint ventures, by U.S. critical technology companies that would involve the transfer of intellectual property and associated support. The sponsors’ policy objective with this provision was to give the U.S. government the opportunity to determine and, if necessary, alter or block such outbound investments if they could result in the release of critical emerging or foundational technologies not controlled by the export control system. (More detail about this issue can be found here.)

Over the course of many congressional hearings and other discussions, a consensus emerged that addressing the concern through CFIUS would result in both over-controls and under-controls. The approach would have been an over-control because many benign outbound investments would become subject to CFIUS jurisdiction, which would have placed unnecessary burdens on CFIUS and U.S. industry, and would likely have discouraged welcome foreign investments. It would have been an under-control because it would have regulated only the transfer of the newly identified critical technologies in connection with a covered investment, meaning that the identical technologies could have been legally transferred without government oversight to a foreign person as part of any other type of transaction, such as a simple purchase-and-sale arrangement. The solution was to require the already existing dual-use export control system to put more effort into identifying emerging and foundational technologies of concern and to control their export to end uses, end users and destinations of concern regardless of the nature of the underlying investment.

  1. Technologies Likely to Be Considered “Emerging” or “Foundational”

Congress did not define the terms “emerging” or “foundational” technologies “essential to national security,” but the public debate over the legislation provided hints as to the general areas of concern. During the discussions about CFIUS and export control reform bills, and related public discussions about CFIUS cases and China’s plans to acquire technologies pursuant to its “Made in China 2025” plan, emerging and foundational technologies, such as the following, were informally cited as warranting consideration for possible new controls:

  • artificial intelligence and machine learning
  • augmented reality
  • automated machine tools
  • additive manufacturing
  • autonomous vehicles
  • advanced battery technology
  • “big data”
  • biotechnology
  • gene editing
  • high-temperature superconducting technology
  • hydrogen and fuel cells
  • integrated circuits, semiconductors and microelectronics
  • intelligent mobile terminals
  • nanotechnology
  • robotics

Neither Congress nor the administration has published any sort of list of technologies that are under review or that should be studied. BIS, however, is likely to publish a notice soon, seeking information from the public about broad categories of technologies that potentially warrant control and how the controls could be worded to satisfy the requirements of Section 1758. Consistent with past BIS practice, this notice would not be a proposed rule. Rather, it would be a formal tool for the government to solicit industry input as part of its efforts to identify what technologies should and should not be the subject of possible new controls in a proposed rule to be published later. Industry’s role in this process is critical. Thoughtful and well-supported comments will likely have a positive influence on the government’s efforts to identify which emerging and foundational technologies are and are not essential to our national security and otherwise within the scope of Section 1758.

  1. Questions to Answer for Comments to Be Provided to the Administration

Any formal comment period will be, or will seem, short relative to the complexity and the significance of the issues. Because, as discussed below, Section 1758 foreshadows the questions that will likely be asked in such a notice, those potentially affected by new controls do not need to wait for the notice to be published before internally answering the following questions:

  • Which of the company’s technologies that are not now identified on an export control list (a) are essential to national security or (b) might be deemed so by the administration, particularly in light of the debate over FIRRMA?

 

  • Which such technologies are and are not being developed outside the United States?

 

  • Would research on, and development of, such technologies in the United States be affected if the government were to impose unilateral export controls on such technologies, including on their release to foreign persons in the United States?

 

  • Would unilateral controls on the release of such technologies to foreign persons in the United States or to foreign countries be effective at deterring their transfer to countries of concern?

 

  • Would export control regime allies, such as those in Europe, likely eventually agree to impose controls on the release of such technologies from their countries?

Answers to these questions, and supporting documentation and analyses, will be vital to the preparation of quality comments filed in response to a notice.

III. Elements of Section 1758 – the ECA’s Emerging and Foundational Technologies Provision

  1. The process for identifying technologies must be an interagency process.

Some of the ideas floated during the FIRRMA debate would have given CFIUS or individual agencies, such as the Department of Defense, the authority to nominate and have controlled emerging and foundational technologies. The ECA requires the President to establish an interagency process to do so that involves the departments of Commerce, Defense, Energy and State, and any other necessary department or agency. The motive behind this provision was to ensure that the equities and expertise of all relevant agencies would be considered when identifying such technologies. Because BIS’s mission includes coordinating such interagency efforts, and because any new controls would be published in the EAR, which BIS administers, BIS has the lead role in the identification effort.

  1. The interagency emerging and foundational technology identification process must be a “regular, ongoing” effort.

This reference in the provision makes it clear that the identification and addition of new controls over emerging and foundational technologies is not just a one-time event. It is now, as a statutory matter, rather than just a standard interagency practice, a regular part of the U.S. export control system. The technologies at issue are, by definition, emerging. They are not what the export control system has a history of controlling and analyzing. They are not technologies that have been specially designed for military or intelligence applications because such technologies are already controlled by either the EAR or the International Traffic in Arms Regulations (ITAR). Thus, BIS and the other agencies are likely setting up more formal processes to regularly search for and, as needed, amend the export controls over commercial technologies of concern as they emerge.

  1. The emerging and foundational technologies to be identified are limited to those “essential to the national security of the United States.”

During the debates over the CFIUS and export control reform bills, there was some discussion about whether controls should be imposed on such technologies for purely economic reasons, such as for use as part of protectionist or industrial policy efforts. Export control statutes dating back to the Export Control Act of 1949 have expressly limited the reasons for control to national security, foreign policy and short supply. Although an administration has broad authority to define what constitutes a national security concern, the law conspicuously limits the scope of any new controls to not only those that would address “national security” concerns, but also to those that are “essential” to our national security.

  1. The emerging and foundational technologies to be identified must not include technologies that are already subject to export controls or that become subject to controls under other authorities.

This means that any technologies that are already identified in the export control regulations, primarily the EAR and the ITAR, or that would be added to such regulations later under other authorities, must not be part of the process described in Section 1758. The government thus still has extraordinary discretion to identify items for control, and none of that discretion is affected by this provision, which is focused on resolving a specific policy issue raised during the debate over FIRRMA. If Section 1758 were not included in the law, the administration would have the same authority to do what is required under Section 1758. The only difference is that Congress is requiring the administration to conduct the special effort and setting standards for how to do so.

  1. The interagency process must be informed by multiple sources of information, including (i) publicly available information, (ii) classified information, (iii) information developed during the CFIUS process and (iv) information developed by BIS’s technical advisory committees.

The export control system has always drawn upon such information sources when considering which technologies to control, but not always as part of a formal process. The provision is also a subtle congressional reminder to export control officials to ensure that they expand their technology review horizons over what are, by definition, novel, emerging technologies to get the benefit of those who may have contact with such technologies before they do. Thus, for example, it effectively requires export control officials to reach out to industry and academic experts who may not otherwise interact with the government. It also indirectly emphasizes the need for the intelligence community to commit resources to analyzing emerging technology issues and to provide its work product to export control officials for consideration.

The provision requires that technology issues generated during the review of CFIUS fillings be formally fed back into the export control system for broader consideration. The export control agencies are core members of CFIUS, and there is a long history of their considering whether issues developed during CFIUS cases warrant changes to export controls. The only difference now is that this practice is a formal, statutory requirement. Finally, the provision reconfirms the need for industry experts on BIS’s multiple technical advisory committees to provide their input to export control officials about emerging and foundational technologies. Indeed, BIS is in the process of creating an additional technical advisory committee to focus on such issues, as described here. For those with significant expertise in the emerging and foundational technologies at issue, participating in the new, or in any of the existing, technical advisory committees is a significantly important way to contribute to the quality of the controls.

  1. Before imposing new controls on an emerging or foundational technology, the government must consider whether comparable technologies are being developed outside the United States.

This provision does not prohibit the imposition of controls on technologies being developed outside the United States. When read with other parts of Section 1758, however, foreign availability is clearly an important variable the government must consider when deciding whether technologies should become subject to the new controls. Thus, when responding to BIS’s notices asking for comments on new technologies to control, those potentially affected should provide information about which comparable technologies are and are not being developed outside the United States. Such commercial information, which often is not available to the government, should be as specific as possible if it is to be effective. That is, conclusory comments, such as “This technology is widely available in many countries outside the United States” will not be helpful. Comments such as “This technology is available from Company A in Country X (brochures and specifications attached),” on the other hand, are what the government needs to see in order to make a sensible judgment about whether to impose new controls.

  1. Before imposing new controls on an emerging or foundational technology, the government must consider the effect that the imposition of a unilateral export control “may have on the development of such technologies in the United States.”

As a matter of logic, expectations and history, unilateral controls tend to discourage research and investment in the United States in the affected technologies. Indeed, the ECA states that “[e]xport controls applied unilaterally to items widely available from foreign sources generally are less effective in preventing end-users from acquiring those items. Application of unilateral export controls should be limited for purposes of protecting specific United States national security and foreign policy interests.” This does not mean that unilateral controls are per se prohibited or ineffective, only that this standard is a high bar for the government when deciding whether to propose a new unilateral control. Those in potentially affected industries will thus want to provide in their public comments a thoughtful analysis of whether—and how—a unilateral control over a specific emerging or foundational technology is or is not likely to harm the domestic development of such technologies.

  1. Before imposing new controls on an emerging or foundational technology, the government must consider whether they would be effective in “limiting the proliferation of emerging and foundational technologies to foreign countries.”

This standard is basically a corollary to the other provisions above, but it nonetheless emphasizes the point that imposing controls on technologies being developed outside the United States or with the substantial assistance in the U.S. of foreign scientists and engineers will not likely accomplish the objectives of this section. If commenters have any other reasons that a proposed new control would or would not be effective, then this is the statutory provision to cite in support of why it should or should not be imposed.

  1. Before any new controls may be imposed, the government must provide the public with a notice and an opportunity to comment.

This is the most critical step for industry to comment formally on actual regulatory text and whether the proposed controls do or do not meet the standards in Section 1758. Based on the experience of the Obama administration’s export control reform effort, which involved the publication of dozens of proposed rules for public comment, career staff at the agencies are likely to take well-supported, thoughtful comments seriously.

  1. The new controls will be published as amendments to the EAR.

Earlier versions of the CFIUS and the export control reform bills were unclear about whether or, if so, where new investment or export controls on emerging and foundational technologies would be published. Section 1758 effectively requires that they will be identified in the EAR’s Commerce Control List (CCL).

  1. BIS has broad authority to decide when, and under what circumstances, licenses or other types of authorizations will be required to export identified emerging and foundational technology.

Criteria that BIS, in coordination with the other agencies, must consider when imposing controls include whether the destination is subject to U.S. arms and other embargoes, as well as the potential end uses and end users of such technology. The group of countries subject to such embargoes includes China, Russia and Iran.

  1. Commerce is not required to impose licensing requirements on finished items that are destined to regular customers or on technology when the acquisition would not give the foreign recipient the ability to produce critical technologies.

This exception reflects the provision’s emphasis on emerging and foundational technologies, rather than finished products, that can be used to enhance the indigenous manufacturing capability outside the United States of items essential to U.S. national security.

  1. The Secretary of State, in coordination with the other export control agencies, is required to propose each year for three years any new controls to the relevant multilateral export control regimes for control.

This element of the control reflects Congress’ view that multilateral controls are more effective than unilateral controls. If the regimes do not accept a new control, then Commerce must decide whether national security concerns warrant the continuation of unilateral controls with respect to the technology at issue. Another part of ECA commits the U.S. government to “carry out obligations and commitments under international agreements and arrangements, including multilateral export control regimes.” The most relevant such regime to this issue is the Wassenaar Arrangement, which was “established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations. The aim is also to prevent the acquisition of these items by terrorists. Participating States seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities.” Thus, to remain consistent with its obligations under ECA, the administration should propose only new controls on emerging or foundational technologies that meet this standard or one of the corresponding standards in the other multilateral regimes (i.e., those pertaining to controlling the proliferation of missiles, nuclear items, and chemical or biological weapons, and related items).

  1. Commerce must report to CFIUS and Congress every 180 days of the actions that it and the other agencies have taken to implement this section.

Normally, congressional reporting requirements do not get much public attention, but this regular obligation to show progress likely will keep the process for identifying and controlling emerging and foundational technologies high on the list of priorities for this and subsequent administrations. This fact further reinforces the need for industry to stay engaged with the government with respect to identifying emerging and foundational technologies that are and are not essential to the national security of the United States.

  1. BIS has broad authority to impose “interim controls” on exports and reexports of emerging or foundational technologies by specific persons.

The EAR contain multiple “is informed” provisions allowing BIS to inform parties that, to address a specific national security or foreign policy concern, a license is required to export an item that would not normally require a license. Section 1758 explicitly gives BIS the authority to create any form of interim controls, such as through the use of similar “is informed” actions imposing licensing requirements on the export by specific persons of specific technologies in a particular transaction, before regulations controlling such technologies are promulgated and made generally effective.

Used properly, this new authority could be a way for BIS to surgically address policy concerns about the transfer of specific kinds of technology in unique circumstances without imposing controls on entire types of technologies or destinations. Thus, for example, if BIS has information that a specific foreign entity plans to use a specific type of EAR99 technology deemed to be “emerging” or “foundational” that would be released during a joint venture for an activity contrary to U.S. national security interests, BIS could prohibit the technology transfer without having to sanction the foreign entity (such as by using the entity list process) or imposing an across-the-board control on the same technology for all exports. In a way, this new omnibus “is informed” authority, which is tucked into a parenthetical in Section 1758, is the broad authority that the proponents of the original FIRRMA bill contemplated when they sought to give CFIUS jurisdiction over outbound investments by critical technology companies. They wanted the U.S. government to have the authority to block otherwise uncontrolled technology transfers in specific circumstances on case-by-cases bases. Such authority now exists, but within BIS (rather than CFIUS) pursuant to Section 1758.

  1. The Statement of Policy Codifies Long-Standing BIS Policies—and Provides the Administration with Considerable Discretion in Administering the System

Section 1752 contains a lengthy statement of policy that may seem new to some, but fairly accurately reflects the written and unwritten licensing and other export control policies that have evolved within BIS since the Export Administration Act was passed in 1979. Some provisions may seem contradictory, but they are examples of the difficult choices that BIS and its interagency colleagues make daily when deciding which dual-use and other items to control, how to control them and when to approve, condition or deny their export.

For example, the section states that export controls should be used only after consideration of their impact on the U.S. economy and only to the extent necessary to advance the national security and foreign policy interests of the United States. These interests require regulations to control the proliferation of items for use in weapons of mass destruction; acts of terrorism; or military programs that could threaten the United States or its allies, or that could disrupt critical infrastructure. They must also, for example, simultaneously (i) preserve the military superiority of the United States; (ii) promote human rights; (iii) carry out our commitments to the multilateral regimes; (iv) facilitate interoperability with our NATO and other close allies; (v) be focused on core technologies of concern; (vi) maintain U.S. leadership in science, engineering, manufacturing and technology, including foundational technologies; (vii) be enforced aggressively and consistently; (viii) be administered in a way that is able to be easily understood; and (ix) be transparent, predictable, timely and flexible.

  1. The Authority to Control Activities by U.S. Persons Is Codified and Slightly Expanded

Unlike the ITAR, the EAR does not have general controls over services provided by U.S. persons, except in connection with violations of the EAR—“General Prohibition 10.” Most of the EAR are focused on regulating the export, reexport and transfer by U.S. and foreign persons of commodities, software and technology subject to the EAR. EAR Part 744 has long regulated the activities of U.S. persons, regardless of whether any technology is transferred, if they relate to weapons of mass destruction or foreign maritime nuclear projects. Section 1753 adds specific authority for the EAR to regulate services by U.S. persons, wherever located, if they are related to “specific foreign military intelligence services.” It remains to be seen how, or whether, BIS will implement this new authority in the EAR.

  1. Licensing Considerations Regarding the Defense Industrial Base

Section 1756(d) requires BIS to deny an application if the proposed export would have a “significant negative impact” on the defense industrial base, which is defined as including (i) a reduction in the availability of an item produced in the United States that is likely to be acquired by the U.S. government for the advancement of U.S. national security, (ii) a reduction in the production in the United States of an item that is the result of federally funded research and development, or (iii) a reduction in the employment of U.S. persons whose knowledge and skills are necessary for the continued production in the United States of an item that is likely to be acquired by the U.S. government for the advancement of U.S. national security. To help make this determination, BIS may seek information from the applicant regarding, for example, why the proposed export would be in the national interest and what the impact would be on the relative capabilities of U.S. and foreign militaries. Although previous administrations took such considerations into account when making licensing decisions, this section describes the standard in a novel, formal way consistent with the underlying policy motivations behind FIRRMA.

VII. Required Review of Licensing Policies Regarding Exports to Countries Subject to Arms Embargoes, Such as China

Although the ECA does not change any country-specific licensing policies, it does require BIS, in coordination with the other export control agencies, to “review license requirements relating to countries subject to a comprehensive arms embargo.” The section does not refer expressly to China or any other country, but it is clearly focused on requiring an evaluation of whether (i) the EAR’s China “Military End Use” rule should be expanded to also apply to “military end users” in China or additional items on the control list not now captured by the rule, and (ii) additional low-end items controlled for “anti-terrorism” reasons to only Iran and other comprehensively embargoed destinations should also be controlled for export to China. BIS must implement any recommended changes before early May 2019. Such changes are likely to occur.

VIII. Penalties and Enforcement

Section 1760 of the ECA codifies civil and criminal penalties that were established under the International Emergency Economic Powers Act (IEEPA). The maximum criminal penalties for willful violations will continue to be $1 million and, for individuals, imprisonment of up to 20 years. Maximum civil penalties will be slightly higher than the current inflation-adjusted penalties under IEEPA—$300,000 or twice the value of the applicable transaction, whichever is greater. Other penalties, such as denying a party the ability to export, remain the same.

Section 1761 of the ECA enhances BIS’s enforcement authorities, which are now on par with other enforcement agencies, such as the Department of Homeland Security and the Federal Bureau of Investigation. For example, a violation of ECRA, which includes both the export control and antiboycott provisions, is now a predicate offense that can be cited to justify a wiretap. ECA also gives BIS enforcement officials the authority to conduct investigations “outside the United States consistent with applicable law.” There are broader issues about the authority of the U.S. government to conduct investigations abroad that are beyond the scope of this alert, but ECA, unlike previous authorities, does not limit BIS to conducting investigations in only the United States. In addition, ECA gives BIS the authority to spend funds or engage in other financial transactions (such as leasing space) to conduct undercover investigations. Finally, ECA expands the bases upon which BIS enforcement can impose denial orders. Previously, BIS’s authority to impose denial orders was limited to situations where the person was convicted of a criminal violation of export control and other national security statutes. ECA expands the authority for BIS to issue denial orders when someone is convicted of criminal violations of conspiracy, smuggling or false-statements laws.

  1. Industry-Friendly Provisions

Consistent with long-standing BIS policies and practices, ECA requires that “licensing decisions are to be made in an expeditious manner [ideally, within 30 days of a request], with transparency to applicants on the status of license and other authorization processing and the reason for denying any license or request for authorization.” As under the Export Administration Act of 1979, no fees may be charged in connection with any license or other request made in connection with the EAR. In addition, BIS is required to continue helping U.S. persons, particularly including small- and medium-sized companies, comply with the EAR through training and other outreach.

  1. Coordination of Export Control and Sanctions Authorities

One of the key unrealized aspirations of the Obama administration’s export control officials was the creation of a single export control licensing agency that administered a single set of export control regulations in order to accomplish the national security and foreign policy objectives of the controls with significantly fewer regulatory burdens. Although the ECA does not suggest or require any organizational changes within the export control system, it does require the President to coordinate the export controls and sanctions administered by the departments of Commerce, State, Treasury and Energy. The ECA goes on to state that, in order to achieve such effective coordination, Congress believes that these agencies:

“should regularly work to reduce complexity in the system, including complexity caused merely by the existence of structural, definitional, and other non-policy based differences between and among different export control and sanctions systems” and

“should coordinate controls on items exported, reexported, or in-country transferred in connection with a foreign military sale [administered by the Department of State’s Office of Regional Stability and Arms Transfers (RSAT)]. . . or a commercial sale [of defense articles administered by the Department of State’s Directorate of Defense Trade Controls (DDTC)] to reduce as much unnecessary administrative burden as possible that is a result of differences between the exercise of those two authorities.”

Examples of how such coordination could be enhanced (but that are not described in ECA) include (i) continued efforts to harmonize definitions of terms in, and organizational structures of, the EAR, the ITAR and the sanctions regulations; (ii) the creation of a single online portal with a single common license application for submissions to BIS, DDTC, and the Office of Foreign Assets Control (OFAC), (iii) combined BIS, DDTC and OFAC training, outreach and enforcement efforts; (iv) regularly scheduled rotations of licensing officers among the agencies for cross training; and (v) delegations of authority making it so that the reexport of military items subject to the EAR have the same requirements and prohibitions, regardless of whether the item was originally exported under a foreign military sale or a direct commercial sale.

  1. Definitions in the EAR Are Unchanged

The definitions of key terms in ECRA, such as “export” and “technology,” are consistent with the definitions revised during the Obama administration’s Export Control Reform initiative. (The definition of “U.S. Person” as proposed would have inadvertently dramatically increased the extraterritorial scope of the regulations. That issue was fixed in the final version of ECRA.) Also, ECRA does not require BIS to change EAR definitions or core concepts, such as the de minimis carveout, or the meaning of “published” information or “fundamental research.” BIS continues to have discretion to amend most of the EAR’s definitions as necessary and to create new definitions.

During the early public discussion about ECRA and the “emerging” and “foundational” technology topic, some in industry expressed concerns that the statutory definition of “technology” would sweep more information within the scope of the EAR than the EAR did. Part of the discussion revolved around the words “required” and “necessary.” Another part revolved the words “development” and “know-how.” ECRA uses the same essential elements of the definition as does the EAR. That is, it defines the term as including information “necessary” for the “development,” “production” or “use” of an “item,” which is defined the same way as the EAR in that it means “commodities,” “software” and “technology.” The main difference is that ECRA uses the word “includes” rather than “means.” This gives BIS authority to expand the scope of covered “technology.” Given this discretion, that “necessary” information is vastly broader in scope than “required” technology, and that the concepts of “emerging” and “foundational” technologies are inherently broad, industry should follow closely the evolution of the proposed new controls. Subtle differences in terminology—such as between the use of “necessary” or “required” as control parameters—can have extraordinarily large impacts on the scope of information subject to licensing or other obligations.


Smoking Hot: Proposed Changes to USML Categories I, II, and III

2018/05/30

By: Rick Phipp

On top of the background buzz regarding the ZTE zigzag, the latest shoe has dropped in the ongoing export control reforms. Three shoes actually, since we can now read about the proposed move of certain items controlled in Categories I, II, and III on the U.S. Munitions List (USML) over to the Commerce Control List (CCL). Long awaited by U.S. gun and ammunition manufacturers and exporters, these proposed rules describe how articles the President determines no longer warrant control under USML would be controlled on the CCL and by the Export Administration Regulations (EAR) and describe more precisely articles warranting export and temporary import control on the USML.

As part of export control reforms under the Obama administration, the executive branch completed transfers of items in the following categories from the USML to the CCL and created Category XIX (gas turbine engines):

  • Category IV (launch vehicles, guided and ballistic missiles, rockets, torpedoes, bombs, and mines);
  • Category V (explosives and energetic materials, propellants, incendiary agents, and their constituents);
  • Category VI (surface vessels of war and special naval equipment);
  • Category VII (ground vehicles);
  • Category VIII (aircraft and related articles);
  • Category IX (military training equipment and training);
  • Category X (personal protective equipment);
  • Category XI (military electronics);
  • Category XII (fire control, laser, imaging, and guidance equipment);
  • Category XIII (materials and miscellaneous articles);
  • Category XIV (toxicological agents, including chemical agents, biological agents, and associated equipment);
  • Category XV (spacecraft and related articles);
  • Category XVI (nuclear weapons related articles);
  • Category XVIII (directed energy weapons); and
  • Category XX (submersible vessels and related articles).

Left remaining were changes to Categories I-III (firearms, close assault weapons and combat shotguns, guns and armament, and ammunition/ordnance).

Under the proposed rules published by BIS and the State Department, a number of new ECCNs are created to address transferred items and the relevant USML categories are revised to describe more precisely the articles warranting continued control on the USML. The interagency review process focused on identifying items that were either (i) inherently military and otherwise warranted control on the USML, or (ii) if of a type common to non-military firearms applications, possessed parameters or characteristics that provide a critical military or intelligence advantage to the U.S., and are almost exclusively available from the U.S. If one or both points were met, the article remained on the USML.  Essentially, commercial items widely available for purchase and less sensitive military items were transferred in the proposed rules. Links to the proposed rules are as follows: State Department and Commerce Department.

There will be a 45-day period following publication in the Federal Register in which the agencies will accept comments regarding the proposed rules. Exporters and manufacturers of articles currently controlled under USML Categories I-III should review the proposed rules to consider how they may be impacted. Comments may be submitted via the Federal eRulemaking Portal: http://www.regulations.gov or via email to DDTCPublicComments@state.gov with the subject line, “ITAR Amendment – Categories I, II, and III.”

Source


BIS Corrects ECCNs 0D606, 0E606, and 8A609

2018/02/08

Source: Federal Register

On December 27, 2017 BIS published a final rule (82 FR 61153) which made corrections to certain provisions of the EAR, including the CCL. The corrections were editorial in nature and did not affect any license requirements. In a nutshell, the original text in 0D606 and 0E606 was erroneously replaced with the text for 0D614 and 0E614. This rule fixes the issue and reinstates paragraph (2) of the Special Conditions for STA in 8A609.

ECCNs 0D606 and 0E606: The December 27 rule amended ECCN subparagraphs 0D606.a and 0E606.a to include references to ECCNs 0B606 and 0C606. During drafting, the License Requirements section and the text following the revised subparagraphs for both ECCNs was exchanged with the text for ECCNs 0D614 and 0E614, respectively. In order to follow the guidelines of the original preamble, this correction to the December 27 rule restores the original License Requirements section and the text of ECCNs 0D606 and 0E606 following subparagraph a in both ECCNs. In addition, this rule replaces the incorrect reference to 0D606 with 0E606 in the Special Conditions for STA of ECCN 0E606.

ECCN 8A609: The December 27 rule amended ECCN 8A609 by revising the title reference in these ECCNs to match the current title of § 740.20(g) and in doing so inadvertently removed paragraph (2) of the Special Conditions for STA. This rule restores paragraph (2) of the Special Conditions for STA in ECCN 8A609.

Federal Register: https://www.gpo.gov/fdsys/pkg/FR-2018-01-08/pdf/2018-00059.pdf