Category Archives: All

January Export Compliance Updates – DDTC, BIS, and More!

Following the big Christmas vacation announcement of the new International Traffic in Arms Regulations (ITAR) cloud rule, even more changes have materialized for export compliance.

DECCS is Coming

In a January 14th webinar, the Department of State, Directorate of Defense Trade Controls (DDTC) announced another long-awaited change: DDTC’s cloud-based Defense Export Control and Compliance System (DECCS) will launch licensing and registration applications in February.  The target date is currently February 3rd with deployment anticipated no later than February 17th.  The DTrade licensing application will be taken offline for data migration prior to the DECCS launch.

DECCS will feature:

  • An updated DS-2032 registration form with a new payment process and no request for Social Security numbers
  • Current license forms from DTrade
  • Access to existing, unexpired DTrade licenses
  • New GC forms for brokering and retransfer requests
  • More digital certificate options (DTrade ACES certificates will work with DECCS until their July 2020 expirations)

Users can enroll now, but will not be able to view or use the new features until the upgrade is deployed.  Visit the DECCS Industry Portal for more information or to begin the enrollment process: https://deccspmddtc.service-now.com/deccs

DDTC Releases Defense Services FAQs

DDTC released a series of FAQs on the provision of defense services by U.S. persons abroad.  The FAQs are intended to assist with determining whether an authorization is required for a U.S. person to assist a foreign entity with defense articles, technical data, or military training and to outline for process for requesting approval.  Notably, when authorization is required for such services, the request should be submitted as a General Correspondence (GC) request under ITAR §126.9(b).

Commerce Controls Geospatial Imagery Analysis Software

On January 6, 2020, the Department of Commerce, Bureau of Industry and Security (BIS)  published an interim final rule (85 FR 459) controlling “software specially designed to automate the analysis of geospatial imagery” under the Export Administration Regulations (EAR) Export Control Classification Number (ECCN) 0D521.

ECCN 0D521 controls “Any software subject to the EAR that is not listed elsewhere in the CCL, but which is controlled for export because it provides at least a significant military or intelligence advantage to the United States or for foreign policy reasons” and requires a license for export or reexport to all countries other than Canada.  Items in the 0Y521 series (0A521, 0B521, 0C521, 0D521, and 0E521) are specified in Supplement No. 5 to Part 774 of the EAR.

The rule was effective January 6, 2020 and comments will be accepted through March 6, 2020.  Please refer to the Federal Register Notice for how to submit comments.

Commerce Seeks Technical Advisory Committee Representatives

BIS also announced that it is recruiting representatives from industry, academia, and the U.S. government to serve on one of seven Technical Advisory Committees (TACs).  These committees advise the Department of Commerce on the technical parameters and administration of dual-use export controls.

The TACs advise on the following areas:

  1. Information Systems: Categories 3 (electronics), 4 (computers), and 5 (telecommunications and information security);
  2. Materials: Category 1 (materials, chemicals, microorganisms, and toxins);
  3. Materials Processing Equipment: Category 2 (materials processing);
  4. Sensors and Instrumentation: Category 6 (sensors and lasers);
  5. Transportation and Related Equipment TAC: Categories 7 (navigation and avionics), 8 (marine), and 9 (propulsion systems, space vehicles, and related equipment);
  6. Emerging Technology: identification of emerging and foundational technologies; and
  7. Regulations and Procedures: Export Administration Regulations (EAR) and EAR implementation.

TAC members must obtain secret-level clearances prior to their appointment.  See their Federal Register Notice (84 FR 72292) for more information.

Civil Monetary Penalties Adjusted for Inflation

Inflationary adjustments to civil monetary penalties were issued by both the Department of Commerce (85 FR 207) and the Department of State (85 FR 2020).  Maximum penalties depend on the specific kind of violation.

The ITAR §127.10 civil penalties were amended as follows:

  • § 127.10(a)(1)(i) increased from $1,163,217 to $1,183,736.
  • § 127.10(a)(1)(ii) increased from $845,764 to $860,683 (or five times the amount of the prohibited incentive payment, whichever is greater).
  • § 127.10(a)(1)(iii) increased from $1,006,699 to $1,024,457.

The Department of Commerce increased the maximum penalty for a violation of the Export Control Reform Act of 2018 from $300,000 to $305,292.

New CFIUS Regulations Issued

On January 13, 2020, the Department of the Treasury issued regulations to implement changes to the Committee on Foreign Investment in the United States (CFIUS) required by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).  One notable development is the definition of excepted investors which, subject to some restrictions, starts with persons and entities from Australia, Canada, and the United Kingdom.

Please refer to the CFIUS website for the new regulations, fact sheets, and FAQs.

Watch this Space – USML Categories I-III Reforms Moving Again

After even longer review than the ITAR cloud rule, the Departments of State and Commerce are moving forward with reforms to USML Categories I-III (firearms, guns, and ammunition).  We will have a summary of the new rule and what it means for manufacturers and exporters.

DDTC Issues Long-Awaited ITAR Cloud Rule

On December 26, 2019, the Department of State, Directorate of Defense Trade Controls (DDTC) published an Interim Final Rule (84 FR 70887) describing when data controlled by the International Traffic in Arms Regulations (ITAR) may be transmitted electronically without triggering a requirement for an export authorization.  The new rule is intended to clearly permit the use of cloud services and other electronic transmissions when technical requirements are met.

Rule Proposed in 2015 Effective March 2020

In an effort to modernize and harmonize export regulations, the Departments of Commerce and State originally published parallel proposed rules on June 3, 2015 (80 FR 31505 and 80 FR 31525).  One year later, on June 3, 2016, the Department of Commerce published a final rule (81 FR 35586) establishing that secured, unclassified transmissions would not be considered exports, reexports, or transfers when specific conditions were met.  The Department of State revised the ITAR at that time as well, but did not implement parallel definition until this notice.  The revision will go into effect nearly five years after the original proposal.

As revised, the Department of Commerce’s Export Administration Regulations (EAR) now allows the use of cloud services with EAR-controlled technology by excluding the following from the definition of exports, reexports, or transfers (EAR §734.18(a)(5)):

Sending, taking, or storing “technology” or “software” that is:

(i) Unclassified;

(ii) Secured using ‘end-to-end encryption;’

(iii) Secured using cryptographic modules (hardware or “software”) compliant with Federal Information Processing Standards Publication 140-2 (FIPS 140-2) or its successors, supplemented by “software” implementation, cryptographic key management and other procedures and controls that are in accordance with guidance provided in current U.S. National Institute for Standards and Technology publications, or other equally or more effective cryptographic means; and

(iv) Not intentionally stored in a country listed in Country Group D:5 (see Supplement No. 1 to part 740 of the EAR) or in the Russian Federation.

Note that the EAR’s Country Group D:5 incorporates ITAR §126.1 prohibited destinations.

The new ITAR rule is nearly identical, creating ITAR §120.54 “Activities that are not exports, reexports, retransfers, or temporary imports.”  §120.54(a)(5) excludes:

Sending, taking, or storing technical data that is:

(i) Unclassified;

(ii) Secured using end-to-end encryption;

(iii) Secured using cryptographic modules (hardware or software) compliant with the Federal Information Processing Standards Publication 140–2 (FIPS 140–2) or its successors, supplemented by software implementation, cryptographic key management, and other procedures and controls that are in accordance with guidance provided in current U.S. National Institute for Standards and Technology (NIST) publications, or by other cryptographic means that provide security strength that is at least comparable to the minimum 128 bits of security strength achieved by the Advanced Encryption Standard (AES–128);

(iv) Not intentionally sent to a person in or stored in a country proscribed in § 126.1 of this subchapter or the Russian Federation; and

(v) Not sent from a country proscribed in § 126.1 of this subchapter or the Russian Federation.

(Substantial variations from EAR text are underlined.)

One noteworthy variation is that while the EAR allows for “other equally or more effective cryptographic means” the ITAR rule specifies AES-128 as a minimum standard.  The ITAR rule also adds paragraph (v) regarding transmissions from §126.1 countries or Russia.

Both the EAR and ITAR rules note that “data in-transit via the internet is not deemed to be stored,” define end-to-end encryption, and state that the ability to access encrypted data is not considered a release or export.

The rule also makes minor changes to other ITAR definitions in order to reference the new section.

An Interim Final Rule?

The Interim Final Rule combines a request for comments like the original 2015 Proposed Rule with a rule that is scheduled to be effective March 25, 2020.  The new definitions are subject to revision based on comments received.  This is a valuable opportunity to submit substantive comments on how the ITAR revision will affect your business, particularly if you can suggest possible changes that could make the rules more workable.

Comments may be submitted through January 27, 2020.  Refer to the Federal Register Notice for the full revision, responses to previous comments, and how to comment.

Commerce Proposes CFIUS-like Review for ICTS Supply Chain Transactions

On November 27, 2019, the Department of Commerce published a notice (84 FR 65316) proposing new regulations on Information and Communications Technology and Services (ICTS) supply chain transactions with “foreign adversaries”  The proposal would add 15 CFR Part 7 to implement Executive Order 13873 of May 15, 2019.  The executive order had directed the Commerce Department to come up with regulations under the International Emergency Economic Powers Act (IEEPA).

In the proposal, “transaction” is are defined broadly as:

any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service.

“Information and Communications Technology and Services (ICTS)” are defined as:

any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including through transmission, storage, or display.

The proposal does not specifically identify “foreign adversaries” but these will be determined by the Secretary of Commerce.

Foreign adversary means any foreign government or foreign non-government person determined by the Secretary to have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons for the purposes of Executive Order 13783.

It is anticipated that foreign adversaries could include parties on the Entity List such as Huawei.

The review of transactions would begin at the discretion of the US government, including when based on credible information from private parties.  Unlike the Committee on Foreign Investment in the United States (CFIUS), the Commerce Department’s review does not include an approval process and specifically excludes issuing advisory opinions and declaratory rulings.

Potentially prohibited transactions include those where:

The transaction involves information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; and

(i) Poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States;

(ii) Poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or

(iii) Otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States Persons.

ICTS transactions with foreign adversaries may be subject to mitigation, prohibition, or unwinding.

Violations (including misrepresentation and concealment of material facts) may be subject to civil penalties of up to $302,584 (as adjusted annually for inflation).

The Department of Commerce specifically requests comments on the following areas:

  • Categories of transactions or persons that would never be prohibited under the EO;
  • Types of transactions that may be prohibited, but where risks can be mitigated;
  • The proposed definition of “transaction”; and
  • Recordkeeping requirements.

Comments may be submitted through December 27, 2019.  Review the Federal Register Notice for the full proposed rule and how to submit comments.  Detailed comments and proposed revisions may be particularly helpful in completing the final rule.

Check out the Updated ECScreening.com

Always working to improve on crucial services like denied party screening, ECScreening, ECS’s Denied Party Screening solution for small and medium-sized companies has recently rolled out a series of updates for an improved user interface.  Based on user feedback, we have revised the appearance and functionality of the site, including updates to:

  • Main Menu Task Bar
  • Helpful FAQs
  • Blog: the Denied Party Digest
  • Quick access menu

The quick access menu displays all research options at the top of appropriate pages.

Importantly, we’ve expanded service for commercial and enterprise users: Recurring Search no longer has any record limits!

Denied party lists are constantly changing and apply worldwide.  Recurring Search eases the burden of keeping up with these changes.  For example, when changes to the SDN (Specially Designated Nationals) List and/or Entity List occur, like the ones below, Recurring Search keeps your business from missing these changes because your searches are continuously screened:

  • November 18, 2019 – nine new SDNs from Turkey, Kuwait, Afghanistan, and Syria;
  • November 13, 2019 – twenty-two entities from Bahrain, France, Iran, Jordan, Lebanon, Oman, Pakistan, Saudi Arabia, Senegal, Syria, Turkey, the United Arab Emirates, and the United Kingdom added to the Entity List plus one modification and three removals;
  • November 7, 2019 – four new SDNs from Nicaragua and Mali;
  • November 5, 2019 – five new SDNs from Venezuela;
  • October 11, 2019 – eight new SDNs from South Sudan, United Kingdom, Kenya, and the United Arab Emirates;
  • October 10, 2019 – four new SDNs and two updates in South Africa, Iran, and the United Arab Emirates;
  • October 9, 2019 – twenty-eight Chinese entities added to the Entity List; and
  • September 30, 2019 – five new SDNs from Russia, Seychelles, and the Czech Republic, plus one vessel, three aircraft, and seven other updates.

Check out ECScreening.com and contact us for a 7 day free trial coupon.

Watch This Space: Export Compliance Changes Coming

As always seems to be the case, changes are coming to export compliance.  ECS is monitoring developments, particularly including the following issues that we expect to see more on over the next few months and into the New Year:

From the Department of State, Directorate of Defense Trade Controls (DDTC):

  • Movement on Export Control Reform of USML Categories I-III;
  • ITAR revisions to improve definitions and organization;
  • DECCS deployment for registration and licensing;
  • More guidance on the revised 126.4 ITAR Exemption  – Shipments by or for U.S. Government agencies;
  • Revised and condensed agreements guidelines; and
  • A final encryption/cloud storage rule.

From the Department of Commerce, Bureau of Industry and Security (BIS), we are watching for proposed rules to tighten export controls on emerging technologies.   The Commerce Department is under Congressional pressure to move forward with the rules, required by the Export Control Reform Act of 2018.  If you expect these to impact your business, be ready to review and comment.

From the Department of Treasury, the comment period closed on proposed new CFIUS regulations required by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).  Watch for action on those rules, including what investors can qualify as excepted investors (a whitelist, with limitations).  The proposed rules can be found here and here.

Export compliance is always changing.  Subscribe to Our “EAR”… to the ITAR to keep up!

A Cornucopia of Export Compliance Updates

USML Category XI Revised – Radars, XI(b), and Integrated Circuits

On August 30, 2019, the Department of State, Directorate of Defense Trade Controls (DDTC) published a notice (84 FR 45652) revising United States Munitions List (USML) Category XI – Military Electronics.  This action follows a February 2018 comment request.

Most notably, USML Category XI(a)(3)(ix) is removed and reserved.  XI(a)(3)(ix) previously controlled “Air surveillance radar with multiple elevation beams, phase or amplitude monopulse estimation, or 3D height-finding.”  Public comments had “identified current and imminent commercial uses” for these radars, including use in “driver-assisted and self-driving ground vehicles and in detect and avoid systems for autonomous aerial systems.”

The notice also adds a comment to Category XI regarding transmit/receive modules and transmit/receive monolithic microwave integrated circuits (MMICs).

Items previously controlled on the USML are now subject to the Export Administration Regulations (EAR).

Finally, the notice also amends USML Category XI(b) to continue the current text which was scheduled to be replaced on August 30, 2019.  XI(b) currently controls:

*(b) Electronic systems, equipment or software, not elsewhere enumerated in this subchapter, specially designed for intelligence purposes that collect, survey, monitor, or exploit, or analyze and produce information from, the electromagnetic spectrum (regardless of transmission medium), or for counteracting such activities.

This text was scheduled to be replaced on August 30, 2019, but with the amendment the replacement will be delayed until August 30, 2021.  At that time, unless otherwise amended, Category XI(b) will read:

*(b) Electronic systems or equipment, not elsewhere enumerated in this subchapter, specially designed for intelligence purposes that collect, survey, monitor, or exploit the electromagnetic spectrum (regardless of transmission medium), or for counteracting such activities.

The change now scheduled for 2021 removes “software” as well as the capability to analyze and produce information from the electromagnetic spectrum.

The current language is meant to maintain control of “certain intelligence-analytics software” until a long-term solution is developed.  The rule gives the government time to include the revision of XI(b) within an overall revision of Category XI.

DDTC published a similar amendment last year.

DDTC separately published a FAQ on integrated circuits controlled by USML Category XI(c)(1).

Brazil a Major Non-NATO Ally

On July 31, 2019 (84 FR 43035 published August 19th), Brazil was designated a Major Non-NATO Ally (MNNA).  DDTC published an announcement on their website that Brazil “effective immediately is included within the definition of major non-NATO ally at ITAR section 120.32.”  DDTC has not yet officially amended §120.32.

For ITAR purposes, the MNNA designation relates directly to §124.15 “Special Export Controls for Defense Articles and Defense Services Controlled under Category XV: Space Systems and Space Launches.”

DTAG to Meet September 26

The Defense Trade Advisory Group (DTAG) will meet on September 26, 2019 to discuss the following topics:

  1. Consent agreements, including remedial measures and areas for improvement to compliance programs;
  2. Authorizations involving third party technical data; and
  3. Licensing challenges for participation in international cooperative programs.

The DTAG meeting is open to the public, with seating limited to 125 persons.  For meeting and registration information, click here for the meeting notice.

Click here for more information about DTAG.

DRL Published Guidance on Surveillance Exports

On September 4, 2019, the Department of State, Bureau of Democracy, Human Rights, and Labor (DRL) published draft guidance on the export of surveillance hardware, software, and technology.  DRL is accepting comments on the draft guidance through October 4, 2019 and stated that the draft will be removed from the website at that time.  DRL is a frequent staffing point (reviewing office) for many export license applications.  This guidance is of particular interest to exporters of with “intended or unintended surveillance capabilities.”

Commerce Publishes Pakistan Due Diligence Guidance

The Department of Commerce, Bureau of Industry & Security (BIS) published due diligence guidance regarding Pakistan.  The guidance highlights red flag guidance and the EAR’s end-use and end-user based restrictions.  It also includes specific examples of problematic entities and transactions in Pakistan.

Export Compliance Updates: Time to Launch Your Concerns About Exemptions–Let’s Raise the Amount for Spare Parts to $1500 under 123.16 (b)(2)!

Comment on Redundant or Ambiguous ITAR Exemptions

On July 26, 2019, the Department of State, Directorate of Defense Trade Controls (DDTC) published a notice (84 FR 36040) requesting comments on how to consolidate and clarify exemptions found throughout the International Traffic in Arms Regulations (ITAR).

Specifically, DDTC is seeking comments on the following questions for exemptions:

  1. Which exemptions, if any, are redundant or could be consolidated?
  2. Which exemptions, if any, contain language that introduces significant ambiguity or hinders the exemption’s intended use? 123.16 (b)(2) for components or spare parts under $500 is no longer feasible–$1500 makes much more sense.

This is an important opportunity to contribute to streamlined and more usable ITAR exemptions.  Comments may be submitted through August 26, 2019 at www.regulations.gov (Docket No. DOS–2019–0022), by email to DDTCPublicComments@state.gov, or by mail.  Refer to the Federal Register Notice for additional information.

ACES Certificate Decommission

On July 17, 2019, DDTC announced the phase-out of ACES Certificates used to access the DTrade export licensing system:

ACES Certificates are required to access the DTrade defense export licensing system.  Per GSA instruction, all ACES Certificates must expire before August 1st, 2020.  The ACES provider, IdenTrust, will continue to issue certificates, but they must be posted with an expiration date of July 31st, 2020 or earlier.  If you purchase an ACES certificate after July 31st, 2019, the validity period will be truncated to less than a full year.

DTrade’s replacement by the Defense Export Control and Compliance System (DECCS) application has been under development, with a current status of “Will Launch in 2019.”

DDTC Registration Becomes Registration Compliance & Analysis (RCA) 

DDTC also posted the following announcement renaming the Registration division of Defense Trade Controls Compliance:

Effective July 15, 2019, the DTCC Registration division’s name will change to the Registration Compliance & Analysis (RCA) division.  There is no change to Registration organization structure.  All registration letters issued on and after July 15, 2019 will reflect the RCA division.  All active registration letters issued prior to July 15, 2019, will remain valid and no changes are required.  Updates to the DDTC Website will also occur on July 15, 2019, to be consistent with DTCC Registration name change.

While the DDTC street addresses remains the same, any correspondence with the former Registration Division should be updated to reflect the new name.

DOD Acronym Scramble: DSCA, meet DCSA

On June 24, 2019, the Department of Defense, Bureau of Industry and Security (BIS) announced the renaming of the Defense Security Service (DSS) to the Defense Counterintelligence and Security Agency (DCSA).

The name change was directed by Executive Order 13869 (April 24, 2019), which transferred the responsibility for background investigations from the Office of Personnel Management (OPM), National Background Investigations Bureau (NBIB) to the Department of Defense.

The DCSA is now the primary entity for background investigations.  It continues to administer the National Industrial Security Program as well as responsibilities relating to continuous vetting and, insider threat programs.  While its website has been retitled, it currently remains at dss.mil.

Notably, DCSA should not to be confused with DSCA (Defense Security Cooperation Agency) whose mission includes administering the Foreign Military Sales (FMS) and other security cooperation programs for the Department of Defense.  Both agencies have relevance and responsibilities under the Arms Export Control Act (AECA) and International Traffic in Arms Regulations (ITAR).  Multiple ITAR sections related to classified technical data and other classified defense articles continue to refer to the Defense Security Service.  These sections should eventually be amended to reflect the new agency name, but there has not yet been a formal announcement.

The CCL Keeps Changing: Wassenaar and Venezuela Updates

Commerce Revises CCL to Reflect Wassenaar Plenary

On May 23, 2019, the Department of Commerce, Bureau of Industry and Security (BIS) published a rule (84 FR 23886) which amends the Commerce Control List (CCL) to reflect changes made to the Wassenaar Arrangement List of Dual-Use Goods and Technologies at the December 2018 Plenary meeting.

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a global multilateral export control regime, covering both conventional weapons and sensitive dual-use goods and technologies.  Participants agree to control exports and retransfers of items on a control list of dual-use goods and technologies and munitions.  Its Plenary meeting normally occurs once a year in December in Vienna, Austria.  CCL revisions take effect when officially amended through a Federal Register notice.  (Click here for last year’s updates.)

The new rule revises four Export Control Classification Numbers (ECCNs) and adds one new ECCN as follows:

  • 3A001 Electronic Items – Adds paragraph b.3.f. to control discrete microwave transistors “rated for operation with a peak saturated power output greater than 5 W (37.0 dBm) at all frequencies exceeding 8.5 GHz up to and including 31.8 GHz”.
  • 3D005 Continuity of Operation Software – Creates a new ECCN for software that ensures continuity of operation when electronics are exposed to Electromagnetic Pulse (EMP) or Electrostatic Discharge (ESD).
  • 5A002 Information Security Systems, Equipment, and Components – Revises Technical Notes following 5A002.a.4 to address certain post-quantum asymmetric algorithms.
  • 6A001 Acoustic Systems, Equipment and Components – Revises paragraph a.2.a.6 to add “and having a ‘hydrophone sensitivity’ better than -230 dB below 4 kHz” to remove transducers or hydrophones that are not of strategic concern, moves and revises two notes, and corrects availability of the License Exception Low Value Shipment (LVS)
  • 9A004 Space Launch Vehicles and Spacecraft – Adds paragraph .g to control aircraft specially designed or modified to be air-launch platforms for space launch vehicles.

Venezuela

The following day, May 24, 2019, BIS published a rule (84 FR 24018) removing Venezuela from Country Group B and moving it to Country Group D:1, as well as D:2, D:3, and D:4.

Country Group B provides favorable treatment for exports of some National Security-controlled items through the GBS license exception (EAR §740.4), while Country Group D identifies countries of concern:

D:1      National security
D:2      Nuclear
D:3      Chemical & Biological
D:4      Missile Technology
D:5      U.S. Arms Embargoed Countries

The move from Group B to Group D makes some exports, reexports, and transfers ineligible for license exceptions and updates the published BIS licensing policy towards Venezuela to a more restrictive position.

Before this change, Venezuela was already listed as a D:5 U.S. arms embargo country based on its status as a prohibited destination under the International Traffic in Arms Regulations (ITAR) §126.1.  Venezuela was also already subject to EAR restrictions for military end users under §744.21 and significant financial sanctions through the Department of the Treasury, Office of Foreign Assets Control (OFAC).

Export compliance is always changing.  Subscribe to Our “EAR”… to the ITAR to keep up!

Chinese Telecom Giant Huawei added to Entity List: What You Need to Know Now

On Wednesday, May 15, 2019, the Department of Commerce, Bureau of Industry and Security (BIS) announced the addition of Huawei Technologies Co. Ltd., a Chinese telecommunications and electronics manufacturing giant, to the Entity List.  A Federal Register Notice (84 FR 22961) followed on Tuesday, May 21, 2019.

What is the Entity List?

The Entity List is one of many U.S. Government lists that restricts business dealings with individuals, companies, and other entities worldwide.

As described by BIS:

Additions to the Entity List are decided by the End-User Review Committee which is comprised of officials from the Department of Commerce, Department of Defense, State Department, and Department of Energy. Under § 744.11(b) of the Export Administration Regulations, persons or organizations for whom there is reasonable cause to believe that they are involved, were involved, or pose a significant risk of becoming involved in activities that are contrary to the national security or foreign policy interests of the United States, and those acting on behalf of such persons, may be added to the Entity List.

Why was Huawei Listed?

Huawei’s listing was based on BIS’s conclusion that “Huawei is engaged in activities that are contrary to U.S. national security or foreign policy interest” and includes 68 non-US affiliates in 26 countries (Belgium, Bolivia, Brazil, Burma, Canada, Chile, China, Egypt, Germany, Hong Kong, Jamaica, Japan, Jordan, Lebanon, Madagascar, Netherlands, Oman, Pakistan, Paraguay, Qatar, Singapore, Sri Lanka, Switzerland, Taiwan, United Kingdom, and Vietnam).

What does the Listing Establish?

The listing creates a license requirement with a presumption of denial for items subject to the EAR (including EAR99 or other items that would otherwise be shipped No License Required, or NLR).

The listing was followed by the announcement of a temporary General License that creates a limited 90-day reprieve from May 20, 2019 to August 19, 2019.  During this time, some transactions are authorized when relating to supporting existing networks, supporting existing handsets, and cybersecurity research and vulnerability disclosure, and 5G standards development.

The General License and any subsequent publications should be reviewed closely for their applicability to any transaction.  Use of the General License also requires a certification statement.

Best Practice – Screen Your Customers and Suppliers

The Entity List as well as other government lists are continuously updated.  To ensure compliance, all parties should be screened regularly, using software such as ECS’s own ECScreening.