Later this month, companies operating in the information and communications technology and services ("ICTS") sector will begin to contend with a new national security review process with potentially broad and disruptive effects on cross-border transactions.
Link to kelingyizhi
Building on a May Executive Order issued under the International Emergency Economic Powers Act ("IEEPA"), the U.S. Department of Commerce ("Commerce") recently issued an interim final rule ("IFR") establishing an interagency review mechanism through which Commerce can identify and potentially prohibit ICTS transactions that pose an "undue or unacceptable risk" to national security. This mechanism provides the U.S. government with an additional tool to scrutinize and limit inbound activities when "transactions," which are defined broadly, involve non-U.S. governments or persons determined to be "foreign adversaries" of the United States. Companies operating in the ICTS sector or sourcing or supplying ICTS products or services from the designated countries, including China and Russia, should consider how the new review mechanism may affect their business.
What Is the Scope of the IFR?
Under the IFR, Commerce asserts authority to prohibit, unwind, or mitigate risks associated with "covered ICTS transactions" where the ICTS is "designed, developed, manufactured, or supplied" by persons "owned by, controlled by, or subject to the jurisdiction or direction of" designated "foreign adversaries," and where the transaction is determined to pose an "undue or unacceptable risk" to U.S. national security.
Covered ICTS Transactions: The IFR defines "ICTS Transactions" to include the acquisition, importation, transfer, installation, dealing in, or use of ICTS, including hardware or software related to electronic communications, data storage, or data processing. Such transactions are "covered," and thus subject to review, when:
Importantly, ICTS transactions that are authorized under a "U.S. government industrial security program" or are submitted for review to the Committee on Foreign Investment in the United States ("CFIUS") are not subject to review under the IFR.
Foreign Adversaries: At present, Commerce has designated the following countries as "foreign adversaries" for purposes of ICTS review: China (including Hong Kong), Russia, Cuba, Iran, North Korea, and the Maduro Regime in Venezuela. However, the Secretary of Commerce has discretion to designate additional governments or persons as "foreign adversaries."
Undue or Unacceptable Risk: Commerce has not yet provided a precise definition of what qualifies as an "undue or unacceptable risk," but has made clear that the term at least includes the risk of sabotage or subversion of U.S. electronic communications, data storage, or data processing capabilities, as well as the risk of catastrophic effects on U.S. critical infrastructure or the U.S. digital economy.
How Is the Review Process Structured?
The IFR contemplates a multi-tiered review process of covered "ICTS Transactions":
Unless the Secretary of Commerce determines in writing that additional time is necessary, all reviews will be completed within 180 days.
At present, the IFR does not include a "safe harbor" procedure similar to that found in CFIUS or an affirmative licensing process. Commerce indicated in the IFR, however, that it intends to publish procedures "to allow a party or parties to a proposed, pending, or ongoing ICTS Transaction to seek a license" within 60 days of the publication of the IFR. Commerce further indicated that it intends to implement this licensing process within 120 days of the publication of the IFR. Notably, Commerce explained that it intends this license review process will include a fixed timeline, which would be similar to the approach used in CFIUS reviews.
What's Next?
Although the IFR is slated to take effect on March 22, , the future of Commerce's ICTS review process remains uncertain. The IFR remains open to public comment and, more significantly, the Biden administration has yet to explain publicly whether or how aggressively it plans to use the new interagency review structure and prohibition authority.
Nevertheless, companies in the ICTS sector should prepare to comply with the proposed review procedures and assess ongoing, pending, and recently closed transactions to identify and, if possible, mitigate any potential impact this new review process may have, including by adding appropriate terms to the contract to apportion regulatory risk and plan for ICTS review contingencies.
Megan McKnelly, in the San Diego Office, assisted in the preparation of this Commentary.
On 19 January , the U.S. Department of Commerce (Commerce) issued an interim final rule addressing national security concerns related to the Information and Communications Technology and Services (ICTS) supply chain, which takes effect 22 March . Pursuant to the interim rule, Commerce can review specified ICTS Transactions and may ultimately prohibit or restrict any ICTS Transaction connected to foreign adversaries that pose certain undue or unacceptable risks. Currently, foreign adversaries consist of China (including Hong Kong), Cuba, Iran, North Korea, Russia, and the Venezuelan regime of Nicolas Maduro. The interim final rule does not appear to impose a mandatory licensing requirement, but companies may proactively apply for a license, allowing Commerce to review a transaction prospectively. Violations of this interim rule may be subject to significant civil and criminal penalties.
On 19 January , Commerce issued an interim final rule addressing national security concerns related to the Information and Communications Technology and Services supply chain, which takes effect 22 March . Commerce is also accepting comments until that date. In addition, Commerce intends to publish additional regulations setting forth the licensing process for these rules within 60 days, which will also have a 60-day comment period of their own. Pursuant to the interim final rule, Commerce can review specified ICTS Transactions through a process similar to that of the Committee on Foreign Investment in the United States (CFIUS). Based on this review, Commerce may prohibit or restrict any ICTS Transaction connected to foreign adversaries that pose certain undue or unacceptable risks. At this time, foreign adversaries consist of China (including Hong Kong), Cuba, Iran, North Korea, Russia, and the Venezuelan regime of Nicolas Maduro.
Rather than waiting for Commerce and the other agencies involved in the review process to initiate a review on their own, companies will be able to apply for a license proactively, allowing Commerce to review ongoing or prospective transactions. Such license applications will be reviewed on a fixed timeline of no more than 120 days from accepting a license application. If Commerce does not issue a decision within 120 days, the application will be deemed granted. The rule does not appear to impose a mandatory licensing requirement, nor do the rules include a value or other threshold for transactions that would invite scrutiny, but violations of this interim final rule may be subject to significant civil and criminal penalties. Consequently, companies are advised to assess the risks of engaging in transactions with a connection to the foreign adversaries listed above.
On 15 May , President Trump issued Executive Order (EO) , "Securing the Information and Communications Technology and Services Supply Chain." The EO authorizes the Secretary of Commerce to prohibit certain transactions involving ICTS that have been designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversary and that pose an unacceptable risk to U.S. national security or undue risk to U.S. ICTS or critical infrastructure.
Pursuant to this authority, Commerce issued a proposed rule in November . After reviewing public comments, Commerce issued this interim final rule on 19 January .
This interim final rule from Commerce is part of broader, multi-agency effort by the U.S. government to address national security concerns related to the use of foreign communications and information technology equipment in U.S. networks. Most notably, the Federal Acquisition Regulations (FAR) Council published a separate interim rule on 14 July implementing a government-wide ban on federal contracting with any entity that uses covered telecommunications equipment or services from certain Chinese entities. The FAR Council promulgated this interim rule to implement Section 889(a)(1)(B) (Part B) of the fiscal year National Defense Authorization Act (FY19 NDAA). See Hogan Lovells update on the FAR Councils regulations here.
In relevant part, this interim final rule states that Commerce may determine whether an ICTS Transaction that has been designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries poses undue or unacceptable risks. Based on this review, Commerce may approve the transaction, prohibit the transaction, or require mitigation. Below is a summary of key definitions and additional details regarding the scope of this interim final rule.
Contact us to discuss your requirements of communication technology ltd. Our experienced sales team can help you identify the options that best suit your needs.
ICTS means any hardware, software, or other product or service, including cloud-computing services, primarily intended to fulfil or enable the function of information or data processing, storage, retrieval, or communication by electronic means (including electromagnetic, magnetic, and photonic), including through transmission, storage, or display.
An ICTS Transaction means any acquisition, importation, transfer, installation, dealing in, or use of any ICTS, including ongoing activities, such as managed services, data transmission, software updates, repairs, or the platforming or data hosting of applications for consumer download. This definition includes any other transaction, the structure of which is designed or intended to evade or circumvent the application of EO . This definition also includes a class of ICTS transactions.
As of now, Commerce has identified the following government or non-government persons as foreign adversaries for purposes of these regulations:
This list may be revised, and countries may be added or removed.
The interim final rule only applies to ICTS Transactions that meet all of the four following criteria; that is, the transaction:
The regulations do not apply to an ICTS Transaction that:
Commerce may decide to make a referral for review of a transaction based on the written request of an appropriate agency head, at the Commerce Secretarys discretion, or based on any of the categories of information set forth in section 7.100(a) of the regulations.
Upon receiving a referral, Commerce shall decide whether to conduct an initial review of the transaction to assess whether it poses an undue or unacceptable risk. In doing so, Commerce shall consider the following criteria:
These criteria are to be assessed by Commerce in interagency consultation with the U.S. Departments of Treasury, State, Defense, Justice, and Homeland Security, as well the Office of the U.S. Trade Representative, the Director of National Intelligence, the General Services Administration, the Federal Communications Commission, and any other agency Commerce deems appropriate.
The initial review can result in a determination that the transaction does not meet these criteria, in which case the review will end. But if the transaction does meet these criteria, Commerce can propose mitigation measures or seek to prohibit the transaction. The parties to the transaction must be notified in writing in either such case.
This written notification triggers a 30 day period whereby the parties may respond to Commerce, and such response may submit arguments contesting the basis of Commerces determination, or proposing remedial steps.
Commerce will then review these responses and, in interagency consultation, decide whether a final determination regarding the transaction shall be issued. A final determination can conclude that a transaction is: 1) prohibited; 2) not prohibited; 3) permitted pursuant to the adoption of negotiated mitigation measures.
Such a final determination must be issued within 180 days of accepting a referral and commencing the initial review of a transaction (though this period can be extended by Commerce). The final determination must be sent in writing to the parties. Final determinations prohibiting a transaction will be published in the Federal Register.
Violations of these regulations can be subject to civil or criminal penalties pursuant to the International Emergency Economic Powers Act (IEEPA). These include violations of any final determination, direction, or mitigation agreement pursuant to the regulations.
Civil penalties may not be more than the greater of either: i) US$307,922; or ii) twice the value of the transaction that is the basis of the violation, per violation.
Criminal penalties may be no greater than US$1,000,000 and/or 20 years imprisonment, per violation.
Comments on this interim final rule are due 22 March . Commerce has stated that it is committed to ultimately issuing final regulations. However, Commerce issued this interim rule under the Trump administration, and it is therefore uncertain what, if any changes, the new Biden administration may seek to make or may suspend the implementation of the rule.
In the meantime, businesses should be cognizant of the potentially retroactive nature of the interim final rule. Though it does not take effect until 22 March , the interim rule applies to ICTS Transactions initiated, pending, or completed on or after 19 January .
For further information or assistance, please contact any of the Hogan Lovells lawyers identified below.
Authored by Ajay Kuntamukkala, Adam Berry, Molly Newell
If you want to learn more, please visit our website telecom bts.