The Bureau of Industry and Security will be able to review and restrict imports and other transactions in information and communications technology and services under a new interim final rule.
Comments on this rule will be accepted through March 22. For more information on its provisions and impact, please contact Kristine Pirnia.
A May 2019 executive order authorized BIS to prohibit imports and other transactions in ICTS that have been designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries and that pose an undue or unacceptable risk to U.S. national security. The new rule creates the processes and procedures BIS will use to identify, assess, and address such transactions. The rule also identifies China (including Hong Kong), Russia, Iran, North Korea, Cuba, and Venezuelan politician Nicolás Maduro as foreign adversaries, noting that this list may be revised at any time.
Covered Transactions. ICTS transactions covered by this rule include any importation, acquisition, transfer, installation, dealing in, or use of any ICTS, including ongoing activities such as managed services, data transmission, software updates, repairs, or the platforming or data hosting of applications for consumer download.
Covered Technologies. BIS has broken down the technologies included under the scope of this rule into six main types of ICTS transactions involving the following.
- ICTS that will be used by a party to a transaction in a sector designated as critical infrastructure, including any subsectors or subsequently designated sectors
- software, hardware, or any other product or service integral to wireless local area networks, mobile networks, satellite payloads, satellite operations and control, cable access points, wireline access points, core networking systems, or long- and short-haul systems
- software, hardware, or any other product or service integral to data hosting or computing services that uses, processes, or retains, or is expected to use, process, or retain, sensitive personal data on greater than one million U.S. persons at any point over the preceding 12 months
- certain ICTS products of which more than one million units have been sold to U.S. persons at any point over the preceding 12 months
- software designed primarily for connecting with and communicating via the Internet that is in use by greater than one million U.S. persons at any point over the preceding 12 months
- ICTS integral to artificial intelligence and machine learning, quantum key distribution, quantum computing, drones, autonomous systems, or advanced robotics
Covered Persons. Covered transactions with the following are prohibited under this rule.
- any person, wherever located, who acts as an agent, representative, or employee, or any person who acts in any other capacity at the order, request, or under the direction or control, of a foreign adversary or of a person whose activities are directly or indirectly supervised, directed, controlled, financed, or subsidized in whole or in majority part by a foreign adversary
- any person, wherever located, who is a citizen or resident of a nation-state controlled by a foreign adversary
- any corporation, partnership, association, or other organization organized under the laws of a nation-state controlled by a foreign adversary
- any corporation, partnership, association, or other organization, wherever organized or doing business, that is owned or controlled by a foreign adversary
Licensing. In response to requests for a process allowing entities to seek pre-approval of, and obtain “safe harbor” for, their ICTS transactions (similar to that in place for foreign investments in U.S. businesses), BIS intends to publish by March 22 and implement by May 19 procedures to allow parties to a proposed, pending, or ongoing ICTS transaction to seek a license. License applications will be reviewed within 120 days and will be deemed granted if a decision is not made within that timeframe.
Penalties. Any person who commits a violation of any final determination, direction, or mitigation agreement regarding an ICTS transaction may be liable for civil or criminal penalties under the International Emergency Economic Powers Act.
Effective Date. This rule will be effective March 22 but will apply to ICTS transactions that are initiated, pending, or completed on or after Jan. 19. Further, any act or service with respect to an ICTS transaction, such as execution of any provision of a managed services contract or installation of software updates, is an ICTS transaction on the date it is provided.
Copyright © 2023 Sandler, Travis & Rosenberg, P.A.; WorldTrade Interactive, Inc. All rights reserved.