Introduction

Providers of telecoms, internet and digital services, as well as IT vendors and equipment manufacturers, will soon find doing deals with foreign entities a little more risky and complicated. A new review process soon to be underway at the Department of Commerce is designed to ferret out transactions that pose a threat to US national security, but provides parties whose deals are being evaluated little time to comment.

Under this new evaluation process, the Department of Commerce can prohibit companies from engaging in a wide variety of transactions and order them to cease using the IT or telecoms system in question even if it is already in operation.

What was announced?

Under a proposed rule announced on 26 November 2019, certain information and communications technology or service (ICTS) transactions involving a foreign adversary may be blocked if the Department of Commerce finds that they pose an undue or unacceptable risk to national security or the safety of US persons.

What types of transaction can be evaluated and prohibited?

All sorts – provided that they:

  • are subject to US jurisdiction;
  • involve a foreign entity's interest; and
  • were completed after 15 May 2019.

The transactions to be reviewed by the Department of Commerce are far broader than the various investments that can be reviewed by the Committee on Foreign Investment in the United States (CFIUS) and the export transactions that may require a licence from the Department of Commerce. Under the proposed rule, the term 'transaction' includes "any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service". Only three things are required for a transaction to be reviewed:

  • the transaction must involve a person or property subject to US jurisdiction;
  • it must involve property in which any foreign country or foreign national has an interest; and
  • it must have been initiated, be pending or be completed after 15 May 2019.

This potentially involves all future international trade. However, in reality, the only transactions that are at risk are those involving a foreign adversary.

What constitutes a 'foreign adversary'?

The president's 15 May 2019 executive order defined a 'foreign adversary' as any foreign government or foreign non-government person determined by the secretary of commerce to have engaged in a long-term pattern or serious instances of conduct significantly adverse to US national security or the security and safety of US persons.

The proposed rule says that the determination of a foreign adversary is a matter of executive branch discretion and will be made by the secretary of commerce in consultation with other cabinet-level secretaries. The rule does not state whether the Department of Commerce will publish an actual list of these foreign adversaries. The rule also does not indicate that the Department of Commerce will provide any notice to foreign companies prior to designating them as foreign adversaries.

How will a review by the Department of Commerce be initiated?

The draft regulations state that the administration can initiate a review:

  • at the secretary of commerce's discretion;
  • on request of another government department or agency or the Federal Acquisition Security Council; or
  • based on information submitted by private parties to the secretary of commerce.

The submission by private parties would likely be a submission of information by a competitor that is unhappy about a transaction where business was awarded to a foreign-controlled company.

Are all ICTS transactions involving foreign adversaries potentially on the chopping block?

Yes – the range of potential transactions subject to the forthcoming evaluation process is startling.

The Department of Commerce will evaluate – to potentially block or require measures to mitigate – transactions that involve the acquisition, import, transfer, installation, dealing in or use of ICTS by any person where the transaction:

  • is conducted by any person subject to US jurisdiction or involves property subject to US jurisdiction;
  • involves any property in which any foreign country or foreign national has an interest;
  • was initiated, is pending or will be completed after 15 May 2019;
  • involves ICTS that were "designed, developed, manufactured, or supplied" by persons owned, controlled or subject to the jurisdiction or direction of a foreign adversary; and
  • poses an undue or unacceptable risk to the United States.

How would a deal be evaluated?

For transactions that meet the above criteria, the Department of Commerce would conduct a case and fact-specific inquiry into whether the transaction poses undue or unacceptable risks to US national security.

To determine whether a foreign adversary was involved in the design, development, manufacture or supply of the ICTS, the Department of Commerce would scrutinise the proposed deal, including:

  • the division of equity interest;
  • access rights;
  • the composition of the board of directors or governing body;
  • contractual arrangements;
  • voting rights; and
  • control over business affairs.

Could parties participate in the evaluation?

Yes, but there may be little time to defend a transaction.

The rule requires that the Department of Commerce inform parties of a preliminary determination that it has found their transaction to be problematic. In other words, although the department can notify parties that an evaluation is ongoing, under the proposed rule, it is not required to do so until it has reached a preliminary decision that the transaction poses undue or unacceptable risks to US national security.

Once notified of that preliminary determination, the parties have only 30 days to submit an opposition with supporting information to the preliminary determination. The Department of Commerce would then reach a final determination:

  • greenlighting the transaction;
  • prohibiting the transaction; or
  • requiring specific mitigation measures as a condition of approval.

Records relating to a deal should be current and in order. A party will receive notice that its transaction is under evaluation and the Department of Commerce will require retention of any and all records relating to the deal. Of course, all public information is fair game. Parties should stay on top of what has been published about their transaction, their company and the foreign entities involved.

What could the Department of Commerce do and what are the potential penalties?

The Department of Commerce could order parties to take steps to mitigate the risks posed by a transaction, including requiring them to immediately cease using the IT or telecoms system in question – even if it has been installed and is in operation.

Failing to abide by the Department of Commerce's final determination prohibiting the transaction or breaching a material provision of any required mitigation measures could be expensive – up to $302,584 (adjusted annually for inflation) or twice the amount of the transaction that is the basis of the violation (whichever is greater) – and penalties may be assessed per violation.

When are comments due?

Comments are due by 27 December 2019.

What are the grey areas in the proposed rule where comments are invited?

The Department of Commerce has posed certain questions on which it would particularly welcome comment:

  • Should the department consider any categorical exclusions to determine if transactions are prohibited, instead of engaging in a case-by-case analysis?
  • Are there certain types of transaction where the risk could be mitigated and, if so, what form could such mitigation measures take?
  • How should the department ensure that the parties comply with the mitigation measures?
  • How should the terms 'dealing in' and 'use of' be interpreted for purposes of the definition of a 'transaction'?

The proposed rule follows Executive Order 13873 (issued earlier this year), which declared a national emergency with regard to:

  • foreign adversaries creating and exploiting vulnerabilities in ICTS; and
  • the acquisition or use in the United States of ICTS from foreign adversaries.

Executive Order 13873 did not target any one country or entity, but increased regulatory scrutiny and the escalation of tariffs by the Trump administration all point to China (for further details please see "Sanctions on steroids: Huawei is a prohibited entity and foreign adversaries lurk in tech services").

Did Congress legislate this evaluation process?

No. The president relied on his powers under the International Emergency Economic Powers Act (IEEPA) and two other statutes to declare a national emergency in Executive Order 13873. This evaluation process – which combines elements of an export control review, a CFIUS review and some property and interest concepts contained in Office of Foreign Assets Control (OFAC) regulations and applies it to a broad range of commercial transactions which the government has never reviewed before – is brand new.

Of course, a complex set of OFAC regulations has come out of the IEEPA, and the IEEPA was also used to authorise the Export Administration Regulations before Congress permanently reauthorised it with the Export Control Reform Act in 2018. However, questions remain as to whether such a potentially broad-reaching yet extremely vague set of rules that allow the US administration to prohibit and undo a wide variety of transactions would have been passed by Congress had it been legislation. Yet another question is whether the rules will survive a constitutional challenge.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.