Between the addition of Huawei Technologies Co Ltd – the world's largest telecommunications equipment maker – to the Entity List and a new executive order declaring a national emergency relating to information and communications technology and services, May 2019 has proved to be non-stop excitement for the export control world.
On 20 May 2019 the Department of Commerce's Bureau of Industry and Security (BIS) issued a temporary general licence for some limited transactions with Huawei at the same time as some tech stocks took a nosedive on Wall Street.
Over the course of less than a week the Trump administration took several actions relating to Huawei and the information and communications industry.
15 May 2019
President Trump issued an executive order declaring a national emergency regarding the creation and exploitation by foreign adversaries of vulnerabilities in information and communications technology and services.
BIS announced that it would add Huawei and its affiliates to the Entity List.
16 May 2019
BIS published a final rule for public inspection adding Huawei and 68 non-US affiliates in 26 countries to the Entity List, effectively halting exports and re-exports of items subject to the Export Administration Regulations (EAR) to Huawei.(1) The rule went into effect at 4:15pm EDT that day.
20 May 2019
BIS issued a temporary general licence permitting certain transactions with Huawei to continue despite the Entity List designation.
21 May 2019
BIS published the final rule regarding the Entity List in the Federal Register.
The Entity List designation and executive order are not legally related, but the timing and public statements from the Trump administration indicate that the two actions are elements of the same major shift in policy towards Chinese telecoms manufacturers. National security concerns regarding Huawei and another Chinese telecoms company, Zhongxing Telecommunications Equipment Corporation (ZTE), first surfaced in the public in 2012 when the House Intelligence Committee published a bipartisan investigative report. The report identified serious risks in the US telecommunications supply chain due to these companies' relationships to the Chinese government. These concerns persisted on Capitol Hill for several years and then, starting in 2018, senior US intelligence officials began to publicly voice similar concerns.
The Entity List contains foreign persons that are subject to specific licensing requirements in addition to any other licensing requirements in the EAR. Exports, re-exports and retransfers of any hardware, software or technology subject to the EAR, including EAR99, to Huawei and its listed affiliates require a licence from BIS effective 16 May 2019. The Entity List also provides BIS's licence review policy. Huawei and its listed affiliates are now subject to a policy of presumption of denial.
BIS issued a temporary general licence valid until 19 August 2019, authorising four limited kinds of transaction. Issuance of such a licence parallels BIS's actions in 2016 when it placed ZTE on the Entity List. Within a few weeks after the addition of ZTE, BIS issued a temporary general licence, which more broadly permitted exports, re-exports and retransfers to ZTE under the EAR licensing and policy requirements in existence prior to its addition to the Entity List.
By contrast, the Huawei temporary general licence is more limited and authorises only four types of transaction – those relating to:
- continued operation of existing networks and equipment;
- support to existing handsets;
- cybersecurity research and vulnerability disclosure; and
- engagements as necessary for development of 5G standards by a duly recognised standards body.
Anyone seeking to rely on the Huawei temporary general licence must create and maintain a certification statement explaining how the export, re-export or in-country transfer falls within the scope of the general licence.
All the EAR regulatory jargon, coupled with the worldwide proliferation of Huawei gear in telecoms systems, has left many people scratching their heads about what this all means for them.
What does 'subject to the EAR' mean?
'Subject to the EAR' means hardware, software or technology that is on the Commerce Control List or is classed as EAR99, which is shorthand for items controlled under the EAR that are not called out on the control list.
To be subject to the EAR, the items must be:
- of US origin;
- located in the United States;
- non-US-origin hardware and software that contain more than de minimis (typically 25%) of controlled US hardware and software by value; and
- non-US technology mixed or commingled with controlled US-origin technology. However, there is no de minimis for commingled technology unless BIS has determined this.
However, some carve-outs exist. 'Subject to the EAR' does not include:
- items that are published;
- technology or software that arises from fundamental research; and
- technology in published patents or patent applications.
What is US-controlled content in de minimis calculations?
It includes items that would require a licence for China (or the country of ultimate destination if not China) – not items that would require a licence for Huawei due to its placement on the Entity List. Thus, as a general rule, companies do not include EAR99 items in their numerator.
What about foreign products based on US technology?
If the products are the foreign direct product of US national security-controlled technology, these require a licence for export to China. The foreign direct product rule applies to exports to a country – not to a company on the Entity List. However, the foreign direct product rule does not apply to all US technology subject to the EAR.
What steps should exporters and re-exporters take?
Exporters and re-exporters should identify and stop all exports or re-exports of any items subject to the EAR that will be shipped or transferred to Huawei or any of its listed affiliates. The key here will be grappling with foreign origin products and determining which ones are subject to the EAR. Exporters and re-exporters will need to update any measures for holds in enterprise resource planning systems.
In addition, exporters and re-exporters must ensure that personnel stop further EAR-controlled technology releases to Huawei or its listed affiliates. They must notify all persons meeting with representatives from Huawei of the expected outcomes and behaviours of such meetings and provide guidelines for other personnel that may interact with Huawei, particularly product engineers or other technical experts that may be contacted for product support.
Further, exporters and re-exporters should evaluate if Huawei or its listed affiliates are receiving any software or firmware updates to products they already possess.
Can exporters and re-exporters service products subject to the EAR already in the possession of Huawei or its listed affiliates?
Yes, but only if no further EAR-controlled technology, software or hardware is provided to Huawei or its listed affiliates or the terms of the temporary general licence are met.
As discussed, BIS announced Huawei's addition to the Entity List after President Trump issued an executive order declaring a national emergency regarding:
- foreign adversaries creating and exploiting vulnerabilities in information and communications technology and services; and
- the acquisition or use in the United States of information and communications technology or services from foreign adversaries.
While the executive order did not target any one country or entity, the Entity List additions, as well as escalating tariffs and sharp rhetoric from Trump administration officials, all point to China.
The executive order lays out prohibitions on numerous activities, including use – a rare restriction for the United States outside of the economic sanctions realm.
The prohibitions include:
any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.
They also include the following:
- an activity that poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation or maintenance of information and communications technology or services in the United States;
- an activity that poses an undue risk of catastrophic effects on the security or resiliency of US critical infrastructure or the digital economy of the United States; or
- an activity that otherwise poses an unacceptable risk to the national security of the United States or the security and safety of US persons.
The executive order authorises the secretary of commerce to "design or negotiate measures" to address the threat, including "a precondition to the approval of a transaction or of a class of transactions that would otherwise be prohibited pursuant to this order". The Department of Commerce has 150 days to enact regulations implementing the executive order.
While this executive order has been the subject of rumours for at least a year, it still leaves many questions unanswered.
What is a 'foreign adversary'?
The executive order's definition of a 'foreign adversary' is broad and includes "any foreign government or foreign non-government person engaged in a long term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons". Foreign adversaries may include sanctioned and proscribed parties and countries (eg, Section 126.1 arms embargoed countries), which other regulations already identify as national security threats. A listing or designation of foreign adversaries is expected.
The Trump administration's current National Security Strategy (NSS),(2) released in December 2017, also provides important context for this term. While the NSS does not adopt the term 'foreign adversary', it does introduce a related term, 'strategic competitors', and forcefully makes the point that the United States must bolster national security efforts against such countries, principally China and Russia.
Will all transactions with foreign adversaries be prohibited?
The executive order is broad in describing what types of action will be covered by new regulations. However, the executive order leaves room for the Department of Commerce to narrow the types of transaction prohibited to those that create undue or unacceptable risk to the United States.
How to prepare for new regulations?
A large impact of the executive order is on import. As such, importers of information and communications hardware, software and technology should review their supply chains. Companies may want to identify alternative sources for supply chains, especially in projects using high or emerging technology (eg, 5G infrastructure).
The executive order and Huawei's addition to the Entity List may be a sign of what is to come. In the absence of a meaningful trade deal between the United States and China, national security hawks in the administration will likely continue to drive the rhetoric about US-Chinese relations. In addition, they may view the current stalemate and recent actions as an opportunity to pursue the further decoupling of the US and Chinese economies. There has also been discussion in the press of additional Chinese technology companies being added to the Entity List in the near future.
Endnotes
(1) Per the Savings Clause, orders that were en route on 16 May 2019 can proceed under an existing licence, a licence exception or as a no-licence-required order.
(2) The executive branch periodically publishes a NSS as a comprehensive statement of the United States' worldwide security concerns and the president's strategic vision for addressing them.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.
