Introduction

Through an array of legislative and administrative measures, the government has made significant strides in recent years to limit, and perhaps end altogether, the proliferation of Chinese-origin telecoms technology in US infrastructure.

While some of the legislation is company agnostic, Chinese telecoms giant Huawei, which remains on the Department of Commerce, Bureau of Industry and Security's (BIS's) Entity List, is a primary target.

5G – why the hype?

5G promises a significant boost in speed, a reduction in latency and improved security over previous generations of wireless technology. Scientists, elected officials and thought leaders have set high expectations for 5G, with some predicting that it will usher in a fourth industrial revolution. With performance comparable to most fibre-optic connections, 5G promises to incorporate everything from toasters and running shoes to airplanes and farm equipment into the Internet of Things (IoT).

Perhaps most salient to the US government is that 5G technology will likely provide an expanded surface for cyberattacks against US critical infrastructure. Because 5G can connect more 'things' to the IoT, there are more possibilities for security breaches. The security concerns have largely centred on China, which has made substantial investments in the deployment of its 5G technologies both at home and abroad. Chinese companies hold an estimated 10% of the '5G-essential' IP rights; of these, Huawei holds the most patents of any company.

Chinese companies such as Huawei, ZTE, Xiaomi, Vivo and Oppo have expanded their markets into Europe, Latin America and Africa, even offering their services to build other individual countries' 5G networks. Despite significant US pressure for its allies and partners to refrain from buying telecoms equipment from Chinese companies, some European countries, such as the United Kingdom, have not honoured those requests.

US legislative and administrative action

Although BIS has targeted Chinese telecoms companies since the Obama administration, adding ZTE to the Entity List in 2016, the enactment of federal legislation with strong bipartisan support did not come into play until recently. The summary below outlines US legislative and administrative actions over the past two years that were aimed squarely at Chinese telecoms companies.

NDAA 2019 enacted

The National Defence Authorisation Act (NDAA) for Fiscal Year 2019 was enacted on 13 August 2018 and took effect on 13 August 2019. Section 889 bans federal agencies from procuring or obtaining Chinese-origin "covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology of any part of any system". As a second volley against these companies, as of 13 August 2020, US government contractors will also be restricted from using covered telecoms equipment or services in government contracts. This provision defines 'covered telecommunications equipment or services' as telecoms equipment produced by Huawei or ZTE or any of their affiliates or subsidiaries, as well as video surveillance and telecoms equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company or Dahua Technology Company or their subsidiaries or affiliates.

Huawei has already unsuccessfully challenged the validity of this provision in court. On 18 February 2020 the US Eastern District of Texas upheld Section 889 on summary judgment (Huawei Techs USA, Inc v United States, 4:19-CV-159, (ED Tex 18 Feb 2020)).

Executive Order 13873 published

On 15 May 2019 President Trump published Executive Order (EO) 13873 (Securing the Information and Communication Technology and Services Supply Chain). In this EO, the president declared a national emergency with regard to the creation and exploitation by unnamed foreign adversaries of vulnerabilities in information and communication technology and services (for further details please see "Sanctions on steroids: Huawei is a prohibited entity and foreign adversaries lurk in tech services").

Huawei added to Entity List

On 16 May 2019 BIS published a final rule for public inspection in which it added Huawei and 68 non-US affiliates in 26 countries to the Entity List, effectively halting exports and re-exports of items subject to the Export Administration Regulations (EARs) to Huawei (for further details please see "Sanctions on steroids: Huawei is a prohibited entity and foreign adversaries lurk in tech services").

On 20 May 2019 BIS issued a temporary general licence permitting certain transactions with Huawei to continue despite the Entity List designation. On 12 March 2020 BIS published a final rule extending the temporary general licence's validity from 10 March 2020 until 15 May 2020.

On 21 May 2019 BIS published the final rule regarding the Huawei Entity List addition in the Federal Register.

Section 889 of NDAA 2019 implemented

On 13 August 2019 the Department of Defence, the General Services Administration and the National Aeronautics and Space Administration published an interim rule (Federal Acquisition Regulation: Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment), implementing Section 889 of the NDAA 2019. This interim rule requires two Federal Acquisition Regulation clauses relating to covered telecoms and video surveillance equipment and services to be included in all solicitations issued on or after the date of the rule (and in all solicitations where the contract award itself will occur after that date) (for further details please see "New Huawei rule: what it means for US companies").(1)

Proposed rule implementing EO 13873 published

On 27 November 2019 the Department of Commerce published a proposed rule (Securing the Information and Communications Technology and Services Supply Chain), which would implement EO 13873 (for further details please see "Administration tests waters for unprecedented government review of international technology transactions"). The proposed rule provides a broad and vague review process for information and communication technology and services transactions involving 'foreign adversaries', as defined in EO 13873. As with the EO, the proposed rule does not mention any specific country or company. Despite several months having gone by, no interim or final rule has been issued and the outlook for that occurring is unclear. However, regardless of whether a rule is put into effect, the Department of Commerce could exercise the robust authority conveyed by the EO at any time.

NDAA 2020 enacted

On 19 December 2019 the NDAA for Fiscal Year 2020 was enacted. Section 1260I of the NDAA 2020 sets out specific criteria that must be satisfied before BIS can remove Huawei from the Entity List.

FCC final rule published

On 3 January 2020 a Federal Communications Commission (FCC) final rule (Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs; Huawei Designation; ZTE Designation) was published. The rule prohibits the use of certain agency funds to purchase equipment or services from 'covered companies' and designates Huawei and ZTE as such. It also requires entities which use these funds to remove existing Huawei and ZTE equipment from their networks.

Secure Networks Act enacted

On 12 March 2020 the Secure and Trusted Communications Networks Act 2019 (commonly known as the 'Secure Networks Act' or the 'Rip and Replace Law') was enacted. This act requires the FCC to identify and publish a list of "covered communications equipment and services" no later than 12 March 2021. Further, it prohibits the use of federal subsidies from the FCC for the purchase, rent, lease, other obtainment or maintenance of covered equipment, effective 60 days after the equipment is added to the FCC list. The act also establishes a programme for reimbursing providers of advanced communications services for the removal and replacement of covered equipment or services, subject to certain conditions. However, this programme is dependent on Congress appropriating funding for its implementation.

Secure 5G and Beyond Act 2020 enacted

On 23 March 2020 the Secure 5G and Beyond Act 2020 was enacted. This act requires the president to develop an interagency strategy to ensure the security of 5G and future technologies and infrastructure in concert with strategic allies. The strategy must be followed by an implementation plan that addresses 18 specific topics, including a summary of US interests in 5G and a global threat assessment. Notably, the act prohibits the inclusion of US mobile telecoms infrastructure in the nationalisation strategy.

EARs amended

On 28 April 2020 three China-focused changes were made to the EARs. BIS announced the broadening of military end-use and military end-user restrictions in Section 744.21 of the EARs, as well as the elimination of licence exception civil end users and proposed revisions to licence exception additional permissive re-exports. These changes require BIS to review a broader range of exports, including electronics and telecoms items controlled only for anti-terrorism reasons, when shipped for military end uses or to military end users. Licence applications for military end uses or end users are subject to a presumption of denial.

Request for comment on Secure Networks Act issued

On 5 May 2020 the FCC issued a request for comment on the Secure Networks Act's impact on existing FCC initiatives. The FCC issued a Federal Register notice in which its Wireline Competition Bureau sought comments on how the act applies to proposals already under consideration in the FCC's Protecting Against National Security Threats to the Communications Supply Chain rulemaking and related proceedings (discussed above). Comments were due on or before 20 May 2020 and reply comments are due on or before 4 June 2020. Comments may be filed via the commission's electronic comment filing system (available here) or mailed to the commission's secretary (Office of the Secretary, Federal Communications Commission).

Future developments

It is expected that BIS will shortly announce amendments to the EARs' foreign direct product rule to limit Huawei's ability to obtain chips that are the product of US-origin semiconductor manufacturing equipment. BIS has also proposed reducing the de minimis US-controlled content threshold applicable to Huawei and its affiliated companies from 25% to 10%, which would dramatically increase the number of foreign-made products that would be subject to US jurisdiction and therefore require a licence. It remains unclear whether this change will be pursued.

Where to from here?

On 25 March 2020 the administration released its National Strategy to Secure 5G, as required by the Secure 5G and Beyond Act. While the strategy is light on specifics, the overriding theme is to empower the United States' private sector to roll out, secure and develop 5G technology and infrastructure. The strategy comprises four main 'lines of effort'.

Facilitating roll-out of 5G domestically

The government is facilitating a private sector-led domestic roll-out of 5G, primarily through the FCC's Facilitate America's Superiority in 5G Technology, issuing a National Spectrum Strategy for management of 5G and future generations of networks and working with allies and the private sector.

Assessing cybersecurity risks and identifying core security principles of 5G capabilities and infrastructure

With the help of state, local and tribal governments and private sector partners, the government will identify economic, national security and other risks posed by 5G infrastructure. Further, it will work with the private sector to develop security principles for 5G.

Addressing risks to US economic and national security during development and deployment of 5G infrastructure worldwide

Perhaps most relevant to Chinese telecoms companies, the third line of effort focuses on managing supply chain risks in government infrastructure and identifying high-risk vendors. This section of the strategy cites the Federal Acquisition Supply Chain Security Act 2018 and EO 13873 and resonates with the proposed Department of Commerce rules on securing the information and communication technology and services supply chain.

Promoting responsible global development and deployment of secure and reliable 5G infrastructure

The government will participate in the development of international 5G standards and promote US leadership in standards development and adoption. In addition, this line of effort describes collaboration with the private sector, academia and other governments to adopt policies that reinforce 5G vendor diversity to foster market competition.

The strategy checks off one of the administration's responsibilities under the Secure 5G and Beyond Act. Next is the administration's implementation plan, which is expected by 21 September 2020.

What should private sector look out for going forward?

The coming months will likely bring more rough sledding for Huawei and other Chinese telecoms companies, courtesy of both Congress and the Trump administration. There will also likely be an increased focus on the government's efforts to support US-led alternatives regarding 5G. In February 2020 the White House economic adviser indicated that the Trump administration's goal is to "have all of the US 5G architecture and infrastructure done by American firms, principally". Prior to the COVID-19 crisis, both the FCC and the White House had scheduled public events to explore and promote these alternatives, most of which revolve around open virtualised radio access network technology. In a significant recent development, 31 powerhouse IT and telecoms companies launched a new initiative to "advocate for government policies supporting the development and adoption of open and interoperable solutions" in the radio access network.

Endnotes

(1) A second interim rule (13 December 2019) relieves contractors from making offer-by-offer representations if they annually make the representation that they do not use covered telecoms equipment.