On March 29, 2021, the U.S. Department of Commerce (Commerce or the Department) issued an advance notice of proposed rulemaking (ANPRM) regarding new licensing procedures for Commerce’s January 2021 interim final rule for reviewing and potentially prohibiting information and communications technology or services (ICTS) transactions involving “foreign adversaries.” Comments on the ANPRM are due Wednesday, April 28, 2021.
The January 2021 rule – issued pursuant to Executive Order (EO) 13873 “Securing the Information and Communications Technology and Services Supply Chain” – established the processes and procedures Commerce will use to identify, assess, and address certain transactions involving ICTS (ICTS Transaction) designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a “foreign adversary” (which the rule identified as China, Russia, Iran, North Korea, Cuba, and Venezuela’s Maduro regime) that pose an undue or unacceptable risk to U.S. national security. However, the January 2021 rule did not include procedures for a licensing process. Instead, the rule noted that Commerce would issue another rule describing the licensing process within 60 days (or March 22, 2021) and that it would fully implement that licensing regime by May 19, 2021.
While the January 2021 rule became effective on March 22 as scheduled, the ANPRM clarifies that Commerce no longer “expect[s] to have a licensing or other pre-clearance process in place by May 19, 2021” because “it has become apparent additional public input is needed.” The ANPRM does not provide any additional guidance on how the Department intends to implement and enforce the January 2021 rule, nor does it reopen or extend the deadline for submitting comments on the rule. Instead, the ANPRM seeks comment on the licensing or other pre-clearance process that Commerce will ultimately adopt and implement, particularly with respect to the following issues:
- Whether the processes for submitting notifications to the Committee on Foreign Investment in the United States (CFIUS) or voluntary disclosures to Commerce’s Bureau of Industry and Security (BIS) should serve as useful models for an ICTS Transaction licensing or pre-clearance process;
- Whether the pre-clearance or licensing process should be more akin to a regime that requires authorization prior to engaging in an ICTS Transaction or one that allows entities to seek additional certainty from the Department that a potential ICTS Transaction would not be prohibited;
- What considerations could be provided to small entities in the licensing or other pre-clearance process that would not impair the goal of protecting U.S. national security;
- Whether certain categories or types of ICTS Transactions should or should not be considered for a license or pre-clearance, whether any should be prioritized, and whether the process should be structured differently for distinct categories or types of ICTS Transactions;
- Whether a license or pre-clearance should apply to more than a single ICTS Transaction, such as multiple ICTS Transactions from a single entity engaged in a long-term contract, and, if so, what factors the Department should evaluate in determining the appropriateness of such a license or series of licenses;
- What categories of information the Department should or should not require (e.g., technical, security, or operational information);
- Whether the Department should issue decisions within a shorter timeframe that could result in fewer licenses or pre-clearances being granted, or whether the inconvenience of a longer timeframe for review would be outweighed by the potential for a greater number of licenses or pre-clearances being issued;
- How the potential for mitigation of an ICTS Transaction should be assessed in considering whether to grant a license or pre-clearance for a transaction;
- If an ICTS Transaction is modified after a license or pre-clearance request is approved, what process should be enacted to avoid invalidation of the license or other form of pre-clearance; and
- Whether holders of an ICTS Transaction license or pre-clearance should have the opportunity to renew them without having to reapply and, if so, how the renewal process should be structured and assessed (including the appropriate length of time between renewals).
In furtherance of EO 13873, earlier this month Commerce announced that it served subpoenas on multiple Chinese companies that provide ICTS in the United States. The Department has not disclosed the names of the companies and has not specified whether any transactions with those companies may become prohibited or subject to licensing requirements. Nor has the agency issued guidance to U.S. industry for conducting internal assessments of national security risks arising from potentially prohibited ICTS Transactions. Nevertheless, because the agency has now confirmed that it intends to utilize the authority granted to it by EO 13873 to prohibit certain ICTS Transactions with “foreign adversaries,” companies should consider reviewing internal records of transactions with companies or persons from “foreign adversary” countries to assess their potential risk exposure.