Key Points

• On June 5, 2019, the European Union (EU) took a step forward with respect to modernizing its existing dual use legislation under Council Regulation (EC) No 428/2009 (the “EU Dual Use Regulation”), with the European Council (the “Council”) issuing its mandate for negotiations with the European Parliament (the “Council Mandate”).
• When compared to the proposal first issued by the European Commission (the “Commission”) in 2016 (the “Commission Proposal”), the Council Mandate appears to reflect a desire from EU Member States for a more limited update to the EU Dual Use Regulation. In particular, the Council Mandate seeks to remove the substantive provisions relating to cyber surveillance and human rights, which have proved controversial both with EU decision-makers and in industry.
• The Council will now proceed to negotiate with the European Parliament (the “Parliament”) within the perimeters of its Council Mandate and in accordance with the ordinary legislative procedure, with a view to reaching an agreement.

Background

EU Member States are obligated under international commitments to have national controls in place to preclude the proliferation of nuclear, chemical, or biological weapons and their means of delivery. This includes controls over dual-use items, as well as related materials, equipment, and technology for export. In 2000, the EU therefore adopted Council Regulation (EC) No 1334/2000, which created a substantive legislative framework for the control of dual-use items, applicable throughout the EU. The current EU Dual Use Regulation recast the same regulation in 2009.

However, owing to changing technological, economic, and geo-political circumstances, in June 2011 the EU began considering reforms to the EU Dual Use Regulation with the Commission’s publication of a Green Paper and the holding of a public consultation. Feedback from the consultation included a desire from industry for a wider range of EU General Export Authorisations (UGEAs), as well as for a greater convergence of ‘catch-all’ controls. There was significant push back against the Commission’s suggestion for export controls to be used as a tool to protect and support human rights (referred to as the ‘human security’ approach). This (and other) preparatory work resulted in the Commission adopting its Proposal in September 2016. The Commission Proposal seeks to recast the EU Dual Use Regulation with the introduction of both a ‘system upgrade’ as well as a ‘system modernisation’ to the existing legislation. Among other elements, the Commission Proposal includes several contentious ‘human security’ aspects aimed at preventing the abuse of cyber-surveillance technologies by governments with a dubious approach to (and record with) human rights.

The Parliament adopted its first report (the “Report”) on the Commission Proposal in November 2017. The Report was positive and called on the Commission to go further by introducing (amongst other things) similar penalties for noncompliance across all Member States. The Report also recommended that the proposed legislation contain provisions to capture the new risks posed by emerging technologies. In January 2018, the Parliament voted in favour of the negotiating position set out in the Report and the starting of inter-institutional negotiations with the Council. As cited above, on June 5, 2019 the Council finally issued its own perimeters for negotiating with the Parliament.

Proposed Changes

The Council Mandate supports several changes to the existing EU Dual Use Regulation as envisaged under the Commission Proposal. However, it also either rejects or materially alters a number of the substantive provisions. We set out below some of the key changes proposed under the Council Mandate, as compared to the Commission Proposal.

1. Human Security

The Council Mandate removes the suggested (unilateral) Category 10 to Annex I covering surveillance systems, equipment, and components for Information and Communication Technology. This reflects (at least in part) substantive concerns certain EU Member States have raised with respect to the introduction of unilateral dual use controls at an EU level. From these discussions, it appears as though the certain Member States would prefer, at first instance, for: (i) national governments to introduce unilateral measures themselves through the existing mechanisms under the EU Dual Use Regulation relating to human rights concerns (i.e. Article 8 of the EU Dual Use Regulation); (ii) the EU to put forward a common position in relation to listing such technologies as part of the Wassenaar Arrangement; and (iii) EU restrictive measures on third countries to continue including export restrictions on such items (such as in the EU Venezuela sanctions).

In addition, the Council Mandate removes the ‘serious violations of human rights or international law’ and ‘acts of terrorism’ from the end use ‘catch all’ provisions that the Commission Proposal wishes to add to the existing ‘catch alls’ contained within Article 4 to the EU Dual Use Regulation. The Council Mandate also drops from the definition of ‘dual use items’ the term ‘cyber surveillance technology’. By explicitly including the term ‘cyber surveillance technology’ in the definition of ‘dual use item’, the Commission Proposal would see any such item, if not included in Annex I, be covered by the aforementioned end use catch all controls.

2. EU Licensing Architecture

The Commission Proposal introduces four new UGEAs to help further facilitate trade while ensuring a sufficient level of security through robust control measures (e.g. through registration, notification and reporting, and auditing). The four UGEAs are (i) ‘Low Value Shipments’; (ii) ‘Intra-company Transmission of Software and Technology’; (iii) ‘Encryption’; and (iv) ‘Other Dual Use Items’. The Council Mandate proposes to drop the UGEAs for ‘Low Value Shipments’ and ‘Other Dual Use Items’. Moreover, the Council Mandate seeks to introduce tighter licensing conditions with respect to the Encryption UGEA. It also reduces the number of permitted countries under the ‘Intra-company’ UGEA, and maintains that users must put in place an internal compliance programme as a condition of use.

The Council Mandate keeps the concept of a ‘Large Project Authorisation’ (LPA). The Council Mandate states that an LPA could be either a global or an individual licence (the Commission Proposal only suggests an LPA as being a ‘global’ licence). Member State authorities would be able to grant an LPA to one specific exporter, in respect of a type or category of dual use items, which may be valid for exports to one, or more specified end users in one or more specified third countries. The Commission Proposal suggests that the project duration should exceed one year, whereas the Council Mandate is silent on a minimum length but places an upper limit of four years (unless there is a circumstantial justification for a longer period). Finally, neither the Council Mandate nor the Commission Proposal offer a definition of ‘Large Project’, and so Member States would likely be left to determine its scope (the Commission has previously put forward the construction of a nuclear power plant as an example).

3. Circumvention Clause

To counter illicit trafficking and bring the EU Dual Use Regulation in line with other EU trade security instruments (e.g. EU restrictive measures), the Commission Proposal introduces a circumvention clause. The clause creates a prohibition on knowingly and intentionally participating in activities the object or effect of which is to circumvent the: (i) export licence requirement for Annex I items; and (ii) catch all controls for non-Annex I items in respect of export, brokering services, transit, and technical assistance. The Council Mandate removes this clause in its entirety.

4. Technical Assistance

Under the EU Dual Use Regulation, ‘technical assistance’ is an aspect of the defined term ‘technology’ and thus controlled when captured by an Export Control Classification Number (ECCN). Both the Commission Proposal and the Council Mandate agree on defining ‘technical assistance’ separately from the definition of ‘technology’.

The Council Mandate also maintains the new definition of ‘supplier of technical assistance’, which would cover: (i) any natural or legal person or partnership resident or established in a Member State of the EU; (ii) a legal person or partnership owned or controlled by such person; or (iii) another person which supplies technical assistance from the EU into the territory of a third country.

Taken together, both the Commission Proposal and the Council Mandate agree that an authorisation should be required where ‘technical assistance’ relates to dual use items or their provision, manufacture, maintenance or use, and the ‘supplier of technical assistance’ is aware that assistance is for, or told by authorities that assistance is or may be for a prohibited end-use. That said, the Commission Proposal includes ‘serious violations of human rights or international law’ and ‘acts of terrorism’ as prohibited end-uses. However, the Council Mandate removes both inclusions such that it will only apply where the ‘technical assistance’ is for: (i) weapons of mass destruction end use; (ii) military end use in an arms embargoed country; or (iii) use as parts or components of military items exported without license or in violation thereof.

5. Other Points to Note

• Enforcement mechanism: The Commission Proposal and the Council Mandate align on the need to introduce provisions to support information exchange and cooperation on enforcement between Member States, in particular with the setting up of an ‘enforcement coordination mechanism’ under the Dual-Use Coordination Group. Both, however, stop short of introducing concrete measures to promote the harmonization of enforcement and monitoring of export controls compliance.
• Exporter definition: The Commission Proposal and the Council Mandate extend the concept of ‘exporter’ to include reference to ‘any natural person carrying the goods to be exported where these goods are contained in the person’s personal baggage’.
• Licensing for exporters based outside of the EU: The Commission Proposal states that where an exporter is not resident or established within the EU, then the Member State authority responsible for issuing authorisations is the one where the dual use items are located. The Commission Proposal indicates that both global and individual licences should be available in such instances. The Council Mandate, however, restricts this provision to individual authorisations only.
• Broker definition: The Commission Proposal extends the concept of broker to non-EU companies, which are owned or controlled by an EU resident, or an EU company, as well as to persons carrying out brokering services from the EU into the territory of a third country. The Council Mandate removes this suggestion.
• Due diligence: The Commission Proposal and subsequent amendments by the Parliament requires exporters to implement a due diligence process to confirm the absence of any circumstances triggering ‘catch all’ end use controls (including serious violations of human rights and acts of terrorism). The Council Mandate removes this requirement.
• Union general transfer authorisation: the Commission Proposal seeks to introduce a Union general transfer authorisation, which would permit (subject to conditions) the intra-EU transfer of Annex IV items. The Council Mandate appears to remove this concept in its entirety.
• Public security includes ‘acts of terrorism’ under Article 8: The Council Mandate explicitly confirms that Member States may prohibit or impose an authorisation requirement on dual use items not listed in Annex I for public security reasons, which includes ‘the prevention of acts of terrorism’. This is an addition to the existing wording under Article 8 of the EU Dual Use Regulation and appears to reflect the Council’s desire for Member States to be more proactive in the use of national lists where appropriate.

Next Steps

Taken as a whole, the Council Mandate reflects the Member States’ wish to implement a more modest update to the EU Dual Use Regulation, as compared to both the Commission Proposal and the documented wishes of the previous European Parliament. At this point, it is difficult to say whether the new incoming Parliament will be receptive to the Council’s watered down approach, or if it will stick to its previous position. If, however, distance remains between both the Council and Parliament, then it is difficult to see the EU adopting any recast to the EU Dual Use Regulation in the near future.

As a wider point, the Council Mandate reveals a reluctance on the part of Member States to introduce new measures at an EU level to tackle the perceived risks from emerging technologies through export controls. The Parliament made the introduction of such measures a key recommendation in its November 2017 Report, and may well continue to raise the issue in the forthcoming negotiations with the Council. Whilst there are existing mechanisms in place for Member States to introduce unilateral controls, any national government contemplating any such measures would likely face considerable pressure from industry to desist. It therefore raises the question, especially in light of recent developments in the United States and elsewhere, as to how the EU will seek to address similar concerns across Europe regarding the control of emerging technologies (if not through the EU Dual Use Regulation).