- Since the addition of Huawei and many of its affiliates to the Entity List, there has been significant media coverage over which types of transactions involving the listed entities are, and are not, prohibited without a Commerce license. Some commentators and companies seem to be under the mistaken impression that non-U.S. companies cannot be affected by the listing merely because they are not U.S. companies or because they are working with non-U.S.-origin commodities, software, or technology. Such conclusions are not necessarily correct.
- U.S. export controls and Entity List prohibitions focus on the origin and jurisdictional status of the commodities, software, or technology that would be transferred to the listed entity, regardless of the nationality or ownership status of the company providing them. For example, if a wholly non-U.S. carrier, app developer, or electronics manufacturer transfers to Huawei a commodity, software, or technology of any sort that is U.S.-origin or that is non-U.S.-origin and it contains more than a de minimis amount of U.S.-origin controlled content, then the commodity, software, or technology is still subject to U.S. controls and the Entity List prohibitions.
- Violations of the Entity List prohibitions by a non-U.S. company can lead to civil or criminal penalties, or other sanctions that would affect its ability to receive U.S.-origin items. Thus, non-U.S. companies engaging in transactions involving Huawei should not assume that they are not affected by the Entity List prohibitions merely because they are outside the United States or because the products involved were manufactured outside the United States.
The Entity List and Key Definitions
The Entity List prohibitions, which are administered by the Commerce Department’s Bureau of Industry and Security (BIS), prohibit the unlicensed export of all commodities, software, and technology that are subject to the Export Administration Regulations (EAR), even low-level “EAR99” items that are not identified on any U.S. export control lists. For example, a U.S.-origin toothbrush and nonpublic U.S.-origin drawings for how to manufacture it are EAR99 items “subject to the EAR.”
Contrary to many press reports and other comments, only a limited number of transactions involving the listed Huawei companies have been authorized by a Temporary General License, which is primarily intended to minimize the impact of the listing on Huawei’s existing customers (but not its suppliers or development partners).
The EAR defines “item” as any commodity, software, or technology. A “commodity” is any article (such as a part or a component), material, or supply except technology and software. “Technology” is defined as “information necessary for the development, production, use, operation, installation, maintenance, repair, overhaul, or refurbishing” of a commodity, software, or other technologies, regardless of origin. “Software” is defined as a “collection of one or more programs or microprograms fixed in any tangible medium of expression.” Several of these words are further defined in the regulations, but the key point for non-U.S. companies to remember is that these terms are broad and do not depend upon whether the technology or software is sensitive or otherwise on an export control list.
Software and Technology “Subject to the EAR”
Software and technology are “subject to the EAR” if they are:
- In the United States, such as on a server located in the United States;
- U.S.-origin, such as by being developed, drawn, produced, or compiled in the United States;
- Foreign-origin and commingled with or drawn from more than a de minimis amount of controlled U.S.-origin technology; or
- The direct product of sensitive U.S.-origin technology or software, a complete plant built using such technology or software, or a major component of a plant built using such technology or software.
Thus, for example, nonpublic U.S.-origin technology necessary to produce a toothbrush may not be provided to Huawei by a company outside the United States without a BIS license.
De Minimis Calculations Involving Software and Technology
U.S.-origin technology does not lose its U.S.-origin status when it is redrawn, used, consulted, or otherwise commingled abroad in any respect with other technology of any other origin. Therefore, any subsequent or similar technology prepared outside the United States that is drawn from or uses any U.S.-origin technology is subject to the EAR in the same manner as the original U.S.-origin technology, including license requirements, unless the commingled technology is not subject to the EAR by reason of the de minimis exclusions described in the regulations.
The EAR also state that a party must file a one-time report with BIS prior to relying on a determination that foreign-origin technology does not contain more than a de minimis amount of controlled U.S.-origin content. The report must describe the bases for the conclusion, including a description of the calculations and the values, assumptions, and methodologies that went into making the de minimis determination.
Similarly, U.S.-origin software that is incorporated into or commingled with foreign-origin software does not lose its U.S.-origin status. It is subject to the EAR in the same manner as the original U.S.-origin software, including license requirements, unless the commingled software is not subject to the EAR by reason of the de minimis exclusions described in the regulations. One-time reports are not required for software, but reexporters must maintain records of their calculations to document qualification for the exclusion.
There are some exclusions and special requirements for de minimis calculations involving U.S.-origin encryption items. For example, U.S.-origin encryption technology classified under ECCN 5E002 is ineligible for de minimis treatment, so non-U.S.- produced encryption technology that incorporates any amount of such U.S.-origin encryption technology are subject to the EAR, regardless of the amount of U.S.-origin content. Further, certain types of encryption software must have satisfied mandatory classification or reporting procedures to qualify for the de minimis exclusion.
Foreign Direct Products
Items that are produced from U.S.-origin technology and software can be subject to the EAR, even if they are produced outside the United States. This rule applies if the U.S.-origin technology or software, and the direct product of such technology or software, are controlled for “national security” reasons and the product is destined to specific countries of concern, such as China. For example, if U.S.-origin 5D002 encryption source code is used to compile 5D002 object code outside the United States, the foreign-made object code would be subject to the EAR when exported to China.
The point of this alert is not to provide a treatise describing or legal advice about all the possible ways commodities or nonpublic technology and software outside the United States would and would not be subject to the EAR. That is a fact-specific subject to be discussed with company or outside export control compliance managers or counsel. Rather, the purpose of this alert is to remind all readers outside the United States that commodities, software, and technology are not per se excluded from the scope of the Entity List prohibitions merely because the company is foreign or the technology is not sensitive. The prohibitions are blind to the nationality of the exporter, reexporter, or transferor of the commodity, software, or technology being transferred to the listed entity. That is, they apply equally to U.S. and non-U.S. persons.