Texas and Federal Government Seek to Protect U.S. Infrastructure From Disruption by Foreign Adversaries

Jackson Walker
Contact

Jackson Walker

The Lone Star Infrastructure Protection Act (LIPA), a new Texas law that went into effect June 2021, prohibits Texas businesses and governments from contracting with entities owned or controlled by individuals from China, Russia, North Korea, and Iran, if the contracting relates to “critical infrastructure” and provides the foreign party remote access or control of the “critical infrastructure.”[1]

“Critical infrastructure” is defined as:

  1. communication infrastructure systems;
  2. cybersecurity system;
  3. electric grid;
  4. hazardous waste treatment systems; and
  5. water treatment facilities.[2]

The communication infrastructure and the cyber security industries are also subject to additional federal regulations issued by the U.S. Department of Commerce that, as of March 22, 2021, prohibit commercial transactions with Chinese, Russian, North Korean, Iranian, and Venezuelan companies if the transactions involve the acquisition or use of certain “information and communication technology and services” (“ICTS and ICTS Regulations”). (See 15 CFR 7.)

LIPA and the ICTS Regulations add to and overlap a complicated web of federal statutes and regulations that prohibits U.S. businesses or individuals from engaging in any commercial transactions with citizens of, among other countries, the Crimea Region of Ukraine, Cuba, North Korea, Syria, and Iran (“U.S. Sanctions Laws”). Unlike the ICTS Regulations and the U.S. Sanctions laws, LIPA does not contain any enforcement mechanisms, fines, or penalties for non-compliance, and, unlike federal requirements, no set of detailed regulations. Federal regulation governing the acquisition and use of foreign-sourced technologies and other goods and services raises the possibility that LIPA may be preempted by these more comprehensive federal requirements, but that discussion is beyond the scope of this article.[3]

LIPA amends the Texas Business and Commerce Code and the Texas Government Code to prohibit Texas governments and businesses from knowingly allowing a foreign adversary to remotely access or control any of the described critical infrastructure. (See LIPA at § 2.) The Texas Attorney General has provided some guidance on its interpretation of LIPA as it applies in the electricity generation, transmission, and distribution industry in Texas. The Attorney General, in describing the interconnection agreement that allows a power generator access to the Texas electric grid, noted that:

As the purpose of an interconnection agreement is to connect an electricity generator to the transmission system in the electric grid, the agreement relates to critical infrastructure as defined in the Act. Furthermore, by granting the generation owner the ability to connect the generator to the transmission system, a generation interconnection agreement gives that company direct or remote access to critical infrastructure and is therefore implicated by the Act.

September 23, 2021; Attorney General Opinion No. KP-0388.

The Attorney General also opined that a land lease agreement between a power generator or transmission service provider and a wholly-owned or majority-owned subsidiary landowner from a prohibited country would likely permit direct or remote access to or control of critical infrastructure and as such would be prohibited by LIPA. Id. at 5.

As noted previously, prohibitions on the acquisition and use of foreign technology that could be used to disrupt the U.S. critical infrastructure are rapidly developing at the federal level as a result of a May 5, 2019, Executive Order 13873 and regulations that can be found at 86 Fed. Reg. 4909, “Securing the Information and Communications Technology and Services Supply Chain.” The ICTS Regulations apply to the acquisition, importation, transfer, or installation of any information and communication technology or service provided by or sourced from “foreign adversaries.” (See 15 CFR § 7.1.) Foreign Adversaries are defined as China, including Hong Kong, Cuba, Iran, North Korea, Russia, and Venezuela. (See 15 CFR § 7.4.)

The ICTS Regulations allow the Commerce Secretary to review ICTS Transactions to determine whether they present an undue or unacceptable risk to U.S. infrastructure. (See 15 CFR § 7.100.) The regulations cover broad classes of technology (software, hardware for wired, wireless telecommunications and internet networks, monitoring devices, or products integral to data hosting or computing services, as well as developing technologies like robotics and A.I.). (See 15 CFR § 7.3.) Civil penalties for failure to comply with the Secretary’s findings are $250,000 or twice the amount of the transaction and criminal penalties of $1,000,000 and imprisonment of up to 20 years. (See 50 U.S.C.S. §1705, 15 CFR § 7.200.)

Much of this ICTS sector is also subject to a mandatory pre-acquisition submittal and review process with the Committee on Foreign Investment in the United States (CFIUS) when a foreign party is seeking to acquire or invest in U.S. critical technology or critical infrastructure businesses. (See 31 CFR § 800, et seq.) Unlike CFIUS, the ICTS Regulations do not currently have a voluntary submission process to clear pending or past transactions, but Commerce has asked for public comments on establishing a voluntary submission and review process. (See 86 Fed. Reg. 16312, March 29, 2021.)

The ICTS Regulations apply to all transactions occurring after January 19, 2021, and allow the Department of Commerce to subpoena documentation related to an applicable transaction, obtain evidence, including depositions, and issue “an initial written determination explaining the finding and whether the Secretary has determined to unwind a transaction, prohibit it or propose mitigation measures for the completed or proposed ICTS Transaction at issue.” (See 15 CFR § 7.105.) Parties to the ICTS Transaction can submit a response, with evidence and offers of mitigation 30 days after Commerce issues its initial decision. (See 15 CFR § 7.107.) An adverse finding by Commerce may require the parties to unwind a consummated transaction or block proposed transactions.

Commerce is taking referrals from the public and from other federal agencies as well as conducting its own investigation of completed, pending, and future ICTS Transactions. In that regard, Commerce has issued subpoenas to Chinese companies that provide ICTS in the United States, and once Commerce completes its review of priority ICTS technologies, we expect to see formal investigations of completed or pending transactions. Estimated costs for compliance with this regulatory requirements for U.S. businesses are as high as $40.2 billion dollars. (See 86 Fed. Reg. 4921.)

The ICTS Regulations and the Texas LIPA are part of a vast regulatory infrastructure that applies to the acquisition and use of foreign technology that could be used to disrupt U.S. critical infrastructure. Care should be taken to perform the necessary due diligence to comply with this patchwork of laws, and in the mergers and acquisitions context, obtain necessary representations and warranties as well as conduct adequate due diligence for compliance and future impacts on the target business. Companies that import technology used in the communications and information storage sector should carefully classify the goods and services they purchase, with particular focus on Chinese and Russian sourced goods and services, and should have compliance programs in place to ensure they are not violating U.S. Sanctions requirements. Due diligence on sourcing future technology products must also be conducted to ensure technology sourced in one country was not wholly or partially produced in a foreign adversary county. Jackson Walker’s international trade team is experienced in assisting companies develop programs and complete due diligence to assist in complying with these regulatory requirements.

[1] Lone Star Infrastructure Protection Act, 87th Leg., R.S., S.B. 2116 (to be codified as Tex. Bus. & Com. Code § 113.001, et seq. and as Tex. Gov’t Code § 2274.0101, et seq.) (“LIPA”).
[2] Id. at § 2(2).
[3] For more on the possible federal preemption of LIPA, see 13 Harvard Nat. Sec. J. — (forthcoming 2022) (available at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3985070).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Walker | Attorney Advertising

Written by:

Jackson Walker
Contact
more
less

Jackson Walker on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide