The Trump administration has announced two initiatives aimed at addressing U.S. national security risks arising from the use of non-U.S. technology generally, with a particular focus on the Chinese telecommunications equipment company Huawei Technologies Co. Ltd. The first is an executive order (EO) prohibiting the acquisition and use of information and communications technology and services (ICT) supplied by foreign adversaries. The second is the announced inclusion of Huawei on the list of entities to which U.S. businesses cannot sell products without prior U.S. government approval. Together, the two initiatives could have a substantial impact on the import of ICT and the export of U.S. technology used in Huawei products.
On May 15, 2019, President Donald Trump issued an EO finding a threat to U.S. national security and national emergency arising from the acquisition and use in the United States of ICT supplied by foreign adversaries.1 To address this concern, the president has authorized the prohibition of any acquisition, importation, transfer, installation, dealing in or use (any of which is a “transaction”) if:
- the transaction involves ICT designed, developed, manufactured or supplied by persons owned by, controlled by or subject to the jurisdiction or direction of a foreign adversary; and
- the transaction:
- poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation or maintenance of ICT in the United States;
- poses an undue risk of catastrophic effects on the security or resiliency of critical infrastructure or the digital economy of the United States; or
- otherwise poses an unacceptable risk to the national security of the United States or the security and safety of U.S. persons.
The Department of Commerce, in consultation with other agencies (the Departments of the Treasury, State, Defense, Justice and Homeland Security; the offices of the U.S. Trade Representative and Director of National Intelligence; the General Services Administration; and the Federal Communications Commission), is generally responsible for implementation of the EO, including the issuance of implementing regulations within 150 days (i.e., by October 12, 2019). Possible elements of the regulations identified in the EO include:
- Identification of particular countries or persons to be considered foreign adversaries for purposes of the EO;
- Criteria for determining whether a person is owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary for the purposes of the EO;
- Identification of particular technologies or countries warranting particular scrutiny under the provisions of the EO;
- Establishment of procedures to license transactions otherwise prohibited pursuant to the EO;
- Establishment of criteria by which particular technologies or particular participants in the market for ICT may be recognized as categorically included in or as categorically excluded from the prohibitions established by the EO; and
- Identification of a mechanism and relevant factors for the negotiation of agreements to mitigate concerns relating to U.S. acquisition and use of ICT provided by foreign adversaries.
Prohibitions under the EO apply to any qualifying transaction initiated, pending or completed after May 15, 2019. Whether the implementing regulations will apply the EO to transactions initiated, pending or completed after that date but prior to issuance of the regulations remains to be seen.
While the Commerce Department’s implementing regulations are likely to provide greater specificity, the EO includes the following definitions:
- ICT. Any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval or communication by electronic means, including transmission, storage and display.
- Foreign Adversary. Any foreign government or foreign nongovernment person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of U.S. persons.
Preannouncement publicity surrounding the EO focused on China as a foreign adversary and telecommunications equipment companies such as China’s Huawei and ZTE Corporation. U.S. law already prohibits federal agencies from purchasing Huawei or ZTE equipment,2 and as discussed below, U.S. companies will require a license to provide technology to Huawei or its affiliates. The U.S. has identified a number of foreign adversaries, however, and the EO’s definition of ICT potentially includes other technologies.
The EO’s mechanisms look very much like the national security review process of the Committee on Foreign Investment in the United States (CFIUS), which evaluates the national security risks arising from foreign investments in U.S. businesses. Like the CFIUS process, the EO calls for a multiagency review of the national security implications of certain types of cross-border transactions. Commerce Department-led reviews under the EO will result in transactions being blocked, permitted or permitted subject to risk mitigation conditions.
The potential reach of the EO, however, could be much greater than that of CFIUS, given the widespread use of ICT equipment from China, including ICT equipment made by or on behalf of U.S. businesses that are subsidiaries of Chinese companies, or that develop or manufacture their products in China. The EO allows the implementing regulations to include various exclusions and licensing procedures that would narrow the scope of the EO’s required reviews and prohibitions. Absent the broad application of such exclusions and licenses, the Commerce Department faces a large administrative burden as it conducts the required reviews, and U.S. users of ICT could have substantially fewer options in the marketplace.
Inclusion of Huawei on ‘Entity List’
A Commerce Department press release issued on May 15, 2019,3 announces the forthcoming addition of Huawei to the Entity List maintained by the Bureau of Industry and Security (BIS), comprising entities to which U.S. businesses cannot sell products without prior U.S. government approval. This designation takes effect once it is published in the Federal Register. At that time, the sale or transfer of U.S. technology to Huawei or its affiliates will require a BIS-granted license, which will be denied if the sale or transfer would harm U.S. national security or foreign policy interests.
Notably, BIS previously placed ZTE on the Entity List in 2016, an act that was viewed as a critical blow to ZTE’s business because of its dependence on U.S. technology. In 2017, ZTE was removed from the Entity List following a settlement agreement with the U.S. government. It is possible that the inclusion of Huawei on the Entity List is similarly meant as a bargaining chip to be used in settlement negotiations with Huawei.
1 Executive Order on Securing the Information and Communications Technology and Services Supply Chain (May 15, 2019).
2 Section 889 of Public Law 115-232 (enacted Aug. 13, 2018).
3 “Department of Commerce Announces the Addition of Huawei Technologies Co. Ltd. to the Entity List,” Department of Commerce Press Release (May 15, 2019).