On 9 November 2020, the European Parliament and the European Council reached a provisional political agreement on a revised regulation setting out the European Union’s regime for the control of exports, transfer, brokering, technical assistance, and transit of dual-use items. Subsequently, the Member States’ ambassadors sitting on the Permanent Representatives Committee (Coreper) need to approve this new regulation before the Parliament and Council adopt it. We expect the new regulation to be adopted before the end of 2020, although it almost certainly comes too late to be carried over into UK law after Brexit (only EU law that actually applies on 31 December 2020, will be carried into UK law), thereby setting up export controls as an area where we may see early divergence between EU and UK rules. The European Commission already welcomed this agreement and highlighted that it will work closely with the Parliament and the Member States to implement the new regulation effectively. The proposed agreement will recast Regulation 428/2009, initially adopted in 2009 and successively amended, to adapt the rules to the rapidly changing technological, economic and political circumstances, making them fit for purpose in the current landscape.
Key takeaways of the new regulation
The new regulation will strengthen the EU’s export controls toolbox, allowing the EU to tackle the risk of violations of human rights associated with trade in cyber-surveillance technologies and gain a greater control of trade flows in sensitive new and emerging technologies. For businesses, while the revision introduces some further controls, it also brings some changes to licensing arrangements that will likely reduce the overall burden on exporters. The key aspects of the new regulation are:
- Amendments to various key export control notions, including the definition of “dual-use items” itself, to reflect the emergence of cyber-surveillance technologies, and the definition of “exporter” to include natural persons and researchers involved in dual-use technology transfer.
- Stricter export control rules on specific cyber-surveillance technologies, whereby misuse may lead to significant human rights violations and security threats.
- Introduction of four new EU General Export Authorisation (EUGEA), regarding encryption items, low-value shipments, intra-company transmission of software and technology, and “other dual-use items” when the EU considers it appropriate to facilitate control of certain items and destination.
- Harmonisation of licensing processes and extended delegation of competence allowing the Commission to amend by simplified procedure the list of items or destinations subject to specific forms of control, with a view to ensuring that the EU export control regime becomes more flexible and capable of reacting to technological or economic developments.
- Global licenses are now subject to the implementation of an Internal Compliance Programme (ICP). Smaller companies who cannot afford to implement a formal ICP, may export under general authorisations and/or individual licenses.
- Introduction of an explicit reference to the exporters’ due diligence obligations when trading dual-use items, and in particular to be aware that dual-use items which the exporter proposes to export, even though not listed in Annex I, may be subject to specific controls in accordance with the regulation.
- Enhanced cooperation on implementation and enforcement by reinforcing information exchange between competent authorities and the European Commission.
- Harmonisation of the definition and scope of catch-all controls to ensure their uniform application across the EU.
- Introduction of transmissible controls, allowing Member States to introduce export controls on the basis of another Member State’s legislation allowing for a cross-border effect of Member States’ export controls.
- An EU-level coordination mechanism, which allows for greater exchange between the Member States regarding the export of cyber-surveillance items.
- Increased transparency measures, including through the issuance of guidance and annual reports, and enhanced outreach and information sharing with stakeholders in order to build strong cooperation and relationships with the private sector.
Opening a new era for EU operators
With the introduction of new EUGEAs and the reinforcement of harmonisation and cooperation mechanisms at Member States level, the new regulation promises to significantly reduce the administrative burden for EU operators and public administrations. The new regulation aims to strike a balance between increased security considerations and unnecessary restrictions on companies. For example, for security reasons, the new regulation does not exempt small and medium-sized enterprises (SMEs) from complying with the controls, but SMEs will nevertheless benefit from the increased legal clarity and the simplification of licensing procedures.
With this balance in mind, the proposal is likely to improve the international competitiveness of EU operators, as certain provisions, such as export of encryption, will facilitate controls in areas where third countries have already introduced more flexible control arrangements. The new regulation also offers the possibility for the EU to engage with third countries to support a global level playing field and enhance national security through more closely aligned export control rules, thus leading to a positive impact on international trade. Such cooperation could take place for instance through the end-user verification programme under which selected third-country companies could be granted a special “verified end-user" status and receive EU-wide recognition and facilitation of controls, or through the Commission’s EU P2P Export Control Programme to assist and endow third countries with well-functioning export controls systems .
Finally, one of the cornerstones of this new regulation is the effective response to the threat to human rights from the uncontrolled export of specific cyber-surveillance technologies. Although the new controls will have some negative impact on the freedom to conduct business, they are intended to significantly improve the safeguards for fundamental rights.
- See https://ec.europa.eu/jrc/en/research-topic/chemical-biological-radiological-and-nuclear-hazards/eu-p2p-outreach-programmes-export-control/dual-use-goods ↩