On May 27, 2021, the Federal Communications Commission (FCC or Commission) released a draft Notice of Proposed Rulemaking (NPRM) and Notice of Inquiry (NOI) proposing significant changes to the FCC’s equipment authorization regime and spectrum auction certifications, intended to protect U.S. communications networks from equipment and services that pose an unacceptable risk to national security.
This item follows years of work by the FCC and other agencies on aspects of telecommunications equipment security. This new proceeding, Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program; Protecting Against National Security Threats to the Communications Supply Chain through the Competitive Bidding Program, picks up on calls by Acting Chairwoman Jessica Rosenworcel to examine national security in equipment authorization proceedings and recent calls by Commissioner Brendan Carr to exclude certain companies from the FCC’s approval of equipment for sale in the United States.
The item is expected to be voted on at the June 17, 2021 FCC Open Meeting. There is a short window of time in which to advocate for changes to the draft item before the Commissioners vote, and thereafter, the process will invite public comment. If the item is approved, comments will be due 30 days after publication in the Federal Register and reply comments due 60 days after publication.
The FCC has been increasingly active on national security issues, on its own and at the direction of Congress. Our team has been engaged on these and related issues, using a multidisciplinary approach to telecom and Information Communication Technology (ICT) security that draws on telecom, trade, government contracts, and export control experts. Our team includes former senior government officials that led United States policy at the U.S. Departments of Commerce and State, and at the Federal Communications Commission.
This item has three main parts, listed below.
A Notice of Proposed Rulemaking to Change the Equipment Authorization Rules
The FCC’s equipment authorization regime is intended to ensure that devices that emit radiofrequency (RF) energy imported to or marketed within the United States comply with the Commission’s technical requirements. The equipment authorization rules are designed to minimize the potential for harmful interference, and to ensure that devices comply with certain other Commission rules, such as human RF exposure limits, hearing aid compatibility requirements, and labeling obligations.
The FCC’s rules currently specify two procedures for obtaining equipment approval: (1) certification and (2) Supplier’s Declaration of Conformity (SDoC). Certification is the more rigorous approval process and it requires testing by an FCC-recognized accredited testing lab and filing a detailed application for approval with an FCC-approved Telecommunication Certification Body. The SDoC process, by comparison, does not require filing a detailed application for approval, but nevertheless still requires some device testing.
The existing equipment authorization rules do not include any specific provisions addressing device security or fitness for any particular purpose. In particular, the rules do not address the list of “covered communications equipment and services” (Covered List) that the Commission otherwise has determined pose security risks. The draft NPRM proposes to change this approach, and add security concerns into the equipment authorization process.
A Notice of Proposed Rulemaking to Add Competitive Bidding Certifications
As part of its competitive bidding procedures, the Commission has required spectrum auction applicants to make various certifications on their auction applications to qualify as a prospective bidder. The substance of the required certifications varies. For example, among other things, applicants must make certifications regarding joint bidding arrangements, whether they are in default on any Commission licenses or debts, and whether they have been barred by any agency of the Federal Government from bidding on a contract, participating in an auction, or receiving a grant. If an auction applicant is unable to make the required certifications, its application to participate in the auction is dismissed.
A Notice of Inquiry Raises Questions About the FCC’s Role and the Future of Agency Activity
The NOI delves into several open issues, but does not propose any specific rules at this time. NOIs are often used by the agency to gather information and identify positions on new areas of regulation or oversight. This is an important opportunity to help shape the future of Commission activity in emerging areas like Internet of Things (IoT) and cybersecurity.
This new proceeding is a broad and important effort by the Commission to modify several regulatory regimes to address complex security issues. It builds on prior work by the Commission and other agencies to secure the ICT supply chain, including the FCC’s proceeding banning the use of Universal Service Funds to purchase equipment on the Covered List and the Department of Commerce’s proceeding on review of ICT transactions involving “foreign adversaries,” and raises important issues of regulatory process, inter-agency collaboration, FCC jurisdiction, and more. It comes alongside a proposal by Senator Marco Rubio (R-FL) to narrowly adjust the FCC’s equipment authorization regime to exclude certain companies that the federal government has determined pose security risks.3
The FCC’s activities here will have impacts on trade policy and other supply chain work across government from the Commerce ICT rule to the Federal Acquisition Supply Council. It could open the door to broader obligations on entities seeking equipment authorization or to participate in various FCC activities.
1 See, e.g. Statement of Commissioner Jessica Rosenworcel, Protecting Against National Security Threats to the Communications Supply Chain Through FCC Program, WC Docket No. 18-89, 34 FCC Rcd 11423, https://docs.fcc.gov/public/attachments/FCC-19-121A5.pdf (Nov. 26, 2019).
2 See, e.g. FCC, News Release, Carr Urges Stronger Response to Communist China’s Security Threats and Xinjiang Genocide, https://docs.fcc.gov/public/attachments/DOC-371210A1.pdf (Mar. 30, 2021).