HWG Advisory: U.S. Commerce Department’s Proposed Regulations on ICTS Transactions with Foreign Adversaries Threaten Significant Regulatory Uncertainty
To implement Executive Order 13873, today the U.S. Department of Commerce initiated a rulemaking seeking public comment on draft regulations creating a process for reviewing and potentially prohibiting information and communications technology or services (“ICTS”) transactions that pose unacceptable risks to U.S. ICTS, critical infrastructure, the digital economy, U.S. national security, or the safety of United States persons (the “Proposed ICTS Regulations”). Neither Executive Order 13873 nor the Proposed ICTS Regulations names any country or company, but it is generally understood that this new regulatory regime targets the Chinese equipment vendors Huawei and ZTE. These regulations would create a time‐bounded process for reviewing and mitigating or prohibiting transactions, but they take a case‐by‐case approach lacking in categorial inclusions or exclusions for classes of transactions and designations of specific foreign adversaries. If adopted as proposed, the regulations’ lack of bright‐line rules would create substantial regulatory uncertainty for ICTS transactions in the United States. Parties seeking to comment on the Proposed ICTS Regulations must file with the Commerce Department by December 27, 2019.
Background on the Executive Order. On May 15, 2019, President Donald Trump issued Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain,” which prohibits:
- Any acquisition, importation, transfer, installation, dealing in, or use of any ICTS;
- By any person, or with respect to any property, subject to U.S. jurisdiction;
- Where the transaction involves any property in which any foreign country or a national thereof has any interest (including through an interest in a contract for the provision of the technology or service);
- Where the transaction was initiated, is pending, or will be completed after May 15, 2019; and
- Where the Secretary of Commerce, in consultation
with other federal agency heads (including, unusually, the chairman of the
Federal Communications Commission (“FCC”)), has determined that (i) the transaction involves ICTS “designed, developed, manufactured, or supplied, by persons
owned by, controlled by, or subject to the jurisdiction or direction of a
foreign adversary” and (ii) the transaction:
- Poses “an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance” of ICTS in the United States;
- Poses “an undue risk of catastrophic effects on
the security or resiliency of U.S. critical infrastructure or the digital
economy of the United States”; or
- Otherwise poses an unacceptable risk to the national security of the United States or the security and safety of U.S. persons.
Executive Order 13873 required the Commerce Department to promulgate implementing regulations by October 12, 2019, but the Commerce Department missed that deadline, due in large part to disagreements with other federal agencies about the proposed restrictions. Consequently, the Proposed ICTS Regulations defer many critical issues for future development and implementation.
Proscribed Activities and Retroactive Effect. Executive Order 13873 and the Proposed ICTS Regulations are broad in scope. They define ICTS as “hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including through transmission, storage, or display.” ICTS transactions include not only the acquisition and importation of hardware and software but also on procurement of services (particularly managed services), performance of upgrades and maintenance, and dealing in and use of ICTS. As interpreted in the Proposed ICTS Regulations, Executive Order 13873 would apply to any transaction initiated, pending, or completed after May 15, 2019, regardless of the date of any contract signing or execution and regardless of the date of grant of any license, permit, or authorization applicable to such transaction. Consequently, the Proposed ICTS Regulations have significant potential for retroactive effect and would empower the Commerce Department to order the cessation or unwinding of ongoing transactions. The Commerce Department may, at its discretion, issue further guidance regarding classes of transactions.
Jurisdictional Scope and Extraterritoriality. Consistent with Executive Order 13873, the Proposed ICTS Regulations are extraterritorial in nature, applying to “any person, . . . or any property, subject to the jurisdiction of the United States.” This language would cover: U.S. citizens and permanent resident aliens, wherever located; persons within the United States; and U.S.‐organized companies, wherever operating.
Foreign Adversaries. The Proposed ICTS Regulations target ICTS transactions by any “foreign adversary,” which Executive Order 13873 defines as “any foreign government or foreign non‐government person engaged in a long‐term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.” Like Executive Order 13873, the Proposed ICTS Regulations make no mention of any particular country, company, or individual, and they purport to be country‐agnostic. The Proposed ICTS Regulations defer to the Secretary of Commerce’s future determinations of foreign adversaries, which are to be made independent of individual transaction reviews. Nevertheless, it is well‐understood that Executive Order 13873 targets Chinese equipment, software, and services providers. The Executive Order and Proposed ICTS Regulations appear designed in part to avoid the bill‐of‐attainder issues raised under the U.S. Constitution by the National Defense Authorization Act with its Huawei procurement ban.
of Review. The Proposed ICTS Regulations state that the Commerce
department will consider factors including but not limited
to “the laws and practices
of the foreign adversary; equity
interest, access rights, seats on a board of directors or other governing
body, contractual arrangements, voting rights, and control over design plans,
operations, hiring decisions, or business plan development.” We expect the
reviews will use the framework used in other national security reviews, such as
those conducted by the Committee on Foreign
Investment in the United States
(“CFIUS”) and Team Telecom, which examine: the
vulnerabilities of the U.S. ICTS, critical infrastructure, and electronic communications networks; the threat posed by the foreign adversary; the national security consequences of combining the vulnerabilities and threat; and the efficacy of potential conditions to mitigate such national security consequences.
Review Process; Preliminary Determination. The Proposed ICTS Regulations provide that a review may be initiated by the Commerce Department (i) on its own initiative, (ii) in response to a request from the head of certain federal agencies and bodies (including the FCC), or (iii) in response to information submitted by private parties that the Commerce Department deems to be credible. The Commerce Department may consider information from other U.S. or foreign governmental entities, private parties, and the transaction parties themselves. The Commerce Department will make an initial determination and notify the transaction parties in writing of that determination, providing them with an explanation of the preliminary determination’s basis to the extent consistent with national security and permitting them to file an “opposition,” including proposed mitigation conditions, within 30 calendar days of that notice. The Proposed ICTS Regulations direct the transaction parties notified of a review to take immediate steps to retain any and all records relating to such transaction, regardless of whether those records would normally be retained prior to receiving such notice.
Final Determination. In any review, the Commerce Department must issue a final determination within 30 days of receipt of information from the transaction parties, determining that the transaction is:
(i) prohibited, (ii) permitted, or (iii) permitted subject to specified mitigation conditions. The Proposed ICTS Regulations provide that the Commerce Department will not issue an advisory opinion or declaratory ruling with respect to any transaction. It seems unlikely that transaction parties would be able to negotiate meaningful mitigation conditions within the timeframes set forth in the Proposed ICTS Regulations, making the possibility of mitigation less meaningful.
Confidentiality and Access to Information. The Proposed ICTS Regulations imply that reviews will not be public, on‐the‐record proceedings. They note that information received from U.S. and foreign governmental entities or private parties will not be disclosed except to the extent required by law and that access to records will be governed by the Freedom of Information Act. They provide that the Commerce Department will explain the preliminary determination to the extent consistent with national security, rather than to the extent based on unclassified information. These processes raise due process concerns that a transaction party would not have the right to review any unclassified information in the possession of the Commerce Department, including submissions by other private parties. By providing an express role for private parties to make submissions and allowing them potentially to shield such information from disclosure by asserting that it is business proprietary in character, the Proposed ICTS Regulations could also invite competitors to use national security arguments to scuttle transactions for competitive gain. The Proposed ICTS Regulations also state that the Commerce Department may use materials submitted in one review in the review of other transactions “of the same or related class and raising similar issues.”
Penalties. Failure to comply with a final determination prohibiting a transaction or permitting it subject to specified mitigation is subject to civil and criminal penalties.
Review. Executive Order 13873 is silent on the subject of judicial
review. A Commerce Department final determination could be challenged in
federal district court.
Related U.S. Government Initiatives. Executive Order 13873 comprises one of a number of federal government initiatives directed in whole or in part at curbing access by China and its companies and investors to U.S. electronic communications networks, information and communications technology supply chains, and personal identifying information of U.S. persons. These other initiatives include: (i) the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”) revamping the review of foreign investment in existing U.S. businesses, U.S. critical and emerging technologies, and real estate by CFIUS, including ongoing consultations by the Treasury Department to implement FIRRMA and its new mandatory filing requirements for certain investments; (ii) the Export Control Reform Act of 2018 revamping U.S. export controls, including an ongoing Commerce Department consultation to define emerging technologies; (iii) the FCC’s November 26, 2019, decision prohibiting Universal Service Fund support for procurement of equipment, software, and services from Chinese vendors Huawei and ZTE; (iv) the FCC’s May 9, 2019 decision to deny a carrier license to a subsidiary of China Mobile International and its promise to review and potentially revoke the carrier licenses long held by subsidiaries of China Telecom and China Unicom; and (v) the continuing expansion of national security and law enforcement reviews by the Team Telecom agencies of FCC applications for new licenses, mergers and acquisitions, and new foreign investment in common carrier wireless licensees.
* * * * *
For more information on the Proposed ICTS Regulations or HWG’s national security, foreign investment, and international telecommunications practices, please contact Kent Bressie at +1 202 730 1337 or firstname.lastname@example.org, or contact the HWG lawyer with whom you regularly work.
This regulatory advisory is not intended to convey legal advice. It is circulated as a convenience and is not intended to reflect or create an attorney‐client relationship as to its subject matter.