During a recent hearing before the Senate Banking Committee, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) requested increased funding and authority to address Chinese military modernization, Russia’s circumvention of export control laws, and preventing entities of concern from acquiring certain critical technologies. This request coincides with a series of new controls and proposed changes to the Export Administration Regulations (EAR) published in the last several weeks that are intended to increase export restrictions and advance U.S. national security objectives. We provide brief summaries of these new controls and proposed rules below, and identify important deadlines for commenting on proposed changes to the EAR.
New Export Restrictions for Russia and Iran
Export Controls Targeting Russian War Machine and Illicit Procurement Networks
BIS recently announced that it is taking further steps to restrict the supply of U.S.-origin and U.S.-branded items to Russia and Belarus. These changes, which are aimed at illicit procurement networks that have been circumventing global export controls, include expanding the scope of the Russia/Belarus-Military End User (MEU) Foreign-Direct Product (FDP) rule and the addition of controls on software for the operation of computer numerical control (CNC) machine tools. This final rule, summarized below, is the latest action by BIS to further constrain Russia’s ability to supply and arm its military.
BIS has changed the name of the FDP rule to the “Russia/Belarus-Military End User and Procurement FDP rule” to reflect that the amended rule applies not only to MEUs as previously defined in the regulations, but also to a new category of entities, Russian or Belarusian Procurement Entities. These are entities that pose a significant risk of involvement in the supply or diversion of items subject to the EAR to procurement networks for Russia’s or Belarus’ defense industry or intelligence services. These entities will be added to the Entity List and, as with prior MEU entities, will be identified with a footnote 3 designation.
Concurrent with this change, BIS is adding 123 entities to the Entity List. These additions include entities from Russia, China, Türkiye, Iran, Cyprus, and Canada that shipped U.S.-origin or U.S.-branded items (i.e., those that bear the brand of a U.S.-headquartered company) in violation of U.S. export controls. BIS has also targeted shell companies in Hong Kong and Türkiye that engaged in significant transshipment of sensitive items to Russia.
BIS is also adding controls to EAR99 “software” for the operation of CNC machine tools to ensure that these tools (which are already restricted for export, reexport, and transfer to or within Russia and Belarus) cannot receive software updates. This includes software that:
- Provides a user interface for setting up, operating, and troubleshooting the machine tool;
- Translates the instructions produced by computer-aided manufacturing (CAM) software into physical actions by the machine tool;
- Monitors conditions during the machining process; and
- Automatically adjusts the machine tool’s settings based on real-time conditions.
CNC machine tools can be used to manufacture many items from scratch, including those used by the military. By cutting off access to such software updates, the utility of these machines and their potential use by and for Russia’s military will be limited.
Expansion of Iran Foreign Direct Product (FDP) Rule
Under the Iran FDP Rule, foreign-produced items that are exported or reexported to Iran are subject to the EAR when they are the direct product of U.S.-origin “software” or “technology” and are specified in the EAR or classified under certain Export Control Classification Numbers (ECCNs) on the Commerce Control list (CCL), or are produced by a plant or major component of a plant that is itself the direct product of such CCL-controlled software or technology. BIS has updated and expanded the scope of this rule by broadening the restrictions and the applicable license requirements for such items. Effective July 23, 2024, foreign-produced items are now subject to the EAR under the Iran FDP rule if they fall within certain product, destination, end-use, and/or end-user scopes. These amendments include:
- Expanding the scope of products that are subject to the Iran FDP rule to include technology and software for Category 6 (Lasers and Sensors), Category 8 (Marine), and Category 9 (Aerospace and Propulsion) of the CCL;
- The addition of a new end-user scope, which applies if there is “knowledge” that the Government of Iran is a party to any transaction involving the foreign-produced item, such as a purchaser, intermediate consignee, ultimate consignee, or end-user;
- The expansion of licensing requirements to apply to in-country transfers of items subject to the EAR; and
- The addition of a new paragraph listing certain license exclusions related to food, medicine, medical devices, and certain items necessary and ordinarily incident to communications.
Proposed Amendments for which BIS is Seeking Comments
Revisions to the EAR’s Applicability to Standards-Related Activities
BIS also published an interim final rule (IFR) amending the EAR to reinforce U.S. leadership and participation in global standards development, while also preventing transfers of technology. As part of an ongoing effort to ensure U.S. participation and leadership in standards-related activities for critical and emerging technology that are essential to U.S. national security and competitiveness, the IFR provides that certain technology and software are not subject to the EAR when released for a “standards-related activity” with respect to an existing published standard or as part of a standard that will be published. Standards-related activities include the development, adoption, or application of a standard, such as participation in an international standards committee or the creation of global standards for encryption technology or telecommunications equipment.
These amendments are designed to ensure that export controls and compliance concerns do not impede the engagement and leadership of U.S. companies in legitimate standards-related activities.
Specifically, BIS is removing certain technology and software from EAR jurisdiction when it is released for standards-related activity. The “technology” and “software” covered by the new regulations include:
- Technology or software designated EAR99;
- Technology or software controlled on the CCL for anti-terrorism reasons only; or
- Specified technology or software for the “development,” “production,” or “use” of cryptographic functionality related to standards-related activity.
These amendments are designed to support the active participation of U.S. businesses in the development of international standards. They are also intended to reduce the risk that standards would be developed without the participation and input of U.S. companies, in turn harming U.S. national security.
Interested parties may submit written comments on the IFR no later than September 16, 2024.
Expansion of Controls on U.S. Person Activities, Foreign-Security End Users (FSEUs), and Facial Recognition Systems
BIS utilizes item-based controls, end-user based controls, and specific licensing policies to prevent items subject to the EAR from being diverted or misused contrary to U.S. national security and foreign policy interests, which include the promotion and protection of human rights. BIS has proposed two rules that would modify the EAR by establishing Foreign-Security End User (FSEU) and U.S. persons activities controls and expanding certain item-based controls. More specifically, BIS is proposing amendments to control “support” provided by “U.S. persons” to FSEUs and to add new item controls on certain facial recognition technology to the CCL.
This proposed rule would require a license for exports, reexports, and in-country transfers for items subject to the EAR that are specified on the CCL when they are destined for FSEUs located in Country Group D:5 (U.S. arms embargoed countries) and Country Group E (terrorist supporting countries and those subject to unilateral embargo). An FSEU is a governmental or other entity with the authority to arrest, detain, monitor, search, or use force to further their official duties, including persons or entities at all levels of the government police and security services, from the national headquarters or the ministry level to all subordinate agencies. Because government FSEUs may hire non-governmental entities to assist their duties, BIS further proposes to include other persons or entities performing the functions of an FSEU within the FSEU definition, such as analytical and data centers, forensic laboratories, prisons, and labor camps. Civilian emergency medical, firefighting, and search-and-rescue end users are not included in the definition of an FSEU.
Licenses are required for all items on the CCL, and would generally apply when a person has knowledge that the item is intended, entirely or in part, for a covered FSEU. License applications will be reviewed by BIS on a case-by-case basis, and those applications for transactions that pose an unacceptable risk of enabling human rights violations or abuses will be reviewed under a presumption of denial.
BIS is also proposing to create new controls for facial recognition systems used for mass surveillance and crowd scanning, which would apply to crime control and detection instruments and equipment and related “technology” and “software” identified in the CCL. This is intended to further promote and protect human rights throughout the world.
Interested parties may submit written comments on this proposed rule by September 27, 2024.
Proposed Changes to Regulations on Military and Intelligence End Uses and End Users
BIS has issued a proposed rule revising restrictions on military and intelligence end uses and end users, and adding a military-support end-user control. This rule additionally proposes revisions to related U.S. person activities controls, including U.S. person “support” for certain military end users, military support end users, and military production activities, and certain intelligence end users.
Whereas the EAR typically places controls on items, this proposed rule is notable for expanding the scope of U.S. person activities subject to EAR controls. It further broadens the scope of items subject to these rules and creates new categories of end-users. These include:
- Restricting U.S. persons from providing support to military end users and for military-production activities in or from Country Group D:5 and Macau, and to intelligence end users of in or from Country Groups D or E that are not also identified in Country Group A:5 or A:6;
- Creating modified categories of military end-users:
- Military-support end users, including any person or entity whose actions or functions support military end uses; and
- Intelligence end users, including military and civilian government intelligence and reconnaissance organizations, as well as private sector entities that perform certain functions on behalf of such entities.
- Expanding the scope of the definition of “military end user” by adding ‘‘any person or entity performing the functions of a ‘military end user,’ including mercenaries, paramilitary, or irregular forces;’’
- Proposing a new “military-production activities” end use, which includes incorporation into or any other activity that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘‘development,’’ or ‘‘production’’ of the following types of items:
- ‘‘600 series’’ items, including foreign-origin items not subject to the EAR; or
- any other non-600 series item that is either described on the CCL or designated EAR99, including foreign-origin items not subject to the EAR, when it is known that the item is ultimately destined to or for use by a military end user.
- Clarifying that the proposed end-use and end-user controls for military-support end users apply to items listed on the CCL, whereas end-use and end-user controls for intelligence end users apply to all items subject to the EAR; and
- Amending the Entity List by adding military end users, military-support end users, and intelligence end users, which would be designated by a specific footnote and adding license requirements.
Interested parties may submit comments on this proposed rule no later than September 27, 2024.
Conclusion
BIS has issued a significant number of new and proposed export controls in recent weeks, covering not only a wide range of items destinations, but also certain U.S. person activities. All exporters, not just those in the United States, need to be mindful of where they are sending their products (including technology and software), who their customers are, and what the end-use for those items might be.
Contact us if you have questions about these new developments, or are interested in submitting comments on these proposed rules.