On October 21, 2021, the U.S. Department of Commerce, Bureau of Industry and Security (BIS) announced an interim final rule (Interim Rule), which will amend the Export Administration Regulations (EAR) to add controls for the export, reexport and transfer of certain cybersecurity exploitation, intrusion and monitoring tools. The Interim Rule also creates a new License Exception “Authorized Cybersecurity Exports (ACE)” that authorizes certain exports, reexports and transfers of cybersecurity items, as described in more detail below. The Interim Rule will be made effective 90 days after publication, on January 19, 2022.
In response to the recent military coup in Myanmar (also known as Burma) against the democratically elected government, on February 11, 2021 the Biden Administration issued an Executive Order on Blocking Property with Respect to the Situation in Burma (E.O.), which launched a new targeted sanctions regime. That same day, the Treasury Department’s Office of Foreign Assets Control (OFAC) designated former and current officials of Burma’s military or security forces and affiliated entities in the jade and gems sector as Specially Designated Nationals (SDNs). In addition, the Commerce Department’s Bureau of Industry and Security (BIS) announced a series of steps to tighten export controls on certain ministries, armed forces, and security services, and to limit availability of license exceptions. It has been indicated that these are initial steps, and that further sanctions and export control may follow.
On January 13, 2021, U.S. Customs and Border Protection (CBP) issued a withhold-release order (WRO) on all cotton and tomato products from China’s Xinjiang Uyghur Autonomous Region (XUAR) based on information that reasonably indicated that such products used forced labor. This action comes after CBP’s December 2020 WRO on cotton and cotton products produced by Xinjiang Production and Construction Corporation (XPCC). Continue reading →
On December 21, the Bureau of Industry and Security (BIS) published a Military End User (MEU) list to further implement the military end user/end use (MEU) rule defined in Section 744.21 of the Export Administration Regulations (EAR). An EAR license is required to export or reexport to the listed entities a broad range of items subject to U.S. jurisdiction.
On December 14, 2020, the U.S. Department of State initiated a series of sanctions pursuant to Section 231 of the Countering America’s Adversaries Through Sanctions Act (CAATSA) that target the Turkish Presidency of Defense Industries (SSB). The sanctions deny new U.S. export licenses to SSB and limit the SSB’s access to credit from U.S. and international financial institutions. In addition, the Office of Foreign Assets Control (OFAC) designated several principal executive officers of SSB as Specially Designated Nationals (SDNs). However, the U.S. action is calibrated, and does not designate SSB or its affiliates as SDNs, nor does it apply broader sanctions on Turkey or the Turkish defense industry.
On December 2, 2020, U.S. Customs and Border Protection (CBP) issued an import detention or Withhold Release Order (WRO) against cotton produced by Xinjiang Production and Construction Corps (XPCC) based on information that reasonably indicated XPCC used forced labor within its cotton supply chains. This action comes after CBP issued five WROs in September 2020 on products found to be reliant on state-sponsored forced labor in Xinjiang. The U.S. government has expressed ongoing concern about human rights abuses of the Uyghur minority in this part of China.
Over the course of the Obama and Trump administrations, U.S. officials have found new ways to incorporate human rights concerns into sanctions and export control policies. Recent announcements by the Commerce and State Departments address how, by the U.S. government in its licensing approvals, and private companies in their foreign-sales decisions, can take into account human rights impacts.
Export Licensing for Dual-Use and Commercial Products
On October 6, 2020, the Department of Commerce’s Bureau of Industry and Security (BIS) issued a final rule revising the Export Administration Regulations (EAR) to allow the agency to consider human rights concerns when granting export licenses. Specifically, BIS amended its licensing policy for items controlled for crime control (CC) reasons under 15 CFR §742.7.
The final rule also expands the existing EAR human rights licensing policy. The prior licensing policy provided for case by case review for CC-controlled items “unless there is evidence that the government of the importing country may have violated internationally recognized human rights.” The final rule now would allow BIS to consider the risk that items will be used in violation or abuse of human rights by individuals or entities in addition to the government or the importing country. Further, licensing officers will now review how an item may be used to engage in, or enable, violations or abuses of human rights (not just “internationally recognized” human rights), including through censorship, surveillance, detention, or excessive use of force. Importantly, the new provision also allows the agency to consider such risk for items controlled for reasons beyond CC, covering most items listed on the Commerce Control List (with the exception of items controlled for short supply). The final rule specifically notes the need to examine items controlled for reasons related to certain telecommunications and information security and sensors.
State Department Guidance for Surveillance Tools
Separately, on September 30, 2020, the Department of State released guidance designed to assist U.S. businesses in assessing the risk that surveillance tools exported to foreign government end-users could be used to commit human rights abuses.
The guidance entitled, “U.S. Department of State Guidance on Implementing the UN Guiding Principles for Transactions Linked to Foreign Government End-Users for Products or Services with Surveillance Capabilities,” provides a roadmap for businesses to assess the risk of human rights abuse prior to engaging in a transaction with a foreign government end-user and provides recommended contractual and procedural safeguards should the business proceed with the transaction. The guidelines are non-binding and, according to a statement by a State Department official, they will not be used as a basis for sanctions against foreign governments.
The State Department encourages U.S. businesses to integrate human rights due diligence into compliance programs, including export compliance programs. The following eight recommendations are provided to assist companies seeking to conduct human rights due diligence, screening, and risk mitigation—
- Review the capabilities of the product or service in question to determine potential for misuse to commit human rights violations or abuses by foreign government end-users or private end-users that have close relationships with a foreign government.
- Review the human rights record of the foreign government agency end-user of the country intended to receive the product or service.
- Review, including through in-house or outside counsel, whether the foreign government end-user’s laws, regulations, and policies that implicate products and services with surveillance capabilities are consistent with the Universal Declaration of Human Rights.
- Review stakeholders involved in the transaction (including end-user and intermediaries such as distributors and resellers). Refer to BIS’s Know Your Customer Guidance.
- To the extent possible and as appropriate, tailor the product or service distributed to countries that do not demonstrate respect for human rights and the rule of law to minimize the likelihood that it will be misused to commit or facilitate human rights violations or abuses.
- Prior to sale, strive to mitigate human rights risks through contractual and procedural safeguards and strong grievance mechanisms.
- After sale, strive to mitigate human rights risks through contractual and procedural safeguards and strong grievance mechanisms.
- Publicly report on sales practices (e.g., in annual reports or on websites).
The guidance is designed for U.S. companies that engage in transactions involving sensors, biometric identification, data analytics, internet surveillance tools, non-cooperative location tracking, and recording devices, among other products and services. While the guidance is not designed to address export control licensing, the State Department has suggested that the guidance may be used as a resource during export license reviews in cases that raise a human rights concern.
These two announcements form part of a slow-but-steady growth among U.S. officials looking for ways to use existing trade regulatory tools to recognize human rights considerations. Other examples include recent U.S. Customs withhold release orders (WROs) for certain goods produced from forced or indentured labor in Xinjian, China here; Hong Kong trade treatment in the wake of human rights abuses in that territory here; and Global Magnitsky sanctions designations here.
On October 5, 2020, the Department of Commerce’s Bureau of Industry and Security (BIS) issued a final rule that imposes new multilateral controls on six “emerging technologies,” agreed during the December 2019 plenary meeting of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (Wassenaar Arrangement). These recently developed or developing technologies “essential for the national security of the United States” include forensic hacking tools, surveillance software, sub-orbital craft, and manufacturing tools and technology used to make integrated circuits and semiconductors.
On September 18, 2020, the U.S. Commerce Department published two rules defining the scope of prohibited transactions related to the mobile applications, WeChat and TikTok. The scope of prohibited transactions clarified the two parallel executive orders (EOs) issued by the Trump administration on August 6, 2020, which required the Commerce Department to impose restrictions on both platforms.
The scope of prohibited transactions are the same for both WeChat and TikTok. Prohibited transactions do not include individual use of these mobile platforms to exchange personal or business information. However, the rule would effectively shut down WeChat and TikTok within the United States via mobile application storefronts (e.g., Apple Store and Google Play), and additional restrictions would further impair the apps’ functionality and user experience.
On August 17, 2020, the U.S. Department of Commerce Bureau of Industry and Security (BIS) made available for public inspection a final rule expanding restrictions on Huawei Technologies Co., Ltd. and its non-U.S. affiliates on the BIS Entity List (collectively “Huawei”).
In the final rule, BIS announced a further expansion of the direct product rule asserting U.S. jurisdiction over foreign-manufactured items with respect to Huawei, ended the Huawei Temporary General License (TGL), added 38 non-U.S. Huawei affiliates to the BIS Entity List, and clarified that Entity List license requirements apply to transactions where Huawei acts in a variety of roles as a “party to the transaction.”
In a concurrent final rule, BIS clarified that license requirements under the Entity List apply where the listed party is a “party to the transaction,” whether acting as a purchaser, intermediate or ultimate consignee, or end-user as defined in the Export Administration Regulations (EAR).
These actions, while not officially published in the Federal Register until August 20, 2020, are effective as of August 17, 2020.