On September 9, 2022, the US Commerce Department’s Bureau of Industry and Security (BIS or Commerce) published a rule, sought by tech and telecom companies, and industry organizations, authorizing the release of certain technology and software to BIS Entity List parties who would otherwise be subject to a US export ban prohibiting their receipt of such items.
The rule, Authorization of Certain “Items” to Entities on the Entity List in the Context of Specific Standards Activities (IFRM), amends the Export Administration Regulations (EAR) to authorize the release of specified items subject to the EAR Entity List parties without an export license, when that release occurs in the context of a “standards-related activity,” a term newly defined by the IFRM. The IFRM became effective upon publication, and comments are due by November 8, 2022. Companies engaged in standards-related activities are invited to provide comments to BIS on the impact of this rule and whether further clarity is necessary.
Commerce previously amended the EAR to authorize certain releases of technology without a license to Huawei Technologies Co., Ltd. and its affiliates (“Huawei”) in the context of international standards development, following Huawei’s designation on the Entity List. The IFRM responds to requests from across the industry to ensure that US companies are able to fully participate in standards development organizations in which Entity List parties are members, or otherwise risk hampering US leadership in standards development.
The scope of the IFRM includes certain low-controlled technology as well as software; however, the IFRM does not change the assessment of whether technology or software is subject to the EAR. This authorization only overcomes export licensing requirements as a result of an entity’s inclusion on the Entity List. Other EAR licensing requirements, such as restrictions on certain end-use activities or country-based controls, continue to apply.
BIS places entities on the Entity List pursuant to Section 744.11 of the EAR, which imposes license requirements on, and limits the availability of most license exceptions for, exports, reexports and transfers (in-country) to listed entities.
On June 18, 2020, BIS published an interim final rule, Release of “Technology” to Certain Entities on the Entity List in the Context of Standards Organizations, with a request for comment, to allow exchanges of certain EAR-controlled technology in a standards organization environment specifically for Huawei. In particular, technology subject to the EAR and designated as EAR99 or controlled on the Commerce Control List (CCL) only for anti-terrorism (AT) reasons could be released to members of a standards organization, including Huawei, without a license, if released for the purpose of contributing to the revision or development of a standard.
Responsive comments generally urged additional action to expand the scope of the standards exemption to maintain and restore the ability of US participation in international standards development. In response to comments received, BIS issued the IFRM, stating its intent “to protect US technological leadership without discouraging, and indeed supporting and promoting, the full participation of US actors in international standards development efforts.”
Scope of Authorization
The scope of the IFRM parallels the 2020 Huawei-related rulemaking; however, with two major differences:
First, the IFRM revises the authorization to include all entities on the Entity List, and it expanded the scope to cover certain software as well as technology. Accordingly, technology and software may be released to any Entity List members of a standards organization, without a license, if released for the purpose of contributing to the revision or development of a standard.
Second, BIS affirmed that information security is an important part of standards work, including in the development of 5G standards. accordingly, the authorization includes software and technology that is designated EAR99; software and technology controlled for AT reasons only; and software that is classified in ECCN subparagraphs 5D002.b and 5D002.c.1 (only when corresponding to equipment specified in ECCNs 5A002.a and 5A002.c) and technology classified in 5E002 (only when corresponding to equipment specified in ECCNs 5A002. a, 5A002.b and 5A002.c, and for software controlled under ECCN 5D002.b and .c.1) when the release is for the “development,” “production” and “use” of cryptographic functionality in connection with the “ standards-related activity.”
Changes to Part 772 Definitions of Terms: “Standards-Related Activity”
The general consensus of the comments was that the EAR’s prior use of the definitions for “standards” and “standards organizations” derived from the Office of Management and Budget (OMB) Circular A-119 was not appropriate for this context and created uncertainty and questions .
The IFRM removes the definitions of “standards” and “standards organization” from the EAR and instead incorporates the definition for “standards-related activity,” which is defined to include the development, adoption or application of a standard (ie,any document or other writing that provides, for common and repeated use, rules, guidelines, technical or other characteristics for products or related processes and production methods, with which compliance is not mandatory), including but not limited to conformity assessment procedures, with the intent that the resulting standard will be “published.” The “standards-related activity” includes an action taken for the purpose of developing, promulgating, revising, amending, reissuing, interpreting, implementing or otherwise maintaining or applying such a standard. Note that the underlying work product need not itself be published, so long as there is an intent to publish the resulting standard.
Request for Comments by November 8, 2022
Commerce is requesting comments on the revisions promulgated by the rule. In particular, BIS seeks comments in the following areas:
- Industries involved in standards development: BIS is requesting comments and additional information on whether the current scope of this authorization is adequate for the United States to retain its participation and lead key industries, including energy, artificial intelligence (AI), biotech, aerospace and transportation. In addition, commenters may provide input as to whether the current scope of the authorization hinders US participation and leadership in standards development in industries where there is or may be participation by listed entities.
- Impact of other end-use/end-user controls:BIS is requesting comment on whether there are other provisions of the EAR that may negatively impact US national security by limiting leadership and participation in standards-related activities, such as licensing requirements for other end-use or end-user-based controls listed in part 744 of the EAR. In particular, commenters are asked to provide specific examples of how US participation and/or leadership has (or will be) impacted by the limited application of this authorization to the license requirements in § 744.11.
- Compliance burden: BIS is requesting comment from industries and commercial sectors that are actively involved in standards development, including information on how they are affected by compliance burdens resulting from the changes promulgated in this and the previous rule.
- International participation and scope of standards-related activities: BIS is requesting comment on whether the definition of “standards-related activities” is promulgated in this interim final rule allows for full and open participation by US companies in the development of standards. Commenters may also describe aspects of the definition that should be better defined or excluded.
Companies consider whether to submit comments, they should evaluate the impact of the authorization to their business operations and whether they can propose more accurate definitions that reflect industry understanding of the terminology used in the rule.
The IFRM removes significant industry uncertainty surrounding participation in standards development and enables greater US participation in international standards development, which is critical to US competitiveness and access to global markets.
Companies should stay alert to releases occurring outside of the “standards-related activity,” which continue to require a license, as would one-on-one (individual-to-individual) discussions that do not report to a “standards-related activity ” (eg., a sidebar conversation on another topic).
Moreover, standards organizations and their constituent members will need to take stock of their technology and software classifications and be intentional about implementing controls around any items whose ECCNs are not covered by this new rule.