U.S. Department of Commerce Proposes New Rule to Review ICTS Transactions
December 20, 2019
On November 27, 2019, the U.S. Department of Commerce proposed a new rule (the “Proposed Rule”) pursuant to an Executive Order of May 15, 2019, entitled “Securing the Information and Communications Technology and Services Supply Chain” (Executive Order 13873). The Proposed Rule sets forth the scope, criteria, process and procedures for reviewing certain information and communications technology and services transactions that would pose an undue or unacceptable risk to the national security of the U.S. or to the safety of U.S. persons. Under the Proposed Rule, the agency would adopt a case-by-case, fact-specific approach in determining which transactions must be prohibited or must be unwound if determined to be prohibited, and which can be mitigated.
Reviewable Transactions
Any acquisition, importation, transfer, installation, dealing in or use of any information and communications technology or services[1] (ICTS) will be subject to review, if the transaction
Review Criteria
The agency will consider the following factors in addition to the three factors named above in assessing the effect of a transaction on U.S. national security:
Review Process and Procedures
The agency will initiate a review upon the its own determination, upon referral from another federal agency, or based on credible information submitted by a private party.
Once the agency has reached a preliminary determination to prohibit, mitigate or unwind a transaction, it would provide direct written notice to the transaction parties explaining the basis of the determination, who would then have an opportunity to oppose and/or submit information in support of their opposition within 30 days after receipt of such notice. However, in emergency situations, the agency may vary or dispense with any or all of the above procedures when it is necessary to do so to prevent public harm or to protect national security interests.
Upon completion of the evaluation, the agency would issue a written final determination to the parties engaged in the transaction. If it is determined that a transaction presents an undue or unacceptable risk, the agency may require measures to mitigate the transaction’s identified risks or may prohibit the transaction, including by requiring that the parties engaged in the transaction immediately cease the use of the ICTS that poses the undue or unacceptable risk.
The proposed rule is open for public comment through December 27, 2019 and can be accessed here.
[1] “Information and communications technology or services” refers to “any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including transmission, storage, and display.”
[2] “Foreign adversary” refers to “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.”
Reviewable Transactions
Any acquisition, importation, transfer, installation, dealing in or use of any information and communications technology or services[1] (ICTS) will be subject to review, if the transaction
- is conducted by any person subject to the jurisdiction of the United States or involves property subject to the jurisdiction of the United States;
- involves any property in which any foreign country or a national thereof has an interest; and
- was initiated, pending, or completed after May 15, 2019, regardless of when any contract applicable to the transaction was entered into, dated or signed, or when any license, permit, or authorization applicable to such transaction was granted.
Review Criteria
The agency will consider the following factors in addition to the three factors named above in assessing the effect of a transaction on U.S. national security:
- whether the transaction involves ICTS designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary[2]; and
- whether the transaction poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.
Review Process and Procedures
The agency will initiate a review upon the its own determination, upon referral from another federal agency, or based on credible information submitted by a private party.
Once the agency has reached a preliminary determination to prohibit, mitigate or unwind a transaction, it would provide direct written notice to the transaction parties explaining the basis of the determination, who would then have an opportunity to oppose and/or submit information in support of their opposition within 30 days after receipt of such notice. However, in emergency situations, the agency may vary or dispense with any or all of the above procedures when it is necessary to do so to prevent public harm or to protect national security interests.
Upon completion of the evaluation, the agency would issue a written final determination to the parties engaged in the transaction. If it is determined that a transaction presents an undue or unacceptable risk, the agency may require measures to mitigate the transaction’s identified risks or may prohibit the transaction, including by requiring that the parties engaged in the transaction immediately cease the use of the ICTS that poses the undue or unacceptable risk.
The proposed rule is open for public comment through December 27, 2019 and can be accessed here.
[1] “Information and communications technology or services” refers to “any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including transmission, storage, and display.”
[2] “Foreign adversary” refers to “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.”