Commerce and State Propose Broad New Controls on Exports and Support for Foreign Military, Intelligence, and Security Services
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) recently issued two proposed rules that substantially increase the scope of controls under the Export Administration Regulations (EAR) applicable to certain foreign military, intelligence, and security end users and end uses, including broadening the scope of covered U.S. person activities and significantly expanding the items and countries covered by such controls. These proposed rules implement provisions of the Export Control Reform Act of 2018, as amended by the National Defense Authorization Act for Fiscal Year 2023, authorizing BIS to extend export controls to activities of U.S. persons in support of foreign military, security, or intelligence services and related end uses.
In parallel, the U.S. Department of State’s Directorate of Defense Controls (DDTC) issued a proposed rule that would revise the definition of defense services covered by the International Traffic in Arms Regulations (ITAR) and expand the list of activities covered under Category IX of the United States Munitions List (USML).
Both BIS and DDTC are seeking public comment on the proposed rules by no later than September 27, 2024. This alert details key provisions of the BIS and DDTC proposed rules.
OVERVIEW
Together, the two BIS proposed rules – End-Use and End-User Based Export Controls, Including U.S. Persons Activities Controls: Military and Intelligence End Uses and End Users (“Military and Intelligence End-User Proposed Rule”) and Export Administration Regulations: Crime Controls and Expansion/Update of U.S. Persons Controls (“U.S. Person Support and Foreign Security Service Proposed Rule”) – would amend the EAR by:
- Expanding the scope of end use and end user controls on military end users and creating certain new controls on military-support end users, intelligence end users, and foreign-security end users;
- Enhancing end-use and end-user controls on specific items subject to the EAR and identified on the Commerce Control List (CCL) destined for end use by police, security services, or entities performing functions of a foreign-security end user in countries subject to U.S. arms-embargoes and State Sponsors of Terrorism (Country Groups D:5 or E);
- Adding new restrictions on U.S. person “support” activities involving military, military-support, intelligence, and foreign-security end users and end uses, and military-production activities; and
- Imposing new item-based restrictions on exports, reexports, and in-country transfers of certain facial recognition systems.
The DDTC proposed rule – ITAR: Revisions to Definition and Controls Related to Defense Services – would amend the ITAR by:
- Clarifying certain activities covered by the definition of “defense service,” including the scope of “assistance” and “training”; and
- Expanding the list of activities covered by USML Category IX, to include a broad range of services related to intelligence and military activities, irrespective of any direct relation of such services to specific “defense articles.”
BIS PROPOSED RULES
1. Expansion of Scope of Controls on Military, Intelligence, and Foreign-Security End Users and End Uses
The Military and Intelligence End-User Proposed Rule would significantly expand the EAR’s existing end-use and end-user restrictions (and licensing requirements) by (a) revising the definition of “military end user”; (b) identifying two new categories of restricted end users: “military-support end users” and “foreign-security end users”; and (c) expanding the existing category of military-intelligence end users (now identified as “intelligence end users”). The proposed revisions include:
- Revising the definition of a “Military End User” (MEU) at 15 C.F.R. § 744.21 to include “any person or entity performing the functions of a ‘military end user,’ including mercenaries, paramilitary, or irregular forces,” along with the national armed services and the national guard;
- Creating a new category of “Military-Support End User” (MSEU) – defined as “any person or entity whose actions or functions support military end uses” or who is otherwise designated as such by BIS on the Entity List – to capture commercial, state-owned, and other entities and persons that provide assistance to military end users/uses; and
- Replacing and expanding the existing definition of “Military Intelligence End User” (MIEU) at 15 C.F.R. § 744.22 with “Intelligence End User” (IEU) – defined as “any foreign government intelligence, surveillance, or reconnaissance organization or other entities performing functions on behalf of such organizations” or otherwise designated by BIS.
The U.S. Person Support and Foreign Security Service Proposed Rule creates a new control category of “Foreign-Security End User” (FSEU). This is a very broad end user category that would be defined to include: “(1) Governmental and other entities with the authority to arrest, detain, monitor, search, or use force in furtherance of their official duties, including persons or entities at all levels of the government police and security services from the national headquarters or the Ministry level, down to all subordinate agencies/bureaus (e.g., municipal, provincial, regional), (2) Other persons or entities performing functions of a ‘foreign-security end user,’ such as arrest, detention, monitoring, or search, and may include analytic and data centers (e.g., genomic data centers) forensic laboratories, jails, prisons, other detention facilities, labor camps, and reeducation facilities, or (3) Entities designated with a footnote 8 on the Entity List in supplement no. 4 to [Part 744].”
The definition does contain certain carve-outs for certain first-responder and emergency end users, and BIS has indicated it does not intend the controls to disrupt key life-protecting functions related to transportation.
The BIS proposed rules would also transfer all entities currently identified on the Military End User List to the Entity List and create new Footnote 5, 6, 7, or 8 designations, as applicable (for MEU, MSEU, IEU, and FSEU designated entities, respectively).
2. Expansion of Items and Countries Covered by End Use and End User Controls
BIS’s proposed rules would extend existing military and military intelligence end-use and end-user restrictions on exports, reexports, and transfers (in-country) to a significantly broader range of items and countries, including in the following ways.
The Military and Intelligence End-User Proposed Rule would:
- Expand MEU restrictions to all transactions involving any items subject to the EAR, including items classified as EAR99, and entities (wherever located) of countries listed in Country Groups D:5 plus Macau.
- Apply new MSEU restrictions to transactions involving any items listed on the CCL and entities located in Country Groups D:5 and Macau or entities (wherever located) identified with a Footnote 6 designation on the Entity List; and
- Dramatically expand current MIEU controls with the new IEU restrictions applicable to transactions involving all items subject to the EAR and entities of countries listed in Country Groups D or E (that are not otherwise identified in Country Groups A:5 or A:6).
The U.S. Person Support and Foreign Security Service Proposed Rule would:
- Apply new FSEU restrictions to transactions involving all items listed on the CCL and entities of countries listed in Country Groups D:5 and E.
In each of the above instances, licensing requirements would be applicable to the extent that a transaction involves “knowledge” (as defined at 15 C.F.R. § 772.1) that such items are intended, entirely or in part, for use by the noted end user or end use.
3. Additional Restrictions on U.S. Person Activities Supporting Military, Intelligence, or Foreign-Security End Users and End Uses
The BIS proposed rules also enhance controls on U.S. person non-ITAR activities involving the above noted end users and end uses, including:
- Applying and expanding existing U.S. person “support” restrictions at 15 C.F.R. § 744.6 beyond military-intelligence end users and end uses to apply to specified MEU, MSEU, IEU, and FSEU and related end uses noted above; and
- Of particular note, the Military and Intelligence End-User Proposed Rule also would add a new category of restricted U.S. person activities to control support of a “military-production activity” when such activity occurs in, or the product of such activity is destined to, Macau or Country Group D:5 (arms-embargoed countries).
- “Military-production activity” would be defined as (and U.S. person support would be restricted for activities that include) – incorporation into the following types of items or any other activity that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, development, or production of:
- “600 series” items (including foreign-origin items not subject to the EAR); or
- Any other item either described on the CCL in a non-“600 series” ECCN or designated EAR99 (including foreign-origin items not subject to the EAR) with “knowledge” that the item is destined to or for use by an MEU.
- “Military-production activity” would be defined as (and U.S. person support would be restricted for activities that include) – incorporation into the following types of items or any other activity that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, development, or production of:
We note that the proposed rule contains a number of carve-outs, that would exclude, for example, U.S. person support for fundamental research not subject to the EAR, administrative activities, and certain activities conducted on behalf of the U.S. government.
4. New Restrictions on Certain Facial Recognition Systems
The U.S. Person Support and Foreign Security Service Proposed Rule would amend the CCL and create a new Crime Control Column 1 (CC1) control for certain facial recognition hardware, software, and technology that are used in systems designed for crowd-scanning and mass surveillance. The proposed rule specifies that the new controls would not cover software or systems “solely for person or object detection” or for individual authentication to facilitate individual access to personal devices, automobiles, or residential or work premises.
DDTC PROPOSED RULE
1. Clarifications to the Definition of Defense Services
The DDTC proposed rule would make a number of changes to the definition and controls related to “defense services” that add or clarify the ITAR’s applicability to certain military, cyber, and intelligence services that the U.S. government views as providing a critical military or intelligence advantage to a foreign person, including:
- Clarifying that “assistance” includes training or consulting;
- Clarifying that references to “training” include providing the tools or means of furnishing training to a foreign person so that the foreign person may conduct the training, and that “consultation” includes assisting in the development of such training;
- Adding the terms “disabling” and “degradation” to the list of “assistance” that qualifies as a defense service, which is intended to ensure that cyber services and other activities that disable or degrade defense articles but fall short of total destruction or demilitarization are controlled;
- Removing the current language in Section 120.32(a)(2) – which controls as a defense service the furnishing of technical data to foreign persons – as DDTC has recognized that this control is redundant (i.e., a controlled event described in §§ 120.50 through 120.52 of the ITAR); and
- Removing the current reference to “military training” in Section 120.32(a)(3) and instead identifying specific military and intelligence assistance activities that are controlled in Category IX(s) of the USML (discussed below).
2. Expanded Scope of USML Category IX to Include Services Not Directly Related to Defense Articles
The DDTC proposed rule would add two new entries in a currently reserved paragraph (s) of USML Category IX, which would be renamed “Military Training Equipment, Intelligence Defense Services, and Military Defense Services.” The new controls, which follow a “catch and release” concept, would appear in proposed paragraphs (s)(2) and (s)(3) and cover the following types of assistance:
- Paragraph (s)(2) describes defense services related to intelligence assistance activities that do not necessarily involve defense articles, including assistance that creates, supports, or improves intelligence activities, including through planning, conducting, leading, providing analysis for, participating in, evaluating, or otherwise consulting on such activities, for compensation.
- There are six exceptions/“releases” from the potential new controls:
- Furnishing medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier;
- Participating as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such force;
- Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities;
- Providing information technology services that support ordinary business activities not specific to a particular business sector (e.g., services related to IT infrastructure, composed of hardware and software that enable an organization to run specialized software applications);
- Engaging in lawfully authorized activity of a law enforcement or intelligence agency of the United States; and
- Maintaining or repairing a commodity or software (as the EAR already regulates repair of an EAR-controlled commodity or software when isolated from a defense article, and the ITAR already regulates maintenance and repair of defense articles, including repairing an EAR commodity or software that is incorporated into a defense article).
- The “for compensation” requirement appears to carve out assistance provided on a voluntary basis (which has been a key aspect of U.S. person support for the Ukrainian military effort against Russia). As an example, DDTC does not intend for activities of hobbyists forwarding or commenting on open-source, publicly available satellite imagery relevant to the invasion of Ukraine to be considered furnishing a defense service. Note that the “compensation” requirement is not limited to financial compensation and instead simply requires some measurable response from the recipient in exchange for services, such as gifts, lodging, goods or services, political favors, or legislative or legal relief.
- There are six exceptions/“releases” from the potential new controls:
- Paragraph (s)(3) describes defense services related to military or paramilitary assistance activities that do not necessarily involve defense articles, including assistance that creates, supports, or improves: (i) The organization or formation of military or paramilitary forces; (ii) military or paramilitary operations, by planning, leading, or evaluating such operations; or (iii) military or paramilitary capabilities through advice or training, including formal or informal instruction.
- There are three exceptions/“releases” from these potential new controls:
- Furnishing medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier;
- Participating as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such force; and
- Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities.
- There are three exceptions/“releases” from these potential new controls:
Wiley’s National Security Practice has unparalleled experience and expertise representing a wide range of U.S. and multinational clients in complex export control, sanctions, and other cross-border national security matters. Should you have any questions about this alert; the evolving scope of U.S. export controls and sanctions; or any other national security-related issues, please do not hesitate to contact one of the attorneys listed on this alert.