- The U.S. Department of Commerce's recent proposed rule that implements the terms of President Donald Trump's executive order to secure the U.S. information and communications technology and services (ICTS) supply chain against "foreign adversaries" subjects a potentially broad swath of transactions to national security scrutiny.
- The proposed rule allows the U.S. Secretary of Commerce to unwind deals concluded before May 15, 2019, if the transaction poses an unacceptable or undue risk to U.S. national security or the safety of U.S. persons.
- The draft regulations give wide discretion and decline to delineate the countries/entities/persons considered to be "foreign adversaries."
The U.S. Department of Commerce (Commerce) has proposed a rule implementing the terms of President Donald Trump's Executive Order 13873 (the EO) on securing the United States' information and communications technology and services (ICTS) supply chain against "foreign adversaries."1
By its terms, the proposed ICTS rule casts a wide net, capturing transactions such as infrastructure projects for the delivery of wireless, internet and digital networks. The rule's proposed "case-by-case" and "fact-specific" review approach gives great discretion to the U.S. Secretary of Commerce (Secretary) in deciding whether a transaction should be prohibited, unwound, or allowed to continue subject to some mitigating measure.
To be subject to review, a "transaction" must involve a "foreign adversary." Contrary to industry expectations, the proposed rule neither clarifies the scope of transactions subject to review nor identifies the foreign persons, entities and states considered to be "foreign adversaries." Instead, Commerce explicitly notes that discretion to identify such actors is vested in the Executive Branch. Significantly, in a stark contrast to the process available under the Committee on Foreign Investment in the United States (CFIUS) regulations, Commerce's proposed rule specifically refuses to allow the issuance of advisory opinions and declaratory rulings.
Commerce's proposed rule, published on Nov. 27, 2019, is expected to affect the following industries:
- telecommunications service providers (including, but not limited to, wireless, satellite, resellers, paging, wirelines)
- internet and digital service providers (including, but not limited to, internet, software, cloud, and app developers and/or operators, as well as managed security service providers)
- vendors and equipment manufacturers (including, but not limited to, radio and television, connected devices, broadcasting and wireless communications)
Proposed Review Process: Roadmap to Key Provisions
A review can be commenced in three ways: 1) by Commerce, on its own initiative; 2) upon the request of another U.S. government agency; or 3) upon receipt of credible information from a private party. The threshold for a review is a "transaction" with a "foreign adversary." A "transaction" is defined as "any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service."2 A "foreign adversary" is defined as "any foreign government or foreign non-government person determined by the Secretary to have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons for the purposes of Executive Order ."3 Commerce's proposed rule does not identify or propose for consideration any entities, persons or countries meeting the definition.
Under the proposed rule, Commerce would review transactions on a "case-by-case" and "fact-specific" basis and, similar to a CFIUS proceeding, engage the expertise of agencies such as the U.S. Department of the Treasury and the Office of the U.S. Trade Representative. Commerce will evaluate whether:
- a "foreign adversary" controlled, influenced, or directed the development, manufacture or design of the ICTS by looking for evidence of de jure and de facto control exercised by the foreign adversary, e.g., voting, rights, equity interest, contractual arrangements, relevant laws in the adversary country or applicable to the adversary person or entity, access rights, composition of the board of directors or governing body, and control over business affairs, and
- the reviewed transaction poses an unacceptable or undue risk to U.S. persons or the country's national security, critical infrastructure or digital economy.
If, based on its evaluation, the Secretary concludes that a transaction should be prohibited or mitigated, it will notify the affected parties and share the basis for its preliminary determination. Notified parties will have 30 days to respond to Commerce's preliminary findings by submitting an opposition brief. Commerce will then have 30 days to issue its written final determination and publish a public summary thereof in the Federal Register and on Commerce's website. No recourse for appeal is available under the proposed rule; however, the proposed regulation does note that the final determination is a final agency determination. Therefore, an appeal can be brought before a U.S. court.
Two Other Provisions of Note: Penalties and Suspension of Process in Emergency Situations
Under the proposed rule, Commerce may impose penalties on parties subject to or providing information in a review. Actionable violations include failure to comply with material provisions of Commerce's final determination. Parties may face a penalty up to $302,584 or twice the value of a transaction. The ultimate dollar amount will depend on the agency's assessment of the "nature of the violation."
Under the proposed rule, the Secretary may forego all or a part of the proposed review process if national security interests require it or if adhering to the procedures is likely to cause public harm. In such a circumstance, the Secretary is required only to briefly summarize the basis for its final decision.
The proposed review process hands an unlimited measure of discretion to the Secretary in selecting which transactions to review and how to structure the review process. For example, a party may not know until it receives a preliminary determination that a completed transaction it was involved in has been scrutinized. The proposed rule also, seemingly, leaves the door open for the Secretary to scrutinize the same transaction more than once. Further, the Secretary is not subject to a deadline by which it must conclude its evaluation. As such, an evaluation may remain ongoing for a significant period of time and potentially result in parties being asked to unwind or mitigate ICTS supply systems long in place. Orders to unwind may therefore require dismantling already built up infrastructure.
Although the proposed rule indicates that Commerce may extend all proposed deadlines, it does not offer a procedure by which parties may request a filing extension. The proposed rule also does not address whether Commerce will maintain a record of the information it relied upon or requested, or if it will share evidence underpinning its preliminary determination with the affected parties. Finally, given that the proposed rule explicitly prohibits advisory opinions and declaratory rulings, there appears to be no specific safe harbor provision.
While the concept of the review may be needed – a means to review certain ICTS transactions for national security concerns that are not caught by any existing trade or telecom review, the bare-bones, ad hoc, highly discretionary regime set out in the proposed regulation is likely to raise real concerns on the part of industry. Companies executing ICTS-related deals with a U.S. nexus should be proactive in assessing existing and planned deals with an eye toward safeguards, liability and potential involvement of actors that the U.S. government may deem adversarial to its interests.