The U.S. Department of Commerce (“Commerce”) published proposed rules (“the Rule”), that, if finalized on 22 March, will authorize Commerce to prohibit (or mitigate) certain information and communications technology or services transactions (“ICTS Transactions”) involving “foreign adversaries.” The Rule creates significant uncertainty for companies with operations or substantial commercial relationships with China. Perhaps most uncertain is whether the Biden Administration will adopt the Rule as written or make changes to its potentially expansive scope.

Why is Commerce publishing this Rule?

One Word: China. Yes, Russia and Iran are among the six designated “foreign adversaries,” but this Rule was very much a part of the Trump Administration’s whole-of-government strategy to counter what it perceived to be Beijing’s growing global ambitions. Specifically, it is intended to combat threats to U.S. critical infrastructure and supply chains posed by the adoption of products and services supplied by “foreign adversaries” in such infrastructure, supplementing existing authorities that already prohibit foreign investment in such companies operating the infrastructure.

What types of ICTS Transactions are covered by the Rule?

Potentially a wide range, and not just those directly involving a “foreign adversary.” An ICTS Transaction initiated, pending, or completed after March 22 is covered if it involves: (1) a U.S. person, (2) a foreign interest, and (3) one of several enumerated categories of ICTS (ranging from critical infrastructure to cloud storage to drones). Once coverage has been established, the focus moves to the ICTS Transaction itself, specifically whether it involves ICTS designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a “foreign adversary” (whether an individual or corporation). Read broadly and in context of Commerce’s previously articulated views of China’s national security laws, the phrase “subject to the jurisdiction or direction” could be used to sweep in transactions involving friendly companies if the ICTS kit in question is manufactured by a subsidiary in a “foreign adversary” country.

So this is just the ICTS supply chain version of CFIUS?

Not really, at least not yet. The Rule contemplates a review process under which Commerce unilaterally will initiate a review with the parties being informed only after it is underway. If Commerce determines an ICTS Transaction poses an undue risk, it will have the authority to impose mitigation or prohibit the transaction, which presumptively includes the ability to order companies to rip and replace equipment procured after the Rule’s effective date. Commerce intends to implement a licensing regime within 120 days that, like CFIUS, will allow parties to seek regulatory approval for covered ICTS Transactions.

Does this impact my current operations?

It can. While Commerce cannot enforce the Interim Final Rule retroactively against completed ICTS Transactions, as of March 22, any instance of performance on an ongoing ICTS contract (e.g., receiving a software update) will constitute a new, reviewable ICTS Transaction.

What’s next?

The ball is in the Biden Administration’s court. Unlike other tools the Trump Administration leveraged, most notably CFIUS, the Rule was not promulgated according to a specific grant of statutory authority. If the Biden Administration views it as being primarily idiosyncratic to President Trump’s “competitive approach” to China—rather than a necessary addition to the investment review and sanctions toolkit—Commerce’s incoming leadership may use the new 60 day comment period to refine or narrow certain aspects of the Rule that threaten to create uncertainty in the targeted economic sectors.