The U.S. government undertook several recent actions that will greatly increase its oversight of U.S. supply chains in a number of key business sectors, including technology, telecommunications, digital and data services and network equipment manufacturing. As discussed more fully below, actions by the U.S. Department of Commerce and the U.S. Federal Communications Commission may have wide-ranging implications for a variety of U.S. businesses as they signal the beginning of a new regulatory regime that will implement national security reviews of certain products and services in the domestic supply chains of affected companies. While these actions undoubtedly target Chinese products and services and cannot be viewed independently of the ongoing trade dispute between the two countries, they have the potential to sweep in products and services from a host of additional countries. As such, U.S. business and foreign suppliers should understand their specific requirements to determine any potential impact on their operations.
Commerce Department Proposed Rule
On November 26, the U.S. Department of Commerce released a Proposed Rule that would provide the Secretary of Commerce with the authority to review—and potentially block—the acquisition or purchase by U.S. businesses of a wide variety of communications and information technology hardware and software products and services from foreign sources. The Proposed Rule implements the Executive Order signed by President Trump on May 15, 2019 that authorized the Commerce Secretary to regulate the acquisition and use of certain products and services by U.S. businesses.
If implemented, the Proposed Rule effectively would subject the importation and acquisition of certain communications and IT products and services to a U.S. government national security review led by the Commerce Department. As such, the Proposed Rule could have significant implications for network operators, communications services providers, information technology companies and other businesses that acquire and use communications and IT products and services in their operations. Written comments on the Proposed Rule must be submitted no later than 30 days after publication of the release in the U.S. Federal Register.
The Proposed Rule would provide the Secretary of Commerce with the authority to conduct an evaluation of any transaction undertaken by a U.S. business that involves the acquisition, installation or use of “information and communications technology or services” (ICTS) designed, manufactured or supplied by persons owned by, controlled by, subject to the jurisdiction or direction of a “foreign adversary.” The Proposed Rule broadly defines ICTS as “any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including through transmission, storage, or display.” While the Executive Order permits the Secretary to exempt certain classes of ICTS products and transactions from review, the Proposed Rule does not identify particular ICTS products, services or technologies that would be categorically excluded. The determination of what countries constitute a “foreign adversary” would be a matter of executive branch discretion with the Secretary of Commerce consulting with various other cabinet-level officials, including, among others, the Secretaries of Defense, Homeland Security, State and Treasury. At this point, the Proposed Rule is widely viewed as targeting China, though it provides the Secretary with broad discretion in identifying any country that constitutes a foreign adversary for purposes of the restrictions.
Noting that the ICTS supply chain is “critical to nearly every aspect of U.S. national security,” the Proposed Rule would establish a case-by-case, fact-specific evaluation process by which the Secretary of Commerce would determine whether a particular transaction should be prohibited or otherwise mitigated. In evaluating transactions, the Secretary would assess, among other things, whether a party to a transaction is owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary, and whether the use of a certain class of ICTS or transactions by particular classes of users present an “undue risk” to critical infrastructure or an “unacceptable risk” to U.S. national security. The Secretary would have the authority to commence an evaluation of any transaction at his or her own discretion, at the request of other U.S. government agencies or departments, or based on information submitted to the Secretary by private parties that the Secretary deems credible. (The Proposed Rule establishes a web portal by which private parties would submit such information.) In conducting the evaluation, the Secretary would be permitted to request and assess public and private information from other U.S. government agencies and departments, foreign governments and transaction parties.
Under the process established by the Proposed Rule, the Secretary would notify affected parties that their transaction is undergoing review and then provide them with a preliminary determination regarding the transaction. Prior to issuance of a final determination, transaction parties would have the opportunity to submit supporting information, which may include proposed measures for mitigating any risks identified by the Secretary. Upon completion of the evaluation, the Secretary would issue a final determination to the transaction parties summarizing the evaluation and its results. While final determinations would be available to the public, the Proposed Rule does not contemplate the issuance of advisory opinions, declaratory rulings or similar guidance to U.S. businesses regarding those specific ICTS products and services that present national security risks.
If the Secretary determines that a transaction presents an undue or unacceptable risk, the Proposed Rule provides the Secretary with the authority to block the transaction or require that transaction parties implement measures to mitigate the identified risks. Importantly, the Proposed Rule would provide the Secretary with the authority to order transaction parties to immediately cease the use of the specific ICTS product or service, even if such product or service has been installed or was in operation prior to the Secretary’s final determination.
Federal Communications Commission Report and Order
The Federal Communications Commission (FCC) adopted a Report and Order on November 22 that bars telecommunications carriers from using U.S. government subsidy funds to purchase equipment and services from companies that pose a national security threat. The FCC’s Order initially designates Huawei Technologies Company (Huawei) and ZTE Corp. (ZTE) as the only companies covered by the prohibition at this time, but also establishes a process for subjecting additional companies to the prohibitions in the future. In adopting the Order, the FCC indicated that it was informed by a number of recent actions by other U.S. government agencies and foreign government authorities that prohibited the use of certain products and services as a means to close potential security vulnerabilities in communications networks and their supply chains.
Prior to adoption of the Order, the FCC lacked the explicit authority to compel U.S. carriers to cease deployments of any network infrastructure equipment. While the U.S. government has taken a number of actions to prevent the deployment of Huawei and ZTE equipment in U.S. telecommunications networks, carriers operating in certain rural and remote territories have continued to purchase and deploy Huawei and ZTE equipment. As discussed below, the FCC’s action should prohibit many of these carriers from using equipment and services from Huawei and ZTE—and potentially other objectionable vendors—going forward.
The specific rule adopted by the FCC would prohibit U.S. carriers participating in the FCC’s Universal Service Fund (USF) program from using USF funds to purchase equipment and services from vendors designated by the FCC as posing a national security threat. (The FCC’s USF program makes $8.5 billion in federal funds available to U.S. carriers operating in certain rural and remote regions for the purchase of network infrastructure equipment and related services.) Effectively immediately, these carriers will not be permitted to use USF funds for the purchase of equipment and services from vendors covered by the prohibition. Carriers thus may not use USF funds to maintain, operate, manage, or otherwise support equipment or services from these vendors in any way, including upgrades to existing equipment and services.
In addition to adopting the rule prohibiting use of USF funds, the FCC specifically identified Huawei and ZTE as covered companies for purposes of the prohibition. In the FCC’s view, Huawei and ZTE “pose a threat to the security of communications networks and the communications supply chain” primarily due to both companies’ reported close ties to the Chinese government and military and the existence of certain Chinese laws that have been interpreted to obligate both companies to assist the Chinese government in espionage-related activities. The FCC also determined that Huawei and ZTE pose a “unique threat” to the security of communications networks and the communications supply chain because of security flaws in their equipment and certain provisions in Huawei’s service agreements that provide it with the ability to exploit U.S. networks for malicious purposes.
While the Order designates Huawei and ZTE as the only two entities currently subject to the prohibition, it established a process for the designation of additional covered entities in the future. Under this process, the Commission would make an initial determination—either sua sponte or in response to a petition from an outside party—that a company poses a national security threat to the integrity of communications networks or the communications supply chain. The Commission then would issue a public notice advising that it has made such an initial designation, as well as the basis for such designation. Upon the issuance of such notice, interested parties could file written submissions in support or opposition to the initial designation. If the initial designation is unopposed, the entity would be deemed to pose a national security threat 31 days after the issuance of the notice. If there are any objections to the designation, the Commission would have to announce its final designation decision within 120 days after release of its initial designation notice.
In an accompanying Notice of Proposed Rulemaking (Notice), the FCC proposed to require carriers receiving federal USF subsidies to remove and replace existing equipment and services from Huawei and ZTE. The Notice proposed a reimbursement program to offset carriers’ reasonable costs in removing and replacing Huawei and ZTE equipment. To facilitate such a removal and replacement program, the Notice stated that the FCC will conduct an information collection program to determine the extent to which telecommunications carriers have deployed equipment from Huawei and ZTE in their networks and the costs associated with removing and replacing such equipment.