On November 27, 2019, the US Department of Commerce (Commerce) issued a notice of proposed rulemaking on the implementation of Executive Order 13873 (the EO), "Securing the Information and Communications Technology and Services Supply Chain."1 This action does not automatically impose restrictions on any particular parties or transactions at this time. Commerce invites the public to submit comments on the proposed rulemaking until December 27, 2019.

The EO, published on May 15, 2019, prohibits certain transactions involving telecommunications equipment or services made or supplied by persons that have been determined by the US Government to be "foreign adversaries" when the transactions are deemed to pose an "unacceptable national security risk."2 The proposed rule lays out a "case-by-case, fact-specific approach" that the Secretary of Commerce (the Secretary) would use to determine which information and communications technology and services (ICTS) transactions would be prohibited according to the requirements in the EO.

Proposed Rule

Scope

In making a decision for action or inaction regarding a "transaction"3 under the EO, the Secretary shall consider, on a case-by-case basis, whether the transaction:

  • Is subject to jurisdiction of the United States;
  • Involves any property in which any foreign country or a national thereof has an interest;
  • Was initiated, is pending, or will be completed after May 15, 2019;
  • Involves "information and communications technology or services"4 designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a "foreign adversary"5; and
  • Poses:
    • An undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States;
    • An undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or
    • An unacceptable risk to the national security of the United States or the security and safety of United States persons.

The Secretary is authorized to prohibit transactions as a class if the Secretary determines that transactions in that class will always pose an undue or unacceptable risk, or to exempt classes of transactions that do not present such risks or are outside the scope of the EO.6 The proposed rulemaking indicates that (1) telecommunications service providers, (2) internet and digital service providers, and (3) vendors and equipment manufacturers could be directly affected by the EO.7

Commencement of Evaluation

The Secretary may commence an evaluation of a transaction in one of three ways:

  • At the Secretary's discretion;
  • Upon request of another government agency; or
  • Based on information submitted to the Secretary by private parties (via a designated web portal) that the Secretary determines to be credible.

Preliminary and Final Determinations

Under the proposed rule, parties to a transaction will receive a written preliminary determination of the Secretary's findings, which would explain the basis for the determination.8 Parties have 30 days to submit an opposition to the preliminary determination or information on proposed measures for mitigation.

The Secretary will issue a final written determination within 30 days of receiving a party's response stating that the transaction (1) is prohibited, (2) is not prohibited, or (3) requires mitigation measures as a precondition for approval. The unclassified determinations may be available to the public, "as appropriate."

Emergency Action

The proposed rule allows the Secretary to take "emergency action" to vary or dispense with any or all of these procedures. Such action is limited to circumstances when public harm is likely to occur if the procedures are followed or national security interests require it.

Penalties and Appeal

Violations of any determination, regulation, prohibition, or other action issued under the proposed regulations may be subject to civil penalties up to $302,584 (adjusted annually for inflation) or twice the amount of the transaction that is the basis of the violation. Violations of mitigation measures or material conditions may be subject to civil penalties up to $302,584 (adjusted annually for inflation) or the value of the transaction. Penalties may be appealed within 15 days of receipt of the penalty notice. The Secretary will issue a final decision within 30 days of receipt of the petition for appeal.

Public Comments 

The public will have until December 27, 2019 to submit comments on all aspects of the proposed rule.9 Commerce indicated that it would appreciate comments on whether whole classes of transactions should be excluded from the review, mitigation measures for transactions that fall within the EO's standards, and interpretation of the terms of the EO. The rulemaking also sets out guidelines for any non-public oral communications made to Commerce regarding the substance of the proposed rule.

Conclusion

Companies engaging in business involving information and communications technology or services should monitor the implementation and any determinations under this EO very closely. Commerce states in the proposed rule that it expects that parties engaging in transactions subject to the EO will maintain records related to such transactions in a manner consistent with the recordkeeping practices used in their ordinary course of business.

Click here to download 'Department of Commerce Invites Comments on Proposed Rule Targeting Information and Communications Technology Transactions' PDF.