• Facility tours / access
• Detailed drawings, plans, schematics
• Test results
• Repair / failure analysis
• Demonstrations
• Development plans
• PowerPoints / presentations
• Interface Control Documents
• Photographs
• Detailed descriptions of systems and attributes
• Training
• Factory Acceptance Testing
• General scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities
• Basic marketing information on function or purpose
• General platform and system descriptions
• “Public Domain”
Information (e.g., basic research published broadly in the scientific
community;
bookstores)
Possible Sources of Technical Data
Items that are NOT Technical Data Technical data is information in any form necessary for the design,
development, production, operation,
modification or maintenance of hardware, materials, software, or processes related to those necessary actions.
EAR Technology: Information necessary for the “development,” “production,” “use,”
operation, installation, maintenance, repair, overhaul, or refurbishing … of an item. In general principle, possible sources/exclusions similar to examples above.
Export control 101: Deemed Exports
Includes disclosing or transferring controlled
technology to a non-U.S. Person, whether in the U.S.
or abroad, by ANY means. For example
:
• E-mails
• Meetings/Conferences
• Telephone Conversations
• Online meeting and conference apps
• Plant Tours/Visits
• Reports and Analysis
• Internet Posting
Includes disclosures to employees within the same company.
Export Control 101: Penalties for Violations
International Traffic in Arms Regulations (ITAR)
Export Administration Regulations (EAR)
Individual Criminal Penalties
Up to $1 million fine and/or 20 years in prison
Up to $1 million fine and/or 20 years in prison
Corporate Criminal Penalties
Up to $1 million fine Up to $1 million fine
Civil
Penalties Up to $1,163,217 per violation
Up to $300,00 per transaction or twice the value of the transaction, whichever is greater
Admin.
Penalties
Denial of export privileges and/or
imposition of independent monitors, etc.
Denial of export privileges, asset blocking, debarment from government contract liability, etc.
Collateral
Concerns Legal/investigation costs, reputational harm
Best Practices: How to Think Like an Export Control Lawyer
What is the item/information/service?
• Is the item/information/service subject to U.S. export controls?
• Check the CCL and USML
Where is it going?
• Will there be any dealings with restricted or embargoed countries?
• Check Country Chart
Who will receive it?
• Are any of the end-users or intermediaries restricted persons?
• Run screening and check for restricted end-users.
What is the end-use?
• Will the item/service be used for a restricted purpose?
• Conduct diligence on the transaction for restrictions on end-use.
Is there an available export authorization?
• Does an existing agreement, license, or exemption/exception authorize the activities?
• Can we obtain an export authorization to cover the proposed activities and parties?
Best Practices: Know Your Customer and Red Flags
KYC Diligence and Red Flags: Obtain detailed information about your partners and what they will do with export controlled items and information. Verify the information as much as possible with independent sources.
• Red Flag: Partner or agent is reluctant to offer end-use/end-user information.
• Red Flag: Product’s capabilities do not fit the business or are incompatible with technical level of the country.
• Red Flag: The customer name or address is similar to a party listed in the Denied Persons, Entity, Unverified, Debarred, or SDN lists.
• Red Flag: The partner will pay cash for an item that normally requires financing.
• Red Flag: Deliveries are planned for out of the way destinations.
• Red Flag: The shipping route is abnormal for the product and destination.
• Red Flag: Partner has little or no business background.
Evaluate information throughout the transaction.
Do not self-blind. Maintain an open flow of information to ensure you know all the partners, end-use, end-user, destination, transit points, and can obtain all information to conduct due diligence
Best Practices: Compliance Programs
The key elements of an effective export compliance program include:
• Management Commitment: Top down leadership and adequate resources
• Risk Assessment: Identify, understand, and mitigate risks
• Compliance Manuals and Materials: Compliance resources and documentation
• Training: Build compliance culture, awareness, and accountability
• Export Authorization: obtain and manage licenses effectively
• Recordkeeping: Clear roles, responsibilities, and repositories
• Audits: Use experienced personnel, share findings with stakeholders, and follow-up
• Violations and Corrective Actions: Reporting procedures, senior mgmt. support
Developments: Export Control Reform Act of 2018 (ECRA)
• BIS solicited public comments from industry on “emerging” technologies (“foundational” technologies to be addressed later in 2019). To inform public comment, BIS provided a representative list of potential emerging technologies:
• Biotechnology
• Data Analytics Technology
• Brain-Computer Interfaces
• Artificial Intelligence
• Quantum Information and Sensing Technology
• Hypersonics
• Position, Navigation, and Timing (PNT) Technology
• Logistics Technology
• Advanced Materials
• Microprocessor Technology
• Additive Manufacturing
• Advanced Surveillance Technologies
• Advanced Computing Technology
• Robotics
• ECRA became law on August 13, 2018 as the permanent statutory authority for the EAR. ECRA codifies long-standing BIS policies and does not require changes to the EAR, such as country-specific licensing requirements.
• ECRA also enhances BIS enforcement authority. BIS may use violations to justify a wiretap, conduct overseas investigations, and engage in financial transactions (such as leasing space) to conduct undercover investigations
• Of note, ECRA requires BIS to lead an interagency process to identify and add to the EAR controls on “emerging” and “foundational”
technologies that are “essential to the national security of the United States,”
and to make identifying and controlling “emerging and foundational technologies of concern” a priority.
Developments: Designation of Huawei to Entity List
• Includes even low-level “EAR99” items not identified on U.S. export control lists (ex: U.S.-origin toothbrush and non-public U.S.-origin manufacturing drawings for it are EAR99 items “subject to the EAR”).
• Despite Trump’s suggestion after the G20, on June 29, that hinted he
• On May 16, 2019, BIS added Huawei Technologies, Co. Ltd. and 68 of its non-U.S. affiliates in 26 countries to the BIS Entity List, which is essentially a U.S. export control blacklist.
• The EAR prohibits the export, reexport, or transfer of “items subject to the EAR” to persons on the Entity List without a license. Items “subject to the EAR” are any commodities, software, and technology that are:
• in the United States,
• U.S.-origin, wherever located,
• foreign origin and incorporating more than de minimis amount of “controlled” U.S.-origin content, or
• the foreign direct product of U.S.-origin technology controlled for national security reasons.
Developments: Designation of Huawei to Entity List
• BIS released a 90-day Temporary General License (“TGL”) following Huawei’s designation to the Entity List. The TGL only authorizes a limited subset of activities until August 19, 2019:
• activities necessary to support existing networks and equipment;
• activities necessary to provide service and support to existing models of Huawei handsets (handsets available to the public on or before May 16, 2019);
• activities involving the disclosure of information regarding security vulnerabilities of Huawei items; or
• activities necessary for the development of 5G standards as part of an international standards body.
• A TGL shipment to Huawei must include a certification on how the TGL
applies, and the exporter/reexporter/transferor must keep the certification for recordkeeping purposes.
• The EAR does not restrict what items people can receive from Entity Listed persons or companies, unless they know or have reason to know that the Entity Listed person received the item in violation of law.
• Entity List does not, as a matter of law, prohibit investments into the listed entities or mean that funds being paid to or from listed entities are subject to blocking or rejection by financial institutions.
Developments: E.O. On Securing Information And
Communications Technology And Services Supply Chain
• On May 15, 2019, President Trump issued an Executive
Order that will restrict use of telecommunications items and services from certain countries/persons in U.S. networks.
• The E.O. does not impose immediate restrictions but will create a new regulatory framework that the Department of Commerce (DoC) must implement by October 14, 2019.
• Government may block any “acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service” involving any “property in which any foreign country or a national
thereof” has any interest, including through contract, and involving “information and communications technology or services designed, developed, manufactured, or supplied by a “foreign adversary” that poses “undue” risk to U.S. information and communications technology or services or to U.S. critical infrastructure or digital economy, or “unacceptable” security risk to the U.S. or U.S. persons.
• DoC will identify specific “foreign adversaries,” but context and timing of the E.O. (day before Huawei designation) hint at China/Chinese entities.
• The new regime will create significant compliance challenges for international business operations. Companies should begin assessing the potential impact of this new regime and consider engaging with the DoC, as appropriate, before