The Department of Commerce's Bureau of Industry and Security ("BIS") released an Interim Final Rule ("IFR") on September 9, 2022 changing the Export Administration Regulations' ("EAR") regulation of information-sharing in international standards settings organizations ("SSOs"). The EAR previously restricted sharing of software and technology in SSOs based on which specific entities listed on the BIS Entity List might obtain access via membership in the SSO. The original authorization parameters were driven largely by Huawei's participation in international 5G standards setting. The new authorization will apply uniformly to all entities on the Entity List.
Specifically, to use the new authorization in 15 C.F.R. 744.11 to share EAR-defined "software" and "technology" in an SSO context, three conditions must be met:
- Subject to low controls: The software or technology must be designated EAR99, controlled for Anti-Terrorism ("AT") reasons only, or be specifically for the "development," "production," or "use" of cryptographic functionality and listed under certain Commerce Control List Category 5 Part 2 Export Control Classification Number ("ECCN") subparagraphs.
- SSO context: The "release" must be made in the context of a "standards-related activity," which the EAR now defines as "includ[ing] the development, adoption, or application of a standard . . . ," including "conformity assessment procedures," and actions taken "for the purpose of developing, promulgating, revising, amending, reissuing, interpreting, implementing or otherwise maintaining or applying such a standard."
- Intent to "publish": Without an intent to "publish" the resulting standard, as that term is defined in the EAR, there is no authorization to share any software or technology "subject to the EAR" with Entity List designees, even if that software or technology is designated EAR99.
The authorization only overcomes an entity's designation on the BIS Entity List. Any other U.S. sanctions designations or other sanctions or export controls restrictions (such as end-use or end-user controls) must be separately overcome with appropriate licenses or license exceptions.
When BIS implemented the predecessor to this authorization on June 18, 2020, there was an industry consensus that BIS did not sufficiently address SSOs' and their members' concerns. Commenters included SSOs and industry participants focused on semiconductors, consumer technology, Internet of Things connected devices, cable television, information technology, and telecommunications. Acknowledging industry concerns in the newly expanded September 9, 2022 authorization, BIS stated that "[a]ny impediment to U.S. influence in standards development forums is a national security threat to the United States because not only does it limit U.S. leadership in standards development, but other countries are already racing to fill this vacuum with their own leadership and standards. In many cases, this ceding of U.S. leadership not only undermines democratic values and U.S. national security and foreign policy interests, but it also contributes to a potential future global standards environment that actually works to oppose U.S. interests."
Comments on the IFR are due November 8, 2022.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.