At its May open meeting, the Federal Communications Commission (FCC) implemented three distinct regulatory measures aimed at protecting domestic communications networks and equipment from threats posed by hostile foreign nations and identifying security vulnerabilities in the communications supply chain. The actions impact telecommunications carriers, service providers, and equipment manufacturers, as well as stakeholders in related industries.
In concert, these oversight and transparency actions are designed to reduce the influence of foreign adversaries on the telecommunications industry's critical infrastructure and supply chain and mitigate vulnerabilities that enable cyberattacks, espionage, and surveillance by foreign adversaries.
Comprehensive Ownership Disclosure Requirements for All FCC Licensees
The FCC adopted a Notice of Proposed Rulemaking to establish a new, uniform certification and reporting regime would broaden required FCC ownership reporting to include a broad swath of holders of FCC licenses, authorizations, and approvals in order to identify ownership stakes held by foreign adversaries.
Entities covered by the proposed reporting requirement would include most wireless licensees, lessees and spectrum auction applicants, domestic and international Section 214 authorization holders, Voice over Internet Protocol (VoIP) providers with FCC numbering authorizations, spectrum frequency coordinators, holders of Data Network Identification Codes (DNIC) and International Signaling Point Codes (ISPC), recognized operating agencies under the International Telecommunication Convention, and Eligible Telecommunications Carriers (ETC) beneficiaries of the Universal Service Fund.
The new rules would require disclosure of foreign interests in order to identify ownership or control interest held by any "person owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary."
The new rules would define a "foreign adversary" as "any foreign government or foreign non-government person determined by the Secretary [of Commerce] to have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons."
Prohibitions on Foreign Adversary Control of Testing and Certification Bodies
The FCC adopted new rules to prohibit foreign adversary entities from owning and controlling telecommunications certification bodies, measurement facilities, and laboratory accreditation bodies. Under the new rules, "prohibited entities" will be those identified on the FCC's Covered List, entities on the U.S. Department of Defense's (DOD) Chinese military company list and the executive branch's list of "foreign adversaries," and other entities identified by sister federal agencies as posing national security threats.
Applying the Covered List to Connected Vehicle Technologies
The FCC is seeking comment on a proposal to expand its Covered List to new connected vehicle communications equipment and services. This includes automated driving systems (ADS) and completed connected vehicles (CVs) designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the People's Republic of China, including the Hong Kong Special Administrative Region and the Macau Special Administrative Region, (PRC); or the Russian Federation (Russia); as well as vehicle connectivity systems (VCS) hardware designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the PRC or Russia.
The proposal builds on a recent final rule on CVs from the U.S. Department of Commerce's Bureau of Industry and Security (BIS). In that final rule, BIS determined that ADS software, completed CVs, and VCS hardware produced by Chinese- or Russian-controlled entities pose an unacceptable risk to U.S. national security and the safety and security of U.S. persons, leading the FCC to consider if it should add those technologies to the Covered List.
The FCC notes that it has "tentatively" assessed that equipment and services falling into the first category (ADS and completed CVs) would not be subject to the FCC's equipment authorization process.
In contrast, the FCC believes that VCS hardware includes technologies subject to the FCC's equipment authorization process, meaning that if added to the Covered List, all future equipment authorization applicants for VCS hardware would need to affirm their technologies were not designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the PRC or Russia. The definition of VCS hardware would be limited to technologies "intended to be included within a completed CV[,]" that satisfy one or more of the following elements:
- It is a telematics control unit
- It contains integrated covered software (as defined in the BIS final rule)
- It uses spectrum in the 5.895-5925 GHz band
The FCC requests public input on whether these elements, and the proposed addition of these technologies to the Covered List, correctly implement BIS's determination on the national security risks of VCS hardware.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
