On July 25, 2024, the U.S. Department of Commerce, Bureau of
Industry and Security (BIS) issued two proposed rules: one that focuses on enhancing and expanding
controls on military and intelligence end users and end uses, and
the other that focuses on human rights and
expansion of crime control requirements (the FSEU Rule). On the
same day, the U.S. Department of State, Directorate of Defense
Trade Controls (DDTC) issued a new proposed rule (the Defense Services
Rule) that would revise the definition of "defense
services" and the associated scope of related controls in the
International Traffic in Arms Regulations (ITAR).
The key changes include:
- Expanding the military end user (MEU) and military end use rule, including expanding the definition of MEU, the scope of items, and countries affected
- Amending the military intelligence end user and end use rule to apply to all intelligence end users, including civil users, and expanding the scope of items and countries affected
- Adding two new end use controls under the Export Administration Regulations (EAR) to capture entities supporting the development, production, installation, maintenance, repair, overhaul, or refurbishing of military items (e.g., defense contractors) and entities deemed to be foreign-security end users (e.g., police and security agencies)
- Prohibiting U.S. persons from supporting activities associated with the amended and new end users controls even when the item(s) involved are not subject to the EAR
- Adding Commerce Control List (CCL)-based controls on facial recognition systems and related software and technologies, which would mean requiring licenses to export to certain countries, including China
- Revising the list of regulated activities under the ITAR's definition of defense services
- Introducing new United States Munitions List (USML) entries to restrict U.S. person support to critical military and intelligence assistance
Interested parties have until September 27, 2024 to submit comments to both departments.
Proposed EAR Changes
BIS released two proposed rules outlining potential changes to existing restrictions under the EAR which, if adopted, would amend and expand the existing end use/end user controls and related U.S.-person support restrictions and create CCL-based controls for facial recognition systems. The proposed rules indicate that BIS is strongly considering imposing more stringent licensing requirements than before.
MEU
The MEU/MIU Rule contains proposed amendments that would
dramatically expand certain military end users and use
restrictions. Specifically, BIS intends to revise Section 744.21 of
the EAR to cover any exports, reexports, and in-country transfers
of all items subject to the EAR when there is "knowledge"
that the items are intended for MEUs or a military end use of a D:5
country or Macau.1 Currently, Section 744.21 is limited
to only six countries and restricts only those items listed in
Supplement No 2. to Part 744. However, under the proposed rule, all
items subject to the EAR would require a license if destined to a
MEU or for a military end use of a D:5 country or Macau.
The MEU/MIU Rule would also amend the definition of MEU to include
any person or entity performing the functions of a MEU, such as
mercenaries, paramilitary, or irregular forces. It would also
remove national police, government intelligence or reconnaissance
organizations, and any person or entity whose actions or functions
are intended to support military end uses from the scope of the MEU
definition. However, those categories are still covered under the
new types of end users described elsewhere in the MEU/MIU Rule and
FSEU Rule.
The expansion of the proposed rule is intended to capture private
companies, non-state actors, or parastatal entities that engage in
combat or other activities similar to those of traditional armed
forces, other than the kinds of activities described below in
connection with military-support end users, which generally
involves the design, development, production, installation,
maintenance, repair, overhaul, or refurbishing of military items.
In connection with these revisions, BIS is proposing moving all
entities currently listed on the MEU List to the Entity List.
Applications to export, reexport, or transfer (in-country) items
for a MEU in connection with Burma, China, Cuba, Iran, Macau, North
Korea, Syria, and Venezuela, will be reviewed with a presumption of
denial, and applications for Russia and Belarus will be reviewed
with a policy of denial consistent with Section 746.8(b)(1) of the
EAR. All other requests will be reviewed on a case-by-case
basis.
Military-Support End User
In modifying the MEU rule described above, BIS also proposes to
create a new military-support end user control under a new section
of the EAR, Section 744.22. BIS defines the term
"military-support end user" as any person or entity whose
actions or functions support military end uses and entities on the
Entity List with a footnote 6 designation. Under the MEU/MIU Rule,
a license would be required for the export, reexport, or transfer
(in-country) of items subject to the EAR that are specified on the
CCL with "knowledge" that the item is intended, entirely
or in part, for a military-support end user(s) in a D:5 country or
Macau, or wherever located when identified on the Entity List with
a footnote 6 designation. This end user control is intended to
capture entities involved in the design, development, production,
installation, maintenance, repair, overhaul, or refurbishing of
military items.
The same licensing review policy for MEU licenses under Section
744.21 would apply for military-support end user requests.
Military-Intelligence End User
The MEU/MIU Rule would revise Section 744.22 of the EAR, which
currently addresses military intelligence end users and end uses,
by moving the restrictions to a new section of the EAR, Section
744.24, and dropping the "military" qualifier, resulting
in the term "intelligence end user." BIS intends to
define "intelligence end users" as any government
intelligence or reconnaissance organization and other entities
performing functions on behalf of such entities. This would cover
entities planning and directing, processing and exploiting,
analyzing and producing, disseminating and integrating,
surveilling, and evaluating and providing feedback for traditional
espionage and economic espionage activities. The scope of this end
user control would also be revised to apply to all items subject to
the EAR and to countries listed in Country Groups D and E that are
not also listed in Country Groups A:5 and A:6.2
The same licensing review policy for MEUs and military-support end
users would apply to intelligence end users.
Foreign-Security End User
The FSEU Rule proposes to add another new category for end user
control to cover foreign-security end users under a new section of
the EAR, Section 744.25. This new control would require a license
to export, reexport, or transfer (in-country) items subject to the
EAR that are specified on the CCL to foreign-security end users of
a country listed in Country Group D:5 or E. BIS intends to define
foreign-security end users as governmental and other entities with
the authority to arrest, detain, monitor, search, or use force in
the furtherance of their official duties. This includes persons or
entities at any level of governmental police and security services
(e.g., municipal, provincial, regional) and would include persons
or entities performing the functions of a foreign-security end user
because non-government entities may be hired to assist or carry out
such activities. The proposed foreign-security end user term would
also cover others performing functions of such a foreign-security
end user and may include laboratories, jails, prisons, detention
facilities, and labor camps and/or reeducation centers. However, if
any foreign-security end user is integrated into or organized under
the military,
the MEU control in Section 744.21 applies.
This definition does not apply to purely civilian emergency
medical, firefighting, and search-and-rescue end users. However, a
license would be required if an end user integrates police,
emergency medical, and search and rescue services under a single
public safety department.
Given the wide implication of this rule, BIS intends to apply a
case-by-case review standard for license applications under Section
744.25 to ensure the export, reexport, or transfer (in-country) of
items necessary to protect lives is not disrupted.
General Restrictions on Certain U.S. Person Activities
BIS also proposes more general restrictions to U.S. person
activities when related to such end users described above. These
restrictions include specific exclusions to the definition of
"support" such as: (1) activities that relate to items
not subject to the EAR as specified in Section 734.3(b); (2)
activities that are subject to the jurisdiction of other agencies
(e.g., U.S. Department of State, Directorate of Defense Trade
Controls); (3) activities that do not extend beyond administrative
services; (4) commercial activities relating to the movement of
goods by common careers for certain items; and (5) activities
conducted for, on behalf of, or in connection with the U.S.
government.
Under the proposed rules, a license would be required if a U.S.
person engaged in certain kinds of activities, including but not
limited to: facilitating a shipment, performing any contract,
service, or employment with the knowledge it may assist or benefit
certain end uses or end users, and transferring any item not
subject to the EAR with the knowledge it will be used by certain
end users or end uses.
BIS does not propose adding controls on U.S. person activities
that relate to military-support end users, but notes that the
restrictions on U.S. person support to military end users will
extend to entities on the Entity List with a footnote 6
designation. The proposed rules would restrict U.S. persons from
engaging in certain kinds of activities for a
"military-production activity." The term
"military-production activity" means incorporation into
or any other activity that supports or contributes to the
operation, installation, maintenance, repair, overhaul,
refurbishing, development, or production of 600 series items,
including foreign-origin items not subject to the EAR, and any
other items described on the CCL or designated EAR99, including
foreign-origin items not subject to the EAR when there is knowledge
it is destined to a MEU.
CCL-Based Controls for Facial Recognition Systems
In addition to the end use controls, BIS also proposes a CCL-based control on facial recognition systems due to rapidly evolving facial recognition technologies coupled with artificial intelligence capabilities that can bolster the abilities of foreign-security end users (e.g., law enforcement agencies and other government affiliated agencies). The proposed rule would amend ECCN 3A981 to include facial recognition systems and would add a note to ECCN 3A981 to indicate that it does not control detection or authentication items versus identification items or items that facilitate individual access to personal devices or facilities. Furthermore, the software for facial recognition would be controlled under ECCN 3D980 and 3E980 would control facial recognition technology. These ECCNs would be subject to crime controls (CC) column 1.
Proposed ITAR Amendments
The Defense Services Rule contains several key changes, including amending the definition of defense services under Section 120.32 and adding new entries to the ITAR's USML. The potential changes are intended to provide clarity about U.S. person activities already subject to the ITAR's control and highlight certain U.S. person activities that should warrant control under the ITAR.
Definition of Defense Services
Under the proposed rule, DDTC intends to update the list of regulated activities described in the defense services definition to include "assistance, including training or consulting, to foreign persons in the development (including, e.g., design), production (including, e.g., engineering and manufacture), assembly, testing, repair, maintenance, modification, disabling, degradation, destruction, operation, processing, use, or demilitarization of a defense article." Moving "design, engineering and manufacture" into parentheticals would align the definition with changes made to the definitions of "development" and "production" in March 2022. Two new activities, "disabling" and "degradation" would be added to make it clear that the act of harming a military capability by degrading or disabling a defense article would be controlled. DDTC also intends to include a specific reference to consulting activity, not as an additional level of control, but to clarify that "training" includes more than direct instructional activities. DDTC intends to remove the rest of the current language under the defense services definition and replace the language to reference the newly proposed USML categories.
New USML Categories for Military and Intelligence Assistance
DDTC is proposing adding a new subparagraph to the definition,
directing the reader to two new proposed USML entries under
Category IX that would control defense services related to
intelligence and military assistance, but not directly related to a
defense article. DDTC determined the proposed additions to the USML
would clarify that restricting U.S. persons from furnishing
assistance in intelligence activities without DDTC approval is
warranted and necessary to address risks to the national security
and foreign policy of the United States.
The proposed USML category, IX(s)(2), describes furnishing
intelligence assistance. Meanwhile, USML Category, IX(s)(3),
describes military and paramilitary assistance. This is intended to
provide clear notice to U.S. persons and regulated communities that
the ITAR regulates services related to military or intelligence
activities regardless of a nexus to a defense article.
Each of these proposed new categories would carve out certain
activities in order to only control and regulate a higher level of
support for activities that provide a critical military or
intelligence advantage. For example, the assistance activities
described in the proposed paragraph (s)(2) must be "for
compensation," thus limiting the control to services that are
provided in a professional or commercial capacity. However, DDTC
makes it clear that compensation is not limited only to financial
compensation but does require a measurable response from the
recipient in exchange for services (including goods and services,
political favors, legislative or legal relief, etc.). Non-critical
intelligence assistance provided on a volunteer basis would not be
controlled by the ITAR, nor does DDTC intend to control the
activities of hobbyists or casually interested persons who provide
commentary or forward open-source and publicly available
information.
Notably, the proposed USML categories would follow the ITAR's
"catch and release" method of control, which initially
describes and covers a broad range of activities in order to
"catch" them within the ITAR's control, and then
specifies certain limited carve-outs to then "release"
certain activities. Only assistance that is both "caught"
and not "released" would be controlled under the proposed
paragraphs IX(s)(2) or (s)(3). Under the proposed paragraphs for
USML Category IX(s)(2)(1) through (iv), there would be six
carveouts related to intelligence activities and three carveouts
for military assistance activities. Notably, the first three
intelligence-related carveouts are identical to the three military
assistance activities:
Proposed Carveouts for Intelligence- and Military-Related Assistance | ||
---|---|---|
Intelligence- and Military-Related: | Proposed paragraph (s)(3)(iv)(A): Furnishing of medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier; |
|
Intelligence- and Military-Related: | Proposed paragraph (s)(3)(iv)(B): Participation as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such a force (see also Section 124.2(b) of this subchapter). |
|
Intelligence- and Military-Related: | Proposed paragraph (s)(3)(iv)(C): Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities. |
|
Intelligence-Related: | Proposed paragraph (s)(2)(iv): State Department proposes to carve out information technology services that are ordinarily provided to allow business entities to operate internally (IT infrastructure services, hardware and software that enable the organization to run specialized applications). |
|
Intelligence-Related: | Proposed paragraph (s)(2)(v): Makes clear the ITAR does not interfere with otherwise lawful activity of a U.S. federal or local law enforcement or intelligence agency. |
|
Intelligence-Related: | Proposed paragraph (s)(2)(vi): Focuses on expanded defense service controls and intends to avoid imposing duplicative export licensing requirements for the activities described in paragraph (s)(2) since they are already regulated or proposed for regulation under the ITAR or EAR. Similar to the defense service definition in Section 120.32(a)(1), the mere act of exporting, reexporting, or transferring (in-country) a commodity, software, technical data, or EAR technology does not constitute a defense service in the context of (s)(2). |
Conclusion
The proposed rules, if implemented, may have a significant
impact on U.S. and foreign operations, especially for those who
conduct business with and in D:5 countries or Macau. It will be
important for individuals and companies to review the proposed EAR
and USML changes to understand what activities may be prohibited if
such rules are implemented.
DDTC and BIS have requested public comments on the proposed rules
and will accept comments until September 27, 2024.
Footnotes
1. D:5 Countries (U.S. Arms Embargoed Countries) currently are: Afghanistan, Belarus, Burma, Cambodia, Central African Republic, People's Republic of China (China), Democratic Republic of Congo, Cuba, Eritrea, Haiti, Iran, Iraq, North Korea, Lebanon, Libya, Nicaragua, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe.
2. Those countries include: Afghanistan, Bahrain, Belarus, Burma, Cambodia, Central African Republic, People's Republic of China (China), Democratic Republic of Congo, Cuba, Egypt, Eritrea, Haiti, Iran, Iraq, Jordan, North Korea, Kuwait, Lebanon, Libya, Oman, Pakistan, Qatar, Russia, Saudi Arabia, Somalia, South Sudan, Sudan, Syria, United Arab Emirates, Venezuela, and Zimbabwe.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.