Sanctions on Steroids: Huawei is a Prohibited ‘Entity,’ Foreign Adversaries Are Lurking in Information and Communications Services, What Does It All Mean?

The fun continued on Monday when BIS issued a temporary general license for some limited transactions with Huawei at the same time as some tech stocks took a nose dive on Wall Street.

Over the course of less than a week the Trump Administration took several actions related to Huawei and the information and communications industry:

• May 15, 2019:
  • President Trump issued an EO declaring a national emergency with regards to the creation and exploitation by foreign adversaries of vulnerabilities in information and communication technology and services.
  • The Department of Commerce, Bureau of Industry, and Security (BIS) announced it would add Huawei and affiliates to the Entity List.
• May 16, 2019: BIS published a final rule for public inspection adding Huawei and 68 non-US affiliates in 26 countries to the Entity List, effectively halting exports and reexports of items subject to the Export Administration Regulations (EAR) to Huawei.[1] The rule went into effect at 4:15 pm EDT that day.
• May 20, 2019: BIS issued a temporary general license permitting certain transactions with Huawei to continue despite the Entity List designation.
• May 21, 2019: BIS published the final rule regarding the Entity List in the Federal Register.

The Entity List designation and EO are not legally related, but the timing and public statements from the Trump administration indicate the two actions are elements of the same major shift in policy towards Chinese telecom manufacturers. National security concerns regarding Huawei and another Chinese telecom company, Zhongxing Telecommunications Equipment Corporation (ZTE), first surfaced in the public in 2012 when the House Intelligence Committee published a bipartisan investigative report. The report identified serious risks in the US telecommunications supply chain due to these companies’ relationships to the Chinese government. These concerns persisted on Capitol Hill for several years and then, starting in 2018, senior US intelligence officials began to publicly voice similar concerns.

So what do these developments mean for your company?

Huawei and the Entity List

The Entity List contains foreign persons that are subject to specific licensing requirements in addition to any other licensing requirements in the EAR. Exports, reexports, and retransfers of any hardware, software, or technology subject to the EAR, including EAR99, to Huawei, and listed affiliates require a license from BIS effective May 16, 2019. The Entity List also provides BIS’s license review policy. Huawei and its listed affiliates are now subject to a policy of presumption of denial.

BIS issued a temporary general license valid until August 19, 2019, authorizing four limited kinds of transactions. Issuance of such a license parallels BIS’s actions in 2016 when it placed ZTE on the Entity List. Within a few weeks after the addition of ZTE, BIS issued a temporary general license, which more broadly permitted exports, reexports, and retransfers to ZTE under the EAR licensing and policy requirements in existence prior to its addition to the Entity List.

By contrast, the Huawei Temporary GL is more limited and only authorizes four types of transactions – those relating to:

1. Continued operation of existing networks and equipment;
2. Support to existing handsets;
3. Cybersecurity research and vulnerability disclosure; and
4. Engagements as necessary for development of 5G standards by a duly recognized standards body.

Anyone seeking to rely on the Huawei Temporary GL must create and maintain a certification statement explaining how the export, reexport or in-country transfer falls within the scope of the GL.

All the EAR regulatory jargon, coupled with the worldwide proliferation of Huawei gear in telecom systems, has left many people scratching their heads about what this all means for them.

• What does “subject to the EAR” mean?
  • “Subject to the EAR” means hardware, software, or technology that is on the Commerce Control List (CCL) or is EAR99, which is shorthand for items controlled under the EAR that are not called out on the CCL.
  • To be subject to the EAR, the items must be:
    • Of US origin;
    • Located in the United States;
    • Non-US-origin hardware and software that contain more than de minimis (typically 25 percent) of controlled US hardware/software by value; and
    • Non-US technology mixed or commingled with controlled US-origin technology. Note there is no de minimis for commingled technology unless you got a determination from BIS. Did you get one? No, I thought not.
  • However, some carve-outs exist. “Subject to the EAR” does not include:
    • Items that are published;
    • Technology or software that arises from fundamental research; and
    • Technology in published patents or patent applications.
  • What is US-controlled content for purposes of the de minimis calculations? 
    • It includes items that would require a license for China (or the country of ultimate destination if not China) – not items that would require a license for Huawei due to its placement on the Entity List. In other words, as a general rule, you do not include EAR99 or AT controlled items in your numerator. Cautionary Note: Do not try de minimis calculations without a trained professional looking on. Would you shoot the Grand Canyon on a raft without someone who knew what they were doing?
  • What about foreign products that are based on US technology? 
    • If the products are the foreign direct product of US national security controlled technology, these require a license for export to China in any event. The foreign direct product rule applies to exports to a country – not to a company on the Entity List. So if you had a foreign direct product going to China and you did not get a license, you already had an issue – Huawei or no Huawei. Note that the foreign direct product rule does not apply to all US technology subject to the EAR.

• What steps should exporters and reexporters take as a result of the addition of Huawei to the Entity List?
  • Identify and stop all exports or reexports of any items subject to the EAR that will be shipped or transferred to Huawei or any of its listed affiliates.
    • The key here will be grappling with foreign origin products and determining which ones of them are subject to the EAR.
    • Update any measures for holds in enterprise resource planning systems.
  • Ensure personnel stop further EAR-controlled technology releases to Huawei or its listed affiliates. Notify all persons meeting with representatives from Huawei the “dos and don’ts” of such meetings and provide guidelines for other personnel that may interact with Huawei, particularly product engineers or other technical experts that may be contacted for product support.
  • Evaluate if Huawei or its listed affiliates are receiving any software or firmware updates to products they already possess.
• Can exporters and reexporters service products subject to the EAR already in the possession of Huawei or its listed affiliates?
  • Yes, BUT only if no further EAR-controlled technology, software, or hardware is provided to Huawei or its listed affiliates or the terms of the Temporary General License are met.

What about this Executive Order?

As discussed, BIS announced Huawei’s addition to the Entity List after President Trump issued an EO declaring a national emergency with regards to (1) foreign adversaries creating and exploiting vulnerabilities in information and communications technology and services and (2) the acquisition or use in the United States of information and communications technology or services from foreign adversaries. While the EO did not target any one country or entity, the Entity List additions, as well as escalating tariffs and sharp rhetoric from Trump Administration officials, all point to China.

The EO lays out prohibitions on numerous activities, including use, a rare restriction for the United States outside of the economic sanctions realm.

Prohibited is “any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary,” and one of the following:

1. Poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States;
2. Poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or
3. Otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.

The EO authorizes the Secretary of Commerce to “design or negotiate measures” to address the threat, including “a precondition to the approval of a transaction or of a class of transactions that would otherwise be prohibited pursuant to this order.” Commerce has 150 days to enact regulations implementing the EO.

While this EO has been the subject of inside-the-Beltway rumors for at least a year, it still leaves many questions unanswered:

• Who exactly is a foreign adversary?
  • The EO’s definition of foreign adversary is very broad – “any foreign government or foreign non-government person engaged in a long term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.” Foreign adversaries may include sanctioned and proscribed parties and countries (e.g., 126.1 arms embargoed countries), which other regulations already identify as national security threats. We expect there will be a listing or designation of foreign adversaries.
  • The Trump administration’s current National Security Strategy (NSS)[2], released in December 2017, also provides important context for this term. While the NSS does not adopt the term “foreign adversary,” it does introduce a related term, “strategic competitors,” and forcefully makes the point that the US needs to bolster national security efforts against such countries, principally China and Russia. 
• Will all transactions with a foreign adversary be prohibited?
  • The EO is very broad in describing what types of actions will be covered by new regulations. However, the EO leaves room for Commerce to narrow the types of transactions prohibited to those that create undue or unacceptable risk to the United States.
• What can I do to prepare for new regulations related to the EO?
  • A large impact of the EO is on import. As such, importers of information and communication hardware, software, and technology should review their supply chain. Companies may want to identify alternative sources for supply chain, especially in projects using high or emerging technology (e.g., 5G infrastructure).

The Portent of Things to Come?

The EO and Huawei’s addition to the Entity List may be a sign of what is to come. In the absence of a meaningful trade deal between the US and China, national security hawks in the administration will likely continue to drive the rhetoric about US-Chinese relations. Additionally, they may view the current stalemate and recent actions as an opportunity to pursue the further decoupling of the US and Chinese economies. There has also been discussion in the press of additional Chinese technology companies being added to the Entity List in the near future.

[1] Per the Savings Clause, orders that were en route on May 16, 2019, can proceed under existing license, license exception, or as NLR.

[2] The executive branch periodically publishes a NSS as a comprehensive statement of the United States’ worldwide security concerns and the President’s strategic vision for addressing them.