Commerce Department Issues Proposed Rule Creating Sweeping Review Mechanism to Combat Foreign Influence in U.S. Telecommunications Infrastructure

December 5, 2019 – On November 27, 2019, the U.S. Department of Commerce (“Commerce”) published a proposed rule in the Federal Register that, if implemented, would authorize Commerce to unwind business deals that could pose risks to the telecommunications infrastructure and the digital economy in the United States.  The proposed regulations create a review process through which the Secretary of Commerce may evaluate transactions involving U.S. telecommunications infrastructure and “foreign adversaries” of the United States.  Commerce has formulated the draft regulations pursuant to an Executive Order issued by President Trump on May 15, 2019, which determined that foreign threats to network security constitute a national emergency.  We previously summarized that order here. 

Although neither the proposed regulations nor the Executive Order expressly mention Chinese companies, both are widely perceived as attempts to curtail the involvement of Chinese companies in the U.S. telecommunications industry.  Specifically, the proposed regulations add to a growing list of measures targeting, directly or indirectly, Chinese telecom giant Huawei, although by no means should the regulations be read as only targeting Huawei or China. 

The proposed regulations are intended to address concerns about foreign espionage and surveillance, in addition to threats to the U.S. economy caused by Chinese and other foreign influence in U.S. information and communications technology and services.  The proposed regulations emphasize that U.S. telecommunications infrastructure “must be secure to protect [U.S.] national security, including the economic strength that is an essential element of our national security.”  According to the proposed regulations, foreign adversaries’ influence in such sectors “augment our adversaries’ ability to create or exploit vulnerabilities in [information and communications technology and services] to potentially catastrophic effects.”  Because the regulations focus on “transactions,” as defined below, they are not intended to address foreign espionage and other efforts to affect adversely U.S. information and communications technology and services that do not involve “transactions.”

Review Process

In theory, the proposed regulations create a review process similar to that conducted by the Committee on Foreign Investment in the United States (“CFIUS”), headed by the U.S. Department of the Treasury, through which an interagency review board evaluates the national security implications of certain foreign investments in the United States.  However, the proposed regulations grant the Secretary of Commerce even broader discretion in the review of covered transactions and provide parties less input and transparency than the CFIUS review process.  In addition, as described below, the proposed regulations do not create a formal CFIUS-type process of notifying proposed transactions to Commerce for review. 

Specifically, the proposed regulations authorize the Secretary of Commerce to conduct a case-by-case review of “transactions” involving information and communications technology and services.  Transactions are broadly defined as “any acquisition, importation, installation, dealing in, or use of any information and communications technology or service.”  The proposed regulations expressly acknowledge that the review process could potentially affect a large number of U.S. companies, as “a majority of entities today, large or small, utilize some manner of [information and communications technology or service].”

The proposed regulations direct the Secretary of Commerce, in conjunction with the Secretaries of the Treasury, State, and Defense and heads of other executive agencies, to evaluate transactions that meet the following criteria:

• The transaction is subject to the jurisdiction of the United States;
• The transaction involves any property in which any foreign country or a national thereof has an interest (including through an interest in a contract for the provision of the technology or service);
• The transaction was initiated, is pending, or will be completed after May 15, 2019, regardless of when any contract applicable to the transaction was entered into, dated, or signed;
• The transaction involves information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.

Foreign adversaries are not necessarily limited to countries that act against the interests of the United States.  Instead, a foreign adversary can include a foreign government or non-government person that has “engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.”  The proposed regulations do not yet identify any specific foreign adversaries, but companies on the Entity List like Huawei could certainly be classified as a foreign adversary in the future by the Secretary.   

Upon review, the Secretary of Commerce will determine whether a covered transaction poses a threat to U.S. telecommunications infrastructure or otherwise threatens the national security of the United States.  In making this determination, the Secretary of Commerce is directed to evaluate transactions on a “case-by-case basis.” 

The proposed Commerce review process can be initiated by Commerce itself, at the request of another executive agency, or based on information submitted to the Secretary by “credible” private parties.  Unlike CFIUS review, which is often initiated voluntarily and proactively by parties to a covered transaction and involves their participation, the proposed regulations do not on their face allow parties to actively seek approval of a transaction from Commerce.  It is not entirely clear, therefore, how Commerce will glean any level of certainty that transactions that it might wish to review will in fact come to its attention.  Indeed, Commerce’s proposed regulations could exclude parties to the transaction altogether, as the contemplated review process allows the agency to make a preliminary determination without any input from involved parties.  Only upon making a preliminary determination is Commerce required to provide written notice to the parties of the transaction, allowing the parties an opportunity to submit opposition to the determination or propose mitigation measures. 

Following the preliminary determination and comments from the affected parties, the Secretary will make a final determination as to whether a transaction poses an unacceptable risk to U.S. telecommunications infrastructure and national security.  The proposed rules allow the Secretary to authorize the transaction, propose mitigation measures, or prohibit the transaction altogether. 

Implications

The proposed rule provides a one-month public comment period, following which Commerce will issue a final rule.  Commerce has not specified in the proposed rule which entities or countries will be affected, nor how broadly Commerce will exercise the Secretary’s review authority.  Accordingly, U.S. telecommunications companies that rely on foreign hardware, software, or services, and other companies engaging in transactions potentially subject to Commerce’s review, should consider submitting comments for consideration when formulating the final rule.  Parties should also keep in mind that, as proposed, the rule would apply to transactions initiated, pending, or completed after May 15, 2019, regardless of when any contract applicable to the transaction was entered into, dated, or signed.  Thus, parties to transactions covered by the May 15, 2019, date should also consider how the regulations might apply to such transactions. Parties have until December 27, 2019, to submit comments. 

In particular, Commerce has solicited comments on (1) whether the Secretary should consider certain categorical exclusions from the review process; (2) whether the Secretary should consider specific mitigation measures; (3) how the Secretary should ensure compliance with agreed-upon mitigation measures; and (4) how broadly or narrowly to interpret the definition of “transaction” in the proposed regulations.  Notably, the request for comments imply that Commerce will not consider comments concerning which entities should qualify as a “foreign adversary;” instead, that determination remains within the discretion of the Executive branch.