The U.S. Departments of Commerce and State Issue Proposed Rules Expanding Controls on Military and Security-Related Services, End Uses, and End Users

To curtail U.S. persons from supporting the efforts of adversarial regimes, such as China and Russia, in advancing their military and intelligence capabilities, the U.S. is proposing a significant expansion of export control rules. The proposed rules (1) revise and expand military, intelligence, and security end use and end user export controls; (2) impose corresponding controls on related U.S. person activities; (3) create export controls for certain facial recognition systems, software, and technology; and (4) impose changes related to defense services.

On July 29, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and the U.S. Department of State’s Directorate of Defense Trade Controls (“DDTC”) published complementary proposed rules to impose expanded controls related to military, intelligence, and security end uses and end users and related U.S. person activities, including defense services. BIS and DDTC are proposing these changes to advance U.S. national security and foreign policy interests. Companies have the opportunity to comment on the impact of these proposed rules, including any unintended consequences, by September 27, 2024.

BIS published two proposed rules amending the Export Administration Regulations (“EAR”) (89 Fed. Reg. 60985 and 89 Fed. Reg. 60998), which would expand the current scope of the military and military-intelligence end use and end user controls in EAR Part 744. The expanded rules would capture almost all U.S. origin goods and technology involving certain end users and end uses, as well as add new controls on military support and foreign security end users. Significantly, the proposed rules also would impose controls on U.S. persons providing “support” to these types of end users and military production activities. In addition, BIS proposes adding new controls on certain facial recognitions systems and related software and technology that would control those items for export, reexport, or transfer to all countries other than close allies of the United States.

DDTC concurrently published a proposed rule (89 Fed. Reg. 60980) revising the definition of defense services in the International Traffic in Arms Regulations (“ITAR”) to clarify the scope of the definition and enumerating certain controlled defense services related to the furnishing of intelligence and military assistance, regardless of whether a defense article is involved.

KEY QUESTIONS AND ANSWERS
  • What changes does BIS propose to the current military end use and end user controls? BIS proposes significantly expanding the military end use and end user control at EAR Section 744.21 to any item subject to the EAR, including non-controlled items designated as “EAR99.” Currently, for Burma, Cambodia, China, Nicaragua, and Venezuela, only certain identified items listed in Supplement No. 2 to Part 744 are captured by the control. As proposed by the amended rule, no person could export, reexport, or transfer (in-country) any item subject to the EAR with knowledge that it is intended, entirely or in part, for one of the following:
    • “military end use” that occurs in, or the product of the “military end use” is destined to, Macau or a destination included in Country Group D:5 (rather than only Belarus, Burma, Cambodia, China, Nicaragua, Russia or Venezuela);1 or
    • “military end user”, wherever located, of Macau or a destination included in Country Group D:5.

In addition, BIS proposes consolidating the definitions of “military end use” and “military end user” into a single paragraph and expanding the definition of “military end user” to include any person or entity performing the functions of a “military end user,” including mercenaries, paramilitary, or irregular forces. This expanded definition is intended to capture private companies, non-state actors, or parastatal entities that engage in combat or activities akin to traditional armed forces.

The proposed rule explains that as a result of these revisions, BIS would move all of the end users on the Military End User List in Supplement No. 4 to Part 744 to the Entity List with a license requirement for all items subject to the EAR. Russian or Belarusian “military end users” would be designated with a footnote 3 and other “military end users” would be designated with a footnote 5.

  • What changes does BIS propose to the current military-intelligence end use and end user controls? BIS proposes removing the existing Military-Intelligence End Use and End User rule from EAR Section 744.22 and adding a new Intelligence End User rule at EAR Section 744.24, which would have a significantly broader scope. The proposed rule would require a license for the export, reexport, or transfer (in-country) of the following:
    • all items subject to the EAR (including EAR99 items) with knowledge that such items are intended, entirely or in part for an “intelligence end user”, wherever located, that is from a destination in Country Groups D or E that are not also listed in Country Groups A:5 or A:6.2

The current Military-Intelligence End Use and End User rule at EAR Section 744.22 includes only Belarus, Burma, Cambodia, China, Russia, Venezuela, or destinations in Country Groups E:1 or E:2 (i.e., Cuba, Iran, North Korea, and Syria). In other words, the control will be expanded to essentially all destinations other than certain allies of the United States such as 5 Eyes Countries, EU, NATO, and certain other allies. For example, this means that all items subject to the EAR would now require a license to any intelligence end user and their contractors in the Gulf Cooperation Council states, such as Saudi Arabia and the UAE.

The proposed rule defines “intelligence end users” as (1) “foreign government intelligence, surveillance, or reconnaissance organizations or other entities performing functions on behalf of such organizations” or (2) persons or entities designated with a new footnote 7 on the Entity List. “Intelligence end users” would include entities performing intelligence functions such as planning and directing, processing and exploiting, analyzing and producing, disseminating and integration, surveilling, and evaluating and providing feedback.

  • What are the new end user controls proposed by BIS? The proposed rule would add two new categories of restricted end users to Part 774: “military support end users” and “foreign-security end users.”
    • Military Support End User: Under the proposed rule, a revised EAR Section 744.22 would control “military support end users” and define them as any person or entity whose actions or functions support a “military end use” (the definition of which remains substantively unchanged). Additionally, “military support end users” would include any person or entity designated with a new footnote 6 on the Entity List.
      • A license would be required to export, reexport, or transfer (in-country) any item subject to the EAR that isspecified on the Commerce Control List (“CCL”) when there is knowledge that the item is intended, entirely or in part, for a “military support end user” in Macau or a destination inCountry Group D:5, or wherever located if identified with a footnote 6 designation on the Entity List.
    • Foreign-Security End User: With the addition of a new EAR Section 744.25, the proposed rule would control “foreign-security end users” and define them as (1) governmental and other entities with the authority to arrest, detain, monitor, search, or use force in the furtherance of their official duties, (2) other persons or entities performing such functions, and may include analytic and data centers, forensic labs, detention facilities, labor camps, and reeducation facilities, or (3) an entity designated with a new footnote 8 on the Entity List.

The definition of “foreign security end user” would not include civilian emergency medical, firefighting, and search-and-rescue end users. In situations where such services are integrated into police units or departments, BIS explains that it would apply a case-by-case license application review policy to ensure that the export, reexport, or transfer (in-country) of items necessary to protect lives is not disrupted. If a person or entity satisfies this definition but is integrated into or organized under the military of a listed country, then the “military end user” controls would apply.

A license would be required to export, reexport, or transfer (in-country) any item subject to the EAR that is specified on the CCL when there is knowledge that the item is intended, entirely or in part, for a “military support end user” of Macau or a destination in Country Groups D:5 or E.

  • How has BIS proposed expanding controls on the activities of U.S. persons? Concurrently with the above changes, BIS proposes expanding U.S. person controls in EAR Section 744.6 to cover U.S. person activities that support military, military support, intelligence, and foreign-security end users, as described above, as well as a new control for “support” of “military-production activities.” These controls would apply whether or not the U.S. person is exporting, reexporting, or transferring anything subject to the EAR in support of these activities.

In summary, a license would be required for a U.S. person to “support” the following:

    • A “military end user” in or from Macau or a destination in Country Group D:5, including but not limited to, “military end users” designated with the new footnote 3 or 5 on the Entity List;
      • For example, based on the definition of “support” described below, this would include activities to facilitate a “military end user’s” acquisition of a foreign origin item, or to perform basic repair and maintenance on items owned or employed by a “military end user.”
    • A “military support end user” designated with the new footnote 6 on the Entity List;
    • A “foreign-security end user” designated with the new footnote 8 on the Entity List;
    • “Military production activities” when such activity occurs in, or the product of such activity is destined to, Macau or a destination in Country Group D:5; or
      • A military production activity means incorporation into, or any activity that supports or contributes to operation, installation, maintenance, repair, overhaul, refurbishing, development, or production of (1) a “600-series” item, including foreign-origin items not subject to the EAR, or (2) any other item described on the CCL or designated as EAR99, including foreign-origin items not subject to the EAR, where there is knowledge that the item is ultimately destined to or for use by a “military end user.”
      • For example, this would include assisting a defense contractor in a targeted country develop, produce, or install a foreign origin item that would be controlled as a 600-series item if it were subject to the EAR.
    • An “intelligence end user,” wherever located, from a destination in Country Group D or E, but not also listed in A:5 or A:6, including but not limited to, such end users designated with the new footnote 7 on the Entity List.

The definition of “support” would be moved to a new subparagraph in EAR Section 744.6 and remain substantively unchanged. “Support” includes:

    • Shipping or transmitting from one foreign country to another foreign country, or transferring in-country, any item not subject to the EAR with knowledge that it will be used in or by any of the above-described end uses or end users, including the sending or taking of such item to or from foreign countries in any manner;
    • Transferring (in-country) any item not subject to the EAR with knowledge that the item will be used in or by any of the above-described end uses or end users;
    • Facilitating such shipment, transmission, or in-country transfer; or
    • Performing any contract, service, or employment with knowledge that it may assist or benefit any of the above-described end uses or end users, including, but not limited to, ordering, buying, removing, concealing, storing, using, selling, loaning, disposing, servicing, financing, transporting, freight forwarding, or conducting negotiations to facilitate such activities.

However, BIS proposes to exclude the following activities from the definition:

    • Activities not subject to the EAR pursuant to Section 734.3(b), such as activities relating to published information or information arising from fundamental research;
    • Activities related to items enumerated on the USML or on the United States Munitions Import List (“USMIL”) (27 C.F.R. 447.21), to the extent such activities are subject to control under the ITAR;
    • Activities limited to administrative services, such as providing or arranging office space and equipment, hospitality, advertising, or clerical, visa, or translation services, collecting product and pricing information to prepare a response to a request for proposal, generally promoting company goodwill at trade shows, or activities by an attorney that are limited to the provision of legal advice;
    • Activities conducted for, or on behalf of, the U.S. Government; any U.S. Government cooperative program, project, agreement, or arrangement with a foreign government or international organization or agency; a U.S. Government foreign assistance or sales program, or an Acquisition and Cross Servicing Agreement that is executed at the direction of the U.S. Department of Defense; and
    • For the above-described end users, the proposed rule would further exclude commercial activities related to common carriers, consistent with exclusion for ITAR brokering activities, unless the U.S. person has knowledge that the activities are for a restricted end use or end user.
  • What is the proposed licensing policy for these new or revised controls in the EAR? The proposed rule would implement the following license review policies for applications submitted to BIS under the new or revised controls:
    • For military, military support, and intelligence end uses or users, BIS proposes a (1) policy of denial for Russia and Belarus, consistent with EAR Section 746.8(b)(2); (2) presumption of denial for Burma, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela; and (3) case-by-case review for all other applications.
    • For foreign security end users, BIS proposes a case-by-case review to determine whether there is an unacceptable risk of use in human rights violations or abuses. Applications for transactions that would pose such an unacceptable risk will be reviewed with a presumption of denial.
  • What new items are proposed to be controlled for export, reexport, or transfer pursuant to the EAR? BIS proposes adding new controls on facial recognition hardware, software, and technology. This is accomplished by adding certain “detection instruments and equipment and related ‘technology’ and ‘software’” in two amended Export Control Classification Numbers (“ECCNs”) on the CCL, e., 3A981 and 3D980, and controlling them for crime control policy reasons (CC, Column 1 controls). The language in ECCN 3E980, which controls technology specifically designed for the development, production, or use of commodities controlled by ECCNs 3A980 and 3A981, would remain unchanged but would be affected by changes to ECCN 3A981. This proposed control is intended to be narrowly tailored for systems specifically designed for mass surveillance and crowd scanning, not systems that merely restrict individual access to personal devices, automobiles, residential or work premises by verifying authorization.
  • What changes does DDTC propose with respect to defense services? DDTC proposes revising the definition of “defense services” at ITAR Section 120.32 by (1) reformatting the list of activities and (2) explicitly including “disabling” and “degradation” of defense articles in the current definition. In addition, DDTC proposes adding an enumerated list of defense services to USML Category IX related to the furnishing of intelligence and military assistance as described in new proposed paragraphs (s)(2) and (3). Notably, these controls apply regardless of whether a defense article is involved.
    • DDTC explained that the proposed changes affect the design and structure of the relevant provisions in the ITAR, which affect how the USML describes and controls activities falling under the definition of defense services.
    • DDTC further explained that the proposed changes better describe the scope of activities controlled under the definition of defense services. This includes adding “disabling” and “degradation” to the definition of defense services to clarify that cyber services or other activities that may disable or degrade a defense article but fall short of destruction are controlled as defense services.
    • Under the proposed rule, the new proposed USML Category IX subparagraphs (s)(2) and (3) operate as a “catch and release” control where an activity is broadly controlled but then certain specific activities are carved out from the control.
      • These paragraphs would control assistance, including training or consulting, to foreign governments, units, or forces, or their proxies or agents, that create, support, or improve:
        • intelligence activities, including through planning, conducting, leading, providing analysis for, participating in, evaluating, or otherwise consulting on such activities, for compensation; and
        • military or paramilitary organization or formation of forces; operations by planning, leading, or evaluating such operations; or capabilities through advice or training, including formal or informal instruction.
      • However, the proposed subparagraphs would not include:
        • furnishing of medical, translation, financial, insurance, legal, scheduling, administrative services or acting as a common carrier;
        • participation as a member of a regular military force of a foreign country by a U.S. person drafted into such a force; and
        • training and advice composed entirely of general scientific, mathematical, or engineering principals commonly taught in academia.
        • Intelligence activities also would not include (1) information technology services that support ordinary business activities not specific to a particular business sector, (2) lawful activity of U.S. local or federal law enforcement or intelligence agencies, or (3) the maintenance or repair of a commodity or software, which would already be regulated under the ITAR or EAR to destinations of concern.
CONCLUSION

The BIS and DDTC proposed rules would impose significant expansions on controls on U.S. person activities, as well as exports, reexport, or transfers to certain foreign military, intelligence, or security end uses and end users. Companies and individuals that would be impacted by these rules are encouraged to submit comments no later than September 27, 2024. Experienced counsel can be helpful in drafting and filing comments on behalf of clients.