Supply Chain Controls

Recent presidential actions have expanded the US government’s efforts to greatly increase its oversight of US supply chains in a number of key business sectors, including technology, telecommunications, digital and data services and network equipment manufacturing.  US business and foreign suppliers should understand their specific requirements to determine any potential impact on their operations.

The Federal Communications Commission (FCC) adopted new rules in 2022 prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States. These rules are implemented through the FCC Supplier’s Declaration of Conformity process and cover equipment produced by a number of Chinese suppliers. These rules follow earlier FCC rules that bar telecommunications carriers from using US government subsidy funds to purchase equipment and services from companies that pose a national security threat, including from a number of Chinese suppliers. In taking these actions, the FCC indicated that it was informed by a number of recent actions by other US government agencies and foreign government authorities that prohibited the use of certain products and services as a means to close potential security vulnerabilities in communications networks and their supply chains.

The US Department of Commerce has established a process that provides the Secretary of Commerce with the authority to review—and potentially block—the acquisition or purchase by US businesses of a wide variety of communications and information technology hardware and software products and services from foreign sources. 

New rules authorize the US Commerce Department, working in consultation with most of the CFIUS agencies and the Director of National Intelligence, to prohibit a range of telecommunications transactions involving any information and communications technology or service (ICTS) that is “designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” ICTS is defined as “any hardware, software, or other product or service, including cloud-computing services, primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means (including electromagnetic, magnetic, and photonic), including through transmission, storage, or display.” “Foreign adversary” is defined as “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.”  The Commerce Department regulations currently designate the following as foreign adversaries: The People's Republic of China, including the Hong Kong Special Administrative Region (China); Republic of Cuba (Cuba);  Islamic Republic of Iran (Iran); Democratic People's Republic of Korea (North Korea); Russian Federation (Russia); and  Venezuelan politician Nicolás Maduro (Maduro Regime). 

The review process can take up to 180 days, and longer if the Secretary determines that additional time is necessary.  The Commerce Department may take such action when it determines that telecommunications transactions involving persons and property subject to US jurisdiction pose “an undue risk of sabotage to US information and communications technology or services; an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or otherwise poses an unacceptable risk to the national security of the United States.” As with CFIUS and the Telecom Committee, the Commerce Department may negotiate measures to mitigate such concerns and take action to prohibit the offending transactions. 

How the National Security Regimes Interact

As noted in the section above on the Telecom Committee, it is clear the US government considers information and communications networks and infrastructure to be among the country’s most strategic assets. The ICTS rules specify that they do not apply to a transaction that CFIUS is actively reviewing or has reviewed. Both regimes, however, have the authority to condition approval of transactions on agreement by the parties to accept mitigation measures.