Proposed Rules Call for Significant Restrictions on Facial Recognition Technologies, Defense Services, U.S. Persons Activities, and New Classes of Foreign End-Users

Client Alert  |  August 13, 2024

The U.S. government recently proposed rules to significantly expand export control restrictions on items used to perpetuate human rights abuses and to target military, intelligence, and related end users acting contrary to U.S. national security interests. The extensive nature of these proposed restrictions will require many companies to implement enhanced compliance programs.

On July 25, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) and the U.S. Department of State announced three proposed rules to add new controls on specific items (including commodities, software, and technology), services, end uses, and end users.  Collectively, these rules propose significant restrictions on the export of items to many new classes of foreign end users in over 40 countries (in certain cases); impose additional restraints on the ability of U.S. persons to support foreign military, intelligence, and security end users; create new restrictions on facial recognition technology; and expand and refine the definition of “defense services” under the U.S. International Traffic in Arms Regulations (ITAR) to address concerns emanating from military, intelligence, and related end users, as well as to combat the use of certain items in perpetuating human rights abuses.

These proposed rules—published as three separate notices in the Federal Register[1]—build upon existing restrictions and, in part, implement provisions of the National Defense Authorization Act for Fiscal Year 2023 calling for prohibitions on U.S. persons assisting foreign military, security, and intelligence services that threaten national security interests and/or are complicit in human rights abuses.  The proposed rules present yet another example of the U.S.’s continued efforts “to put human rights at the center of [its] foreign policy”[2] as discussed in our recent client alert on the Export Controls and Human Rights Initiative Code of Conduct and 2023 Year-End Sanctions and Export Controls Update.

Importantly, the proposed rules do not immediately create any new obligations and may undergo additional changes following the public comment period, though companies should begin preparing now to enhance their compliance policies and procedures.  Comments on the proposed rules can be submitted directly to the relevant agency/department or at Regulations.gov until September 27, 2024.

Below we outline key provisions of the proposed rules and the changes they will bring to the U.S. Export Administration Regulations (EAR) administered by BIS and the ITAR administered by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC).

I. Proposed Revisions to the EAR Targeting Prohibited End Users and End Uses

The EAR currently restricts the export, reexport, or transfer (in-country) of items falling within its jurisdiction intended for certain end users or intended for certain end uses.  In certain instances, the EAR specifically identifies restricted parties on various lists, including, most prominently, the “Entity List.”[3]  In recent years, BIS has expanded the number of lists to which parties may be named and has named certain parties to the Entity List with footnote-specific designations to impose additional restrictions.  The number of disparate lists has led many in government and industry to call for a more streamlined approach.  The proposed rules from BIS appear to, in part, address this concern while also expanding restrictions to a broader range of end users.

These expanded controls will likely pose particular diligence challenges for companies that utilize distributors or resellers or who otherwise sell their goods indirectly to various end users in the identified jurisdictions.

A. Revised and Expanded Restrictions on “Military End User” and “Military End Uses” (15 C.F.R. § 744.21)

The EAR currently prohibits the export, reexport, or transfer of certain items subject to the EAR to Burma/Myanmar, Cambodia, China, Nicaragua, or Venezuela whenever the exporting party has “knowledge”[4] that the item is intended, entirely or in part, for “military end users” or for “military end uses” without a license from BIS.[5]  Such military end user and end use restrictions apply to all items subject to the EAR when intended for such end users/end uses in Russia or Belarus (and to certain specifically-named Russian/Belarusian entities located outside of Russia or Belarus).

The proposed rules would dramatically expand these prohibitions to all items subject to the EAR (including lower-controlled EAR99 items) and to all countries specified in Country Group D:5[6] and Macau whenever the party has “knowledge” that the item is intended, in whole or in part, for a “military end user” or “military end use,” as the terms are newly defined.  Additionally, BIS would no longer list military end users on the non-exhaustive Military End User (MEU) List currently included as Supplement 7 to Part 744.  Rather, such entities would be added to the Entity List with either a footnote 3 (for Russia/Belarus military end users subject to additional restrictions) or footnote 5 designation (for all other military end users).

The definition of “military end users” would be redefined to focus specifically on traditional and non-traditional military actors.  National police, government intelligence, and reconnaissance organizations included in the current definition of “military end users” would fall under other types of restricted end users outlined below.  Specifically, the term “military end user,” as proposed, would include the “national armed services (army, navy, marine, air force, or coast guard), the national guard, or any person or entity performing the functions of a ‘military end user,’ including mercenaries, paramilitary, or irregular forces.”  BIS makes clear that this definition is meant to include private companies and non-state actors that are akin to traditional armed forces.

Similarly, the definition of “military end use” would be modified slightly to apply to any item subject to the EAR (1) incorporated into a defense article described on the U.S. Munitions List (USML) outside of the United States, (2) incorporated into items classified under “600 series” Export Control Classification Numbers (ECCNs), or (3) that “supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘development,’ or ‘production,’ of defense articles described on the USML,” or items classified under “600 series” ECCNs.[7]  As written, these restrictions would extend to end uses involving defense articles and “600 series” foreign items that are not themselves subject to the EAR.

BIS will review related license applications with (1) a presumption of denial in connection with exports, reexports, or transfers to or within Burma/Myanmar, China, Cuba, Iran, Macau, Nicaragua, North Korea, Syria, and Venezuela and (2) under the license standard of review outlined in 15 C.F.R. § 746.8(b)(1) for Belarus and Russia—currently a policy of denial[8] for all items subject to the EAR, including for foreign-produced items subject to the EAR by application of the Russia/Belarus-Military End User Foreign Direct Product (FDP) rule.  A case-by-case review policy will apply to all other destinations, consistent with the standards of review outlined in 22 C.F.R. § 126.1 of the ITAR.

B. New Restrictions on “Military-Support End Users” (15 C.F.R. § 744.22)

The proposed rules create a new type of restricted end user known as a “military-support end user” defined as “any person or entity whose actions or functions support ‘military end uses,’” as defined above.  Entities that BIS proactively identifies as fulfilling this definition will be identified on the Entity List with a new footnote 6, though, importantly, this list is not exhaustive, and the restrictions apply even to entities not so designated.  Specifically, parties will be prohibited from exporting, reexporting, or transferring any items subject to the EAR and specified on the Commerce Control List (CCL)—i.e., those items described by an ECCN—to all countries specified in Country Group D:5[9] and Macau whenever the party has “knowledge” that the item is intended, entirely or in part, for a “military-support end user” without first obtaining a license from BIS (unless authorized under License Exception GOV for certain U.S. government activities).  Unlike the restrictions on military end users/end uses, however, the restriction targeting “military-support end users” does not apply to EAR99 items.  Thus, companies supplying non-EAR99 items will need to ensure proper diligence is conducted on entities that are military-adjacent or that are included in military supply chains (e.g., contractors, raw material providers, manufacturers) in the relevant jurisdictions.

BIS will review license applications with (1) a presumption of denial in connection with exports, reexports, or transfers to or within Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela and (2) under a policy of denial for Belarus and Russia (including for items covered by the Russia/Belarus-Military End User FDP rule).  License applications for all other destinations will be reviewed on a case-by-case basis review policy, consistent with the standards of review outlined in 22 C.F.R. § 126.1 of the ITAR.

C. Revised and Expanded Restrictions on “Intelligence End Users” (15 C.F.R. § 744.24)

Since 2021, the EAR has restricted the export, report, or transfer of items intended for certain “military-intelligence end users” or for “military-intelligence end uses.”  The due diligence required to verify whether certain end users/end uses meet these definitions has often proved difficult for industry, particularly in countries where the line between military intelligence and civilian government services is blurred.  Likely in part to address this issue, the proposed rule drops the “military” qualifier from the new restrictions and instead expands the applicable restrictions to both military and civilian intelligence end users.

Like the restrictions targeting “military-support end users” described above, the proposed rule prohibits parties from exporting, reexporting, or transferring any items subject to the EAR and specified on the CCL (i.e., all non-EAR99 items that are subject to the EAR) whenever the party has “knowledge” that the item is intended, entirely or in part, for an “intelligence end user” without first obtaining a license from BIS (unless authorized under License Exception GOV for certain U.S. government activities).  The new “intelligence end user” definition includes “foreign government intelligence, surveillance, or reconnaissance organizations or other entities performing functions on behalf of such organizations.”  In the proposed rule, BIS makes clear the intended breadth of this restriction, noting that “entities performing intelligence functions such as planning and directing, processing and exploiting, analyzing and producing, disseminating and integrating, surveilling, and evaluating and providing feedback” would fall within the new definition.  Entities meeting the proposed definition will be identified on the Entity List with a new footnote 7 designation, though BIS makes clear this list is not exhaustive, and the restrictions apply even to entities not so designated.

Unlike other types of restricted end users discussed previously, the geographic scope of the proposed “intelligence end user” restriction is much broader and includes “intelligence end users,” from over 40 destinations included in Country Group D or E, that are not also listed in Country Group A:5 or A:6, wherever such entities may be located.[10]  For example, if an intelligence end user from China (a Country Group D country) were located in the United Kingdom (a Country Group A and B country), the restriction would still apply.

As with the restrictions targeting “military-support” end users, BIS will review license applications with a (1) presumption of denial in connection with exports, reexports, or transfers to or within Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela and (2) under a policy of denial for Belarus and Russia (including for items covered by the Russia/Belarus-Military End User FDP rule).  License applications for all other destinations will be reviewed on a case-by-case basis, consistent with the standards of review outlined in 22 C.F.R. § 126.1 of the ITAR.

D. New Restrictions on “Foreign-Security End Users” (15 C.F.R. § 744.25)

The proposed rules also create another new type of restricted end user known as a “foreign-security end user.”  Parties would be prohibited from exporting, reexporting, or transferring any items subject to the EAR and specified on the CCL (i.e., all non-EAR99 items) to all countries specified in Country Group D:5 or E whenever the party has “knowledge” that the item is intended, entirely or in part, for a “foreign-security end user” without first obtaining a license from BIS or unless authorized under certain provisions of License Exception GOV (applicable to certain U.S. and NATO activities).  “Foreign-security end users” are defined as:

  1. Governmental and other entities with the authority to arrest, detain, monitor, search, or use force in furtherance of their official duties, including persons or entities at all levels of the government police and security services from the national headquarters or the Ministry level, down to all subordinate agencies/bureaus (e.g., municipal, provincial, regional);
  2. Other persons or entities performing functions of a “foreign-security end user,” such as arrest, detention, monitoring, or search, and may include analytic and data centers (e.g., genomic data centers) forensic laboratories, jails, prisons, other detention facilities, labor camps, and reeducation facilities; or
  3. Entities designated with a footnote 8 designation on the Entity List.

While not as open-ended as some other restricted party definitions, the proposed definition of “foreign-security end user” will require parties to transactions to conduct sufficient due diligence on the nature of any potential end user to determine if the new restrictions will apply, as the definition includes many entities (e.g., forensic labs, certain data centers) that may appear at first glance merely civilian oriented.  BIS does, however, provide some helpful guidelines, adding in supplemental notes that the definition does not include “civilian emergency medical, firefighting, and search-and-rescue end users,” including in certain situations where such services are integrated into a single public safety department.  Importantly, when any end user otherwise fulfills the definition of a “military end user,” the more restrictive “military end user” prohibitions described above will apply.

BIS proposes to use an approach grounded in human rights in reviewing license applications, stating that all such applications will be assessed according to “whether there is an unacceptable risk of use in human rights violations or abuses.”  Cases posing such “unacceptable risk” will be subject to a policy of denial, though no additional information is provided for what metrics BIS will use to determine what constitutes “unacceptable.”  Considering human rights in license review policies would not be a novel approach for BIS.  In the context of items controlled for crime control purposes, BIS has historically treated license applications favorably “unless there is civil disorder in the country or region or unless there is a risk that the items will be used to violate or abuse human rights,” a restriction that is expressly designed “to deter human rights violations and abuses, distance the United States from such violations and abuses, and avoid contributing to civil disorder in a country or region.”[11]  In October 2020, BIS explicitly expanded this licensing policy beyond items controlled for crime control reasons to include those items controlled for any other reason (except for short supply reasons).[12]

E. “As Informed” Provisions

Finally, each of the proposed restrictions either maintains or includes an “as informed” provision, whereby BIS may inform individual parties individually or through separate notice in the Federal Register that a license requirement applies to specific end users.  Such provisions already exist in many parts of the EAR (including with respect to restrictions on the activities of U.S. persons discussed below) and allow BIS to move quickly in response to pressing national security concerns.  In recent years, such provisions were used to restrict the flow of semiconductors and associated items to certain end users in China prior to the release of more detailed regulations.

F. Overview of Proposed End User and End Use Restrictions

Below we provide a chart outlining the end users and end use restrictions contained in the proposed rules.

Table 1:

End User/ End Use

Proposed Definition

Restricted Jurisdictions

Restricted Items

License Exceptions

License Review

Military End Use (15 C.F.R. § 744.21)

Incorporation occurring outside the United States into a defense article described on the USML; incorporation into items classified under ECCNs under ‘‘600 series’’ ECCNs; or any item that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘‘development,’’ or ‘‘production,’’ of defense articles described on the USML, or items classified under ECCNs under ‘‘600 series’’ ECCNs.  See 15 C.F.R. § 772.1 for relevant definitions.

Occurs in, or the product of the “military end use” is destined to Macau or a country specified in Country Group D:5.

Any item subject to the EAR (including EAR99 items) wherever a party has “knowledge” of a restricted end use.

License Exception GOV (b)(2)

Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, Nicaragua, North Korea, Syria, and Venezuela.

Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule).

Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.

Military End User (15 C.F.R. § 744.21)

National armed services (army, navy, marine, air force, or coast guard), the national guard, or any person or entity performing the functions of a “military end user,” including mercenaries, paramilitary, or irregular forces (including those designated with footnotes 3 or 5 on the Entity List).

Macau; Country Group D:5 destinations.

Any item subject to the EAR (including EAR99 items) wherever a party has “knowledge” of a restricted end user.

License Exception GOV (b)(2)

Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, Nicaragua, North Korea, Syria, and Venezuela.

Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule).

Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.

Military-Support End User (15 C.F.R. § 744.22)

Any person or entity whose actions or functions support “military end uses” (including those designated with a footnote 6 on the Entity List).

Macau; Country Group D:5 destinations.

Any item subject to the EAR specified on the CCL wherever a party has “knowledge” of a restricted end user.

License Exception GOV (b)(2)

Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela.

Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule).

Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.

Intelligence End User (15 C.F.R. § 744.24)

Any foreign government intelligence, surveillance, or reconnaissance organizations or other entities performing functions on behalf of such organizations (including those designated with a footnote 7 on the Entity List).

Country Groups D and E, excluding Israel and Taiwan.

Any item subject to the EAR (including EAR99 items) wherever a party has “knowledge” of a restricted end user.

License Exception GOV (b)(2)

Presumption of Denial: Burma/Myanmar, China, Cuba, Iran, Macau, North Korea, Syria, and Venezuela.

Policy of Denial: Belarus and Russia (including items subject to the Russia/Belarus-Military End User FDP Rule).

Case-by-case: All other destinations, consistent with § 126.1 of the ITAR.

Foreign-Security End User (15 C.F.R. § 744.25)

Any of the following:

(1) Governmental and other entities with the authority to arrest, detain, monitor, search, or use force in furtherance of their official duties, including persons or entities at all levels of the government police and security services from the national headquarters or the Ministry level, down to all subordinate agencies/bureaus (e.g., municipal, provincial, regional);*

(2) Other persons or entities performing functions of a “foreign- security end user,” such as arrest, detention, monitoring, or search, and may include analytic and data centers (e.g., genomic data centers) forensic laboratories, jails, prisons, other detention facilities, labor camps, and reeducation facilities;* or

(3) Entities designated with a footnote 8 on the Entity List.

*Does not include civilian emergency medical, firefighting, and search-and-rescue end users.

Country Groups D:5 and E.

Any item subject to the EAR specified on the CCL wherever a party has “knowledge” of a restricted end user.

License Exception GOV (b)(2), (c)(2)

Case-by-case: All relevant destinations on the basis of whether there is an unacceptable risk of use in human rights violations or abuses, consistent with § 126.1 of the ITAR.

Applications for transactions that would pose such an unacceptable risk will be reviewed with a presumption of denial.

II. Proposed Revisions to the EAR Restricting U.S. Persons “Support” for Activities Contrary to U.S. National Security Interests (15 C.F.R. § 744.6)

In addition to restricting the flow of items subject to U.S. jurisdiction, BIS has long restricted the ability of “U.S. persons”[13] to support activities contrary to U.S. national security interests, even in the absence of items subject to the EAR.  The proposed rules aim to (1) clarify the types of “support” targeted by the current and proposed restrictions, (2) restrict the types of activities U.S. persons can provide to “military end users,” “intelligence end users,” and “foreign-security end users,” and (3) propose a new restriction on “military-production activities.”

Given the breadth of these new restrictions, many U.S. companies and non-U.S. companies with U.S. employees will likely need to expand and enhance their diligence efforts to better understand the nature of their end users, particularly in the case of companies that use a distributor or reseller model.  For example, cloud service providers—such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) providers—will need to carefully examine their due diligence procedures to ensure no U.S. persons are providing prohibited services or “support” to the restricted parties or otherwise related to the restricted activities outlined below, even when no items subject to the EAR are involved.

A. Revisions to Definition of “Support”

The EAR currently defines “support” is the context of U.S. person activities to include:

  • Shipping or transmitting from one foreign country to another foreign country any item not subject to the EAR a U.S. person knows will be used in or by any restricted end users or end uses as identified in 15 C.F.R. § 744.6(b)(1)-(5),[14] including the sending or taking of such item to or from foreign countries in any manner;
  • Transferring (in-country) any item not subject to the EAR a U.S. person knows will be used in or by any of the restricted end users or end uses as identified in 15 C.F.R. § 744.6(b)(1)-(5),
  • Facilitating such shipment, transmission, or transfer (in-country); or
  • Performing any contract, service, or employment a U.S. person knows may assist or benefit any of the restricted end users or end uses as identified in 15 C.F.R. § 744.6(b)(1)-(5), including, but not limited to: ordering, buying, removing, concealing, storing, using, selling, loaning, disposing, servicing, financing, transporting, freight forwarding, or conducting negotiations in furtherance of.[15]

The proposed rules would clarify and make explicit certain exclusions from these restrictions, consistent with BIS practice.  Specifically, the proposed rules would exclude from the definition of “support” the following:

  • Activities involving items described in 15 C.F.R. § 734.3(b) that are deemed not subject to the EAR (e.g., items regulated by other U.S. government agencies, published informational materials, certain other published information and software);
  • Activities related to items enumerated on the USML (including services) subject to the ITAR;
  • Activities limited to administrative services, such as providing or arranging office space and equipment, hospitality, advertising, or clerical, visa, or translation services, collecting product and pricing information to prepare a response to a request for proposal, generally promoting company goodwill at trade shows, or activities by an attorney that are limited to the provision of legal advice (providing the U.S. person does not undertake such activities with “knowledge” that any items provided will support restricted end users or activities); and
  • Certain activities conducted for, on behalf of, or in connection with the U.S. Government.

Additionally, the proposed rules would exclude “commercial activities related to the movement of goods by common carriers,” but only for prohibitions targeting U.S. person activities involving “military end users,” “military-production activities,” “intelligence end users,” or “foreign-security end users,” as described in detail below.

B. Restrictions on U.S. Person Activities Involving Restricted End Users

Most prominently, BIS proposes restrictions on U.S. person activities to match those restrictions targeting certain end users discussed in Section I above.  U.S. persons would be prohibited from providing support to “military end users,” “intelligence end users,” “foreign-security end users” and parties named to the Entity List with a footnote 6 designation (i.e., parties specifically designated as “military-support end users”).[16]  Importantly, the prohibitions on U.S. person support apply even when no items subject to the EAR are involved (provided one of the exclusions discussed in the previous section do not apply).  The same restrictions and licensing policies outlined in Table 1 above apply to the activities of U.S. persons when such activities involve the corresponding restricted end users.

C. Restrictions on Support for “Military-Production Activities”

U.S. persons are also restricted from supporting a new class of “military-production activities.”  BIS defines “military production activities” to include (1) activities supporting incorporation into or (2) any other activity that supports or contributes to the operation, installation, maintenance, repair, overhaul, refurbishing, ‘‘development,’’ or ‘‘production’’[17] of the following types of items:

  • ‘‘600 series’’ items, including foreign-origin items not subject to the EAR; or
  • Any other item that is either described on the CCL in other than a ‘‘600 series’’ ECCN, or designated EAR99, including foreign-origin items not subject to the EAR, when the U.S. person has knowledge that the item is ultimately destined to or for use by a “military end user.”

Notably, the restriction on supporting “military-production activities” includes services provided to private sector companies involved in military production such as contractors.  Specific examples of covered activities provided by BIS in the relevant proposed rule include:

  • Assisting a defense contractor in a targeted country in producing an ECCN 0A606.a armored vehicle;
  • Assisting a defense contractor in a targeted country in installing an ECCN 8A002.g light system in an ECCN 8A620.a submersible vessel; and
  • Assisting an electronics company in a targeted country in developing ECCN 3A001 integrated circuits that have been ordered by the armed services of a targeted country.

Importantly, this restriction is only applicable to U.S. person activities that occur in or that result in a product intended for a country in country Group D:5 or Macau, thus tracking the same geographic scope as the restrictions targeting “military-support end users” discussed in Section I.

D. General Order 6 and Related Exclusions

In an attempt to clearly delineate between the parameters of the EAR and ITAR, the proposed rules include the addition of General Order 6 clarifying that the U.S. person restrictions of 15 C.F.R. § 744.6 do not restrict activities “when required for the performance of defense services subject to control under the ITAR” and authorized by DDTC.  This provision is meant to eliminate perceived overlapping licensing requirements and to ensure that the relevant provisions of the EAR and ITAR work in concert to achieve national security priorities.

Relatedly, the “support” prohibitions discussed in 15 C.F.R. § 744.6 do not extend to the performance of official duties in furtherance of a U.S. Government program (including duties performed by “contract support personnel” in certain circumstances) and do not themselves prevent U.S. persons from serving in foreign military force or paramilitary organizations (though restrictions under other U.S. laws and regulations may apply).

III. Proposed Revisions to Control Facial Recognition Technology for Most Destinations

In addition to the end use / end user- and activity-based controls discussed above, BIS also proposes to add new item-based controls.  The proposed rules would amend ECCN 3A981 on the CCL to specifically include “facial recognition systems.”  Importantly, these controls would not apply to detection or authentication items (as opposed to identification items) or items that facilitate individual access to personal devices or facilities.  Additionally, new corresponding software controls in ECCN 3D980 would apply to software ‘‘specially designed’’ for the ‘‘development,’’ ‘‘production’’ or ‘‘use’’ of commodities controlled by 3A980 and 3A981 and software “specially designed’’ for the “analysis and matching of voice, fingerprints, or facial features for facial recognition,” excluding software “solely for person or object detection or for individual authentication to facilitate individual access to personal devices or facilities.”  These ECCNs, as well as ECCN 3E980 for corresponding technology, will remain controlled for crime control (column 1) purposes, thereby restricting the export, reexport, or transfer of such items to nearly all destinations other than certain European countries and U.S. allies (e.g., Australia, Canada, India, Japan, New Zealand, Türkiye, South Korea, and the United Kingdom).  As with the restrictions discussed above, these new item-based controls reflect the U.S. government’s growing concern that many U.S. dual-use items are being exploited abroad to perpetrate human rights abuses.

IV. Proposed Revisions to the ITAR to Refine and Expand Definition of “Defense Services”

In conjunction with the EAR revisions discussed above, DDTC has similarly proposed revisions to the ITAR to (1) clarify and arguably expand the definition of “defense services” in 22 C.F.R. § 120.32 and (2) implement new controls over defense services related to intelligence assistance and foreign military assistance services that do not necessarily involve military articles.

A. Revised Definition of Defense Services

DDTC proposes to reorganize and revise the definition of “defense services” to explicitly include consulting activities and activities meant to disable or degrade defense articles, as well as to provide examples to clarify the intended breadth of the definition.  Further, DDTC proposes to clarify that certain types of training and consulting provided to foreign persons—even in the absence of defense articles—are still restricted.

The proposed revised definition of “defense services” would include the following activities:

  • The furnishing of assistance, including training or consulting, to foreign persons in the development (including, e.g., design), production (including, e.g., engineering and manufacture), assembly, testing, repair, maintenance, modification, disabling, degradation, destruction, operation, processing, use, or demilitarization of a defense article; or
  • The furnishing of assistance, including training or consulting, to foreign persons, regardless of whether a defense article is involved, as described in USML Category IX(s)(2) or (3).

While DDTC frames these revisions as clarifications of existing coverage, parties should consider reviewing existing compliance policies to ensure alignment with the broad scope of activities that DDTC now explicitly considers “defense services.”

B. New Categories of Defense Services Added to Category IX of the USML (Military Training Equipment and Training)

The proposed rule also aims to replace existing controls on military training in USML Category IX(e)(3) with new controls under Category IX(s), which would correspond to the new definition of “defense services” and regulate certain military training activities even when no defense articles are involved.  Category IX(s)(2) would specifically address intelligence assistance services that were provided for compensation.  In the proposed rule, DDTC provides a non-exhaustive list of compensation types, including monetary payment, gifts, lodging, goods, services, political favors, and legislative or legal relief.  DDTC notes the compensation requirement is explicitly meant to exclude from the new controls the activities of hobbyists or persons casually commenting on open-source, publicly available information (e.g., satellite imagery relevant to the invasion of Ukraine).  Category IX(s)(3) would target military assistance services, even in the absence of defense articles.  Both categories include exceptions as outlined in Table 2 below.

Table 2:

Covered Activities

Exceptions

Proposed Category IX(s)(1)

Reserved for future regulations.

Reserved for future regulations.

Proposed Category IX(s)(2)

Assistance, including training or consulting, to a foreign government, unit, or force, or their proxy or agent, that creates, supports, or improves intelligence activities, including through planning, conducting, leading, providing analysis for, participating in, evaluating, or otherwise consulting on such activities, for compensation (unless an exception applies).
  • Furnishing of medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier;
  • Participation as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such a force;
  • Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities;
  • Information technology services that support ordinary business activities not specific to a particular business sector;
  • Any lawfully authorized investigative, protective, or intelligence activity of a law enforcement or intelligence agency of the United States or of a territory, possession, State, or District of the United States, including political subdivisions thereof; or
  • Maintenance or repair of a commodity or software.

Proposed Category IX(s)(3)

Assistance, including training or consulting, to a foreign government, unit, or force, or their proxy or agent, that creates, supports, or improves the following (unless an exception applies):

  • The organization or formation of military or paramilitary forces;
  • Military or paramilitary operations, by planning, leading, or evaluating such operations; or
  • Military or paramilitary capabilities through advice or training, including formal or informal instruction.
  • Furnishing of medical, translation, financial, insurance, legal, scheduling, or administrative services, or acting as a common carrier;
  • Participation as a member of a regular military force of a foreign nation by a U.S. person who has been drafted into such a force;
  • Training and advice that is entirely composed of general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities.

V. Looking Forward

The proposed rules represent significant changes to U.S. export controls under both the EAR and ITAR, and companies should begin preparing now to address forthcoming compliance responsibilities.  Specific steps companies should consider taking include:

  • Provide Written Comments: As noted above, both BIS and the U.S. Department of State will accept written comments until September 27, 2024. Companies may provide comments directly to the relevant agency/department or at Regulations.gov.
  • Improve Human Rights Visibility and Awareness: As discussed in our prior client alert, companies should identify key personnel within their operations with responsibilities over human-rights related functions and engage with civil society to stay ahead of the enforcement curve.
  • Examine Restricted Party Screening Procedures: Companies should ensure they are adequately screening third parties (e.g., suppliers, distributors, customers) against all relevant restricted party lists to ensure prohibited transactions do not occur.
  • Review and Enhance End Party Due Diligence: In addition to conducting restricted party screening, companies will need to ensure transactions do not involve any categories of restricted end users or end uses, including entities not specifically named to the Entity List but that otherwise meet the requirements of restricted parties. In certain cases, companies may want to require End User Declarations from ultimate end users, as well as intermediate parties, to address diversion concerns.
  • Expand Scope of Due Diligence: Given the expanded geographic scope of the new end user and end use controls (in some cases to over 40 countries), companies will need to consider a greater number of jurisdictions for enhanced due diligence—especially for companies that utilize distributors or otherwise engage in indirect sales in these jurisdictions.
  • Update Compliance Terms in Transactional Documents: To address the proliferation of restricted end users and uses, companies may wish to revise contractual compliance terms, including to specifically require contracting parties to certify they are not providing items to restricted parties or for restricted end uses, provide for audit rights, and set forth consequences for non-compliance, including termination and indemnification. Companies should also educate their distributors and resellers on the new regulatory requirements and corresponding diligence required to remain compliant.  Further, companies should consider requiring distributors and resellers to include similar compliance requirements in transaction agreements (i.e., “flow down” provisions) with downstream customers (e.g., end users, intermediate consignees).
  • Flag Sensitive Transactions: Companies should review and identify transactions that may involve prohibited end users and/or end uses or unauthorized defense services. Companies should proactively develop or update compliance plans to identify and prevent such restricted transactions.  In some cases, companies may need to acquire licenses from BIS or DDTC before proceeding with certain transactions.
  • Establish Guardrails for U.S. Person Activities: Even when companies are not otherwise subject to U.S. export controls, restrictions can still apply to their U.S. person employees. Companies should identify any activities that may implicate such restrictions and establish clear policies and procedures to minimize the likelihood of any violations.

[1] See International Traffic in Arms Regulations: Revisions to Definition and Controls Related to Defense Services, 89 Fed. Reg. 60,980 (July 29, 2024); End-Use and End-User Based Export Controls, Including U.S. Persons Activities Controls: Military and Intelligence End Uses and End Users, 89 Fed. Reg. 60,985 (July 29, 2024); Export Administration Regulations: Crime Controls and Expansion/Update of U.S. Persons Controls, 89 Fed. Reb.  60,998 (July 29, 2024).

[2] Press Release, Export Controls and Human Rights Initiative Code of Conduct Released at Summit for Democracy, U.S. Dep’t of State (Mar. 30, 2023), https://www.state.gov/export-controls-and-human-rights-initiative-code-of-conduct-released-at-the-summit-for-democracy/; Press Release, Biden Administration and International Partners Release Export Controls and Human Rights Initiative Code of Conduct, U.S. Dep’t of Commerce (Mar. 30, 2023), https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/3257-2023-03-30-bis-press-release-echri-code-of-conduct/file.

[3] See 15 C.F.R. § 744.16; 15 C.F.R. Part 744, Supplement No. 4.

[4] “Knowledge” is defined under the EAR to cover actual knowledge and an awareness of a high probability, which can be inferred from acts constituting willful blindness.  See 15 C.F.R. § 772.1.

[5] In certain cases, items may also be exported for certain U.S. government activities as outlined in License Exception GOV.  See 15 C.F.R. §§ 740.11, 744.21.

[6] Destinations listed in Country Group D:5 are those subject to a U.S. arms embargo and include Afghanistan, Belarus, Burma/Myanmar, Cambodia, Central African Republic, China, Cuba, Democratic Republic of Congo, Eritrea, Haiti, Iran, Iraq, North Korea, Lebanon, Libya, Nicaragua, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe.  See 15 C.F.R. Part 740, Supplement No. 1.

[7] The terms “600 series,” “development,” and “production” are specifically defined in 15 C.F.R. § 772.1.

[8] While a “presumption of denial” licensing policy means that a license may be granted in rare circumstances, a “policy of denial” is slightly more restrictive and implies that a license will not be granted by BIS in nearly all circumstances.

[9] See supra note 6.

[10] Destinations listed in Country Group D or E include Afghanistan, Armenia, Azerbaijan, Bahrain, Belarus, Burma/Myanmar, Cambodia, Central African Republic, China, Democratic Republic of Congo, Cuba, Egypt, Eritrea, Georgia, Haiti, Iran, Iraq, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Moldova, Mongolia, Nicaragua, North Korea, Oman, Pakistan, Qatar, Russia, Saudi Arabia, Somalia, South Sudan, Sudan, Syria, Tajikistan, Turkmenistan, United Arab Emirates, Uzbekistan, Venezuela, Vietnam, Yemen, and Zimbabwe.  See 15 C.F.R. Part 740, Supplement No. 1.  Currently only Israel and Taiwan fulfill the exception as destinations also included in Country Group A:6.

[11] Amendment to Licensing Policy for Items Controlled for Crime Control Reasons, 85 Fed. Reg. 63,007, 63,009 (Oct. 6, 2020) (emphasis added).

[12] Id.

[13] “U.S. person” is broadly defined to include citizens, permanent residents, and protected individuals (e.g., asylees) in the United States; any entity organized in the United States, including foreign branches; and any person located in the United States.  See 15 C.F.R. § 772.1.

[14] Currently, 15 C.F.R. § 744.6(b)(1)-(5) restricts certain U.S. person activities that provide “support” for nuclear explosive devices, “missiles,” chemical and biological weapons, certain chemical weapons precursors, “military-intelligence end users,” and “military-intelligence end uses.”  More detailed “support” restrictions related to the “development” and “production” of advanced-node integrated circuits and related items and semiconductor manufacturing equipment are outlined in 15 C.F.R. § 744.6(c)(2)-(3).

[15] See 15 C.F.R. § 744.6(b)(6).

[16] Importantly, the prohibition on U.S. person activities in “support” of footnote 6 entities is limited to only those entities explicitly designated as such and applies only to the items specified in the designated party’s entry on the Entity List.  In this manner, the restriction on U.S. person activities is narrower than the corresponding end user restrictions discussed in Section I above.

[17] See 15 C.F.R. § 772.1 for relevant definitions.

The following Gibson Dunn lawyers prepared this update: Mason Gauch, Hayley Lawrence, Chris Mullen, Stephenie Gosnell Handler, Adam M. Smith, Chris Timura, Samantha Sewall, Michelle Weinbaum, and David Wolber.

Gibson Dunn lawyers are monitoring the proposed changes to U.S. export control laws closely and are available to counsel clients regarding potential or ongoing transactions and other compliance or public policy concerns.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States:
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, [email protected])
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, [email protected])
David P. Burns – Washington, D.C. (+1 202.887.3786, [email protected])
Nicola T. Hanna – Los Angeles (+1 213.229.7269, [email protected])
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, [email protected])
Samantha Sewall – Washington, D.C. (+1 202.887.3509, [email protected])
Michelle A. Weinbaum – Washington, D.C. (+1 202.955.8274, [email protected])
Mason Gauch – Houston (+1 346.718.6723, [email protected])
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, [email protected])
Sarah L. Pongrace – New York (+1 212.351.3972, [email protected])
Anna Searcey – Washington, D.C. (+1 202.887.3655, [email protected])
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, [email protected])
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, [email protected])
Claire Yi – New York (+1 212.351.2603, [email protected])
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, [email protected])

Asia:
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, [email protected])
David A. Wolber – Hong Kong (+852 2214 3764, [email protected])
Fang Xue – Beijing (+86 10 6502 8687, [email protected])
Qi Yue – Beijing (+86 10 6502 8534, [email protected])
Dharak Bhavsar – Hong Kong (+852 2214 3755, [email protected])
Felicia Chen – Hong Kong (+852 2214 3728, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])

Europe:
Attila Borsos – Brussels (+32 2 554 72 10, [email protected])
Patrick Doris – London (+44 207 071 4276, [email protected])
Michelle M. Kirschner – London (+44 20 7071 4212, [email protected])
Penny Madden KC – London (+44 20 7071 4226, [email protected])
Irene Polieri – London (+44 20 7071 4199, [email protected])
Benno Schwarz – Munich (+49 89 189 33 110, [email protected])
Nikita Malevanny – Munich (+49 89 189 33 224, [email protected])
Melina Kronester – Munich (+49 89 189 33 225, [email protected])
Vanessa Ludwig – Frankfurt (+49 69 247 411 531, [email protected])

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.