Not Your Parents' IT: New Interim Rule to Scrutinize Acquisition of IT Products and Services from Foreign Adversaries
Client Alert | 2 min read | 01.19.21
Today, Commerce has published an interim final rule (IR) which, effective March 22, 2021, will implement the May 15, 2019 Executive Order 13873 that relied on the International Emergency Economic Powers Act (IEEPA) to authorize sweeping power to block or undo any transaction – including use, purchases or importation – of virtually any “information and communications technology or services [ICTS] designed, developed, manufactured, or supplied, by persons owned by, controlled by , or subject to the jurisdiction or direction of a foreign adversary.” The IR (15 C.F.R. Part 7) provides greater clarification than the November 27, 2019 proposed rule (discussed here), but fails to significantly reduce the breadth, ambiguity and uncertainty this new transaction review scheme will have on the global information technology supply chain. Some of the key elements of the IR are:
- Clarification that only transactions occurring after the effective date are covered but cautioning that any services (e.g., software updates and maintenance) received on or after the effective date would be a covered “ITCS Transaction.”
- An initial list of “foreign adversaries,” most significantly China (including Hong Kong) and Russia, whose technology or services (whether directly or indirectly obtained) can trigger a review and possible prohibition.
- A more specific description of the scope of “covered ICTS transactions” but still so broad as to capture virtually all information and communications technology (hardware and software) and services used in networks and cloud-based systems.
- Clarification that Commerce will not separately review ICTS transactions that the Committee on Foreign Investment in the U.S. (CFIUS) is actively reviewing or has reviewed under section 721 of the Defense Production Act, while cautioning that any ICTS transactions that were not part of the covered transaction reviewed by CFIUS remain subject to these new rules.
As true in the original proposed rule, there is no threshold for review of a covered ICTS transaction, and it can be commenced by the Secretary of Commerce at any time – even long after the transaction was consummated – upon receipt of information, whether from the parties to the transaction, competitors, public information or classified sources. The IR also provides the Secretary to compel production of records and testimony, under oath, in connection with its investigation of any transaction. Ultimately, the Secretary, in consultation with other specified agency heads, can prohibit a transaction or order that the transaction may only proceed subject to mitigation measures. Any failure to comply with the regulations or subsequent orders is subject to the fines and penalties available under IEEPA.
While the IR does not provide for advisory opinions, Commerce has promised to publish, at the same time the IR becomes effective, a licensing process (to become effective 60 days thereafter) to provide greater certainty with respect to proposed or pending ICTS transactions. Commerce is also accepting further comments on the IR during the 60 days before it becomes effective.
Insights
Client Alert | 6 min read | 07.30.25
The new EU “Pharma Package”: Global (Orphan) Marketing Authorization
In this fifth alert in our weekly series on the EU Pharma Package, we will delve into the global marketing authorization (GMA) concept which has largely remained untouched in the legislative proposal – aside from an important introduction of the notion of a GMA for orphan medicinal products. We will discuss the missed opportunity to codify existing case law and provide further clarification in this respect.
Client Alert | 4 min read | 07.29.25
Children first: How Ofcom’s Children’s code and age checks change the digital game
Client Alert | 3 min read | 07.29.25
Meet the New Nationwide Injunction. Same as the Old Nationwide Injunction.
Client Alert | 4 min read | 07.29.25