Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs, 48134-48144 [2020-17223]

Agencies

• FEDERAL COMMUNICATIONS COMMISSION

[Federal Register Volume 85, Number 154 (Monday, August 10, 2020)]
[Proposed Rules]
[Pages 48134-48144]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-17223]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Parts 1 and 54

[WC Docket No. 18-89; FCC 20-99; FRS 16964]


Protecting Against National Security Threats to the 
Communications Supply Chain Through FCC Programs

AGENCY: Federal Communications Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In this document, the Federal Communications Commission 
(Commission) takes further steps to protect the nation's communications 
networks from potential security threats as the Commission integrates 
provisions of the recently enacted Secure and Trusted Communications 
Networks Act of 2019 (Secure Networks Act) into its existing supply 
chain rulemaking proceeding. The Commission seeks comment on proposals 
to implement further Congressional direction in the Secure Networks 
Act.

DATES: Comments are due on or before August 31, 2020, and reply 
comments are due on or before September 14, 2020.

ADDRESSES: Pursuant to Sec. Sec.  1.415 and 1.419 of the Commission's 
rules, 47 CFR 1.415, 1.419, interested parties may file comments and 
reply comments on or before the dates indicated on the first page of 
this document. Comments and reply comments may be filed using the 
Commission's Electronic Comment Filing System (ECFS). See Electronic 
Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998).
     Electronic Filers: Comments may be filed electronically 
using the internet by accessing the ECFS: https://www.fcc.gov/ecfs/.
     Paper Filers: Parties who choose to file by paper must 
file an original and one copy of each filing. If more than one docket 
or rulemaking number appears in the caption of this proceeding, filers 
must submit two additional copies for each additional docket or 
rulemaking number.
    Filings can be sent by hand or messenger delivery, by commercial

[[Page 48135]]

overnight courier, or by first-class or overnight U.S. Postal Service 
mail. All filings must be addressed to the Commission's Secretary, 
Office of the Secretary, Federal Communications Commission.
    [ssquf] Commercial overnight mail (other than U.S. Postal Service 
Express Mail and Priority Mail) must be sent to 9050 Junction Drive, 
Annapolis Junction, MD 20701.
    [ssquf] U.S. Postal Service first-class, Express, and Priority mail 
must be addressed to 445 12th Street SW, Washington, DC 20554.
    [ssquf] Effective March 19, 2020, and until further notice, the 
Commission no longer accepts any hand or messenger delivered filings. 
This is a temporary measure taken to help protect the health and safety 
of individuals, and to mitigate the transmission of COVID-19. See FCC 
Announces Closure of FCC Headquarters Open Window and Change in Hand-
Delivery Policy, Public Notice, DA 20-304 (March 19, 2020). https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand-delivery-policy.
    [ssquf] During the time the Commission's building is closed to the 
general public and until further notice, if more than one docket or 
rulemaking number appears in the caption of a proceeding, paper filers 
need not submit two additional copies for each additional docket or 
rulemaking number; an original and one copy are sufficient.
    Comments and reply comments must include a short and concise 
summary of the substantive arguments raised in the pleading. Comments 
and reply comments must also comply with Sec.  1.49 and all other 
applicable sections of the Commission's rules. The Commission directs 
all interested parties to include the name of the filing party and the 
date of the filing on each page of their comments and reply comments. 
All parties are encouraged to use a table of contents, regardless of 
the length of their submission. The Commission also strongly encourages 
parties to track the organization set forth in the Further Notice in 
order to facilitate its internal review process.
    People with Disabilities: To request materials in accessible 
formats for people with disabilities (braille, large print, electronic 
files, audio format), send an email to [email protected] or call the 
Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-
418-0432 (tty).

FOR FURTHER INFORMATION CONTACT: For further information, please 
contact Brian Cruikshank, Telecommunications Access Policy Division, 
Wireline Competition Bureau, at [email protected] or (202) 418-
7400.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Second 
Further Notice of Proposed Rulemaking (Further Notice) in WC Docket No. 
18-89, adopted July 16, 2020 and released July 17, 2020. Due to the 
COVID-19 pandemic, the Commission's headquarters will be closed to the 
general public until further notice. The full text of this document is 
available at the following internet address: https://www.fcc.gov/document/implementing-secure-networks-act-0. The Declaratory Ruling 
that was adopted concurrently with this Further Notice will be 
published elsewhere in the Federal Register.

I. Introduction

    1. America's communications networks have become the indispensable 
infrastructure of our economy and our everyday lives. The COVID-19 
pandemic has demonstrated as never before the importance of these 
networks for employment and economic opportunity, education, health 
care, social and civic engagement, and staying connected with family 
and friends. It is therefore imperative that the Commission safeguards 
this critical infrastructure from potential security threats.
    2. The Commission has taken a number of targeted steps in this 
regard. For example, in November 2019, the Commission prohibited the 
use of public funds from the Commission's Universal Service Fund (USF) 
to purchase or obtain any equipment or services produced or provided by 
companies posing a national security threat to the integrity of 
communications networks or the communications supply chain. The 
Commission also initially designated Huawei Technologies Company 
(Huawei) and ZTE Corporation (ZTE) as covered companies for purposes of 
this rule, and it established a process for designating additional 
covered companies in the future. Additionally, last month, the 
Commission's Public Safety and Homeland Security Bureau issued final 
designations of Huawei and ZTE as covered companies, thereby 
prohibiting the use of USF funds on equipment or services produced or 
provided by these two suppliers.
    3. The Commission takes further steps to protect the nation's 
communications networks from potential security threats as it 
integrates provisions of the recently enacted Secure Networks Act into 
the Commission's existing supply chain rulemaking proceeding. The 
Commission seeks comment on proposals to implement further 
Congressional direction in the Secure Networks Act.

II. Second Further Notice of Proposed Rulemaking

    4. The concurrently adopted Declaratory Ruling finds that the 2019 
Supply Chain Order, 85 FR 230, January 3, 2020, satisfies the Secure 
Networks Act's requirement that the Commission prohibit the use of 
funds for covered equipment and services. The Commission now seeks 
comment on sections 2, 3, 5, and 7 of the Secure Networks Act, 
including on how these provisions interact with our ongoing efforts to 
secure the communications supply chain. As required by section 2, the 
Commission proposes several processes by which to publish a list of 
covered communications equipment and services. Consistent with sections 
3, 5, and 7 of the Secure Networks Act, the Commission proposes to (1) 
ban the use of federal subsidies for any equipment or services on the 
new list of covered communications equipment and services; (2) require 
that all providers of advanced communications service report whether 
they use any covered communications equipment and services; and (3) 
establish regulations to prevent waste, fraud, and abuse in the 
proposed reimbursement program to remove, replace, and dispose of 
insecure equipment.
    5. After the Commission has adopted rules to further implement the 
Secure Networks Act, the Commission may prohibit the use of federal 
funds for potentially insecure communications equipment and services 
through two separate methods. First, pursuant to the 2019 Supply Chain 
Order and section 254 of the Communications Act, no USF funds may be 
used to purchase or maintain any equipment or services produced or 
provided by a covered company. Second, pursuant to the Secure Networks 
Act, providers of advanced communications service will be prohibited 
from using federal subsidies, including the USF, to purchase or 
maintain communications equipment and services listed pursuant to 
section 2. The Commission seeks comment on this view.
    6. As an initial matter, the Commission seeks comment on the 
definition of two terms used throughout the Secure Networks Act. 
Specifically, the Act's requirements apply to ``communications 
equipment or service'' and to providers of ``advanced communications 
service.'' The Act defines ``communications equipment or service'' as 
``any equipment or service

[[Page 48136]]

that is essential to the provision of advanced communications 
service.'' The Act defines ``advanced communications service'' in turn 
as the ``advanced telecommunications capability'' described in section 
706 of the Telecommunications Act of 1996, which encompasses ``high-
speed, switched, broadband telecommunications capability that enables 
users to originate and receive high-quality voice, data, graphics, and 
video telecommunications using any technology.''
    7. The Commission proposes to include within this definition of 
``communications equipment or service[s]'' all equipment or services 
used in fixed and mobile broadband networks, provided they include or 
use electronic components. The Commission believes that all equipment 
or services that include or use electronic components can be reasonably 
considered essential to broadband networks. Moreover, the presence of 
electronic components provides a bright-line rule that will ease 
regulatory compliance and administrability. The Commission seeks 
comment on this interpretation.
    8. The Commission also proposes to include within the definition of 
``advanced communications service'' any connection at least 200 kbps in 
either direction. Such a reading is consistent with the Commission's 
historic interpretation of section 706 of the Telecommunications Act 
and the requirements that the Commission has imposed on providers of 
advanced telecommunications capability for purposes of reporting their 
broadband deployments. The Commission thus believes its consistent with 
congressional intent to capture the same pool of facilities-based 
providers who are currently required to report broadband deployment to 
comply with the requirements of the Secure Networks Act.
    9. The Commission recognizes the greater than 200 kbps reporting 
threshold reflects historical considerations as to speeds needed to 
provide advanced telecommunications capability. The Commission has 
since determined, with advancements in technology, that fixed services 
with download speeds of at least 25 Megabits per second (Mbps) and 
upload speeds of at least 3 Mbps ``meet the statutory definition of 
advanced telecommunications capability.'' For mobile services, the 
Commission evaluates deployment using ``multiple metrics instead of 
relying on a single benchmark,'' starting first ``where service 
providers claim a minimum advertised speed of 5/1 Mbps.'' However, 
importing a narrower definition of advanced communications service 
could leave insecure equipment in our nation's interconnected broadband 
networks even though it has been determined to pose a threat to 
national security. The Commission seeks comment on this interpretation 
and any alternatives.
    10. Section 2(a) of the Secure Networks Act directs the Commission 
to publish, no later than one year after enactment, a list of covered 
communications equipment and services (Covered List). The remainder of 
section 2 lays out how the Commission is to construct this list. First, 
the Commission ``shall place on the list any communications equipment 
or service that poses an unacceptable risk to the national security of 
the United States or the security and safety of United States persons 
based solely on'' a ``determination'' by other federal agencies or 
Congress, as outlined in section 2(c). Second, the Commission ``shall 
place'' on the Covered List ``any communications equipment or service'' 
``if, based exclusively on the determinations'' under section 2(c), 
``such equipment or service poses an unacceptable risk to the national 
security of the United States and the security and safety of United 
States persons'' and is ``capable'' of ``(A) routing or redirecting 
user data traffic or permitting visibility into any user data or 
packets that such equipment or service transmits or otherwise handles; 
(B) causing the network of a provider of advanced communications 
service to be disrupted remotely; or (C) otherwise posing an 
unacceptable risk to the national security of the United States or the 
security and safety of United States persons.'' Third, section 2(d) 
requires that the Commission ``shall periodically update the list 
published under subsection (a) to address changes in the 
determinations'' under section 2(c). The Commission seeks comment on 
each part in turn.
    11. Section 2(c) of the Secure Networks Act states that ``in taking 
action under subsection (b)(1), the Commission shall place'' on the 
Covered List ``any communications equipment or service that poses an 
unacceptable risk to the national security of the United States or the 
security and safety of United States persons based solely on one or 
more of the following determinations,'' and then lists four separate 
sources for such determinations. The Commission believes that the 
Secure Networks Act's use of the term ``shall'' provides the Commission 
no discretion to accept determinations from other sources not listed in 
the Secure Networks Act because the Commission must rely ``solely'' on 
one or more of the determinations listed in section 2(c) for the 
purposes of taking the steps required under section 2(b)(1) to compile 
the Covered List. The Commission seeks comment on this interpretation.
    12. The external determinations as to whether communications 
equipment or services pose ``an unacceptable risk to the national 
security of the United States and the security and safety of United 
States persons'' come from the following agencies or legislation, 
pursuant to section 2(c):

    (1) ``A specific determination made by any executive branch 
interagency body with appropriate national security expertise, 
including the Federal Acquisition Security Council'';
    (2) ``A specific determination made by the Department of 
Commerce pursuant to Executive Order No. 13873 . . . relating to 
securing the information and communications technology and services 
supply chain'';
    (3) ``The communications equipment or service being covered 
telecommunications equipment or services, as defined in section 
889(f)(3)'' of the 2019 NDAA; or
    (4) ``A specific determination made by an appropriate national 
security agency.''

    13. The Secure Networks Act defines ``executive branch interagency 
body'' as ``an interagency body established in the Executive Branch.'' 
One of these bodies is the Federal Acquisition Security Council, 
established by 41 U.S.C. 1322(a). The Federal Acquisition Security 
Council is tasked with developing criteria and processes for assessing 
threats and vulnerabilities to the supply chain posed by the 
acquisition of information technology. The Commission believes other 
executive agency bodies that could make determinations relevant to 
section 2(c) include the National Security Council, Homeland Security 
Council, Interagency Policy Committees, and other committees created 
for or chartered with a national security purpose. The Commission seeks 
comment on this view and asks if there are additional executive branch 
interagency bodies with appropriate national security expertise that 
can make the external determinations under section 2(c)(1). What role 
do the Committee on Foreign Investment in the United States (CFIUS) and 
Team Telecom have in this process? The Commission also seeks comment on 
the process and procedures it should use to incorporate executive 
branch interagency body determinations into the Covered List.

[[Page 48137]]

    14. Section 2(c) also requires the Commission to rely on 
determinations made by the Department of Commerce. Executive Order No. 
13873 grants the Secretary of Commerce the authority to prohibit any 
transaction of any information and communications technology or service 
where the Secretary, in consultation with other relevant agency heads, 
determines that the transaction: (i) Involves property in which a 
foreign country or national has an interest; (ii) includes information 
and communications technology or services designed, developed, 
manufactured, or supplied by persons owned by, controlled by, or 
subject to the jurisdiction or direction of a foreign adversary; and 
(iii) poses certain undue risks to the critical infrastructure or the 
digital economy in the United States or certain unacceptable risks to 
U.S. national security or U.S. persons. In November 2019, the 
Department of Commerce commenced a rulemaking to implement Executive 
Order No. 13873. The Commission seeks comment on the process and 
procedures it should use to incorporate Department of Commerce external 
determinations into the Covered List.
    15. The Commission is also required to incorporate into the Covered 
List equipment or services identified in section 889(f)(3) of the 2019 
NDAA. The Commission seeks comment on section 889(f)(3) generally and 
each of its subparts. Section 889(f)(3) of the 2019 NDAA defines 
``covered telecommunications equipment or services'' to include ``(A) 
telecommunications equipment produced by Huawei or ZTE; (B) for the 
purpose of public safety, security of government facilities, physical 
security surveillance of critical infrastructure, and other national 
security purposes, video surveillance and telecommunications equipment 
produced by Hytera Communications Corporation (Hytera), Hangzhou 
Hikvision Digital Technology Company (Hikvision), or Dahua Technology 
Company (Dahua); [and] (C) telecommunications or video surveillance 
services provided by such entities or using such equipment.'' 
Additionally, section 889(f)(3)(D) provides that covered 
telecommunications equipment or services includes 
``[t]elecommunications or video surveillance equipment or services 
produced or provided by an entity that the Department of Defense, in 
consultation with the Director of National Intelligence or the Director 
of the Federal Bureau of Investigation, reasonably believes to be an 
entity owned or controlled by, or otherwise connected to, the 
government of [the People's Republic of China].''
    16. The Commission seeks comment on how it must use section 
889(f)(3) of the 2019 NDAA to add communications equipment and services 
to the Covered List. The plain language of section 2(c) provides that 
because telecommunications equipment from Huawei and ZTE are covered in 
section 889(f)(3)(A) of the 2019 NDAA, such equipment poses an 
unacceptable threat to U.S. national security or the safety and 
security of U.S. persons. The Commission reads section 2(c) as 
providing that video surveillance and telecommunications equipment from 
Hytera, Hikvision, and Dahua, to the extent it is used for public 
safety or security, poses an unacceptable threat to U.S. national 
security or the safety and security of U.S. persons. And the Commission 
reads section 2(c) as saying that ``telecommunications or video 
surveillance services provided by'' Huawei, ZTE, Hytera, Hikvision, or 
Dahua--those entities listed earlier in the paragraph--as well as any 
``telecommunications or video surveillance services'' that use the 
equipment specified under subparagraphs (A) and (B) all pose an 
unacceptable threat to U.S. national security or the safety and 
security of U.S. persons. The Commission seeks comment on each of these 
interpretations. Does video surveillance equipment produced by Hytera, 
Hikvision, or Dahua or video surveillance service offered by Huawei, 
ZTE, Hytera, Hikvision, or Dahua qualify as ``communications equipment 
or service'' for the purposes of the Secure Networks Act? How should 
the Commission interpret section 889(f)(3)(D) and any subsequent 
designations made by the Department of Defense? What other 
considerations are relevant to its interpretation of section 889(f)(3)?
    17. The final potential source of an external determination in 
section 2(c) of the Secure Networks Act is an appropriate national 
security agency. Section 9(2) of the Secure Networks Act defines 
``appropriate national security agency'' as the Department of Homeland 
Security, the Department of Defense, the Office of the Director of 
National Intelligence, the National Security Agency, and the Federal 
Bureau of Investigation. Some of these agencies, such as the Department 
of Homeland Security, include sub-agencies that may be involved in 
national security determinations, such as the Cybersecurity and 
Infrastructure Security Agency. The Commission interprets the term 
``appropriate national security agency'' to include any determination 
by a sub-agency of the Department of Homeland Security, the Department 
of Defense, the Office of the Director of National Intelligence, the 
National Security Agency, and the Federal Bureau of Investigation, and 
seek comment on this interpretation. The Commission also seeks comment 
on the process and procedures it should use to incorporate their 
determinations into the Covered List.
    18. The Commission seeks comment on what constitutes a specific 
determination that triggers its obligations under section 2(b)(1). Do 
the entities listed in section 2(c) have different processes to 
identify the equipment and services that the Commission should publish 
as covered equipment? For example, the Federal Acquisition Security 
Council makes a confidential recommendation to the Secretary of 
Homeland Security, the Secretary of Defense, and the Director of 
National Intelligence, who then review the recommendation and decide 
whether or not to issue exclusion or removal orders. Should the 
Commission interpret the term ``specific determination'' broadly to 
ensure that any guidance or order from the entities listed in section 
2(c) can be incorporated into our list? How specific must these 
determinations be? Must external determinations list specific 
information, such as model numbers of equipment, or detailed 
descriptions of prohibited services that the external source determines 
poses an unacceptable national security risk, or will the external 
source identify classes or categories of equipment at a less granular 
level? If an external source declines to specify equipment or services, 
or classes or categories thereof but instead simply provides the name 
of an entity, would that qualify as a ``determination'' under section 
2(c)? Must a determination use the precise words of the statute (that 
certain ``communications equipment or service . . . poses an 
unacceptable risk to the national security of the United States or the 
security and safety of United States persons'') or should the 
Commission consider determinations that convey the same concept even if 
using different wording? Given the Commission's limited control over 
the format of a determination from an external source, what should the 
Commission do if it is unclear whether a particular decision by a 
section 2(c) source qualifies as a determination?
    19. Relatedly, the Commission seeks comment generally on the 
mechanics of

[[Page 48138]]

using these determinations to publish the Covered List. The Commission 
expects that any determinations covered under sections 2(c) will be 
publicly released by the original decisionmaker. If such a 
determination is public, the Commission does not believe it must issue 
any notice regarding their receipt of this determination. The 
Commission seeks comment on this understanding. Section 2(a) provides 
that the first Covered List must be published on the Commission's 
website no later than March 12, 2021. In order to meet this deadline, 
by what date does the Commission need to receive the external 
determinations? Should the Commission affirmatively solicit these 
determinations from other agencies and, if so, how? Are there any other 
procedures the Commission should consider to comply with section 2(c) 
of the Secure Networks Act?
    20. Section 2(b) of the Secure Networks Act states that the 
Commission ``shall place'' on the Covered List ``any communications 
equipment or service'' that (1) ``is produced or provided by any 
entity'' ``if, based exclusively on the determinations'' under section 
2(c), ``such equipment or service poses an unacceptable risk to the 
national security of the United States and the security and safety of 
United States persons'' and (2) is ``capable'' of ``(A) routing or 
redirecting user data traffic or permitting visibility into any user 
data or packets that such equipment or service transmits or otherwise 
handles; (B) causing the network of a provider of advanced 
communications service to be disrupted remotely; or (C) otherwise 
posing an unacceptable risk to the national security of the United 
States or the security and safety of United States persons.''
    21. The Commission starts with an observation: Specifically, if 
certain equipment or services have been found under section 2(c) to 
``pose[] an unacceptable risk to the national security of the United 
States and the security and safety of United States persons'' (and thus 
fulfills the section 2(b)(1) criterion), isn't such equipment or 
service necessarily ``capable'' of ``posing an unacceptable risk to the 
national security of the United States or the security and safety of 
United States persons'' (and thus fulfilling the section 2(b)(2) 
criterion)?
    22. The Commission resolves this potential for surplusage by 
recognizing that external determinations may be done at different 
levels of generality. For example, a section 2(c) source may determine 
a particular model of equipment (or a particular service) ``poses an 
unacceptable risk'' at a very granular level. In making such a 
determination, the Commission would expect the section 2(c) source to 
consider whether the particular model of equipment (or particular 
service) is ``capable'' of ``(A) routing or redirecting user data 
traffic or permitting visibility into any user data or packets that 
such equipment or service transmits or otherwise handles; (B) causing 
the network of a provider of advanced communications service to be 
disrupted remotely; or (C) otherwise posing an unacceptable risk to the 
national security of the United States or the security and safety of 
United States persons'' precisely because those are the types of 
consideration necessary to determine whether that particular equipment 
or service actually ``poses an unacceptable risk'' under the law. And 
so, in such a case, the Commission believes that the specific equipment 
or service must be placed on the Covered List because another agency 
has already concluded that the particular equipment or service poses an 
unacceptable national security risk (and thus it must be ``capable'' of 
posing such a risk under section 2(b)(2)(C) regardless of whether it 
also meets the section 2(b)(2)(A) or (B) criteria). Thus, the 
Commission's placement of the equipment or service on the Covered List 
in such a case is a non-discretionary, ministerial act. The Commission 
seeks comment on this view.
    23. In contrast, a section 2(c) source may determine that a broader 
class of equipment or services ``poses an unacceptable risk''--as 
section 889(f)(3)(A) of the 2019 NDAA does when it lists all 
``telecommunications equipment produced by Huawei or ZTE (or any 
subsidiary or affiliate of such entities).'' When an external source 
identifies classes or categories of equipment or services as part of 
its external determination, the Commission believes that the best 
reading of the Secure Networks Act is to apply the external 
determination to particular models of equipment or services in light of 
the section 2(b)(2) criteria. So in applying the general determination 
that telecommunications equipment from ZTE or Huawei poses an 
unacceptable risk to a particular piece of equipment, the Commission 
would look to whether that equipment is ``capable'' of ``(A) routing or 
redirecting user data traffic or permitting visibility into any user 
data or packets that such equipment or service transmits or otherwise 
handles; (B) causing the network of a provider of advanced 
communications service to be disrupted remotely; or (C) otherwise 
posing an unacceptable risk to the national security of the United 
States or the security and safety of United States persons.'' As such, 
the Covered List would include ``Telecommunications equipment produced 
by Huawei or ZTE that is capable of (A) routing or redirecting user 
data traffic or permitting visibility into any user data or packets 
that such equipment or service transmits or otherwise handles, (B) 
causing the networks of a provider or advanced communications service 
to be disrupted remotely, or (C) otherwise posing an unacceptable risk 
to the national security of the United States or the security and 
safety of United States persons.'' The Commission seeks comment on this 
proposal. In turn, the Commission seeks comment on how it should define 
``capable'' for purposes of section 2(b)(2) of the Secure Networks Act. 
The Commission believes ``capable'' should be read broadly, and 
equipment or services may be ``capable'' of fulfilling section 
2(b)(2)(A) or (B) even if they are not ordinarily used to perform the 
functions in 2(b)(2)(A) or (B), so long as they can possibly perform 
those functions. The Commission seeks comment on this view. How will 
interested parties determine whether specific equipment or services are 
capable of posing an unacceptable national security risk, pursuant to 
section 2(b)(2)(C)?
    24. The Commission seeks comment on alternatives to its lead 
proposal. For example, once the Commission receives an external 
determination that communications equipment or services pose an 
unacceptable security risk, should the Commission conduct an 
independent analysis of the capabilities of each specific piece of 
communications equipment or services before including it on the Covered 
List? If so, could the Commission permissibly find that equipment is 
not ``capable'' of posing an unacceptable risk even if it must 
``exclusively'' rely on a section 2(c) source to determine that it does 
actually pose such a risk? Must the Commission identify the specific 
capability from section 2(b)(2)(A)-(C) that warrants inclusion on the 
Covered List for every piece of communications equipment and service? 
Is such an analysis of each and every piece of equipment included in a 
section 2(c) determination even possible in light of the one-year 
deadline for creating such a list? Even if such an analysis could be 
done, would a particularized Covered List be easily evaded given how 
frequently communications equipment is updated? Are there best 
practices for producing a detailed list that is

[[Page 48139]]

informative and easy to consult and understand? What would be the 
administrative burden of an equipment-by-equipment determination under 
section 2(b)(2), and do any benefits of such an approach outweigh the 
burdens of the slower process of identifying covered equipment and 
services? The Commission seeks comment on other potential methods of 
interpreting and complying with section 2 of the Secure Networks Act 
and their costs and benefits.
    25. Finally, regardless of how the Commission interprets the 
interplay of section 2(b)'s various provisions, it seeks comment on the 
process for allowing interested parties to clarify whether a specific 
piece of communications equipment or a specific service is on the 
Covered List. What is the best method for allowing the interested party 
to seek clarity? For example, the Commission's rules provide for 
declaratory rulings to remove uncertainty. How can the Commission 
provide interested parties adequate opportunities to demonstrate that 
specific equipment or services are or are not included on the Covered 
List while meeting its obligations under the Secure Networks Act?
    26. Section 2(d) of the Secure Networks Act sets out certain 
requirements for the Commission to maintain the Covered List. Section 
2(d)(1) requires the Commission to update the Covered List 
``periodically'' to address changes in the determinations made by other 
governmental agencies. The Commission must monitor the Covered List to 
add additional communications equipment or services or remove equipment 
or services if the basis for its inclusion no longer exists. For each 
12-month period during which the Covered List is not updated, the 
Commission must notify the public that no updates were necessary to 
protect national security or to address changes in existing 
determinations. The Commission reads the language of section 2(d) to be 
mandatory--precluding it from altering the list beyond the specific 
updates (all tied to changes in section 2(c) determinations) required 
by its terms. The Commission seeks comment on this interpretation. The 
Commission also seeks comment on the process to update and publish the 
Covered List and solicit ideas and best practices for ways to maintain 
the Covered List and keep it current and readily available.
    27. Consistent with the Secure Networks Act, which establishes no 
notice period before the publication of the Covered List, the 
Commission proposes to publish the Covered List without first seeking 
public comment on the contents. The Commission notes that section 2(d) 
uses mandatory language and thus does not appear to give the Commission 
discretion not to update the Covered List based on changes in 
determinations, and hence it would be unclear what purpose a notice 
period would serve. The Commission seeks comment on this proposal.
    28. In the concurrently adopted Declaratory Ruling, the Commission 
found that the prohibition adopted in Sec.  54.9 of the Commission's 
rules substantially implements the prohibition contained in section 3 
of the Secure Networks Act. That is, the Commission's current Sec.  
54.9 prohibition on spending USF funds, adopted pursuant to the 
Communications Act, broadly applies to all equipment and services 
produced or provided by entities designated as ``posing a national 
security threat.'' Section 3 of the Secure Networks Act, in comparison, 
applies to Federal programs subsidizing capital expenditures necessary 
for the provision of advanced communications service and more narrowly 
to covered communications equipment and services identified in the 
Covered List.
    29. The Commission proposes and seeks comment on the designation of 
covered communications equipment and services on the Covered List. If 
the Commission's proposal here is adopted, it would have two different 
designation processes, one for the designation of an entity, as 
currently provided by the Commission's rules and another, more targeted 
process, for the designation of specific communications equipment and 
services per section 2 of the Secure Networks Act. To accommodate this 
outcome, the Commission proposes a new rule, independent of the Sec.  
54.9 prohibition, that would prohibit, going forward, the use of 
federal subsidies made available through a program administered by the 
Commission to purchase, rent, lease, otherwise obtain, or maintain any 
covered communications equipment and services identified and published 
on the Covered List. The Commission proposes that the new prohibition 
on the use of USF funds pursuant to the Secure Networks Act would be 
effective 60 days after communications equipment or services are placed 
on the Covered List. The Commission seeks comment on this proposal, 
which tracks the text of section 3 of the Secure Networks Act and would 
more closely align the Commission's rules with the Secure Networks Act 
than currently provided for under Sec.  54.9.
    30. As discussed in the concurrently adopted Declaratory Ruling, 
the Commission reads the prohibition in section 3 as intending to apply 
to all universal service programs but not other Federal subsidy 
programs to the extent those programs may at times tangentially or 
indirectly involve expenditures related to the provision of advanced 
communications services. The Commission seeks comment on this proposal. 
The Commission believes that applying this prohibition to USF programs 
furthers its responsibility to ensure that public funds are not spent 
on equipment or services from companies that present a risk to the 
supply chain, whether that responsibility arises from its own statutory 
imperatives or from the Secure Networks Act. The prohibition would also 
apply to any other programs administered by the Commission that 
primarily support the provision of advanced communications services, as 
well as any future USF programs implemented by the Commission. The 
Commission seeks comment on this approach.
    31. The Commission seeks comment on how the proposed rule would 
affect multiyear contracts or contracts with voluntary extensions 
between fund recipients and companies producing or providing 
communications equipment or services posing a supply chain security 
risk, if any such contracts exist. The Commission specifically seeks 
comment on whether the Secure Networks Act, which states that the 
prohibition shall apply 60 days after the date on which it places a 
service or piece of equipment on the Covered List, permits the 
Commission to grandfather any such arrangements. If the Commission does 
grandfather contracts, should it only grandfather unexpired annual or 
multiyear contracts, or also grandfather one-year contracts with 
voluntary extensions? The Commission notes that in the 2019 Supply 
Chain Order, it declined to grandfather existing contracts, finding 
that ``[e]xempting existing multiyear contracts would negate the 
purpose behind its rule and allow federal funds to be used to 
perpetuate existing security risks to communications networks and the 
communications supply chain.'' To what extent would the Commission's 
adoption of the proposed rule trigger any change-of-law provisions?
    32. Are there other practical issues raised by the Commission's 
proposals that it should address in implementing this proposed rule? 
Would section 3, any other section of the Secure Networks Act, or the 
Secure Networks

[[Page 48140]]

Act as a whole provide us independent authority to require ETCs or 
other providers to remove and replace equipment on the Covered List?
    33. Section 5 of the Secure Networks Act requires each ``provider 
of advanced communications service'' to report annually, ``in a form to 
be determined by the Commission,'' if it has ``purchased, rented, 
leased, or otherwise obtained any covered communications equipment or 
service.'' All covered communications equipment or services on the 
initial Covered List published under section 2(a) of the Secure 
Networks Act that was purchased, leased, or otherwise obtained by a 
provider on or after August 14, 2018 must be reported, and any 
additional covered equipment or services must be reported within 60 
days after the list is updated.
    34. The Secure Networks Act also requires providers to include ``a 
detailed justification'' for procuring such communications equipment or 
services, information about whether the equipment or service has 
subsequently been removed and replaced, and information about any plans 
for the continued purchase, rent, lease, installation, or use of such 
covered communications equipment or services. If a provider does not 
have any covered communications equipment or services in its network, 
then subsequent annual reports beyond an initial certification are not 
required unless subsequent purchases or other actions make the initial 
certification inaccurate.
    35. While the Commission recently conducted an information 
collection to better understand the extent of Huawei and ZTE equipment 
in our communications networks, it recognizes the annual reporting 
requirement contained in section 5 goes beyond the scope and frequency 
of that collection. The Commission limited the earlier collection 
requirement to ETCs, their subsidiaries, and their affiliates, but 
allowed service providers with pending ETC designations and others to 
participate on a voluntary basis. The type of information reported in 
the earlier collection did not track the requirements of section 5. For 
example, the earlier collection did not require any justification as to 
purchasing decisions. Accordingly, the collection would not satisfy 
section 5 of the Secure Networks Act absent significant modification.
    36. The Commission therefore proposes and seeks comment on a new 
information collection requirement to implement section 5. 
Specifically, the Commission proposes to require that all ``providers 
of advanced communications services'' must comply with the new 
reporting requirement contained in section 5 of the Secure Networks 
Act. The information contained in the report would generally encompass 
the requirements in section 5. Consistent with section 5, the 
Commission proposes to require that filers report the type, location, 
date obtained, and any removal and replacement plans of covered 
equipment and services in their network. Filers will also have to 
provide a ``detailed justification'' explaining why they obtained 
covered equipment or services. The Commission seeks comment on what the 
detailed justification should include and on these other proposals. Is 
there additional information the Commission should require, to be 
consistent with the Secure Networks Act's purpose and obligations, that 
would prove helpful in monitoring and assessing the presence and 
replacement of covered equipment and services? For example, would it be 
helpful to know the amount paid for the covered equipment and services 
or the supplier from whom the equipment was purchased? The Commission 
also seeks comment on how it could use the information it has already 
collected to reduce potentially duplicative reporting requirements for 
carriers.
    37. To what extent should the Commission make reported information 
publicly available or treat it as presumptively confidential and not 
subject to routine public inspection? Consistent with the 2019 Supply 
Chain Order, the Commission does not propose to treat as confidential 
whether a particular provider has covered equipment or services in its 
network. Moreover, because information on the magnitude of covered 
equipment and services among individual service providers would be of 
public interest, the Commission proposes to make such information 
publicly available. Provider-specific information on the location of 
covered equipment and services could raise security and confidentiality 
concerns. Accordingly, the Commission proposes to treat that specific 
information as presumptively confidential. The Commission seeks comment 
on these proposals and any alternative proposals.
    38. Section 7(a) requires the Commission to treat violations of the 
Secure Networks Act and violations of the regulations pursuant to that 
statute as violations of the Communications Act. Accordingly, the 
Commission would have authority to subject those found in violation of 
the Secure Networks Act to forfeitures as authorized under section 
503(b) of the Communications Act and Sec.  1.80 of the Commission's 
rules. Additional regulations to implement this particular provision 
appear unnecessary as there are already regulations governing 
Commission processes regarding forfeiture proceedings. The Commission 
seeks comment on the assumptions that it needs not propose any new 
procedural enforcement requirements associated with section 7(a) of the 
Secure Networks Act.
    39. Separately, section 7(b) requires the repayment of funds 
disbursed per the reimbursement program prescribed in section 4 of the 
Secure Networks Act by recipients if they are found to have violated 
section 4, the Commission's regulations promulgated pursuant to section 
4, or the ``commitments made by the recipient in the application for 
the reimbursement.'' Section 4 establishes the reimbursement program 
providers may use to help pay for the removal, replacement, and 
disposal of covered communications equipment and services. The statute 
further calls for the referral of such violations to ``all appropriate 
law enforcement agencies or officials for further action under 
applicable criminal and civil laws.'' The statute bars violators from 
further participation in the section 4 reimbursement program, and 
violators may be barred from participating in other Commission 
programs, ``including the Federal universal service support programs.'' 
Before requiring repayment and triggering the additional penalty 
actions, the Commission must first give alleged violators notice and a 
180-day opportunity to cure the violation. The Commission proposes to 
adopt regulations tracking the language contained in section 7 and seek 
comment on this proposal.
    40. The Commission is also required by section 7(c) to 
``immediately take action to recover all reimbursement funds awarded'' 
when a recipient is required to repay reimbursement under section 
7(b)(1)(A) due to a violation. The Commission proposes to initiate such 
action by sending a request for repayment to the recipient immediately 
following the expiration of the opportunity to cure where the recipient 
does not respond to the notice of violation required by section 
7(b)(2). If the alleged violator does respond to the notice but is 
ultimately determined by the Commission to have not cured the 
violation, the Commission will then request repayment following that 
determination. What additional clarifications and/or rules are needed 
to implement these enforcement provisions?
    41. The proposals in the Further Notice generally reflect mandates 
from

[[Page 48141]]

the Secure Networks Act, and the Commission has no discretion to ignore 
such congressional direction. To the extent that the Commission seeks 
comment on multiple possible options to implement any given mandate, it 
urges commenters, where possible, to include an assessment of relative 
costs and benefits for competing options. The proposals in the Further 
Notice are intended to, consistent with the Secure Networks Act, 
identify and provide guidance on which communications equipment and 
services the Secure Networks Act prohibit the use of Federal subsidies 
to purchase or maintain. The Commission further seeks detailed comments 
on the costs of the proposals in the Further Notice. What are the 
upfront and recurring costs associated with each? How will these costs 
vary according to the size of the provider of advanced communications 
service? The Commission already completed an information collection to 
determine the costs to ETCs to remove and replace Huawei and ZTE 
equipment and services. How can the Commission best incorporate this 
information into its cost-benefit analysis? What are the expected costs 
and benefits associated with each of these proposals to providers, end 
users, and any other relevant parties? The Commission seeks comment, 
generally, on the impact the proposed rules will have on small 
businesses and steps it can take to mitigate the impact, if any, of 
these rules on those small businesses.

III. Procedural Matters

A. Paperwork Reduction Act Analysis

    42. This document contains proposed new information collection 
requirements. The Commission, as part of its continuing effort to 
reduce paperwork burdens, will invite the general public and the Office 
of Management and Budget (OMB) to comment on the information collection 
requirements contained in this document, as required by the Paperwork 
Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the 
Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 
U.S.C. 3506(c)(4), the Commission seeks specific comment on how it 
might further reduce the information collection burden for small 
business concerns with fewer than 25 employees.
    43. Ex Parte Presentations. This proceeding is a ``permit-but-
disclose'' proceeding in accordance with the Commission's ex parte 
rules. Persons making ex parte presentations must file a copy of any 
written presentation or a memorandum summarizing any oral presentation 
within two business days after the presentation (unless a different 
deadline applicable to the Sunshine period applies). Persons making 
oral ex parte presentations are reminded that memoranda summarizing the 
presentation must (1) list all persons attending or otherwise 
participating in the meeting at which the ex parte presentation was 
made, and (2) summarize all data presented and arguments made during 
the presentation. If the presentation consisted in whole or in part of 
the presentation of data or arguments already reflected in the 
presenter's written comments, memoranda, or other filings in the 
proceeding, the presenter may provide citations to such data or 
arguments in his or her prior comments, memoranda, or other filings 
(specifying the relevant page and/or paragraph numbers where such data 
or arguments can be found) in lieu of summarizing them in the 
memorandum. Documents shown or given to Commission staff during ex 
parte meetings are deemed to be written ex parte presentations and must 
be filed consistent with rule 1.1206(b). In proceedings governed by 
rule 1.49(f) or for which the Commission has made available a method of 
electronic filing, written ex parte presentations and memoranda 
summarizing oral ex parte presentations, and all attachments thereto, 
must be filed through the electronic comment filing system available 
for that proceeding, and must be filed in their native format (e.g., 
.doc, .xml, .ppt, searchable .pdf). Participants in this proceeding 
should familiarize themselves with the Commission's ex parte rules.
    44. As required by the Regulatory Flexibility Act of 1980, as 
amended (RFA), the Commission has prepared this Initial Regulatory 
Flexibility Analysis (IRFA) of the possible significant economic impact 
on a substantial number of small entities by the policies and rules 
proposed in the Further Notice. Written comments are requested on this 
IRFA. Comments must be identified as responses to the IRFA and must be 
filed by the deadlines for comments on the Further Notice provided on 
the first page of the item. The Commission will send a copy of the 
Further Notice, including this IRFA, to the Chief Counsel for Advocacy 
of the Small Business Administration (SBA). In addition, the Further 
Notice and IRFA (or summaries thereof) will be published in the Federal 
Register.
    45. Consistent with the Commission's obligation to be responsible 
stewards of the public funds used in the USF programs and increasing 
concern about ensuring communications supply chain integrity, the 
Further Notice proposes and seeks comment on rules to implement 
sections 2, 3, 5, and 7 of the Secure Networks Act and their 
applicability to the Commission's ongoing efforts to secure the 
communications supply chain.
    46. Specifically, the Commission proposes to establish the rules 
for the creation and maintenance of the Covered List, which will list 
communications equipment and services that providers of advanced 
communications services will be prohibited from using any Federal 
subsidy to purchase or maintain. The Commission also proposes to 
require advanced communications service providers to report their use 
of communications equipment and services published on the Covered List, 
and to adopt enforcement mechanisms the Commission may implement to as 
part of the reimbursement program established by section 4 of the 
Secure Networks Act.
    47. The RFA directs agencies to provide a description of and, where 
feasible, an estimate of the number of small entities that may be 
affected by the proposed rules, if adopted. The RFA generally defines 
the term ``small entity'' as having the same meaning as the terms 
``small business,'' ``small organization,'' and ``small governmental 
jurisdiction.'' In addition, the term ``small business'' has the same 
meaning as the term ``small business concern'' under the Small Business 
Act. A small business concern is one that: (1) Is independently owned 
and operated; (2) is not dominant in its field of operation; and (3) 
satisfies any additional criteria established by the Small SBA.
    48. Small Businesses, Small Organizations, Small Governmental 
Jurisdictions. The Commission's actions, over time, may affect small 
entities that are not easily categorized at present. The Commission 
therefore describes in this document, at the outset, three broad groups 
of small entities that could be directly affected herein. First, while 
there are industry specific size standards for small businesses that 
are used in the regulatory flexibility analysis, according to data from 
the SBA's Office of Advocacy, in general a small business is an 
independent business having fewer than 500 employees. These types of 
small businesses represent 99.9% of all businesses in the United States 
which translates to 28.8 million businesses.
    49. Next, the type of small entity described as a ``small 
organization'' is generally ``any not-for-profit enterprise which is 
independently owned and

[[Page 48142]]

operated and is not dominant in its field.'' Nationwide, as of Aug 
2016, there were approximately 356,494 small organizations based on 
registration and tax data filed by nonprofits with the Internal Revenue 
Service (IRS).
    50. Finally, the small entity described as a ``small governmental 
jurisdiction'' is defined generally as ``governments of cities, 
counties, towns, townships, villages, school districts, or special 
districts, with a population of less than fifty thousand.'' U.S. Census 
Bureau data from the 2017 Census of Governments indicate that there 
were 90,075 local governmental jurisdictions consisting of general 
purpose governments and special purpose governments in the United 
States. Of this number there were 36,931 general purpose governments 
(county, municipal and town or township) with populations of less than 
50,000 and 12,040 special purpose governments--independent school 
districts with enrollment populations of less than 50,000. Accordingly, 
based on the 2017 U.S. Census of Governments data, the Commission 
estimates that at least 48,971 entities fall into the category of 
``small governmental jurisdictions.''
    51. Small entities potentially affected by the proposals herein 
include eligible schools and libraries, eligible rural non-profit and 
public health care providers, and the eligible service providers 
offering them services, including telecommunications service providers, 
internet Service Providers (ISPs), and vendors of the services and 
equipment used for telecommunications and broadband networks.
    52. The Further Notice proposes rules that establish a Covered List 
of communications equipment and services that advanced communications 
providers are prohibited from using federal subsidies administered by 
the Commission to purchase or maintain. The Further Notice also 
proposes rules to create a reporting requirement for advanced 
communications providers to identify whether they use or maintain any 
equipment or services on the Covered List in their networks. The 
Commission seeks comment on this proposal, and its likely costs and 
benefits, as well as on alternative approaches and any other steps it 
should consider taking.
    53. The RFA requires an agency to describe any significant, 
specifically small business, alternatives that it has considered in 
reaching its proposed approach, which may include the following four 
alternatives (among others): ``(1) the establishment of differing 
compliance or reporting requirements or timetables that take into 
account the resources available to small entities; (2) the 
clarification, consolidation, or simplification of compliance and 
reporting requirements under the rule for such small entities; (3) the 
use of performance rather than design standards; and (4) an exemption 
from coverage of the rule, or any part thereof, for such small 
entities.''
    54. In compliance with the Secure Networks Act, the Further Notice 
specifically proposes to establish the Covered List, reporting 
requirements for advanced communications providers, and enforcement 
mechanisms for violations of the prohibition on the use of federal 
subsidies to purchase or maintain communications equipment and services 
on the Covered List.
    55. The Commission expects to take into account the economic impact 
on small entities, as identified in comments filed in response to the 
Further Notice and this IRFA, in reaching our final conclusions and 
promulgating rules in this proceeding. The Further Notice generally 
seeks comment on how to adopt enacted legislation that mandates action 
by the Commission and seeks specific comment on how to mitigate the 
impact on small entities.

IV. Ordering Clauses

    56. Accordingly, it is ordered that, pursuant to the authority 
contained in sections 4(i), 201(b), 214, 254, 303(r), 403, and 503 of 
the Communications Act of 1934, as amended, 47 U.S.C. 154(i), 201(b), 
214, 254, 303(r), 403 and 503, sections 2, 3, 5, and 7 of the Secure 
Networks Act, 47 U.S.C. 1601, 1602, 1604, and 1606, and Sec. Sec.  1.1 
and 1.412 of the Commission's rules, 47 CFR 1.1 and 1.412, the Further 
Notice is adopted.
    57. It is further ordered that the Further Notice will be effective 
upon publication in the Federal Register, with comment dates indicated 
therein.

List of Subjects

47 CFR Part 1

    Administrative practice and procedure, Civil rights, Claims, 
Communications, Communications common carriers, Communications 
equipment, Cuba, Drug abuse, Environmental impact statements, Equal 
access to justice, Equal employment opportunity, Federal buildings and 
facilities, Government employees, Historic preservation, Income taxes, 
Indemnity payments, Individuals with disabilities, internet, 
Investigations, Lawyers, Metric system, Penalties, Radio, Reporting and 
recordkeeping requirements, Security measures, Satellites, 
Telecommunications, Telephone, Television, Wages.

47 CFR Part 54

    Communications common carriers, Health facilities, Infants and 
children, internet, Libraries, Puerto Rico, Reporting and recordkeeping 
requirements, Schools, Telecommunications, Telephone, Virgin Islands.

Federal Communications Commission.
Cecilia Sigmund,
Federal Register Liaison Officer.

Proposed Rules

    For the reasons discussed in the preamble, the Federal 
Communications Commission proposes to amend 47 CFR parts 1 as follows:

PART 1--PRACTICE AND PROCEDURE

0
1. The authority citation for part 1 continues to read as follows:

    Authority: 47 U.S.C. chs. 2, 5, 9, 13; 28 U.S.C. 2461 note, 
unless otherwise noted.

0
2. Add Sec.  1.7004 to subpart V to read as follows:


Sec.  1.7004   Reports on covered communications equipment or services.

    (a) Scope. Each facilities-based provider of broadband connections 
to end users, as defined herein, shall submit an annual report to the 
Commission indicating whether the provider has purchased, rented, 
leased or otherwise obtained any covered communications equipment or 
service identified in the list published pursuant to Sec.  1.40002(b) 
of this chapter.
    (b) Definitions--(1) Broadband connection. A wired line, wireless 
channel, or satellite service that terminates at an end user location 
or mobile device and enables the end user to receive information from 
and/or send information to the internet at information transfer rates 
exceeding 200 kilobits per second (kbps) in at least one direction.
    (2) Facilities-based provider. An entity is a facilities-based 
provider of a service if it supplies such service using facilities that 
satisfy any of the following criteria:
    (i) Physical facilities that the entity owns and that terminate at 
the end-user premises;
    (ii) Facilities that the entity has obtained the right to use from 
other entities, such as dark fiber or satellite transponder capacity, 
as part of its own network, or has obtained;
    (iii) Unbundled network element (UNE) loops, special access lines, 
or other leased facilities that the entity uses to complete 
terminations to the end-user premises;

[[Page 48143]]

    (iv) Wireless spectrum for which the entity holds a license or that 
the entity manages or has obtained the right to use via a spectrum 
leasing arrangement or comparable arrangement pursuant to subpart X of 
this part (Sec. Sec.  1.9001-1.9080); or
    (v) Unlicensed spectrum.
    (3) End user. A residential, business, institutional, or government 
entity that subscribes to a service, uses that service for its own 
purposes, and does not resell that service to other entities.
    (c) Contents of report. Each facilities-based provider of broadband 
service must:
    (1) Identify any covered communications equipment or service that 
is purchased, rented, leased or otherwise obtained on or after:
    (i) August 14, 2018, in the case of any covered communications 
equipment or service on the initial list published pursuant to Sec.  
1.40002(b) of this chapter; or
    (ii) Within 60 days after the date on which the Commission places 
such equipment or service on the list required by Sec.  1.40002(b) of 
this chapter;
    (2) Provide details on the covered communications equipment or 
services in its network, including the type, location, date purchased, 
rented, leased or otherwise obtained, and any removal and replacement 
plans;
    (3) Provide a detailed justification as to why the facilities-based 
provider of broadband service purchased, rented, leased or otherwise 
obtained the covered communications equipment or service;
    (4) Provide information about whether any such covered 
communications equipment or service has subsequently been removed and 
replaced pursuant to Commission's reimbursement program contained in 47 
CFR part 54, subpart P;
    (5) Provide information about whether such provider plans to 
continue to purchase, rent, lease, or otherwise obtain, or install or 
use, such covered communications equipment or service and, if so, why; 
and
    (6) Include a certification as to the accuracy of the information 
reported by an appropriate official of the filer, along with the title 
of the certifying official.
    (d) Reporting deadline. Entities subject to this reporting 
requirement shall file initial reports within six months after the 
Office of Economics and Analytics issues a public notice announcing the 
availability of the new supply chain reporting platform. Thereafter, 
filers must submit reports once per year on or before June 30th, 
reporting information as of December 31st of the previous year.
    (e) Reporting exception. If a facilities-based provider of 
broadband service certifies to the Commission that such provider does 
not have any covered communications equipment or service in the network 
of such provider, such provider is not required to submit a report 
under this section after making such certification, unless such 
provider later purchases, rents, leases or otherwise obtains any 
covered communications equipment or service.
    (f) Authority to update. The Office of Economics and Analytics, in 
consultation with the Wireline Competition Bureau, the Wireless 
Telecommunications Bureau, the Public Safety and Homeland Security 
Bureau, and the International Bureau, may, consistent with these rules, 
implement any technical improvements, changes to the format and type of 
data submitted, or other clarifications to the report and its 
instructions.
0
3. Add subpart CC to read as follows:
Subpart CC--Secure and Trusted Communications Networks
Sec.
1.40000 Purpose.
1.40001 Definitions.
1.40002 Covered List.
1.40003 Updates to the Covered List.

Subpart CC--Secure and Trusted Communications Networks

    Authority: 47 U.S.C. chs. 5, 15.


Sec.  1.40000  Purpose.

    The purpose of this subpart is to set out the terms by which the 
Commission will publish and maintain the Covered List in accordance 
with the Secure and Trusted Communications Networks Act of 2019, Public 
Law 116-124, 133 Stat. 158.


Sec.  1.40001   Definitions.

    For purposes of this subpart:
    (a) Advanced communications service. The term ``advanced 
communications service'' means high-speed, switched, broadband 
telecommunications capability that enables users to originate and 
receive high-quality voice, data, graphics, and video 
telecommunications using any technology with connection speeds of at 
least 200 kbps in either direction.
    (b) Appropriate national security agency. The term ``appropriate 
national security agency'' means:
    (1) The Department of Homeland Security;
    (2) The Department of Defense;
    (3) The Office of the Director of National Intelligence;
    (4) The National Security Agency; and
    (5) The Federal Bureau of Investigation.
    (c) Communications equipment or service. The term ``communications 
equipment or service'' means any equipment or service that includes or 
uses electronic components that is essential to the provision of fixed 
or mobile advanced communications service with connection speeds of at 
least 200 kbps in either direction.
    (d) Covered communications equipment or service. The term ``covered 
communications equipment or service'' means any communications 
equipment or service that is on the Covered List found in Sec.  
1.40002.
    (e) External determinations. The term ``external determination'' 
means any determination from sources identified in Sec.  
1.40002(b)(1)(i) through (iv) that certain communications equipment or 
service poses an unacceptable risk to the national security of the 
United States or the security and safety of United States persons.
    (f) Covered List. The Covered List is a regularly updated list of 
covered communications equipment and services.


Sec.  1.40002   Covered List.

    (a) Publication of the Covered List. The Wireline Competition 
Bureau and the Public Safety and Homeland Security Bureaus shall 
publish the Covered List on the Commission's website. The Bureaus shall 
maintain the Covered List in accordance with Sec.  1.40003.
    (b) Inclusion on the Covered List. The Commission shall place on 
the Covered List any and all communications equipment and services 
that:
    (1) Is produced or provided by any entity if, based exclusively on 
the following determinations, such equipment or service produced or 
provided by such an entity poses an unacceptable risk to the national 
security of the United States or the security and safety of United 
States persons. The sources for these determinations are:
    (i) A specific determination made by any executive branch 
interagency body with appropriate national security expertise, 
including the Federal Acquisition Security Council established under 
section 1222(a) of title 41, United States Code;
    (ii) A specific determination made by the Department of Commerce 
pursuant to Executive Order No. 13873 (relating to securing the 
information and communications technology and services supply chain);
    (iii) Equipment or service being covered telecommunications 
equipment or services, as defined in section 889(f)(3) of the John S. 
McCain National

[[Page 48144]]

Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232; 132 
Stat. 1918); or
    (iv) A specific determination made by an appropriate national 
security agency.
    (2) And is capable of:
    (i) Routing or redirecting user data traffic or permitting 
visibility into any user data or packets that such equipment or service 
transmits or otherwise handles;
    (ii) Causing the networks of a provider of advanced communications 
services to be disrupted remotely; or
    (iii) Otherwise posing an unacceptable risk to the national 
security of the United States or the security and safety of United 
States persons.


Sec.  1.40003   Updates to the Covered List.

    (a) Consultation with External Sources. The Public Safety and 
Homeland Security Bureau shall monitor the status of external 
determinations in order to place additional communications equipment or 
services on the Covered List or to remove communications equipment and 
services from the Covered List.
    (b) External Determination Reversal. If an external determination 
regarding communications equipment or service on the Covered List is 
reversed, the Commission shall remove such equipment or service from 
the Covered List, except the Commission may not remove such equipment 
or service if any other of the sources identified in Sec.  
1.40002(b)(1)(i) through (iv) maintains an external determination 
supporting inclusion on the Covered List of such equipment or service.

PART 54--UNIVERSAL SERVICE

0
4. The authority citation for part 54 is revised to read as follows:

    Authority:  47 U.S.C. 151, 154(i), 155, 201, 205, 214, 219, 220, 
229, 254, 303(r), 403, 1004, 1302, and 1601-1609, unless otherwise 
noted.

0
5. Add Sec.  54.10 to subpart A to read as follows:


Sec.  54.10  Prohibition on use of certain Federal subsidies.

    (a) A Federal subsidy made available through a program administered 
by the Commission that provides funds to be used for the capital 
expenditures necessary for the provision of advanced communications 
service may not be used to:
    (1) Purchase, rent, lease, or otherwise obtain any covered 
communications equipment or service; or
    (2) Maintain any covered communications equipment or service 
previously purchased, rented, leased, or otherwise obtained.
    (b) The term ``covered communications equipment or service'' is 
defined in Sec.  1.40001(c) of this chapter.
    (c) The prohibition in paragraph (a) of this section applies with 
respect to any covered communications equipment or service beginning on 
the date that is 60 days after the date on which such equipment or 
service is placed on a published list pursuant to Sec.  1.40002(b) of 
this chapter. In the case of any covered communications equipment or 
service that is on the initial list published pursuant to Sec.  
1.40002(b), such equipment or service shall be treated as being placed 
on the list on the date which such list is published.
0
6. Add subpart P to read as follows:
Subpart P--Secure and Trusted Communications Networks Reimbursement 
Program
Sec.
54.1600 Purpose.
54.1601 [Reserved]
54.1602 Enforcement.

Subpart P--Secure and Trusted Communications Networks Reimbursement 
Program


Sec.  54.1600   Purpose.

    The purpose of this subpart is to set out the terms by which 
providers of advanced communications service can seek and obtain 
reimbursements to replace covered communications equipment or services 
in accordance with the Secure and Trusted Communications Networks Act 
of 2019, Public Law 116-124, 133 Stat. 158.


Sec.  54.1601   [Reserved]


Sec.  54.1602   Enforcement.

    (a) General enforcement. In addition to the penalties provided 
under the Communications Act of 1934, as amended, and Sec.  1.80 of 
this chapter, if a recipient in the Secure and Trusted Communications 
Networks Reimbursement Program (Program) violates the Secure and 
Trusted Communications Networks Act of 2019, Public Law 116-124, 133 
Stat. 158, the Commission's rules implementing that statute, or the 
commitments made by the recipient in the application for reimbursement, 
the recipient:
    (1) Shall repay to the Commission all reimbursement funds provided 
to the recipient under the Program;
    (2) Shall be barred from further participation in the Program;
    (3) Shall be referred to all appropriate law enforcement agencies 
or officials for further action under applicable criminal and civil 
law; and
    (4) May be barred by the Commission from participation in other 
programs of the Commission, including the Federal universal service 
support programs established under section 254 of the Communications 
Act of 1934, as amended.
    (b) Notice and opportunity to cure. The penalties described in 
paragraph (a) of this section shall not apply to a recipient unless:
    (1) The Commission, the Wireline Competition Bureau, or the 
Enforcement Bureau provides the recipient with notice of the violation; 
and
    (2) The recipient fails to cure the violation within 180 days after 
the Commission or Bureau provides such notice.
    (c) Recovery of funds. The Commission will immediately take action 
to recover all reimbursement funds awarded to a recipient under the 
Program in any case in which such recipient is required to repay 
reimbursement funds under paragraph (a) of this section.

[FR Doc. 2020-17223 Filed 8-7-20; 8:45 am]
BILLING CODE 6712-01-P