Securing the Information and Communications Technology and Services Supply Chain: Licensing Procedures, 16312-16313 [2021-06529]

Agencies

• DEPARTMENT OF COMMERCE

[Federal Register Volume 86, Number 58 (Monday, March 29, 2021)]
[Proposed Rules]
[Pages 16312-16313]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-06529]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

15 CFR Part 7

[Docket No. 210325-0068]
RIN 0605-AA60


Securing the Information and Communications Technology and 
Services Supply Chain: Licensing Procedures

AGENCY: U.S. Department of Commerce.

ACTION: Advance notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: On January 19, 2021, the Department of Commerce (the 
Department) published a interim final rulemaking, ``Securing the 
Information and Communications Technology and Services Supply Chain,'' 
which became effective on March 22, 2021. It allows the Secretary of 
Commerce, in accordance with Executive Order 13873, to prohibit certain 
information and communications technology and services transactions 
(ICTS Transactions) to address national security threats. In the 
January 19 notice, the Department stated it would implement a licensing 
process by May 19th for entities seeking pre-approval before engaging 
in or continuing to engage in ICTS Transactions. The Department is now 
seeking public input on such a licensing or other pre-clearance 
process.

DATES: Comments must be received by April 28, 2021.

ADDRESSES: All comments must be submitted by one of the following 
methods:
     By the Federal eRulemaking Portal: https://www.regulations.gov at docket number [DOC-2021-DOC-2021-0004].
     By email directly to: [email protected]. Include 
``RIN 0605-AA60: ANPRM'' in the subject line.
     Instructions: Comments sent by any other method, to any 
other address or individual, or received after the end of the comment 
period, may not be considered. For those seeking to submit confidential 
business information (CBI), please clearly mark such submissions as CBI 
and submit by email or via the Federal eRulemaking Portal, as 
instructed above. Each CBI submission must also contain a summary of 
the CBI, clearly marked as public, in sufficient detail to permit a 
reasonable understanding of the substance of the information for public 
consumption. Such summary information will be posted on 
regulations.gov.

FOR FURTHER INFORMATION CONTACT: Joe Bartels, U.S. Department of 
Commerce, telephone: (202) 482-1595. For media inquiries: Brittany 
Caplin, Deputy Director of Public Affairs and Press Secretary, U.S. 
Department of Commerce, telephone: (202) 482-4883, email 
[email protected].

SUPPLEMENTARY INFORMATION: On November 27, 2019, the Department of 
Commerce (the Department) published a notice of proposed rulemaking (84 
FR 65316) seeking public comment on implementing Executive Order 13873 
of May 15, 2019, ``Securing the Information and Communications 
Technology and Services Supply Chain'' (84 FR 22689). On January 19, 
2021, the Department published a interim final rulemaking that is 
effective as of March 22, 2021 (86 FR 4909). In this document, in 
response to requests from various commenters, including multiple trade 
associations, to provide a pre-clearance process or similar program 
that would reduce uncertainty for entities seeking to engage in ICTS 
Transactions, the Department stated it would implement a licensing 
process by May 19, 2021 (86 FR 4909, at 4911).
    However, it has become apparent additional public input is needed, 
and the Department does not expect to have a licensing or other pre-
clearance process in place by May 19, 2021. With this ANPRM, the 
Department is seeking input into several aspects of a potential 
voluntary licensing or pre-clearance process. The Department will 
consider the public input as it drafts a Notice of Proposed Rulemaking.
    Please note this ANPRM does not alter the effective date of the 
interim final rule nor does it reopen or extend the deadline for 
submitting comments on the interim final rule. This ANPRM is solely 
seeking public input on the forthcoming licensing procedures.
    In responding to this ANPRM, please refer to the definitions and 
the explaination of those definitions used in the interim rule. For 
ease of reference, some of the more important terms are re-stated 
below:
    ICTS Transaction means any acquisition, importation, transfer, 
installation, dealing in, or use of any information and communications 
technology or service, including ongoing activities, such as managed 
services, data transmission, software updates, repairs, or the 
platforming or data hosting of applications for consumer download. An 
ICTS Transaction includes any other transaction, the structure of which 
is designed or intended to evade or circumvent the application of the 
Executive Order. The term ICTS Transaction includes a class of ICTS 
Transactions.
    Note that ICTS Transactions include provision of services, and the 
term includes any and all transactions that occurred on or after 
January 19, 2021, by any person owned by, controlled by, or subject to 
the jurisdiction or direction of a foreign adversary. Providing 
services, such as software updates, to U.S. persons may provide a 
foreign adversary an opportunity to engage in the types of activities 
that may threaten U.S. national security.
    Party or parties to a transaction means a person engaged in an ICTS 
Transaction, including the person acquiring the ICTS and the person 
from whom the ICTS is acquired. Party or parties to a transaction 
include entities designed, or otherwise used with the intention, to 
evade or circumvent application of the Executive Order. For purposes of 
this rulemaking, this definition does not include common carriers, 
except to the extent that a common carrier knew or should have known 
(as the term ``knowledge'' is defined in 15 CFR 772.1) that it was 
providing transportation services of ICTS to one or more of the parties 
to a transaction that has been prohibited in a final written 
determination made by the Secretary or, if permitted subject to 
mitigation measures, in violation of such mitigation measures.
    Person means an individual or entity.

[[Page 16313]]

    Person owned by, controlled by, or subject to the jurisdiction or 
direction of a foreign adversary means any person, wherever located, 
who acts as an agent, representative, or employee, or any person who 
acts in any other capacity at the order, request, or under the 
direction or control, of a foreign adversary or of a person whose 
activities are directly or indirectly supervised, directed, controlled, 
financed, or subsidized in whole or in majority part by a foreign 
adversary; any person, wherever located, who is a citizen or resident 
of a nation-state controlled by a foreign adversary; any corporation, 
partnership, association, or other organization organized under the 
laws of a nation-state controlled by a foreign adversary; and any 
corporation, partnership, association, or other organization, wherever 
organized or doing business, that is owned or controlled by a foreign 
adversary.
    While the Department welcomes comments and views on all aspects of 
the future licensing process, the Department is particularly interested 
in obtaining information on the following questions:
     Multiple commenters pointed to notifications to the 
Committee on Foreign Investment in the United States (CFIUS) regarding 
certain investments in U.S. businesses and real estate transactions in 
the United States by foreign persons, as well as voluntary disclosures 
to the Bureau of Industry and Security (BIS) regarding potential 
violations of U.S. export controls, as potential models for creating a 
process that would provide entities seeking to engage in an ICTS 
Transaction greater certainty that the transaction will not be 
prohibited. Given the differences between the type of transactions 
subject to CFIUS jurisdiction, those governed by BIS's export control 
regime, and ICTS Transactions governed by the interim final rule, are 
the CFIUS and BIS processes useful models for an ICTS Transaction 
licensing or pre-clearance process? If so, are there specific factors 
or aspects of the CFIUS and BIS processes that Commerce should 
consider?
     Pre-clearance or licensing processes can take a range of 
forms from, for example, a regime that would require authorization 
prior to engaging in an ICTS Transaction, to one that allow entities to 
seek additional certainty from the Department that a potential ICTS 
Transaction would not be prohibitedby the process under the interim 
final rule. What are the benefits and disadvantages of these various 
approaches? Which would be most appropriate given the nature of ICTS 
transactions? How can these approaches be implemented to ensure that 
national security is protected?
     What considerations could be provided to small entities in 
the licensing or other pre-clearance process that would not impair the 
goal of protecting the national security?
     Are there categories or types of ICTS Transactions 
described in 15 CFR 7.3 or within the interim final rule that should or 
should not be considered for a license or pre-clearance? Are there 
categories or types of ICTS Transactions described in 15 CFR 7.3 or 
within the interim final rule that the Department should prioritize for 
licensing or pre-clearance? Should the licensing or pre-clearance 
process be structured differently for distinct categories or types of 
ICTS Transactions?
     Should a license or pre-clearance apply to more than a 
single ICTS Transaction? For example, should the Department consider 
issuing a license that applies to multiple ICTS Transactions from a 
single entity that is engaged in a long-term contract for ICTS? If so, 
what factors should the Department evaluate in determining the 
appropriateness of such a license or series of licenses?
     What categories of information should the Department 
require or not require, e.g. technical, security, operational 
information?
     While the Department understands that business decisions 
must often be made within tight timeframes, the Department may not be 
able to determine whether a particular ICTS Transaction qualifies for a 
license or pre-clearance without detailed information and analysis. 
Considering this tension, should the Department issue decisions on a 
shorter timeframe if that could result in fewer licenses or pre-
clearances being granted, or would the inconvenience of a longer 
timeframe for review be outweighed by the potential for a greater 
number of licenses or pre-clearances being issued?
     How should the potential for mitigation of an ICTS 
Transaction be assessed in considering whether to grant a license or 
pre-clearance for that transaction?
     If a license or pre-clearance request is approved, but the 
subject ICTS Transaction is subsequently modified, what process should 
be enacted to avoid invalidation of the license or other form of pre-
clearance?
     Should holders of an ICTS Transaction license or other 
form or pre-clearance have the opportunity to renew them rather than 
reapplying? If so, what factors should be considered in a renewal 
assessment? What would be the appropriate length of time between 
renewals? How should any renewal process be structured?

Wynn Coggins,
Acting Deputy Secretary.
[FR Doc. 2021-06529 Filed 3-26-21; 8:45 am]
BILLING CODE 3510-20-P