Promoting the Integrity and Security of Telecommunications Certification Bodies, Measurement Facilities, and the Equipment Authorization Program, 55530-55542 [2024-14491]

Agencies

• FEDERAL COMMUNICATIONS COMMISSION

[Federal Register Volume 89, Number 129 (Friday, July 5, 2024)]
[Proposed Rules]
[Pages 55530-55542]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-14491]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 2

[ET Docket No. 24-136; FR ID 228432]


Promoting the Integrity and Security of Telecommunications 
Certification Bodies, Measurement Facilities, and the Equipment 
Authorization Program

AGENCY: Federal Communications Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In this document, the Federal Communications Commission 
(Commission) proposes to strengthen requirements and oversight relating 
to telecommunications certification bodies and measurement facilities 
to help ensure the integrity of these entities for purposes of the 
equipment authorization, to better protect national security, and to 
advance the Commission's comprehensive strategy to build a more secure 
and resilient communications supply chain.

DATES: Comments are due on or before September 3, 2024 and reply 
comments are due on or before October 3, 2024.

ADDRESSES: You may submit comments, identified by ET Docket No. 24-136, 
by any of the following methods:
    Federal Communications Commission's Website: https://www.fcc.gov/ecfs/. Follow the instructions for submitting comments. See Electronic 
Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1988).
     Mail: Filings can be sent by hand or messenger delivery, 
by commercial overnight courier, or by first-class or overnight U.S. 
Postal Service mail (although the Commission continues to experience 
delays in receiving U.S. Postal Service mail). All filings must be 
addressed to the Commission's Secretary, Office of the Secretary, 
Federal Communications Commission.
     People with Disabilities: Contact the Commission to 
request reasonable accommodations (accessible format documents, sign 
language interpreters, CART, etc.) by email: [email protected] or phone: 
202-418-0530 or TTY: 202-418-0432.
    For detailed instructions for submitting comments and additional 
information on the rulemaking process, see the SUPPLEMENTARY 
INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT: Jamie Coleman of the Office of 
Engineering and Technology, at [email protected] or 202-418-2705.

[[Page 55531]]


SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Notice 
of Proposed Rulemaking, ET Docket No. 24-136; FCC 24-58, adopted on May 
23, 2024, and released on May 24, 2024. The full text of this document 
is available for public inspection and can be downloaded at https://docs.fcc.gov/public/attachments/FCC-24-58A1.pdf. Alternative formats 
are available for people with disabilities (Braille, large print, 
electronic files, audio format) by sending an email to [email protected] 
or calling the Commission's Consumer and Governmental Affairs Bureau at 
(202) 418-0530 (voice), (202) 418-0432 (TTY).
    Comment Period and Filing Procedures. Pursuant to sections 1.415 
and 1.419 of the Commission's rules, 47 CFR 1.415, 1.419, interested 
parties may file comments and reply comments on or before the dates 
provided in the DATES section of this document. Comments must be filed 
in ET Docket No. 24-136. Comments may be filed using the Commission's 
Electronic Comment Filing System (ECFS). See Electronic Filing of 
Documents in Rulemaking Proceedings, 63 FR 24121 (1998).
     All filings must be addressed to the Commission's 
Secretary, Office of the Secretary, Federal Communications Commission.
     Electronic Filers: Comments may be filed electronically 
using the internet by accessing the ECFS: https://www.fcc.gov/ecfs/.
    [ssquf] Paper Filers: Parties who choose to file by paper must file 
an original and one copy of each filing. If more than one docket or 
rulemaking number appears in the caption of this proceeding, filers 
must submit two additional copies for each additional docket or 
rulemaking number.
    [cir] Commercial overnight mail (other than U.S. Postal Service 
Express Mail and Priority Mail) must be sent to 9050 Junction Drive, 
Annapolis Junction, MD 20701.
    [cir] U.S. Postal Service first-class, Express, and Priority mail 
must be addressed to 45 L Street NE, Washington, DC 20554.
    Ex Parte Presentations. These proceedings shall be treated as 
``permit-but-disclose'' proceedings in accordance with the Commission's 
ex parte rules. Persons making ex parte presentations must file a copy 
of any written presentation or a memorandum summarizing any oral 
presentation within two business days after the presentation (unless a 
different deadline applicable to the Sunshine period applies). Persons 
making oral ex parte presentations are reminded that memoranda 
summarizing the presentation must (1) list all persons attending or 
otherwise participating in the meeting at which the ex parte 
presentation was made, and (2) summarize all data presented and 
arguments made during the presentation. If the presentation consisted 
in whole or in part of the presentation of data or arguments already 
reflected in the presenter's written comments, memoranda or other 
filings in the proceeding, the presenter may provide citations to such 
data or arguments in his or her prior comments, memoranda, or other 
filings (specifying the relevant page and/or paragraph numbers where 
such data or arguments can be found) in lieu of summarizing them in the 
memorandum. Documents shown or given to Commission staff during ex 
parte meetings are deemed to be written ex parte presentations and must 
be filed consistent with rule 1.1206(b). In proceedings governed by 
rule 1.49(f) or for which the Commission has made available a method of 
electronic filing, written ex parte presentations and memoranda 
summarizing oral ex parte presentations, and all attachments thereto, 
must be filed through the electronic comment filing system available 
for that proceeding, and must be filed in their native format (e.g., 
.doc, .xml, .ppt, searchable .pdf). Participants in this proceeding 
should familiarize themselves with the Commission's ex parte rules.

Procedural Matters

    Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980, 
as amended (RFA), requires that an agency prepare a regulatory 
flexibility analysis for notice and comment rulemakings, unless the 
agency certifies that ``the rule will not, if promulgated, have a 
significant economic impact on a substantial number of small 
entities.'' 5 U.S.C. 603, 605(b). The RFA, 5 U.S.C. 601-612, was 
amended by the Small Business Regulatory Enforcement Fairness Act of 
1996 (SBREFA), Public Law 104-121, Title II, 110 Stat. 857 (1996). 
Accordingly, the Commission has prepared an Initial Regulatory 
Flexibility Analysis (IRFA) concerning the possible/potential impact of 
the rule and policy changes contained in this document. The IRFA is 
found in Appendix B of the FCC document, https://docs.fcc.gov/public/attachments/FCC-24-58A1.pdf. The Commission invites the general public, 
in particular small businesses, to comment on the IRFA. Comments must 
have a separate and distinct heading designating them as responses to 
the IRFA and must be filed by the deadlines for comments on the Notice 
of Proposed Rulemaking indicated in the DATES section of this document.
    Paperwork Reduction Act: This document may contain proposed or 
modified information collection requirements. Therefore, the Commission 
seeks comment on potential new or revised information collections 
subject to the Paperwork Reduction Act of 1995. If the Commission 
adopts any new or revised information collection requirements, the 
Commission will publish a notice in the Federal Register inviting the 
general public and the Office of Management and Budget to comment on 
the information collection requirements, as required by the Paperwork 
Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the 
Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 
U.S.C. 3506(c)(4), the Commission seeks specific comments on how it 
might further reduce the information collection burden for small 
business concerns with fewer than 25 employees.

Accessing Materials

    Providing Accountability Through Transparency Act: Consistent with 
the Providing Accountability Through Transparency Act, Public Law 1189-
9, a summary of the Notice of Proposed Rulemaking will be available at 
https://www.fcc.gov/proposed-rulemakings.
    OPEN Government Data Act. The OPEN Government Data Act, requires 
agencies to make ``public data assets'' available under an open license 
and as ``open Government data assets,'' i.e., in machine-readable, open 
format, unencumbered by use restrictions other than intellectual 
property rights, and based on an open standard that is maintained by a 
standards organization. 44 U.S.C. 3502(20), (22), 3506(b)(6)(B). This 
requirement is to be implemented ``in accordance with guidance by the 
Director'' of the OMB. (OMB has not yet issued final guidance. The term 
``public data asset'' means ``a data asset, or part thereof, maintained 
by the Federal Government that has been, or may be, released to the 
public, including any data asset, or part thereof, subject to 
disclosure under [the Freedom of Information Act (FOIA)].'' 44 U.S.C. 
3502(22). A ``data asset'' is ``a collection of data elements or data 
sets that may be grouped together,'' and ``data'' is ``recorded 
information, regardless of form or the media on which the data is 
recorded.'' 44 U.S.C. 3502(17), (16).

[[Page 55532]]

Synopsis

I. Introduction

    1. From 5G networks and Wi-Fi routers to baby monitors and fitness 
trackers, a wide array of radio-frequency (RF) devices are ubiquitous 
in Americans' daily lives and across our economy. The FCC's equipment 
authorization program is tasked with ensuring that all of these devices 
available to American businesses and consumers comply with our rules 
regarding, among other things, interference, radio-frequency (RF) 
emissions, and hearing aid compatibility. To ensure the efficient and 
effective review of tens of thousands of equipment authorizations 
annually, the Commission delegates certain important responsibilities 
to telecommunications certification bodies (TCBs) and measurement 
facilities (test labs) with regard to implementing our equipment 
authorization program. Now, as part of ongoing efforts to promote 
national security and protect our nation's communications equipment 
supply chain, the Commission has placed significant new national 
security related responsibilities on TCBs and test labs. By 
establishing new equipment authorization program rules that prohibit 
authorization of communications equipment that has been determined to 
pose an unacceptable risk to the national security of the United States 
or the security and safety of United States persons, these entities now 
must help ensure that such prohibited equipment is kept out of our 
nation's supply chain. Further, these entities are entrusted with 
receiving and maintaining sensitive and proprietary information 
regarding communications equipment. In light of these new and ongoing 
responsibilities and the persistent and evolving threats posed by 
untrustworthy actors seeking, among other things, to compromise our 
networks and supply chains, today the Commission seeks to strengthen 
its requirements for and oversight of TCBs and test labs by proposing 
new rules that would help ensure the integrity of these entities for 
purposes of the equipment authorization program, better protect 
national security, and advance the Commission's comprehensive strategy 
to build a more secure and resilient communications supply chain. It is 
vital for the Commission to ensure that these entities are not subject 
to influence or control by foreign adversaries or other untrustworthy 
actors that pose a risk to national security.
    2. Specifically, the Commission proposes to prohibit from 
recognition by the FCC and participation in its equipment authorization 
program, any TCB or test lab in which an entity identified on the 
Covered List has direct or indirect ownership or control, and prohibit 
reliance on or use of, for purposes of equipment authorization, any TCB 
or test lab that is directly or indirectly owned or controlled by any 
entity on the Covered List or by any third party in which an entity 
identified on the Covered List has any direct or indirect ownership or 
control. Considering the national security concerns about entities 
identified on the Covered List, the Commission also directs the Office 
of Engineering and Technology (OET) to take swift action to suspend the 
recognition of any TCB or test lab directly or indirectly owned or 
controlled by entities identified on the Covered List, thereby 
preventing such entities from using their owned or controlled labs to 
undermine its current prohibition on Covered Equipment. Next, the 
Commission seeks comment on prohibiting recognition of any TCB or test 
lab directly or indirectly owned or controlled by a foreign adversary 
or any other entity that has been found to pose a risk to national 
security. To that end, and consistent with Commission action in other 
recent national security proceedings, the Commission seeks comment on 
whether and how it should consider national security determinations 
made in other Executive Branch agency lists in establishing eligibility 
qualifications for FCC recognition of a TCB or a test lab in its 
equipment authorization program. In addition, the Commission proposes 
that the prohibition would be triggered by direct or indirect ownership 
or control of 10% or more and, to help ensure that it has the 
information to enforce this requirement, TCBs and test labs would be 
required to report direct or indirect equity and/or voting interest of 
5% or greater by any entity. Further, to implement the proposed 
national security prohibition, to ensure the integrity of the equipment 
authorization program and the impartiality of the TCBs and test labs 
within it, the Commission proposes to collect additional ownership and 
control information from TCBs and test labs. The Commission also seeks 
comment on other revisions concerning TCBs and test labs as the 
Commission seeks to address these issues.

II. Background

    3. The Commission's equipment authorization program, codified in 
the Commission's part 2 rules, plays a critical role in enabling the 
Commission to carry out its responsibilities under the Communications 
Act. Under section 302 of the Communications Act, the Commission is 
authorized to make reasonable regulations governing the interference 
potential of equipment that emit radiofrequency (RF) energy and that 
can cause harmful interference to radio communications, which are 
implemented through the equipment authorization program. In addition, 
the equipment authorization program helps ensure that communications 
equipment comply with certain other policy objectives--which include 
protecting the communications networks and supply chain from equipment 
that poses an unacceptable risk to national security.
    4. Communications equipment must comply with the requirements under 
part 2 before they can be marketed in or imported to the United States. 
Under 47 U.S.C. 302a(e), the Commission has delegated certain important 
responsibilities to TCBs and test labs with regard to implementing the 
Commission's equipment authorization program.

A. Telecommunications Certification Bodies and Test Labs

    5. Telecommunications Certification Bodies (TCBs). The Commission's 
rules specify the qualification criteria for TCBs and assign TCBs 
responsibility for issuing equipment certifications under Commission 
direction and oversight. In authorizing the use of TCBs, the Commission 
sought to speed the process for bringing new technologies to market 
while also adopting an oversight framework to ensure that the TCBs act 
impartially and consistent with their responsibilities. The creation 
and use of TCBs in the equipment authorization process allowed the 
Commission to implement Mutual Recognition Agreements (MRAs) with the 
European Union, the Asia-Pacific Economic Cooperation, and other 
foreign trade partners.
    6. TCBs are responsible for reviewing and evaluating applications 
for equipment certification for compliance with the Commission's 
applicable requirements (including technical compliance testing and 
other requirements) and determining whether to grant or to dismiss the 
application based on whether it is in accord with Commission 
requirements. TCBs must meet all the appropriate specifications in the 
ISO/IEC 17065 standard, which include requirements to ensure that TCBs 
carry out their responsibilities in a ``competent, consistent, and 
impartial manner.'' Commission rules also impose certain obligations on 
each TCB to perform post-market surveillance, based

[[Page 55533]]

on ``type testing a certain number of samples of the total number of 
product types'' that the TCB has certified.
    7. To carry out their prescribed equipment certification 
responsibilities, under current rules TCBs must be accredited based on 
determinations made by a Commission-recognized accreditation body and 
recognized by the Commission before they are authorized to evaluate 
applications for equipment authorization. Under Commission rules, TCBs 
must be located in the United States or in countries that have entered 
into applicable Mutual Recognition Agreements (MRAs) with the United 
States.
    8. For TCBs located outside of the United States, designation is 
authorized in accordance with the terms of an effective bilateral or 
multilateral MRA to which the United States is a party. Pursuant to 
each MRA, participating countries agree to accept the equipment 
authorizations performed by the TCB-equivalent conformity assessment 
body of the other country. There are 15 FCC-recognized Designating 
Authorities in MRA-partnered countries. These Designating Authorities 
are governmental organizations associated with MRA-partnered economies. 
Currently there are 40 FCC-recognized TCBs, the majority of which are 
located in the United States and the rest are located in nine MRA-
partnered countries.
    9. Finally, the Commission will withdraw recognition of a TCB if 
the TCB's designation or accreditation is withdrawn, the Commission 
determines that there is ``just cause,'' or the TCB requests that it no 
longer hold a recognition. The Commission's rules also set forth 
specific procedures, including notification requirements, that the 
Commission will follow if it intends to withdraw its recognition of a 
TCB.
    10. Test labs. Test labs ensure that subject equipment complies 
with the Commission's applicable technical rules to minimize the risk 
of harmful interference, promote efficient use of spectrum, and advance 
other policy goals, such as ensuring hearing aid compatibility and 
controlling the environmental effects of RF radiation. The role and 
responsibilities of test labs specifically concern the development of 
technical reports on testing equipment for which authorization is 
sought for compliance with the Commission's applicable technical 
requirements. Applicants for equipment certification provide the 
testing data to a TCB to show compliance with the FCC requirements.
    11. For all granted applications, the TCBs must send to the FCC any 
test lab data and other information relied upon by the TCB. This 
information is made publicly available on the FCC website upon grant of 
the equipment authorization. Under the Commission's rules, test labs do 
not have any role or responsibility for making any certification 
decision on whether the equipment would be in compliance, nor do they 
have any role with respect to any other certification determination, 
including on whether the equipment constitutes ``covered'' equipment; 
all certification activities (evaluation, review, and decisional 
determinations) are reserved for TCBs.
    12. Under Commission rules, testing for equipment certification can 
only be performed by a test lab that has been accredited by an FCC-
recognized accreditation body and recognized by the Commission. 
Applicable rules require that these test labs be accredited based on 
ISO/IEC 17025. The Commission's rules require that entities wishing to 
become a recognized laboratory accreditation body must submit a written 
request to the Chief of OET and submit evidence concerning their 
credentials and qualifications to perform accreditation of laboratories 
that test equipment to Commission requirements, consistent with the 
technical requirements set forth under section 2.948(e). Applicants 
must successfully complete and submit a peer review. Under the ISO/IEC 
17011 standard, accreditation body applicants must meet specified 
impartiality, management, and accreditation requirements, and otherwise 
meet accreditation body responsibilities. OET publishes its findings 
and maintains a web page on FCC-recognized accreditation bodies.
    13. The Commission notes, however, that its rules do not currently 
require accreditation and FCC recognition of test labs that are relied 
upon as part of the Supplier's Declaration of Conformity (SDoC) process 
for obtaining an equipment authorization. In 2017, the Commission 
revised its rules to no longer require testing by accredited and FCC-
recognized test labs for equipment with a reduced potential to cause 
harmful interference authorized in the SDoC process. The SDOC process 
applies, generally, to equipment that does not contain a radio 
transmitter and contains only digital circuitry--such as computer 
peripherals, microwave ovens, ISM equipment, switching power supplies, 
LED light bulbs, radio receivers, and TV interface devices.
    14. The Commission recognizes four accreditation bodies in the U.S. 
that can designate test labs that operate in the United States. As for 
accreditation of test labs outside of the United States in countries 
that have entered into an MRA, Sec.  2.948(f)(1) provides that test lab 
accreditation will be acceptable if the accredited laboratory has been 
designated by a foreign designating authority and recognized by the 
Commission under the terms of an MRA. Currently there are 24 such FCC-
recognized test lab accreditation bodies outside the United States, 
located in 23 different MRA-partnered countries.
    15. The Commission has a separate rule provision concerning the 
accreditation bodies that are permitted to accredit test labs in 
countries that do not have an MRA with the United States. If the test 
lab is located in a country that does not have an MRA with the United 
States, then the test lab must be accredited by an organization 
recognized by the Commission to perform accreditations in non-MRA 
countries. Currently, the Commission has recognized three such 
accrediting bodies. In response to requests from industry for 
clarifying the process by which test labs are accredited in non-MRA 
countries, the Commission in 2016 directed OET to provided clearer 
guidance on accreditation of test labs in non-MRA-partnered countries. 
Current rules do not preclude an accreditation body that is not in an 
MRA-partnered country from submitting a request to be recognized, but, 
to date, no accreditation body outside of an MRA-partnered economy has 
submitted a request for FCC recognition.
    16. Under the Commission rules, if a test lab has been accredited 
for the appropriate scope for the types of equipment that it will test, 
then it ``shall be deemed competent to test and submit test data for 
equipment subject to certification.'' Test labs must be reassessed at 
least every two years. Under current procedures, if the accreditation 
body re-assesses the test lab and concludes that it continues to meet 
the requirements set forth under ISO/IEC 17025, the accreditation body 
will update the expiration date for the test lab's accreditation in the 
FCC's Equipment Authorization Electronic System (EAS) for a period of 
up to two years. While the Commission's rules currently provide 
procedures for FCC recognition of test lab accreditation bodies, its 
rules do not currently include specific Commission rules or procedures 
for withdrawing recognition of a test lab accreditation body.
    17. The Commission maintains a list of FCC-recognized accredited 
test labs on its website, which currently lists nearly 640 test labs. 
Currently, MRA-

[[Page 55534]]

partnered economies have the most FCC-recognized test labs, while there 
are also are many test labs in countries in economies that have not 
entered an MRA with the United States.

B. Recent Commission Actions

    18. The EA Security R&O and FNPRM. On November 11, 2022, the 
Commission adopted the EA Security Report and Order, Order, and Further 
Notice of Proposed Rulemaking. (Final Rule, 88 FR 7592 (February 6, 
2023); Notice of Proposed Rulemaking, 88 FR 14312 (March 8, 2023)). 
Specifically, the Commission established several new rules to prohibit 
authorization of communications equipment identified on the 
Commission's Covered List (``covered'' equipment) developed pursuant to 
the Secure Networks Act. The Covered List identifies certain types of 
communications equipment produced by particular entities--currently, 
Huawei, ZTE, Hytera, Hikvision, and Dahua (and their respective 
subsidiaries and affiliates), as well as certain services provided by 
particular entities. This list is derived from specific determinations 
made by enumerated sources, including certain Executive Branch agencies 
and Congress, under the Secure Network Act, that certain equipment 
poses an unacceptable risk to national security. The EA Security R&O 
revised part 2 of the Commission's rules concerning equipment 
authorization requirements and processes. To help implement the 
prohibition on authorization of any ``covered'' equipment, applicants 
seeking equipment authorization are required to make certain 
attestations (in the form of certifications) about the equipment for 
which they seek authorization. These include attesting that the 
equipment is not prohibited from receiving authorization and whether 
the applicant is an entity identified on the Covered List as an entity 
producing ``covered'' communications equipment. TCBs, pursuant to their 
responsibilities as part of the Commission's equipment authorization 
program, review the applications and must ensure that only applications 
that meet all of the Commission's applicable technical and non-
technical requirements are ultimately granted, and that none of these 
grants are for prohibited equipment.
    19. In affirming in the EA Security R&O its authority to prohibit 
authorization of communications equipment that had been placed on the 
Covered List, the Commission also noted that it has broad statutory 
authority, predating the Secure Networks Act and the Secure Equipment 
Act, under sections 302 and 303(e) of the Communications Act and other 
statutory provisions, to take into account national security concerns 
when promoting the public interest.
    20. Other Recent Commission Actions. Since adoption of the EA 
Security R&O, Order, and FNPRM in November 2022, the Commission has 
taken several additional steps to address evolving national security 
concerns to protect the security of America's critical communications 
networks and supply chains. In April 2023, in the Evolving Risks Order 
and NPRM (Final Rule, 88 FR 85514 (December 8. 2023), Proposed Rule, 88 
FR 50486 (August 1, 2023)), the Commission took additional steps to 
protect the nation's telecommunications infrastructure from threats in 
an evolving national security and law enforcement landscape by 
proposing comprehensive changes to the Commission's rules that allow 
carriers to provide international telecommunications service pursuant 
to section 214 of the Communications Act. The Commission proposed, 
among other things, to adopt a renewal framework or, in the 
alternative, a formalized periodic review process for all international 
section 214 authorization holders. The Commission stated that, in view 
of the evolving national security and law enforcement concerns 
identified in its recent proceedings revoking the section 214 
authorizations of certain providers controlled by the Chinese 
government, it believes that a formalized system of periodically 
reassessing international section 214 authorizations would better 
ensure that international section 214 authorizations, once granted, 
continue to serve the public interest. In the Evolving Risks Order, the 
Commission required all international section 214 authorization holders 
to respond to a one-time collection to update the Commission's records 
regarding their foreign ownership, noting that ``the information will 
assist the Commission in developing a timely and effective process for 
prioritizing the review of international section 214 authorizations 
that are most likely to raise national security, law enforcement, 
foreign policy, and/or trade policy concerns.'' In the Evolving Risks 
NPRM, the Commission proposed, among other things, to prioritize the 
renewal applications or any periodic review filings and deadlines based 
on, for example, ``reportable foreign ownership, including any 
reportable foreign interest holder that is a citizen of a foreign 
adversary country,'' as defined in the Commerce Department's rule, 15 
CFR 7.4. The Commission also sought comment on whether to revise its 
ownership reporting threshold, currently set at 10% or greater direct 
and indirect equity and/or voting interests, to 5%, noting that the 
current 10% threshold may not capture all of the foreign interests that 
may present national security, law enforcement foreign policy, and/or 
trade policy concerns in today's national security and law enforcement 
environment. The Commission also proposed, among other things, to 
require applicants to certify in their application whether or not they 
use equipment or services identified in the Commission's Covered List. 
The Commission stated that it intends to continue to collaborate with 
the relevant Executive Branch agencies and refer matters to the 
Executive Branch agencies where warranted.
    21. On March 14, 2024, the Commission adopted the Cybersecurity IoT 
Labeling R&O to strengthen the nation's cybersecurity protections by 
adopting a voluntary cybersecurity labeling program for wireless 
Internet of Things (IoT) products. Through this IoT Labeling Program, 
the Commission will provide consumers with an FCC IoT label that 
includes the U.S. government certification mark (referred to as the 
Cyber Trust Mark) that provides assurances that an IoT product that 
bears the FCC IoT Label meets certain minimum cybersecurity standards 
and strengthens the chain of connected IoT products in their own homes 
and as part of a larger national IoT ecosystem. The Order established a 
new administrative framework and regulatory structure to implement this 
voluntary program, with the Commission having program oversight while 
delegating certain responsibilities to new Cybersecurity Labeling 
Administrators and FCC-recognized testing labs (e.g., Cybersecurity 
Testing Labs) to evaluate whether particular IoT devices and products 
meet the prescribed criteria for obtaining the Cyber Trust Mark. Among 
other things, the Commission also determined that entities that are 
owned, controlled by, or affiliated with ``foreign adversaries,'' as 
defined by the Department of Commerce, should be ineligible for 
purposes of the Commission's voluntary IoT Labeling Program. The 
Commission also generally prohibited entities that produce equipment on 
the Covered List, as well as entities named on the DOD's list of 
Chinese military companies or the Department of Commerce's Entity List, 
from any participation in the IoT Labeling Program. Also, the 
Commission specifically prohibited any

[[Page 55535]]

of these entities from serving as a Cybersecurity Label Administrator 
or serving as an FCC-recognized test lab for testing products for 
compliance with forthcoming cybersecurity technical standards. The 
Commission concluded that these lists represent the determination of 
relevant Federal agencies that entities on these lists may pose a 
national security threat within their respective areas, and that it is 
not in the public interest to permit these entities to provide 
assurance to the public that their products meet the new cybersecurity 
standards for obtaining a Cyber Trust Mark.

III. Discussion

    22. In this NPRM, the Commission proposes and seeks comment on 
potential revisions to the Commission's rules designed to promote the 
integrity of its equipment authorization program and ensure that it 
serves the Commission's goals in protecting the communications 
equipment supply chain from entities posing unacceptable national 
security concerns. First, the Commission proposes to prohibit from 
recognition by the FCC and participation in the equipment authorization 
program, any TCB or test lab in which an entity identified on the 
Covered List (i.e., any named entity or any of its subsidiaries or 
affiliates) has direct or indirect ownership or control. Second, the 
Commission seeks comment on the extent to which it should impose 
eligibility restrictions for TCBs and test labs based on lists 
developed by Executive Branch agencies that reflect expert 
determinations about entities that pose national security risks. Third, 
the Commission proposes and seeks comment on collecting various 
ownership information from TCBs and test labs to strengthen our 
oversight and implement any affiliation prohibitions that may be 
adopted. Fourth, the Commission seeks comment on other aspects 
associated with implementation of its proposals as well as other 
considerations to strengthen the Commission's oversight of TCBs and 
test labs. These include clarification of current rules and applicable 
standards to ensure the impartiality and integrity of TCBs.

A. Prohibiting Recognition of TCBs and Test Labs in Which Entities 
Identified on the Covered List Have Direct or Indirect Ownership or 
Control

    23. In 2022 in the EA Security R&O the Commission adopted rules to 
prohibit authorization of certain equipment produced by entities named 
on the Covered List and adopted supply chain protections that include 
new informational requirements that seek to ensure that these 
untrustworthy entities do not adversely influence certification of 
equipment that poses unacceptable national security risks. The Covered 
List is derived from specific determinations made by certain enumerated 
sources (particular Executive Branch agencies with national security 
expertise and Congress) under the Secure Networks Act that certain 
equipment poses an unacceptable risk to national security. Congress has 
also made determinations in the Secure Networks Act that certain of 
these entities and their equipment pose an unacceptable risk to 
national security. In the future, Executive Branch agencies may add to 
the Covered List. Even before the Secure Networks Act, the Commission 
designated Huawei and ZTE (along with their parents, affiliates, and 
subsidiaries) as ``covered companies'' that pose a unique threat to the 
security and integrity of the nation's communications networks and 
supply chains because of their close ties to the Chinese government and 
military, and the security flaws in their equipment.
    24. In light of these determinations from expert Executive Branch 
agencies and Congress about the serious national security risks posed 
by entities with equipment on the Covered List, the Commission 
tentatively conclude that the Commission should not recognize or permit 
reliance on TCBs, test labs, or their accrediting bodies, or permit 
them to have any role in the Commission's equipment authorization 
program, if they have sufficiently close ties with Covered List 
entities. Accordingly, the Commission proposes to restrict the 
eligibility of entities that may serve as TCBs or test labs based on, 
at a minimum, the Covered List. Specifically, the Commission proposes 
to prohibit from recognition by the Commission and participation in its 
equipment authorization program, any TCB or test lab in which an entity 
identified on the Covered List (i.e., any named entity or any of its 
subsidiaries or affiliates) has direct or indirect ownership or 
control. The Commission's proposed prohibition would preclude the use 
of such TCBs and test labs, as part of any equipment authorization-
related reliance or testing, not only with regard to certification of 
equipment, but also authorization of equipment pursuant to SDoC 
procedures. The Commission seeks comment on this proposal.
    25. Further, in the interest of national security, and out of an 
abundance of caution, the Commission finds that it is imperative that 
it not allow entities identified on its Covered List to use test labs 
they own or control to circumvent or otherwise undermine the 
Commission's prohibition on authorization of equipment identified on 
the Covered List or undermine the integrity of its supply chain. To 
that end, the Commission notes that OET has taken action to deny the 
re-recognition of a test lab apparently owned by an entity on the 
Covered List--Global Compliance and Testing Center of Huawei 
Technologies--while allowing this test lab to provide additional 
information on whether it is owned or controlled by Huawei Technologies 
Company or any other entity on the Covered List, and to show cause why 
it should be allowed re-recognition. Accordingly, the Commission 
directs OET to suspend, pending the outcome of this proceeding, 
recognition of any TCB or test lab for which there is sufficient 
evidence to conclude such TCB or test lab is owned or controlled by an 
entity identified on the Covered List, while allowing such TCB or test 
lab thirty days from the date of such suspension to certify, and 
provide supporting documentation, that no entity identified on the 
Covered List holds a 10% or more direct or indirect ownership interest 
or controlling interest in the TCB or test lab. The Commission believes 
this action is necessary to protect against additional national 
security risks to its equipment authorization program and supply chain, 
including protecting existing manufacturers from unknowing reliance on 
untrustworthy entities, pending the implementation of the additional 
ownership disclosures and transparency requirements the Commission 
proposes in this proceeding. Any burden on existing recognized TCBs or 
test labs should be minimal, as only those entities for whom OET has 
reason to question their ownership or control by an entity or entities 
identified on the Covered List will be impacted, and those TCBs or test 
labs will be given an opportunity to show cause why their FCC 
recognition should not be revoked for just cause. As the Commission 
weighs the importance of its national security against these minimal 
measures to prevent entities on the Covered List from owning or 
controlling FCC-recognized TCBs or test labs, the Commission finds that 
the compelling interest outweighs any burden imposed by such temporary 
suspension.

B. Prohibiting Recognition of TCBs and Test Labs in Which Other 
Entities That Raise National Security Concerns Have Direct or Indirect 
Ownership or Control

    26. The Commission also seeks comment on whether there are other 
types of direct or indirect ownership or

[[Page 55536]]

control, or other types of influences beyond the Covered List 
determinations that potentially could adversely affect a TCB's or test 
lab's trustworthiness, or otherwise undermine the public's confidence. 
In recognition that TCBs and test labs have access to proprietary, 
sometimes sensitive information about suppliers and their devices, the 
Commission seeks comment on whether, and to what extent, the Commission 
should apply other lists developed by Executive Branch agencies that 
reflect expert determinations about entities that pose national 
security concerns.
    27. The Covered List is only one source that identifies entities 
that raise national security concerns that potentially affect the 
communications equipment supply chain. Several Executive Branch 
agencies with particular national security responsibilities, and based 
upon specific statutory authorities, have recently developed or updated 
lists that identify entities, technologies, or services that they have 
determined raise national security concerns.
    28. For example, the Department of Commerce maintains a list of 
``foreign adversary'' countries that identifies any foreign government 
or foreign non-government person that the Secretary of Commerce has 
determined to have engaged in a ``long-term pattern or serious 
instances of conduct significantly adverse to the national security 
interest of the United States or security and safety of United States 
persons.'' The Department of Commerce's list of foreign adversaries 
currently includes several foreign governments and foreign non-
government persons, including China (including Hong Kong), Cuba, Iran, 
and Russia. As discussed above, the Commission has recently relied in 
part on this foreign adversary list (as well as the Covered List) in 
both the Evolving Risks Order and NPRM and the Cybersecurity IoT 
Labeling R&O, when making proposals and taking particular actions, 
respectively, that serve to promote the Commission's national security 
goals in those proceedings.
    29. The Department of Defense (DOD), pursuant to section 1260H of 
the NDAA of 2021, has identified each entity that the Secretary of 
Defense has determined is a ``Chinese military company'' that is 
``operating directly or indirectly in the United States'' and is 
``engaged in providing commercial services, manufacturing, producing, 
or exporting.'' This DOD list (1260H List) currently includes 73 
entities, including three of the five equipment manufacturers listed on 
the Covered List. Beginning in 2026, pursuant to other statutes, the 
DOD is prohibited from procurement from companies identified on the 
1260H list.
    30. Meanwhile, the Department of Commerce's Entity List identifies 
entities that are reasonably believed to be involved in, or to pose a 
significant risk of being or becoming involved in, activities contrary 
to U.S. national security or foreign policy interests. Among other 
things, the Entity List seeks to ensure that sensitive technologies do 
not fall into the hands of known threats. As discussed above, in its 
Cybersecurity IoT Labeling R&O the Commission prohibited entities named 
on DOD's 1260H List or the Department of Commerce's Entity List (as 
well as entities producing equipment on the Covered List) from any 
participation in the Commission's IoT Labeling Program.
    31. Further, there are various other Executive Branch agency lists 
that address national security concerns in addition to those above. For 
instance, the Commerce Department also publishes a Military End User 
List, which identifies foreign parties that pursuant to the Export 
Administration Regulations (EAR) are prohibited from receiving 
particular items, including certain telecommunications equipment and 
software, unless the exporter secures a license. These parties have 
been determined by the U.S. Government to be ``military end users,'' 
and represent an unacceptable risk of use in or diversion to a 
``military end use'' or ``military end user'' in China, Russia, or 
Venezuela. The Department of Treasury's Office of Foreign Assets 
Control, in coordination with the Department of State and DOD, 
administers various sanctions programs, including the Non-Specially 
Designated Nationals Chinese Military-Industrial Complex Companies List 
(CMIC List), which identifies individuals and companies as operating or 
having operated in the defense or surveillance technology sector of the 
People's Republic of China and from which U.S. persons are generally 
prohibited from purchasing or selling publicly traded securities. In 
section 5949 of the NDAA for FY 2023, Congress prohibited executive 
agencies from procuring, obtaining, or contracting with entities to 
obtain any electronic parts, products, or services that include 
``covered semiconductor chips'' produced by three Chinese companies 
(and their subsidiaries or affiliates). The legislation authorizes DOD 
and the Commerce Department to designate other ``covered products or 
services'' if they determine them to be owned, controlled by, or 
connected to the government of a foreign country of concern, including 
China, Russia, North Korea, and Iran.
    32. The Commission seeks comment on whether, and if so, the extent 
to which, the Commission should rely upon any of the various lists 
developed by the Executive Branch agencies that involve particular 
determinations relating to national security as a source to identify 
entities that raise national security concerns warranting a prohibition 
on participation in the Commission's equipment authorization program. 
While each list is designed to support specific prohibitions or agency 
objectives, the national security objectives common throughout each may 
warrant that the Commission take a cautious approach, especially with 
respect to those products for which relevant Federal agencies have 
expressed other security concerns. Are any such lists particularly 
suitable, or ill-fitting, for the equipment authorization context? The 
Commission also seeks comment on whether it should consider any other 
Executive Branch agency lists to rely upon as a source to identify 
entities that raise national security concerns and to restrict 
participation of those entities in the Commission's equipment 
authorization program. What other lists or sources of information 
should the Commission consider?
    33. The Commission notes that it has a longstanding policy of 
according deference to the Executive Branch agencies' expertise in 
identifying risks to national security and law enforcement interests. 
With regard to each of these lists, to the extent that commenters 
recommend consideration of any of these lists with regard to 
eligibility for recognition of a TCB or test lab, the Commission asks 
that commenters explain why such eligibility should be restricted based 
on the list, as well as any other considerations the Commission should 
take into account in implementing such a restriction. The Commission 
invites comment on any other issues concerning consideration of any of 
these lists of Executive Branch determinations.
    34. Further, the Commission seeks comment on other determinations 
on which it should rely to prohibit participation in its equipment 
authorization program. Specifically, should any ``foreign entity of 
concern'' as defined by the CHIPS Act be prohibited from participation? 
What about entities subject to exploitation, influence, or control by 
the government of a foreign adversary, such as foreign adversary state-
owned enterprises,

[[Page 55537]]

including their U.S.-based subsidiaries, or entities that conduct 
research, development, testing, and evaluation in support of the 
military or intelligence apparatus of a foreign adversary (i.e. defense 
contractors)? What about entities with ownership interests by 
municipal, state, or other governmental entities within a foreign 
adversarial country? Are there any other determinations reflecting 
national security risks and/or practices contrary to U.S. interests, 
such as entities with documented evidence of human rights abuses, 
forced labor, and similar practices, including entities who meet the 
criteria established by the Uyghur Forced Labor Prevention Act? Are 
there any other determinations the Commission should consider that 
would indicate the untrustworthiness of an entity in terms of its 
equipment authorization program?

C. Ownership, Control, or Influence by Entities That Pose an 
Unacceptable Risk to National Security

    35. To further protect the nation's telecommunications 
infrastructure and communications equipment supply chain from threats 
in an evolving national security landscape and to ensure the integrity 
of the equipment authorization program, the Commission proposes and 
seeks comment on collecting various ownership and control information 
from TCBs and test labs.
    36. The Commission notes that, outside the context of the equipment 
authorization program, the Commission and other government agencies 
have routinely adopted rules to identify direct or indirect ownership 
or control of entities by third parties in order to address national 
security, competition, or other concerns. The Commission in many cases 
has required regulated entities to disclose information regarding 
related parties, whether those other parties control the entity, or 
have an ownership interest in it, or have some other relationship with 
the entity that is relevant to the public interest. For example, 
applicants seeking a new FCC satellite license, a modification of a 
satellite license, or the assignment or transfer of a satellite 
license, must disclose certain information both about foreign ownership 
and corporate ownership. The Commission's rules also require the 
disclosure of ownership information and corporate ownership information 
that would assist the Commission's public interest review of 
applications for international section 214 authority. The Commission 
notes that in the recent Evolving Risks Order and NPRM, the Commission 
sought comment on revising its ownership reporting threshold, currently 
set at 10% or greater direct and indirect equity and/or voting 
interests, to 5%, noting that the current 10% threshold may not capture 
all of the foreign interests that may present national security, law 
enforcement foreign policy, and/or trade policy concerns in today's 
national security and law enforcement environment. With respect to 
wireless licenses, there are a number of rules requiring applicants 
and/or licensees to disclose certain information on ownership and 
control. Similarly, with respect to radio and local television 
licenses, the Commission's media ownership rules require extensive 
disclosure of information. The Commission likewise requires that 
entities seeking small business bidding credits in Commission spectrum 
license auctions have attributed to them revenues of parties with 
controlling interests in the entity, as well as other entities that 
those parties control and other entities within its own control. In 
addition, such entities will have the revenues of parties with an 
interest in their spectrum licenses beyond a specified threshold 
attributed to them as well, to assure that those other parties are not 
using the entities as a conduit for spectrum access obtained with a 
bidding credit. In order to enforce these ownership rules, the 
Commission requires applicants for such licenses to supply certain 
information.
    37. Additionally, the Commission notes that other Executive Branch 
agencies also require entities to supply information on ownership and 
control so that the agencies can carry out their statutory 
responsibilities. For example, in the 2021 Standard Questions Order, 86 
FR 68428 (December 2, 2021), the Commission adopted a set of 
standardized national security and law enforcement questions (Standard 
Questions) that certain applicants and petitioners with reportable 
foreign ownership will be required to answer as part of the Executive 
Branch review process of their applications and petitions. With respect 
to such applications or petitions that the Commission accepts for 
filing and refers to the relevant Executive Branch agencies for their 
review of any national security, law enforcement, and other concerns 
related to the foreign ownership, as part of the Commission's public 
interest review of the application or petition, the applicants and 
petitioners will be required to provide to the Committee information 
regarding all entities that hold or will hold an ownership interest of 
five percent or more in the applicant or petitioner in question. The 
Commission has noted that this information is important to the 
Committee's review of applications and petitions referred by the 
Commission for national security and law enforcement concerns and will 
assist the Committee's determination whether to recommend to the 
Commission that grant of the application or petition is consistent with 
U.S. national security and law enforcement interests. Similarly, the 
Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR) requires 
certain companies to file premerger notifications with the Federal 
Trade Commission and the Antitrust Division of the Department of 
Justice. Companies required to submit a HSR pre-merger notification 
must supply certain information, including, inter alia, information on 
subsidiaries of the filing entity and minority shareholders of the 
filing entity and its ultimate parent entity.
    38. TCB and test lab ownership and control reporting requirements. 
In order to more effectively protect the Commission's equipment 
authorization program from the direction or influence of untrustworthy 
entities and ensure the integrity of the program, the Commission 
proposes to require any entity seeking to become an FCC-recognized TCB 
or test lab to submit to the Commission sufficient information for the 
Commission to determine the TCB's or test lab's ownership and control, 
consistent with any threshold determinations the Commission may adopt, 
as proposed in this proceeding.
    39. The Commission believes that collection of certain general 
ownership and control information places the Commission in the best 
position to evaluate any ownership interest concerns that potentially 
may be raised regarding an entity's impartiality or trustworthiness, 
particularly with regard to potential influence by entities that raise 
national security concerns. Further, the Commission also believes that 
such ownership information could be relevant to establishing 
appropriate ``qualifications and standards'' under section 302(e) 
regarding private entities to which the Commission has delegated and 
entrusted certain responsibilities as part of its equipment 
authorization program. The Commission has broad authority under section 
302, when delegating certification responsibilities to private 
organizations such as TCBs and test labs, to ``establish such 
qualifications and standards as it deems appropriate'' for 
certification and testing activities. In particular, such data can be 
instructive in efforts to bolster the integrity of the equipment 
authorization

[[Page 55538]]

program, such as ensuring that TCBs are complying with applicable 
impartiality requirements and rules targeted at ensuring they are not 
owned or controlled by a manufacturer whose equipment they must 
examine.
    40. The Commission proposes that each TCB or test lab be required 
to report direct or indirect equity and/or voting interest in the TCB 
or test lab of 5% or greater. In other similar information collections, 
the Commission has agreed with Executive Branch determinations that a 
5% threshold is appropriate because in some instances less-than-ten 
percent foreign ownership interest--or a collection of such interests--
may pose a national security or law enforcement risk. The Commission 
seeks comment on this proposal. Alternatively, the Commission seeks 
comment on other levels and on whether it should raise or lower the 
ownership threshold for purposes of disclosure. If the Commission were 
to require submission of any such ownership information, how should 
such information be collected (e.g., what particular information in 
what kind of submissions) and how frequently should this information be 
reported to the Commission? Should there be a distinction between 
foreign private ownership vs. foreign governmental ownership? The 
Commission also seeks comment on evolving ownership and how to ensure 
that the Commission is timely informed of changes in ownership of TCBs 
and test labs. Should additional reporting requirements apply to 
changes in ownership? If so, what thresholds of change should trigger 
such reporting? The Commission seeks comment on relevant aspects to the 
information that should be collected.
    41. Further, to implement the proposed prohibition of Covered List 
entities discussed above and align the prohibition with the 
Commission's equipment authorization program rules regarding prohibited 
equipment, the Commission proposes to prohibit from recognition by the 
FCC and participation in its equipment authorization program any TCB or 
test lab in which an entity identified on the Covered List controls or 
holds a 10% or more direct or indirect ownership interest. The 
Commission seeks comment on this proposal. The Commission also invites 
comment on any other threshold interest level that commenters may 
believe appropriate, and requests that they provide support for their 
views. The Commission makes this proposal while noting that, in the EA 
Security R&O, the Commission prohibited authorization of equipment 
produced by ``affiliates'' of entities named on the Covered List and 
defined an ``affiliate'' as ``an entity that (directly or indirectly) 
own or controls, is owned or controlled by, or is under common 
ownership or control with another entity,'' and defined the term `own' 
in this context as to ``have, possess, or otherwise control an equity 
interest (or the equivalent thereof) of more than 10 percent.'' The 
Commission therefore proposes to revise the term ``own'' in this 
context to reflect ten percent or more, rather than more than 10 
percent. The Commission seeks comment on this proposal. The Commission 
further proposes to require that TCBs and test labs that are currently 
recognized by the FCC must: (1) no later than 30 days after the 
effective date of any final rules adopted in this proceeding, certify 
that no entity identified on the Covered List or otherwise specified in 
the Commission's final rules has direct or indirect ownership or 
control of the relevant TCB or test lab, and (2) no later than 90 days 
after the effective date of any final rules adopted in this proceeding 
identify any entity (including the ultimate parent of such entities) 
that holds such ownership or control interest as the Commission's final 
rules require, currently proposed as 5% or more ownership, as discussed 
above. The Commission proposes to adopt the definition of ``ultimate 
parent entity'' used in the rules governing pre-merger notifications 
under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, which 
defines the ultimate parent entity as ``an entity which is not 
controlled by any other entity.'' The Commission seeks comment on this 
proposal. In keeping with this proposal, the Commission also proposes 
to clarify the requirement that every entity specifically named on the 
Covered List must provide to the Commission, pursuant to Sec.  
2.903(b), information regarding all of its subsidiaries and affiliates, 
not merely those that produce ``covered'' equipment. Further, the 
Commission proposes that, if a relevant TCB or test lab does not so 
certify, or provides a false or inaccurate certification, the 
Commission would suspend the recognition of any such TCB or test lab 
and commence action to withdraw FCC recognition under applicable 
withdrawal procedures, as discussed further below. The Commission seeks 
any additional comment on these proposals and their implementation.

D. Rule Revisions Concerning TCBs and Test Labs

1. Telecommunications Certification Bodies
    42. As discussed above, the Commission proposes to prohibit from 
recognition by the FCC and participation in its equipment authorization 
program, any TCB or test lab in which an entity identified on the 
Covered List controls or holds a 10% or more direct or indirect 
ownership interest and seeks comment on a similar prohibition with 
regard to other entities that raise national security concerns. The 
Commission also proposes to collect certain ownership information from 
TCBs and test labs. In this section, the Commission proposes and seeks 
comment on additional issues regarding implementation of its proposed 
prohibition as well as any other revisions the Commission may adopt in 
this rulemaking.
    43. Post-market surveillance. The Commission invites comment on 
whether it should revise the post-market surveillance rules, policies, 
or guidance to expressly require such surveillance of granted 
authorizations, not only with respect to compliance with technical and 
attestation requirements, but also regarding compliance relating to the 
prohibition on authorization of ``covered'' equipment. The Commission 
seeks comment on reasonable practices TCBs could implement to identify 
erroneous authorizations of ``covered'' equipment. Are there best 
practices or analogous legal frameworks that could be leveraged here? 
Should the Commission change the post-market surveillance requirements 
to require that TCBs review certification grants by other TCBs? Should 
the Commission require that any post-market surveillance testing be 
done only by FCC-recognized labs in the United States and/or MRA 
countries? What other measures should the Commission take to strengthen 
the integrity of the post-market surveillance process to ensure that 
prohibited equipment has not been erroneously authorized? The 
Commission also invites comment on any other revisions that it should 
consider in light of any revisions that the Commission adopts in this 
proceeding.
    44. TCB accrediting bodies. In order for a TCB that is recognized 
by the FCC to remain so recognized, the TCB's accreditation body must 
perform an assessment at least every two years to determine that the 
TCB remains competent to perform the work for the scopes for which it 
has been recognized. Upon successful completion of the re-

[[Page 55539]]

assessment by the accreditation body, the information is sent to the 
TCB's designating authority, which then updates this continued 
accreditation in the FCC's EAS database. Neither the ISO/IEC standards 
nor Commission rules include any specific restrictions on the ownership 
or control of an accreditation body. MRAs generally focus on the 
capability of accreditation bodies, and do not include specific 
provisions or restrictions on ownership other than impartiality.
    45. The Commission seeks comment on potential revisions concerning 
its rules and procedures for recognition and re-recognition of TCB 
accrediting bodies in light of any revisions that the Commission may 
adopt in this proceeding. What revisions are needed, if any, to ensure 
that the accreditation body's assessment of entities seeking to become 
TCBs includes a review of the TCB's ownership and compliance with any 
requirements the Commission may adopt in this proceeding?
    46. Accreditation and reassessment of TCBs. The Commission seeks 
comment on whether it should clarify or revise its rules or procedures 
concerning the accreditation of TCBs to ensure that the TCBs can meet 
their responsibilities. The Commission seeks comment on what particular 
steps or procedures in the accreditation process could be implemented 
to examine how TCBs are structured, owned, or managed to safeguard 
impartiality and otherwise ensure that commercial, financial, or other 
pressures do not compromise impartiality on certification activities 
concerning prohibited equipment authorization. Under the Commission's 
rules, each TCB must be reassessed for continued accreditation at least 
every two years. If the Commission were to decide to revise any rules 
or procedures to address impartiality or untrustworthiness concerns 
along the lines indicated above, the Commission similarly proposes to 
require any reassessment for continued accreditation to take those 
issues into account. Accordingly, the Commission seeks comment on the 
potential clarifications or revisions to the process for the periodic 
reassessment of TCBs for continued recognition by the Commission. 
Should, for instance, the Commission provide additional clarity on the 
reassessment process for submitting the request for reassessment or the 
review by the accrediting body? Are there other requirements that the 
Commission should adopt consistent with the issues raised above and the 
Commission goals in this proceeding?
    47. The Commission also seeks comment on whether any clarifications 
or revision of rules or procedures, either for a new accreditation or a 
continued accreditation, may implicate or affect U.S. international 
agreements such as MRAs concerning TCBs and TCB accreditation. Finally, 
to the extent any commenter proposes further clarification or 
revisions, the Commission asks that they address any implications under 
the existing MRAs and whether and how to implement any suggested 
changes.
    48. FCC recognition of TCBs. Considering the proposals and 
approaches the Commission discusses above, the Commission seeks comment 
on whether it should consider potential revisions to the rules or 
processes by which the Commission recognizes a TCB following its 
initial accreditation, and/or the process by which accreditation is 
subsequently extended on a periodic basis, including any further review 
the FCC would do to continue to recognize an accredited TCB. Under the 
Commission's current rules, it will recognize as a TCB any organization 
in the United States that meets the qualification criteria and is 
accredited and designated by NIST or NIST's recognized accreditor. 
Additionally, the Commission will recognize as a TCB any organization 
outside the United States that meets the qualification criteria and is 
designated pursuant to the applicable bilateral or multilateral MRA. 
The Commission seeks comment on whether it should consider making any 
clarifications or changes to the FCC recognition process to better 
ensure that TCBs have the capacity and procedures to meet their 
obligations under Commission rules, including any requirements the 
Commission adopts in this proceeding. The Commission invites comment on 
its rules and procedures regarding recognition of TCBs as qualified for 
authorizing equipment. Are there any changes that should be considered, 
either to the rules or procedures concerning the FCC's initial 
recognition of a TCB, or its continued recognition following any 
periodic reassessment or reaccreditation of TCBs? To the extent that 
commenters suggest any changes to the rules or procedures, the 
Commission asks that they address any implications for MRAs applicable 
to equipment certification.
    49. Withdrawal of FCC recognition. In addition, the Commission 
seeks comment on tits rules and policies regarding withdrawal of FCC 
recognition of a TCB. Under the Commission's rules it will withdraw 
recognition of a TCB if its designation or accreditation is withdrawn, 
if the Commission determines that there is ``just cause'' for 
withdrawing the recognition, or if the TCB requests that it no longer 
be designated or recognized.
    50. The Commission invites comment on the procedures by which it 
would withdraw recognition of a TCB. The Commission's rules require 
that it notify a TCB in writing when it has concerns or evidence that 
the TCB is not certifying equipment in accordance with the Commission 
rules and policies, and request that the TCB explain and correct any 
deficiencies. The rules also provide particular procedures for 
withdrawal, including notification requirements such as providing TCBs 
at least 60 days to respond. To the extent the TCB was designated and 
recognized pursuant to an MRA, the Commission must consult with the 
U.S. Trade Representative, as necessary, concerning any disputes 
involving the Telecommunications Trade Act of 1988. In light of the 
Commission's proposals and issues raised above, the Commission invites 
comment on whether it should consider clarifications or revisions to 
the Commission's rules or policies, including the current notification 
requirements and procedures, and if so whether and to what extent such 
changes would affect the MRAs.
2. Measurement Facilities (Test Labs)
    51. In this section, the Commission proposes and seeks comment on 
additional issues regarding implementation of its proposed prohibition, 
as well as any other revisions the Commission may adopt in this 
rulemaking, concerning test labs.
    52. Transparency. With the existing transparency requirements and 
public availability requirements regarding any test lab data and 
information that TCBs rely upon, are there additional transparency 
requirements that would be necessary or appropriate in light of the 
proposal above? The Commission asks that commenters recommending any 
particular changes address the implications of such changes for 
existing Commission rules and policies, including the consistency of 
such changes with ISO/IEC 17025, as well as any potential MRA-related 
implications.
    53. Test lab accrediting bodies. The Commission also invites 
comment on whether additional clarifications or modifications to the 
current processes regarding the accreditation of test labs are 
appropriate in light of the Commission proposals and discussion above 
and its goals in this proceeding. The Commission asks that commenters 
discuss what changes may be needed with regard to the accreditation 
body's expertise were the Commission to adopt its proposals to preclude 
the

[[Page 55540]]

accreditation of any test labs associated with entities identified on 
the Covered List, as well as what changes may be needed in the event 
that the Commission concludes that other indicia about test labs affect 
their eligibility. Commenters should address the specific reasons for 
making changes that are not already addressed by Commission rules and 
policies. Finally, the Commission asks that commenters address any 
other implications of their suggestions, including the extent to which 
MRAs may be affected.
    54. Also, in light of evolving national security risks, such as 
those that may be reflected in the Commerce Department's ``foreign 
adversaries'' list, the Commission proposes to preclude accreditation 
bodies associated with any such foreign adversary and seeks comment. 
How would such association be determined? The Commission also seeks 
comment on whether test lab accreditation bodies should be located only 
in the United States or other MRA-partnered countries.
    55. Accreditation of test labs. The Commission also seeks comment 
on the responsibilities and procedures by which FCC-recognized 
accreditation bodies conduct their assessment of prospective test labs 
and determine whether to accredit particular test labs. Should the 
Commission clarify its recognition requirements with regard to any of 
the ISO/IEC 17025 standards into its rules and procedures to ensure 
that the accreditation process for test labs is sufficiently robust to 
ensure that the requirements that labs be competent and impartial, are 
managed to safeguard impartiality, and generate valid test results, and 
that effective procedures are in place include ensuring that labs meet 
the ownership and control requirements adopted in the proceeding?
    56. The Commission also requests comment on whether any of these 
Commission rules or policies concerning reassessment of test lab 
accreditation every two years should be clarified or revised in order 
to help ensure that untrustworthy labs are not recognized and do not be 
continued to be recognized by the Commission. The Commission notes that 
if it were to adopt clarifications of any ISO/IEC 17025 principles 
(e.g., on personnel, training, or effective management) to ensure that 
test labs conduct testing in a competent and impartial manner, the 
Commission proposes to require that the accreditation bodies reassess 
test labs under the new requirements or procedures. Should OET 
establish additional specific procedures for reassessment and FCC re-
recognition of test labs? The Commission seeks comment on other 
potential revisions of its procedures for reassessment of test labs 
every two years, as well as potential revisions of the Commission's 
procedures for recognition and revocation of recognition. The 
Commission also seeks comment on any MRA-related issues/concerns that 
could arise from adoption of any of these possible rule revisions.
    57. Finally, the Commission seeks comment on whether, in light of 
evolving national security concerns, the Commission should revisit its 
rules and procedures for recognizing test labs with regard to some or 
all of the countries in economies that do not have an MRA with the 
United States. For instance, should the Commission no longer recognize 
any test lab that is located within a ``foreign adversary'' country 
that does not have an MRA with the United States? To date, the 
Commission has recognized three accreditation bodies, all located in 
the United States, to designate test labs that are located in non-MRA 
countries. Under the Commission's current rules, these bodies accredit 
test labs based on ISO/IEC 17025, the same standard by which test labs 
located in the United States and other MRA-partnered countries are 
accredited. The Commission has recognized numerous test labs located in 
economies that do not have an MRA with the United States. The 
Commission also notes that a number of these test labs also are owned 
and controlled by TCBs, which must be located in economies that have 
entered into MRAs with the United States.
    58. FCC recognition. The Commission seeks comment on revisions to 
its rules concerning eligibility restrictions on entities that will be 
recognized by the Commission as a test lab in its equipment 
authorization program. The Commission invites comment on whether any 
other clarifications or revisions to these Commission rules, policies, 
or guidance would be appropriate. For example, the Commission seeks 
comment on any necessary clarifications or revisions to the 
Commission's process for its initial recognition of test labs and to 
continued Commission recognition following any re-accreditation that 
occurs on a periodic basis at least every 2 years. The Commission also 
invites comment on whether it should adopt a more formal FCC review 
process before initially recognizing a test lab or continued 
recognition of test labs, and, if so, ask that commenters provide any 
suggestions they may have as to what such new procedures should look 
like. The Commission also seeks comment on any MRA-related issues or 
concerns that may arise from any changes to the current TCB recognition 
process.
    59. Withdrawal of recognition. The Commission proposes and seeks 
comment on clarifying or modifying the steps that the Commission should 
take when it determines whether to withdraw recognition of a test lab 
if the Commission were to adopt changes regarding the type of entities 
that it will recognize as test labs, or continue to recognize, under 
the equipment authorization program.
    60. To the extent that the Commission ultimately adopts any of the 
proposals discussed above (e.g., making test labs associated with 
entities identified on the Covered List ineligible) or takes other 
actions to restrict eligibility on entities (e.g., based on other 
ownership interests or controlling issues that the Commission may 
prohibit), the Commission proposes that it withdraw recognition of any 
test lab that cannot meet the revised requirements for an FCC-
recognized test lab. The Commission seeks comment on this proposal, and 
on the procedures that the Commission should employ with regard to 
withdrawing continued recognition of such test labs.
    61. As with the Commission's discussion of TCBs above, the 
Commission also believes that repeated failure of a test lab to provide 
accurate test results, or a test lab's lack candor with regard to 
interactions with the Commission, would constitute sufficient basis for 
withdrawal of recognition, and propose that were such circumstances to 
be presented, the Commission would move forward with withdrawing any 
existing FCC recognition of such a test lab. The Commission seeks 
comment on this proposal. The Commission also invites comment on other 
bases that would merit the Commission proceeding with withdrawing 
recognition of any existing test lab.
    62. Use of accredited, FCC-recognized test labs in SDoC process. As 
discussed above, the Commission's current rules on authorization of 
equipment through the SDoC process do not require that any requisite 
testing of equipment be conducted by an accredited, FCC-recognized test 
lab. As the Commission seeks to ensure the integrity of its equipment 
authorization program, including ensuring test labs in which entities 
identified on the Covered List have certain direct or indirect 
ownership interests or control do not participate in the Commission's 
equipment authorization program, the Commission seeks comment on 
whether it also should require that all equipment authorized pursuant 
to the SDoC process be tested by accredited and

[[Page 55541]]

FCC-recognized test labs. Such action could serve to further promote 
the integrity of the program in precluding untrustworthy test labs from 
participation and the Commission's national security goals addressed in 
the proceeding. The Commission seeks comment on this approach.
    63. Other issues. Finally, to the extent not specifically asked 
above, the Commission asks that commenters address whether and, if so, 
how any of the Commission's proposals herein might affect existing MRAs 
and/or necessitate further action regarding existing or potential MRAs. 
Commenters should address any legal authority issues that may arise and 
the extent to which MRAs or other trade policies may be affected by 
these proposals.

IV. Ordering Clauses

    64. Accordingly, it is ordered, pursuant to the authority found in 
sections 1, 4(i), 229, 301, 302, 303, 309, 312, 403, and 503 of the 
Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 229, 
301, 302a, 303, 309, 312, 403, and 503, section 105 of the 
Communications Assistance for Law Enforcement Act, 47 U.S.C. 1004; the 
Secure and Trusted Communications Networks Act of 2019, 47 U.S.C. 1601-
1609; and the Secure Equipment Act of 2021, Public Law 117-55, 135 
Stat. 423, 47 U.S.C. 1601 note, that this Notice of Proposed Rulemaking 
is hereby adopted.
    65. It is further ordered that the Commission's Office of the 
Secretary, shall send a copy of this Notice of Proposed Rulemaking, 
including the Initial Regulatory Flexibility Analysis, to the Chief 
Counsel for Advocacy of the Small Business Administration.

List of Subjects in 47 CFR Part 2

    Administrative practice and procedures, Communications, 
Communications equipment, Disaster assistance, Radio, Reporting and 
recordkeeping requirements, and Telecommunications.

Federal Communications Commission.
Marlene Dortch,
Secretary.

Proposed Rules

    For the reasons discussed in the document, the Federal 
Communications Commission proposes to amend 47 CFR part 2 as follows:

PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL 
RULES AND REGULATIONS

0
1. The authority citation for part 2 continues to read as follows:

    Authority: 47 U.S.C. 154, 302a, 303, and 336, unless otherwise 
noted.

0
2. Section 2.903 is amended by revising paragraph (b), and the 
definition of ``Affiliate'' in paragraph (c) to read as follows:


Sec.  2.903  Prohibition on authorization of equipment on the Covered 
List.

* * * * *
    (b) Each entity named on the Covered List, as established pursuant 
to Sec.  1.50002 of this chapter, must provide to the Commission the 
following information: the full name, mailing address or physical 
address (if different from mailing address), email address, and 
telephone number of each of that named entity's associated entities 
(e.g., subsidiaries or affiliates).
    (1) Each entity named on the Covered List must provide the 
information described in paragraph (b) of this section no later than 
[30 DAYS AFTER PUBLICATION OF FINAL RULES IN THE FEDERAL REGISTER];
    (2) Each entity named on the Covered List must provide the 
information described in paragraph (b) of this section no later than 30 
days after the effective date of each updated Covered List; and
    (3) Each entity named on the Covered List must notify the 
Commission of any changes to the information described in paragraph (b) 
of this section no later than 30 days after such change occurs.
    (c) * * *
    Affiliate. The term ``affiliate'' means an entity that (directly or 
indirectly) owns or controls, is owned or controlled by, or is under 
common ownership or control with, another entity; for purposes of this 
paragraph, the term `own' means to have, possess, or otherwise control 
an equity or voting interest (or the equivalent thereof) of 10 percent 
or more.
* * * * *
0
3. Section 2.938 is amended by revising paragraph (b)(1)(ii) to read as 
follows:


Sec.  2.938  Retention of Records.

* * * * *
    (b) * * *
    (1) * * *
    (ii) State the name of the test laboratory, company, or individual 
performing the testing. The Commission may request additional 
information regarding the test site, the test equipment, or the 
qualifications of the company or individual performing the tests, 
including documentation identifying any entity that holds a 5% or 
greater direct or indirect equity or voting interest in the test 
laboratory, company, or individual performing the testing;
* * * * *
0
4. Section 2.948 is amended by:
0
a. Adding paragraphs (b)(1)(viii) and (b)(1)(ix);
0
b. Redesignating paragraph (c)(9) as paragraph (c)(10), and adding new 
paragraph (c)(9);
0
c. Adding paragraphs (g), and (h).
    The revisions and additions read as follows:


Sec.  2.948  Measurement facilities.

* * * * *
    (b) * * *
    (1) * * *
    (viii) Certification from each measurement facility that no entity 
identified on the Covered List has, possesses, or otherwise controls an 
equity or voting interest of 10% or more in the measurement facility; 
and
    (ix) Documentation identifying any entity that holds a 5% or 
greater direct or indirect equity or voting interest in the measurement 
facility.
* * * * *
    (c) * * *
* * * * *
    (9) Each recognized laboratory must certify to the Commission, no 
later than [30 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no 
later than 30 days after any relevant change in the required 
information takes effect, that no entity identified on the Covered List 
has, possesses, or otherwise controls an equity or voting interest of 
10% or more in the laboratory;
* * * * *
    (g) No equipment will be authorized under either the certification 
procedure or the Supplier's Declaration of Conformity if such 
authorization is reliant upon testing performed at a laboratory or 
measurement facility in which any entity identified on the Covered 
List, as established pursuant to Sec.  1.50002 of this chapter, has, 
possesses, or otherwise controls an equity or voting interest of 10% or 
more.
    (h) Regardless of accreditation, the Commission will not recognize 
any test lab:
    (1) In which any entity identified on the Covered List, as 
established pursuant to Sec.  1.50002 of this chapter, has, possesses, 
or otherwise controls an equity or voting interest of 10% or more;
    (2) That fails to provide, or provides a false or inaccurate, 
certification as required in paragraph (c)(9) of this section; or
    (3) That repeatedly fails to provide accurate test results or lacks 
candor with regard to interactions with the Commission.

[[Page 55542]]

0
5. Section 2.949 is amended by adding paragraph (c) as follows:


Sec.  2.949  Recognition of laboratory accreditation bodies.

* * * * *
    (c) The Commission will not recognize a laboratory accreditation 
body that has any affiliation with a foreign adversary as designated by 
the U.S. Department of Commerce at 15 CFR 7.4.
0
6. Section 2.960 is amended by adding paragraph (d) as follows:


Sec.  2.960  Recognition of Telecommunication Certification Bodies 
(TCBs).

* * * * *
    (d) The Commission will not recognize any TCB for which any entity 
identified on the Covered List, as established pursuant to Sec.  
1.50002 of this chapter, has, possesses, or otherwise controls an 
equity or voting interest of 10% or more.
0
7. Section 2.962 is amended by revising paragraph (e)(2) and adding 
paragraphs (e)(6) through (e)(9) as follows:


Sec.  2.962  Requirements for Telecommunication Certification Bodies.

* * * * *
    (e) * * *
    (2) The Commission will notify a TCB in writing of its intention to 
withdraw or limit the scope of the TCB's recognition and provide at 
least 60 days for the TCB to respond. In the case of a TCB designated 
and recognized pursuant to an bilateral or multilateral mutual 
recognition agreement or arrangement (MRA), the Commission shall 
consult with the Office of the United States Trade Representative 
(USTR), as necessary, concerning any disputes arising under an MRA for 
compliance with the Telecommunications Trade Act of 1988 (Section 1371-
1382 of the Omnibus Trade and Competitiveness Act of 1988).
    (i) The Commission will withdraw its recognition of a TCB if:
    (A) The TCB's designation or accreditation is withdrawn, if the 
Commission determines there is just cause for withdrawing the 
recognition;
    (B) The TCB requests that it no longer hold its designation or 
recognition;
    (C) The TCB fails to provide the certification required in 
paragraph (8); or
    (D) The TCB fails to fulfill its obligations to the Commission to 
ensure that no authorization is granted for any equipment that is 
produced by any entity identified on the Covered List, established 
pursuant to Sec.  1.50002 of this chapter.
    (ii) The Commission will limit the scope of equipment that can be 
certified by a TCB if its accreditor limits the scope of its 
accreditation or if the Commission determines there is good cause to do 
so.
    (iii) The Commission will notify a TCB in writing of its intention 
to withdraw or limit the scope of the TCB's recognition and provide at 
least 60 days for the TCB to respond. In the case of a TCB designated 
and recognized pursuant to an bilateral or multilateral mutual 
recognition agreement or arrangement (MRA), the Commission shall 
consult with the Office of the United States Trade Representative 
(USTR), as necessary, concerning any disputes arising under an MRA for 
compliance with the Telecommunications Trade Act of 1988 (Section 1371-
1382 of the Omnibus Trade and Competitiveness Act of 1988).
* * * * *
    (6) The Commission will not recognize as a TCB any organization in 
which any entity identified on the Covered List, as established 
pursuant to Sec.  1.50002 of this chapter, has, possesses, or otherwise 
controls an equity or voting interest of 10% or more.
    (7) A TCB must have an organizational and management structure in 
place, including personnel with specific training and expertise, to 
verify that no authorization is granted for any equipment that is 
produced by any entity identified on the Covered List, established 
pursuant to Sec.  1.50002 of this chapter.
    (8) Each recognized TCB must certify to the Commission, no later 
than [30 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later 
than 30 days after any relevant change in the required information 
takes effect that no entity identified on the Covered List has, 
possesses, or otherwise controls an equity or voting interest of 10% or 
more of the TCB.
    (9) Each recognized TCB must provide to the Commission, no later 
than [90 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later 
than 30 days after any relevant change in the required information 
takes effect, documentation identifying any entity that holds a 5% or 
greater direct or indirect equity or voting interest in the TCB.
* * * * *
[FR Doc. 2024-14491 Filed 7-3-24; 8:45 am]
BILLING CODE 6712-01-P