government digitization

US proposes upgrades to export controls

The US submitted proposals to modernize export controls. Some seem to bear business improvement potentials and others new regulatory burden. Let’s take a look. And why it’s good to be back…

Tough choice: nappies versus export controls

I’ve just returned from maternity leave last week. And even though it may sound contradictory, it feels a bit like coming home. After 6 months of thinking about feeding and nappy changing, it’s a welcome return to the world of business – global trade, supply chains, and IT.

So, as heart-breaking as it is to leave the kids at home in the morning, I’m very happy to be back and to dive straight back into the latest global trade developments. While I was away, AEB has launched this new blog forum and I am very excited about it. I am looking forward to exploring what latest industry developments mean for our customers and ourselves and to sharing my views in this new forum!

For those who already know me, it will come as no surprise that I would like to talk about export controls in my first post. Don’t worry, I won’t get competitive with Mark, who’s just explored latest Iran and Cuba developments (and his dreams of hanging out in Havana 😉 ). Instead, I would like to touch on the recent proposal by the US to change existing definitions within the International Traffic in Arms Regulations (ITAR).

We first reported about this news in our July 2015 newsletter and although the time to submit comments to the involved US agencies has passed, I wanted to bring it to your attention again. It bears potential impacts for our customers and partners, particularly those in the aerospace and defense sector – one of the strongest sectors in the UK economy.

Taking initiative: US proposes changes

The US Department of State, Directorate of Defense Trade Controls (“DDTC”) aims to harmonize certain definitions under the ITAR with definitions under the Export Administration Regulations (EAR). In line with this goal, proposed revisions were published by the involved US agencies in June. The most significant proposed revision involves the new definition of the term “export” in each US agencies’ regulations, which would allow the use of the cloud for encrypted data if certain provisions are met.

But while this part of the proposal may have the biggest impact (if it should pass) for businesses involved in trading US-origin goods and data, it is not the only part of interest. I have summarized the three key changes proposed by the DDTC below:

Proposed key change 1: cloud storage

The DDTC has proposed definitions that would allow companies to make more efficient use of the Internet – and the cloud – in transmitting and storing ITAR-controlled technical data and software. This would require the respective data to be comprehensively encrypted, the servers not to be located in a Section 126.1 prohibited country or Russia, and the encryption to meet certain standards. The proposed revisions also may enable companies to increase use of Software as a Service (SaaS) solutions, as long as the application service provider cannot access ITAR-controlled data.

  • This is a significant change as it considers export controls from a cloud computing point of view. I would be interested to discuss this topic in more detail with our customers and partners to get their take on it. Would this change present opportunities for easier transmission and storage of US-controlled data?

Proposed key change 2: public domain

The DDTC also proposed to change the definition of “public domain”. This is very relevant, because the proposed revision would not consider information and software in the “public domain” as ITAR-controlled technical data. The DDTC argues that the proposal would create more versatility than the current list-based approach to identify public domain sources. However, to be considered “public domain”, release of the materials would need to be approved in advance by assigned US government agencies or officials, and failure to comply would be considered an export violation.

  • Is this a ‘warning flag’? Would compliance with this public domain qualification have an impact on operations? Again, I would be interested to hear your views.

Proposed key change 3: defense service

Under the current ITAR, any defense service provided by a US person abroad requires DDTC authorization. Under the proposed new definition, a “defense service” would include a US person providing certain assistance and training related to defense articles to a foreign person, if this US person “has knowledge of U.S.-origin technical data directly related to the defense article that is the subject of the assistance prior to performing the assistance.” The proposal makes clear that US persons abroad who do not have access to US-origin technical data are not in a position to provide defense services covered by the ITAR.

  • This proposal bears the potential to simplify compliance requirements for many US persons working abroad in the defense industry.

How are you coping? And things to keep in mind.

When considering the impact of these proposed changes, my thoughts turn to companies that are already tackling the various challenges as part of the ongoing US Export Control Reform (ECR). These latest change proposals – while presenting opportunities – could certainly add to the challenges already faced by EU businesses implementing and maintaining national, regional, and US compliance programs. I am interested to hear your views on this.

My teams in the UK are hosting several events in England this month, and I am very happy to join them. We’re offering interesting workshops and panel discussions on current hot topics, which are a great way for me to continue my dive into our global trade and supply chain networks. In fact, I plan to tell you a bit more about it here, in my upcoming posts. I want to share my impressions and observations with you, and I hope they will give you good ideas for your own operations.

Even though my fellow bloggers and I share this new blog forum fairly, I shall ensure to squeeze in some interesting workshop results very soon. After missing a few months of posting, I have to catch up, after all 😉 . I look forward to hearing from you on LinkedIn.

PS: In case you would like to review the official references: the ITAR notice of proposed rulemaking can be found at 80 Fed. Reg. 31525, and the corresponding EAR notice may be found at 80 Fed. Reg. 31505. A side-by-side comparison of the regulatory texts of the proposed definitions is available here.