WASHINGTON, D.C. — Today, as part of a coordinated enforcement effort, the Department of Commerce’s Bureau of Industry and Security (BIS) and the Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed approximately $2.5 million in combined civil penalties against Haas Automation, Inc. (Haas) for alleged and apparent violations of U.S. export controls and sanctions laws, including illegal shipments of Computer Numerical Control (CNC) machine parts to Entity-Listed parties in Russia and China. The transactions charged by BIS involved parties that were added to the Entity List for supporting the defense sectors of China or Russia.

As part of a settlement agreement with Haas, BIS issued an order imposing an administrative penalty of $1.5 million, as well as an ongoing audit and reporting requirement. In addition to the BIS penalty, Haas entered a corresponding settlement with OFAC whereby Haas agreed to a $1,044,781 civil penalty to resolve apparent violations of OFAC’s sanctions regulations involving Russia and Ukraine.  

“Today’s coordinated resolution with OFAC demonstrates our resolve to hold accountable companies that do not put in place effective compliance programs to prevent exports to Entity Listed companies,” said Acting Assistant Secretary for Export Enforcement Kevin J. Kurland. “That’s especially true when parties on the Entity List have ties to China’s or Russia’s destabilizing military modernization programs.”

Under the terms of the BIS Settlement Agreement, Haas admitted to 41 violations of the Export Administration Regulations (EAR) involving sales to Entity-Listed parties in China and Russia without BIS authorization. The relevant sales parts used to service previously sold Haas CNC machines—were valued in total at approximately $29,254 and were used to service CNC machines worth far more. Haas also admitted to an additional violation involving the filing of inaccurate Electronic Export Information (EEI) for certain shipments to Russia. Haas cooperated with the investigation by BIS’s Office of Export Enforcement (OEE) Los Angeles Field Office and OFAC, and took remedial measures after discovering the conduct, which resulted in a reduction of the penalty.

“Exporting items to Entity-Listed parties in Russia and China has serious national security implications,” said OEE Director John Sonderman. “When choosing to do business in these jurisdictions, industry must enhance screening efforts when it comes to prohibited parties.”

Headquartered in Oxnard, California, Haas is a privately held manufacturer of machine tools and related parts, including CNC vertical and horizontal machining centers and CNC lathes. CNC machines and parts have a wide range of potential applications, including uses across the electronics, transportation, oil and gas, aerospace, marine, and military and defense industries.

On 32 occasions between April 2019 and March 2024, Haas violated the EAR by selling CNC machine parts designated as EAR99, through Haas’s authorized distributors, for export, reexport, or transfer (in-country) to defense sector parties that were on the BIS Entity List in China,  including Beijing University of Aeronautics and Astronautics (also known as Beihang University), Shandong Institute of Space Electronic Technology, and China Electronics Technology Group Corporation 14th Research Institute (CETC 14). Additionally, Haas violated the EAR by making nine sales to two defense sector parties on the Entity List in Russia—DJSC Factory Krasnoe Znamya and JSC LEMZ R&P Corporation—between January 2020 and November 2021.

The full order, settlement agreement, and Proposed Charging Letter are available online here.

Additional Information:

BIS actions are taken under the authority of the Export Control Reform Act of 2018 (ECRA, 50 U.S.C. §§ 4801-4852) and its implementing regulations, the EAR. BIS controls exports of dual-use commodities, technology, and software for reasons of national security, missile technology, nuclear non-proliferation, chemical and biological non-proliferation, crime control, and regional stability. Criminal and administrative sanctions can be imposed for violations of the EAR. Under ECRA, among possible administrative sanctions, civil monetary penalties can reach up to $374,474 per violation or twice the value of the transaction, whichever is greater. For more information, please visit https://www.bis.gov/enforcement.

Report suspected export control violations through the BIS online tip portal. You can also call the Enforcement Hotline at 1-800-424-2980 or email [email protected].

Updates to Prior Controls on Advanced Semiconductors Provide Additional Safeguards and Guidance for Chip Manufacturers

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) released two rules: one that updates export controls on advanced computing semiconductors, and another that places additional entities in the People’s Republic of China (PRC) and Singapore on the Entity List.

“These rules will further target and strengthen our controls to help ensure that the PRC and others who seek to circumvent our laws and undermine U.S. national security fail in their efforts,” said Secretary of Commerce Gina M. Raimondo. “We will continue to safeguard our national security by restricting access to advanced semiconductors, aggressively enforcing our rules, and proactively addressing new and emerging threats.”

“The Biden-Harris administration is committed to preventing the misuse of advanced U.S. technology and curbing the national security concerns raised by the PRC’s military-civil fusion,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “By enhancing due diligence requirements, we are holding foundries accountable for verifying that their chips are not being diverted to restricted entities.”

“Preventing unauthorized parties from gaining access to our most advanced semiconductor technology is a BIS enforcement priority,” said Acting Assistant Secretary for Export Enforcement Kevin J. Kurland. “We will continue to use all of the authorities at our disposal, including investigations and Entity Listings, to counter PRC circumvention of our controls and hold violators accountable.”

Today’s rules reinforce and build on the October 7, 2022, October 17, 2023, and December 2, 2024, controls to restrict the PRC’s ability to obtain certain high-end chips critical for military advantage. These updates are necessary to maintain the effectiveness of these controls, close loopholes, and ensure they remain durable.

Among other changes, the rules:

• Impose a broader license requirement for foundries and packaging companies seeking to export certain advanced chips, unless one of three conditions is met:
  • The export is to a trusted “Approved” or “Authorized” integrated circuit (IC) designer, who attests that the chips fall below the relevant performance threshold;
  • The chip is packaged by a front-end fabricator in a location outside of Macau or a destination in Country Group D:5 and the fabricator verifies the transistor count of the final chip; or
  • The chip is packaged by an “Approved” outsourced semiconductor assembly and test services (OSAT) company that verifies the transistor count of the final chip.
• Create a process for new companies to be added to the list of Approved IC designers and OSATs.
• Improve reporting for transactions involving newer customers who may pose a heightened risk of diversion.
• Update other parts of the Export Administration Regulations (EAR), including the recent AI Diffusion rule, to ensure that license exceptions are only available for transactions involving approved or authorized IC designers.
• Make technical corrections to the December 2 export controls, including to update the definition of “advanced-node integrated circuit” in § 772.1 for Dynamic Random-Access Memory (DRAM) chips.
• Add 16 entities to the Entity List, including AI companies like Sophgo Technologies Ltd., that are acting at the behest of Beijing to further the PRC’s goals of indigenous advanced chip production, which poses a risk to U.S. and allied national security.

These controls were crafted to mitigate the PRC’s efforts to obtain high-end advanced computing semiconductors necessary to enable the development and production of technologies such as AI used in military applications. Advanced AI capabilities – facilitated by supercomputing, built on advanced semiconductors – present U.S. national security concerns because they can be used to improve the speed and accuracy of military decision making, planning, and logistics. These capabilities may also be used for cognitive electronic warfare, radar, signals intelligence, jamming, and to support facial recognition surveillance systems for human rights violations and abuses.

Exporters are encouraged to carefully review the full text of the rule, which makes changes to existing provisions of the EAR.

Additional Information

BIS’s actions are taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the EAR.  

Under these authorities, BIS possesses a variety of tools to control the export of U.S.-origin and certain foreign-produced commodities, software, and technology, as well as specific activities of U.S. persons, for national security and foreign policy reasons.

The Entity List (supplement no. 4 to part 744 of the EAR) identifies entities for which there is reasonable cause to believe, based on specific and articulable facts, that the entities – including businesses, research institutions, government and private organizations, individuals, and other types of legal persons – have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

The interagency End-User Review Committee (ERC) – comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury – makes decisions regarding additions to, removals from, or other modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

For more information, please visit BIS’s website at: https://www.bis.gov

# # #

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) added 11 entities to the Entity List, under the destination of the People’s Republic of China (PRC), for activities contrary to U.S. national security and foreign policy interests. Ten entities were added due to their advancement of the PRC’s military modernization through the development and integration of advanced artificial intelligence research. One entity was added for its involvement in development of lithography technology for advanced-node fabrication facilities in China. This technology will enable indigenous production in China of advanced integrated circuits for military end-use.

Additionally, after an interagency review, BIS also modified one existing entry on the Entity List, under the destination of India, by removing 3 entities within the entry. The removal of Indian entities Indian Rare Earths, Indira Gandhi Atomic Research Center (IGCAR), and Bhabha Atomic Research Center (BARC) will support U.S. foreign policy objectives by reducing barriers to advanced energy cooperation, including joint research and development and science and technology cooperation, towards shared energy security needs and goals. The United States and India share a commitment to advancing peaceful nuclear cooperation and associated research and development activities, with strengthened science and technology cooperation over the past several years that has benefitted both countries and their partner countries around the world.

“As these actions demonstrate, the Entity List is a powerful tool that can be used to shape behavior that advances U.S. national security and global cooperation,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “With these Entity List additions and removals, we have sent a clear message that there are consequences for supporting the PRC’s military modernization, and alternatively, incentives for working with the U.S. to further shared foreign policy goals and stronger bilateral relationships.”

“The removal of the three Indian entities will enable closer cooperation between the United States and India to secure more resilient critical minerals and clean energy supply chains,” said Principal Deputy Assistant Secretary of Commerce for Export Administration Matthew Borman. “This action aligns with and supports the overall ambition and strategic direction of the U.S.-India partnership.”

Additional Background

These BIS actions were taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

The Entity List (Supplement No. 4 to Part 744 of the EAR) identifies entities and addresses for which there is reasonable cause to believe, based on specific and articulable facts, that the entities—including businesses, research institutions, government and private organizations, individuals, and other types of legal persons—or parties that are operating at an address that presents a high diversion risk, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

The interagency End-User Review Committee (ERC)—comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury—makes decisions regarding additions to, removals from, or modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

The text of the rule, which includes the list of entities, is available on the Federal Register’s website here.

Additional information on the Entity List is available on BIS’s website at: https://www.bis.gov/entity-list.

For more information, visit www.bis.gov.

###

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) announced a final rule prohibiting certain transactions involving the sale or import of connected vehicles integrating specific pieces of hardware and software, or those components sold separately, with a sufficient nexus to the People’s Republic of China (PRC) or Russia.  

BIS and its Office of Information and Communications Technology and Services (OICTS) have found that certain technologies originating from the PRC or Russia present an undue and unacceptable risk to U.S. national security. Today’s action represents the culmination of a months-long regulatory process to design, seek public input on, and ultimately finalize a measure to protect drivers and passengers on American roads.   

“Cars today aren’t just steel on wheels – they're computers. They have cameras, microphones, GPS tracking, and other technologies that are connected to the internet. Through this rule, the Commerce Department is taking a necessary step to safeguard U.S. national security and protect Americans’ privacy by keeping foreign adversaries from manipulating these technologies to access sensitive or personal information,” said U.S. Secretary of Commerce Gina Raimondo. “This is a targeted approach to ensure we keep PRC and Russian-manufactured technologies off American roads and protect our nation’s connected vehicle supply chains.”   

“Connected vehicles yield many benefits, but software and hardware sources from the PRC and other countries of concern pose grave national security risks. Today, we are taking strong action to protect Americans against these national security risks by safeguarding our critical infrastructure and automotive supply chain. President Biden has been clear: we will not hesitate to take needed action to protect the safety of the American people,” said National Security Advisor Jake Sullivan.

“China is trying to dominate the future of the auto industry, but connected vehicles with software and hardware systems linked to foreign adversaries could expose the American people to risks of misuse of their sensitive data or interference by malicious actors,” said National Economic Advisor Lael Brainard. “Today’s rule will prohibit Chinese and Russian software and hardware from being used in connected vehicles on American roads, protecting consumers and ensuring a more secure American auto industry.”

“Today’s action is the final step in a comprehensive process to protect America’s connected vehicle supply chains from foreign threats. I am confident the work of OICTS, and BIS more broadly, will safeguard the U.S. automotive ecosystem and our national security now and in many years to come,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez.  

“Since publishing our Advance Notice of Proposed Rulemaking in March 2024, OICTS has engaged deeply with industry, civil society, and international partners – including through a robust public comment process – to better understand the connected vehicle supply chain,” said OICTS Executive Director Elizabeth Cannon. “This final rule reflects significant stakeholder feedback and protects our national security while reducing unintended impacts. We look forward to working with all relevant parties to facilitate compliance as the rule comes into effect.”    

The final rule establishes that hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated Driving System (ADS), the systems in vehicles that allow for external connectivity and autonomous driving capabilities, present an undue and unacceptable risk to national security when designed, developed, manufactured, or supplied by persons with a sufficient nexus to the PRC or Russia. Malicious access to these critical supply chains could allow our foreign adversaries to extract sensitive data, including personal information about vehicle drivers or owners, and remotely manipulate vehicles.   

At this time, given the complexity of the commercial vehicle supply chain, the final rule applies only to passenger vehicles (defined as those under 10,001 pounds). BIS recognizes the acute national security threat presented by foreign adversary involvement in the commercial vehicle supply chain and intends to issue a separate rulemaking addressing the technologies present in connected commercial vehicles – including in trucks and buses – in the near future.   

Today’s final rule prohibits the import of VCS hardware or connected vehicles containing such hardware, and the import and sale of vehicles containing VCS or ADS software, with a sufficient nexus to the PRC or Russia. VCS is defined as the set of systems that allow the vehicle to communicate externally, including telematics control units, Bluetooth, cellular, satellite, and Wi-Fi modules. ADS includes the components that collectively allow a highly autonomous vehicle to operate without a driver.  

The rule also prohibits manufacturers with a sufficient nexus to the PRC or Russia from selling new connected vehicles that incorporate VCS hardware or software or ADS software in the United States, even if the vehicle was made in the United States.    

The software-related prohibitions will take effect for Model Year 2027. The hardware-related prohibitions will take effect for Model Year 2030, or January 1, 2029, for units without a model year. Prohibitions on the sale of connected vehicles by manufacturers with a sufficient nexus to the PRC or Russia, even if manufactured in the United States, take effect for Model Year 2027.  

The rule requires certain importers and manufacturers to submit annual Declarations of Conformity to certify their compliance with the prohibitions. The final rule allows Commerce to issue General Authorizations for certain types of transactions posing lower risk. It also allows regulated parties to seek Specific Authorizations permitting them to engage in otherwise prohibited transactions, as well as advisory opinions to ask BIS for a determination if a prospective transaction may fall within the scope of the rule. 

The final rule follows a Notice of Proposed Rulemaking (NPRM) published by BIS on September 26, 2024, and an Advance Notice of Proposed Rulemaking (ANPRM) published by BIS on March 1, 2024. 

The final rule is implemented under BIS’s ICTS authorities, as provided for under Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain.” EO 13873 allows the Department of Commerce to issue regulations that establish criteria by which particular technologies may be included in EO 13873’s prohibitions when transactions involving those technologies (1) pose an undue or unacceptable risk of sabotage to or subversion of ICTS in the United States; (2) pose an undue risk of catastrophic effects on the security or resiliency of U.S. critical infrastructure or the digital economy of the United States; or (3) otherwise pose an unacceptable risk to the national security of the United States or the security and safety of U.S. persons.   

Additional Information: 

The text of the final rule is available on the Federal Register’s website here. The final rule will become effective 60 days after publication, on March 17, 2025. Regulated entities may contact the OICTS Compliance and Adjudication Division for questions related to this final rule at [email protected]. 

New Framework Advances AI Innovation While Protecting U.S. National Security

Washington, D.C. — Today, the Department of Commerce’s Bureau of Industry and Security (BIS) announced controls on advanced computing chips and certain closed artificial intelligence (AI) model weights, alongside new license exceptions and updates to the Data Center Validated End User (VEU) authorization. This new regulation serves key U.S. national security and foreign policy interests and supports the Biden-Harris Administration’s broader strategy to cultivate a secure and trusted technology ecosystem for the responsible use and diffusion of AI.

“This policy will help build a trusted technology ecosystem around the world and allow us to protect against the national security risks associated with AI, while ensuring controls do not stifle innovation or US technological leadership,” said U.S. Secretary of Commerce Gina Raimondo. “Managing these very real national security risks requires taking into account the evolution of AI technology, the capabilities of our adversaries, and the desire of our allies to share in the benefits of this technology. We’ve done that with this rule, and it will help safeguard the most advanced AI technology and help ensure it stays out of the hands of our foreign adversaries, while we continue to broadly share the benefits with partner countries.”

“The United States has a national security responsibility to preserve and extend American AI leadership, and to ensure that American AI can benefit people around the world. Today, we are announcing a rule that ensures frontier AI training infrastructure remains in the United States and closely allied countries, while also facilitating the diffusion of American AI globally,” said National Security Advisor Jake Sullivan. “The rule both provides greater clarity to our international partners and to industry, and counters the serious circumvention and related national security risks posed by countries of concern and malicious actors who may seek to use the advanced American technologies against us.”

“AI has been rapidly progressing over the last decade and will only grow more powerful, resulting in the emergence of highly capable models with significant dual-use applications,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “This rule will protect national security and advance U.S. foreign policy by ensuring the responsible diffusion of frontier AI technology across the world.”

“Export controls provide a unique tool to address the quintessential dual-use nature of artificial intelligence,” said Acting Assistant Secretary of Commerce for Export Administration Matthew Borman. “Through today’s actions, we ensure the secure spread of AI capabilities, countering the potential for their use in weapons systems and other military activities contrary to U.S. national security. By doing so, we are creating paths that enable trusted partners to use this advanced technology for the benefit of civil society.”

Over the past decade, AI models have shown striking performance improvements across many domains, giving everyday people increased access to tools that previously required specialized skills. As models continue to improve, this increased access will enable malicious actors to engage in activities that pose profound risks to U.S. national security and foreign policy, including enabling the development of chemical or biological weapons; supporting powerful offensive cyber operations; and further aiding human rights abuses, including mass surveillance.

At the same time, AI has the potential to provide tremendous economic and social benefits to humanity. It is impossible to realize the full potential of those benefits without active participation from allies and partners – including like-minded nations, global firms, and research institutions committed to deploying U.S. technology essential to AI development under safe and secure conditions. The Biden-Harris Administration remains committed to ensuring that humanity can reap these critical benefits.

Today’s announcement seeks to keep advanced AI models out of the hands of malicious actors while also ensuring that secure and responsible foreign entities and destinations will have access to the most advanced U.S. AI models, and to the large clusters of advanced computing integrated circuits (ICs) necessary to train those models. Entities and destinations that are willing to abide by certain safety and security mitigations will receive access to AI models and large IC clusters.

The framework adopts a three-pronged strategy.

First, the rule updates controls for advanced computing chips by requiring authorizations for exports, reexports, and transfers (in-country) involving a broad set of additional countries. However, the rule also includes the following license exceptions and authorizations, which will ensure that commercial transactions that don’t pose national security risks can proceed and the benefits of AI can be broadly shared:

• Exceptions for certain allies and partners: New License Exception ArtificialIntelligence Authorization (AIA) allows for the export, reexport, or transfer (in-country)of advanced computing chips, without an authorization, to a set of allies and partners.
• Exceptions for supply chains: New License Exception Advanced Compute Manufacturing (ACM) allows for the export, reexport, or transfer (in-country) of advanced computing chips, without an authorization, for the purposes of development, production, and storage of these chips, except to arms-embargoed countries. This license exception builds on the Temporary General License from October 2023 rule to prevent disruption of supply chains.
• Low volume exception: New License Exception Low Processing Performance (LPP)allows limited amounts of compute to flow globally, except to arms-embargoed countries.
• Update to Data Center Validated End User (VEU) Program: The rule further bifurcates Data Center VEUs into:
  • Universal VEUs (UVEU): Provides U.S. and certain allied and partner country entities with the opportunity to obtain a single authorization that will allow the company to build data centers around the world without additional authorizations, except in arms-embargoed countries.
  • National VEUs (NVEU): Provides entities headquartered outside arms-embargoed countries the opportunity to obtain an authorization that will allow the company to build data centers in specified locations without additional authorizations, except in arms-embargoed countries.

When a license is required to export or reexport chips to a certain destination, license applications will be reviewed under a presumption of approval until the total quantity of controlled chips exported or reexported to that country exceeds a specified allocation. After a country reaches its allocation, applications will be reviewed under a policy of denial. Consistent with previously established policy, a presumption of denial remains in place for arms-embargoed countries, regardless of quantity.

Authorized NVEUs will be able to build data centers up to a specified scale in each country. This allocation is separate from, and not impacted by, the host country’s specified country allocation. Likewise, the low-volume orders are not affected by and do not count against country-level allocations. Authorized UVEUs will be required to keep at least 75% of their controlled advanced chips within the United States and certain allied and partner countries, and will be prohibited from installing more than 7% of their controlled chips in any single other country. U.S.-headquartered UVEUs will be required to keep at least 50% of their controlled advancedchips in the United States.

Second, the rule institutes new controls on the model weights of the most advanced closed-weight AI models. These controls will initially apply to the weights of models trained with 10^26 computational operations or more, and authorizations will be required to export, reexport, or transfer (in-country) such weights to a broad set of countries. Additionally, the rule creates a new foreign direct product rule that applies these controls to certain model weights produced abroad using advanced computing chips made with U.S. technology or equipment. As with advanced computing chips, however, this rule includes several license exceptions for model weights:

• Exception for deployments by U.S., ally and partner-headquartered entities: New License Exception Artificial Intelligence Authorization (AIA) allows for the export, reexport, or transfer (in-country) of otherwise controlled closed AI model weights, without an authorization, by companies headquartered in the United States and certain allies and partners, except to an arms-embargoed country.
• Exception for open models: Models with widely available model weights (i.e., open-weight models) are not subject to controls. Additionally, the model weights of closed models that are less powerful than the most advanced open-weight models, even if they exceed the 10^26 threshold, are not controlled.

Third, BIS will impose security conditions to safeguard the storage of the most advanced models in destinations to protect U.S. national security and to mitigate the risk of diversion for advanced computing chips.

Additional Information

BIS’s actions are taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

Under these authorities, BIS possesses a variety of tools to control the export of U.S.-origin and certain foreign-produced commodities, software, and technology, as well as specific activities of U.S. persons, for national security and foreign policy reasons.

For more information, please visit BIS’s website at: https:www.bis.gov.

# # #

Washington, D.C. – Today, the Department of Commerce’s Bureau of Industry and Security (BIS) Export Enforcement published its annual Year in Review, a compilation of highlights reflecting Export Enforcement’s accomplishments over the past year.    

The Year in Review includes numerous initiatives from 2024, including the expansion of the Disruptive Technology Strike Force, which, to date, has brought 26 criminal cases charging sanctions and export control violations, smuggling conspiracies, and other offenses related to the transfer of sensitive information, goods, and military-grade technology to the People’s Republic of China, Russia, and Iran. 

The Year in Review also highlights significant criminal and administrative enforcement actions from the past year, including several related to Russian, Chinese, Iranian, and North Korean illicit procurement networks. In addition, the Year in Review describes key partnerships with the interagency, industry, academia, and foreign governments, and it describes updates to the antiboycott enforcement program.   

BIS Export Enforcement protects and promotes U.S. national security by aggressively investigating violations of export control and antiboycott regulations and by partnering with industry and academia to facilitate compliance with those regulations.

More information about the work of Export Enforcement to keep our country’s most sensitive items out of the world’s most dangerous hands can be found at bis.gov/enforcement.

WASHINGTON, D.C. — Today, the Department of Commerce’s Bureau of Industry and Security (BIS) published its third quarterly update of the boycott Requester List. This list notifies companies, financial institutions, freight forwarders, individuals, and other U.S. persons of potential sources of certain boycott-related requests they may receive during the regular course of business. 
 

A party’s inclusion on the boycott Requester List does not mean that U.S. persons are restricted from dealing with the listed party. However, a party’s inclusion puts U.S. persons on notice that the listed party is more likely to make reportable boycott-related requests. The updated public list of entities who have been identified as having made a boycott-related request in reports received by BIS includes a total of 38 additions. BIS also removed over 20 entities. Today’s announcement builds on the second quarterly update published in October.
 

“The boycott Requester List has been a dynamic and innovative addition to antiboycott enforcement,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “Since its inception in March 2024, the boycott Requester List has made it easier for U.S. persons to fulfill their reporting responsibilities by raising awareness of sources of boycott-related requests. Even more significantly, more than 40 entities have now been removed from the List for ceasing to include boycott conditions in their transaction documents with U.S. persons.”
 

Each entity on the boycott Requester List has been recently reported to BIS on a boycott request report form, as required by Section 760.5 of the Export Administration Regulations (EAR), as having made a boycott-related request in connection with a transaction in the interstate or foreign commerce of the United States. New additions are identified on the boycott Requester List by “December 2024” in the “Date Listed” column. If you believe that you have been listed in error or would like to discuss a listing, please contact the Office of Antiboycott Compliance (OAC). 
 

U.S. persons are encouraged to diligently review transaction documents from all sources, especially those involving these listed parties, to identify possible boycott-related language and to determine whether U.S. person recipients have a reporting requirement to BIS. The boycott request reporting form can be found here.  

The updated boycott Requester List is posted on the OAC webpage link with the objective of helping U.S. persons comply with the reporting requirements of the antiboycott regulations set forth in Part 760 of the EAR, 15 CFR Parts 730-774. 
 

Additional Information: 

The antiboycott provisions set forth in Part 760 of the EAR discourage, and in certain circumstances prohibit, U.S. persons from taking certain actions in furtherance or support of a boycott maintained by a foreign country against a country friendly to the United States (an unsanctioned foreign boycott). 
 

U.S. persons must report to OAC their receipt of certain boycott-related requests. Reports may be filed electronically or by mail on form BIS-621P for single transactions or on form BIS-6051P for multiple transactions involving boycott requests received in the same calendar quarter. U.S. persons located in the United States must postmark or electronically date stamp their reports by the last day of the month following the calendar quarter in which the underlying request was received. For U.S. persons located outside the United States, the postmark or date stamp deadline is the last day of the second month following the calendar quarter in which the request was received. Forms for both electronic transmission and mail submission may be accessed from the forms request page. 
 

For information regarding the application of the antiboycott regulations, please contact the OAC Advice Line at (202) 482-2381 or through the online portal.  
 

Parties Removed from the Requester List Include:

WASHINGTON, D.C. — The Department of Commerce’s Bureau of Industry and Security (BIS) imposed, as part of a settlement agreement, a civil penalty of $180,000 against The Indium Corporation of America (Indium), a materials refiner, smelter, manufacturer, and supplier to the global electronics, semiconductor, thin-film, and thermal management markets. Indium is headquartered in Clinton, NY. 

The penalty relates to Indium’s shipments to Russia of solder materials used in electronics manufacturing valued at approximately $96,506. Indium cooperated with the investigation conducted by BIS’s Office of Export Enforcement (OEE) and took remedial measures after discovering the conduct at issue, which resulted in a significant reduction in the penalty.  

“Companies that continue to export items to Russia must ensure those items do not fall under a prohibited Harmonized Tariff Schedule code,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “Indium failed to do so, and this is the result.”   

As alleged in the Proposed Charging Letter (PCL), between April 2022 and March 2023, Indium engaged in conduct prohibited by the Export Administration Regulations (EAR) on 11 occasions when it exported solder preforms, solder wires, and solder ribbon, valued at $96,505.89, to Russia without the requisite license or other authorization from BIS. The items exported by Indium are classified EAR99. However, because these items were classified by Harmonized Tariff Schedule (HTS) codes that appeared on Supplement no. 5 to Part 746 of the EAR at the time of export, these items required a license for export to Russia pursuant to § 746.10(a)(1) of the EAR. As detailed further in the PCL, Indium encountered, but failed to appropriately address, red flags throughout these transactions.  

On May 19, 2023, after these violations occurred, the parties to Indium’s transactions—Inter-Trans Sp z.o.o., BMA Spedition GmbH, and Ostec Integra Ltd.—were added to the Specially Designated Nationals List by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). These parties have facilitated hundreds of shipments of western electronics components to Russia since the beginning of Russia’s full-scale invasion of Ukraine. In particular, Ostec Integra Ltd. is one of 12 companies of the Ostec Group, which imports and distributes quantum and semiconductor technologies and supports Russian producers of various missile systems and aerial bombs. 

The full order, settlement agreement, and PCL are available online here. This case was investigated by OEE’s New York Field Office. OFAC assisted OEE in its investigation. 

Additional Information:  

BIS actions are taken under the authority of the Export Control Reform Act of 2018 (50 U.S.C. §§ 4801-4852) and its implementing regulations, the EAR. BIS controls exports of dual-use commodities, technology, and software for reasons of national security, missile technology, nuclear non-proliferation, chemical and biological non-proliferation, crime control, and regional stability. Criminal and administrative sanctions can be imposed for violations of the EAR. Under the Export Control Reform Act of 2018, among possible administrative sanctions, administrative monetary penalties can reach up to $364,992 per violation or twice the value of the transaction, whichever is greater. For more information, please visit https://www.bis.gov/enforcement.  

Report suspected export control violations through the BIS online tip portal. You can also call the Enforcement Hotline at 1-800-424-2980 or email [email protected]. 

###

WASHINGTON, D.C. — Today, as part of a settlement agreement, the Department of Commerce’s Bureau of Industry and Security (BIS) imposed a civil penalty of $3,300,000 against Integra Technologies, Inc. (“Integra”), a radio frequency and microwave power solutions engineering and manufacturing company headquartered in El Segundo, California. The penalty relates to Integra’s shipments to Russia of transistors and related products, which can be used for avionics or radar systems. Integra made a significant number of shipments to Russia, several of which occurred after such products had been designated by the United States, the European Union, Japan, and the United Kingdom as Common High Priority List (CHPL) items. The CHPL items are items that Russia specifically seeks to procure for its defense industrial base to support weapons programs used in its full-scale invasion of Ukraine. 

Integra sold approximately $6.67 million of transistors and related products, including CHPL items, to Russian end users between February 2023 and October 2023. All of these sales occurred without the requisite license or other authorization from BIS. Integra voluntarily disclosed the conduct to BIS and cooperated with the investigation by BIS’s Office of Export Enforcement. This voluntary self-disclosure (VSD) resulted in a significant reduction of the penalty. BIS also agreed to suspend $1.5 million of the penalty due to Integra’s limited ability to pay.

“Since Putin’s full-scale invasion of Ukraine, we have been crystal clear about the need for corporate vigilance related to exports of Common High Priority List items,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “Today’s penalty, which BIS mitigated pursuant to a VSD, should send a strong signal to other CHPL exporters of the consequences that will flow from violations of controls on these critical items.”

“After Russia’s further invasion of Ukraine, the United States imposed extensive new export controls for Russia. As these controls continued to evolve, it was critical for any U.S. company that made the decision to continue to export to Russia to closely track and implement updates to the controls. Integra failed to do so. Significantly, though, Integra’s disclosure and extensive cooperation throughout the investigation resulted in a significant reduction in the monetary penalty, which is the main incentive of our VSD policies,” said Office of Export Enforcement Director John Sonderman.

As part of the settlement agreement, Integra admitted to the conduct set forth in a Proposed Charging Letter, which alleged 94 violations of the Export Administration Regulations (EAR). Specifically, on 94 occasions between February 2023 and October 2023, Integra sold and exported transistors and related products via two third-party distributors to eight different Russian end users, without any license or authorization from BIS. The transistors that Integra exported were added to the CHPL in July 2023.

At the time of the violations, Integra was aware that it was shipping transistors and related products to Russian end users. However, because Integra’s export compliance program lacked procedures requiring regular review of revisions to the EAR, Integra failed to recognize that, as of February 2023, such items required a license for export to Russia. Integra did not realize its error until October 2023, after which Integra promptly stopped all shipments intended for Russian end users and filed a voluntary self-disclosure with BIS. Integra stated that, at the time of the relevant shipments, it believed the specific EAR99 products it sent to Russian end users were technologically suitable only for civil end use, rather than military end use.

The full order, settlement agreement, and Proposed Charging Letter are available online here. This case was investigated by OEE’s Los Angeles Field Office.

Additional Information:

BIS actions are taken under the authority of the Export Control Reform Act of 2018 (50 U.S.C. §§ 4801-4852) and its implementing regulations, the EAR. BIS controls exports of dual-use commodities, technology, and software for reasons of national security, missile technology, nuclear non-proliferation, chemical and biological non-proliferation, crime control, and regional stability. Criminal and administrative sanctions can be imposed for violations of the EAR. Under the Export Control Reform Act of 2018, among possible administrative sanctions, administrative monetary penalties can reach up to $364,992 per violation or twice the value of the transaction, whichever is greater. For more information, please visit https://www.bis.gov/enforcement.

Report suspected export control violations through the BIS online tip portal. You can also call the Enforcement Hotline at 1-800-424-2980 or email [email protected].

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) added 8 entities to the Entity List for activities contrary to U.S. national security and foreign policy under the destinations of the People’s Republic of China (PRC) (2), Burma (2), and Russia (4). These Entity List additions are related to enabling human rights violations.  

“Human rights abuses are contrary to the foreign policy interests of the United States,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “By adding these parties to the Entity List with the presumption of denial license review policy, we aim to ensure that U.S. technology is not used to enable human rights violations and abuses.”

“BIS is deeply committed to protecting human rights and vulnerable populations throughout the world,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler. “Today’s action will prevent bad actors from misusing items subject to our controls for malign purposes.”

Of the two PRC entities added, one was added because it enables human rights violations, including high-technology surveillance targeted at the general population of the people of China, Uyghurs, and members of other ethnic and religious minority groups. The other entity was added due to enabling the PRC’s public security establishment to carry out human rights violations. 

Four entities, two under the destination of Burma and two under the destination of Russia, were added to the Entity List for supplying the Burmese military with parts and components that have enabled the military to carry out human rights violations, including brutal aerial attacks against the civilian population. 

The remaining two Russian entities were added for supplying facial recognition technology to the Russian government to target peaceful protesters, an integral component of Russia’s mass surveillance apparatus. 

Additional Background

These BIS actions were taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

The Entity List (supplement no. 4 to part 744 of the EAR) identifies entities and addresses for which there is reasonable cause to believe, based on specific and articulable facts, that the entities—including businesses, research institutions, government and private organizations, individuals, and other types of legal persons—or parties that are operating at an address that presents a high diversion risk, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

The interagency End-User Review Committee (ERC), comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury, makes decisions regarding additions to, removals from, or modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

The text of the rule, which includes the list of entities, is available on the Federal Register’s website [here].

Additional information on the Entity List is available on BIS’s website at: /node/17019.

For more information, visit www.bis.gov.

###

Assistant Secretary for Export Enforcement Matthew S. Axelrod Delivers Remarks at the Practising Law Institute’s Coping with U.S. Export Controls and Sanctions Conference

Washington, D.C.

December 9, 2024

Remarks as Prepared for Delivery

            Every morning, as I drive my car into the Commerce Department parking lot, I pass under a stone relief sculpted on the outside of the building. The relief, which depicts a life preserver on top of an anchor, bears the year 1838 and the inscription “Steamboat Inspection.” Back in 1838, steamboat disasters were common. From boiler explosions to collisions, traveling by steamboat had significant safety risks. To help mitigate those risks, Congress created the Steamboat Inspection Service, tasking it with protecting the safety of steamship crews and passengers. The Inspection Service examined the hulls and machinery of steam vessels and administered laws requiring those vessels to carry life-saving equipment. In 1903, Congress transferred the Service to the Commerce Department, then called the Department of Commerce and Labor. And until the end of World War II, when its functions were eventually transferred to the U.S. Coast Guard, steamboat inspection work was among the Department’s core functions.

            Seeing that stone relief each day reminds me just how drastically the Commerce Department’s mission has changed since the early 1900s. Today, instead of steamboats powering the American economy, it’s semiconductors. And instead of worrying about safety risks for individual steamboat crewmembers and passengers, we’re focused on national security risks shared by every American. At the Bureau of Industry and Security (BIS), my team is responsible for preventing nation-state adversaries from obtaining sensitive U.S. technologies to modernize their militaries, enable human rights abuses, and advance their weapons-of-mass-destruction (WMD) programs. We work to keep our country’s most sensitive technologies out of the world’s most dangerous hands. That world looks a lot different today than it did when the Commerce Department was first created. And so does the Department’s place in it, with BIS now playing a critical role in protecting our country’s national security. 

*          *          *

            I started at Commerce in December 2021, just two months before Russia’s full-scale invasion of Ukraine. And what I said to my team that first day rings just as true three years later: Export Enforcement, now more than ever before, is the tip of the spear when it comes to preventing sensitive U.S. technologies from being put to malign purposes by our adversaries. 

            Our enforcement authorities under the Export Control Reform Act are mighty. We have the power to investigate export violations and impose administrative and, with the support of the Department of Justice, criminal penalties. We also have the regulatory ability to impose broad controls on entities of national security or foreign policy concern.

            But our budget – aptly described by Secretary Gina Raimondo as still less than “the cost of a few fighter jets” – has not kept pace with those authorities or with the heightened importance of our mission. There were more than 32 million exports of dual-use items in 2021, the year I came on board. And we have approximately 150 enforcement agents and 40 analysts to detect and investigate exports that violate our rules. You do the math. There’s just no possible way we can protect U.S. technology through investigation alone. 

            That’s why, on my very first day, I told everyone in Export Enforcement that we needed to be strategic and intentional about how we maximize our finite resources to best meet this critical national security moment. I told them that, during my tenure, we were going to focus on three “Ps” – prioritized enforcement, profile, and partnerships. By prioritizing our enforcement, enhancing our profile, and strengthening our partnerships, I said, we can ensure that we are putting the resources we do have to their highest and best use. Those three “Ps” were our focus areas for the last three years. So, let’s take a look at how well we did executing on them.

Prioritized enforcement

            I’ll start with how we’ve prioritized our enforcement efforts. We don’t have the resources to monitor every export or investigate every potential violation. That means every investigation we choose to do actually carries with it an implicit choice not to do others. Because our resources are limited, it’s a zero-sum game. Accordingly, we’ve needed to be relentless in our thinking about how to use our finite resources to have the biggest national security impact. 

            That’s why, in February 2022, we launched the Disruptive Technology Strike Force with the Department of Justice to protect a prioritized group of advanced technologies – such as quantum computing, advanced semiconductors, and hypersonics – from illegal acquisition and use by nation-state adversaries like Russia, China, and Iran. The Strike Force brings together experienced prosecutors and agents from BIS, the Federal Bureau of Investigation (FBI), Homeland Security Investigations (HSI), and the Defense Criminal Investigative Service (DCIS) to form operational cells in seventeen different locations across the country. These agents and prosecutors are supported by an interagency analytical effort organized out of the agencies’ headquarters here in Washington, D.C. 

            Since its inception, the Strike Force has publicly charged 25 criminal cases, a 50 percent increase in such actions when compared to the prior two years. The cases charged so far range from Russian procurement networks acquiring military-grade technology, to the theft of blueprints for sophisticated missile-detection technology in support of the People’s Republic of China (PRC), to the smuggling of U.S.-origin items used in the production of unmanned aerial vehicles (UAVs) and ballistic missile systems to Iran. Just last month, for example, the work of the Strike Force led to charges against a Virginia company and two of its top executives for allegedly shipping sensitive U.S. electronics to Russia.

            The Strike Force has employed an all-tools approach. In addition to our criminal cases, we imposed a nearly $6 million administrative penalty on a Pennsylvania company for shipping items to parties tied to China’s hypersonics, UAV, and military electronics programs. We issued Temporary Denial Orders against nearly 30 entities (including airlines, freight forwarders, defense companies, and others) to cut off their access to controlled U.S. items. We worked with Treasury to add parties to their Specially Designated Nationals (SDN) list. And we nominated over 20 parties to the Entity List for their participation in the PRC’s artificial intelligence (AI) and quantum technology programs.

            At BIS, we’ve been laser-focused on countering the PRC’s efforts to leverage advanced technologies for military modernization purposes. Last month, we imposed a half-million dollar administrative penalty on a New York company for shipping semiconductor materials to an Entity-Listed Chinese company. In October, a Chinese national pleaded guilty to illegally exporting semiconductor manufacturing equipment to company placed on the Entity List for its ties to the Chinese military. Over the past few years, we’ve brought numerous enforcement actions against Chinese procurement networks, including arresting a defendant in connection with an alleged plan to steal proprietary information related to AI technology from Google and obtaining a guilty plea from a NASA contractor who secretly funneled sensitive aeronautics software to an Entity-Listed Chinese university. In another case, we charged a Belgian national with crimes related to a years-long scheme to unlawfully export sensitive, military-grade technology to the PRC. 

            Our work has similarly led to the dismantling of over a dozen separate illicit Russian procurement networks, including one led by Maxim Marchenko, a Russian national who used several Hong Kong-based shell companies to obtain large quantities of sensitive, military-grade microelectronics. Marchenko was sentenced in July to three years in prison. We’ve also targeted Iranian procurement networks, including, most recently, arresting a dual U.S.-Iranian national charged with exporting U.S.-manufactured aircraft components to Iran and, separately, indicting a father-son duo who are alleged to have exported aerospace equipment to Iran.  

            To further hone our prioritization efforts, we changed the categories of what we measure internally. More specifically, last fiscal year, we launched a new metrics initiative to track our investigative and analytic work, that is, to measure how close the fit is between our highest priorities and how we are spending most of our time. Now, for the first time ever, the annual performance plans for all of our managers include a component on how well their field office’s investigations, or leads generated by their analysts, connect to our highest-priority areas. More specifically, we’ve internally identified items of greatest concern – like the disruptive technologies the Strike Force prioritizes; end users of greatest concern – like adversarial military, intelligence, and security agencies; and end uses of greatest concern – like WMD, military modernization efforts, and human rights abuses. We now track how many of our leads and cases are tied to one or more of these highest-priority areas. This way, we can better ensure that our agents and analysts are spending the bulk of their time where it can have the biggest impact. And it’s working. Last year, we increased the percentage of our cases that involve a prioritized technology, end user, or end use from 70% to more than 85%, with over 95% of our leads tying to one or more of these categories as well.

            We also strengthened our administrative enforcement program. We changed our procedures – to make our charging letters public when filed, to eliminate “no admit, no deny” settlements, and to raise the penalty amounts for serious violations. We clarified our voluntary self-disclosure policy to specify that if a company knows of a significant potential violation and affirmatively decides not to tell us, then that lack of disclosure will be an aggravating factor in any subsequent penalty calculation. A few months ago, we amended our administrative penalty and voluntary self-disclosure regulations to institutionalize these changes, and to give us more discretion in determining appropriate penalties for export control violations more broadly. We hired a first-ever Chief of Corporate Enforcement, to help advance our significant corporate investigations. And we made changes to our antiboycott enforcement program, where we re-ordered the regulatory penalty tiers, raised penalty amounts, eliminated “no admit, no deny” settlements, and announced an enhanced focus on foreign subsidiaries of U.S. companies. 

            These program and policy changes – designed to maximize our overall enforcement efforts – are bearing fruit. Over the last two years, we’ve had the agency’s highest number ever of convictions, months of imprisonment, Temporary Denial Orders, end-use checks, and post-conviction denial orders. Last year, we imposed our largest standalone administrative penalty ever, $300 million, against Seagate for their shipment of millions of hard disk drives to Huawei. We also participated in the disruption of what is believed to be the world’s largest-ever botnet, which infected over 19 million IP addresses and facilitated cyber-attacks, export violations, and billions of dollars of fraud.

            But it’s not just the arrests, indictments, and administrative penalties. We’ve also publicly listed, for the first time ever, nearly 200 aircraft from Russia, Belarus, and Iran that have flown in violation of our controls and thus triggered General Prohibition 10 restrictions, which prohibit refueling, maintaining, or repairing those planes. And we’ve issued a record number of TDOs against the biggest airlines in Russia, Belarus, and Iran. Alongside DOJ, we seized a $13 million plane owned and operated for the benefit of Nicolás Maduro Moros and his regime in Venezuela. Our work also led to the forfeiture of a U.S.-manufactured Boeing 747 cargo plane, previously owned by Mahan Air, a sanctioned Iranian airline affiliated with the Islamic Revolutionary Guard Corps-Qods Force, a designated Foreign Terrorist Organization. 

            And that’s not all. Beyond our casework, we’ve taken further prioritized actions. In the last three years, nominations from my team in Export Enforcement have resulted in over 900 parties from Russia, China, Iran, and elsewhere being added to the Entity List. This past fiscal year, for example, the team was responsible for adding over 320 parties to the Entity List and nearly 40 parties to the Unverified List. This represents an all-time high for Export Enforcement. We also – for the first time ever – placed 16 addresses in Hong Kong and Turkey on the Entity List for “housing” hundreds of shell companies responsible for more than $130 million in high-priority items being diverted to Russia. And we’ve also ensured that, under new regulations, persons blocked under certain OFAC sanctions programs are automatically subject to our controls as well.

            Over the past three years, our aggressive and prioritized enforcement posture has become business as usual. It’s our basic operating level. And I anticipate that you’ll continue to see significant enforcement announcements in the weeks, months, and years to come.    

Profile

            Next, let me address our profile. I told the team on that first all-hands call that I would be a tireless champion for Export Enforcement and the work we do. Not just so that our agents, analysts, and Export Control Officers get the recognition they deserve, although that’s important.  But also because raising the profile of Export Enforcement out in the world has a strategic purpose. It acts as a force multiplier. Because we have such limited resources to meet such significant national security threats, we can’t succeed by end-use checks and investigations alone. Those are essential, but they’re not enough. We also need deterrence. We need to have industry fully committed to investing in robust compliance programs. And, my view, from the first day of my tenure, has been that one way to help make that happen is to continually evangelize about our work, including through speeches, interviews, conferences, and press releases. The goal is to let industry know that we want to partner with them to make sure they follow our rules (and also to let them know that there are meaningful consequences when they don’t). By continuing to raise Export Enforcement’s profile, we hope to convince companies to invest more heavily in compliance and prevention.

            That’s why I’ve agreed to speak at so many external events, including giving this keynote here today. Through webinars, podcasts, and conferences, I’ve spoken to thousands of trade practitioners and compliance professionals, C-Suite leaders, in-house and outside counsel, and trade associations. I’ve participated in panel discussions at forums as varied as the Munich Security Conference, the American Bar Association’s White-Collar Crime Institute, and the American Bankers Association Financial Crimes Enforcement Conference. This speech marks the eighteenth formal speech that I’ve delivered to audiences around the globe – from New York to Singapore, from Texas to Toronto – about our national security mission and the critical importance of our work. 

            And, of course, I haven’t been the only government official out there speaking on this topic. The Secretary of Commerce, Gina Raimondo, has repeatedly emphasized the importance of export controls, explaining that, in the wrong hands, the most cutting-edge technology, like supercomputers or AI chips, can ultimately prove as deadly as any weapon. National Security Advisor Jake Sullivan has highlighted export controls’ national security role, noting their centrality in helping the United States to maintain as large a scientific and technological lead as possible over our adversaries. Deputy Attorney General Lisa Monaco and other Department of Justice leaders have focused time and again on sanctions and export enforcement in their speeches, including by declaring sanctions and export enforcement a top Department of Justice corporate enforcement priority and noting how national security concerns must rise to the top of corporate compliance risk charts.    

            Three years after I told my team that we wanted to raise their profile, I submit that we’ve successfully done it. Industry and trade practitioners understand that we’re now in a new era for export enforcement. Companies are evaluating their compliance programs to ensure they are robust and effective, lest they face multimillion dollar penalties for violating our rules. Word is out that export violations can no longer be considered just the cost of doing business. Instead, violations now present enterprise risk, which means that investment in compliance is crucial. The enhanced profile, combined with our voluntary self-disclosure policy changes, has led to a sharp rise in the number of significant disclosures we’re receiving – an increase of nearly 70% when comparing the 18 month-period before and after the policy announcement.

            I’ve heard several times at my speaking engagements over the past three years that I was the first speaker they ever had from the Commerce Department. I’ll tell you how I responded: I may be the first, but I won’t be the last. Export enforcement is now at the red-hot center of protecting our national security. Given our current geopolitical environment, that’s likely to remain true for the foreseeable future. And so is our heightened profile.

Partnerships

            Which leads me to the third and final “P” – partnerships: how we’re working with our interagency partners to pool resources and authorities to bring enforcement actions; with our international counterparts to multilateralize our efforts; and with the private sector to help ensure compliance with our rules.

1.      Interagency partnerships

            While the Disruptive Technology Strike Force is the highest-profile example of our interagency partnerships, it’s certainly not the only one. We’ve also developed a close relationship with the Treasury Department, working with their Financial Crimes Enforcement Network (FinCEN) to publish – for the first time ever – a joint alert that created a new key term for financial institutions to use when filing Suspicious Activity Reports (SARs) for suspected Russian diversion. We then published two additional alerts together, creating a key term for export control evasion globally. To date, our analysts have reviewed over 1,400 SARs that contain one of these key terms, and we have been able to action more than 160 of those filings – either by sending a new lead to our enforcement agents, advancing an existing case, or developing an Entity List package. We’ve also built a close relationship with Treasury’s Office of Foreign Assets Control (OFAC), with whose Director I have a standing biweekly coordination call. Last year, we signed an MOU formalizing our enhanced coordination and partnership. And, last April, we imposed a combined $3.3 million civil penalty against Microsoft to jointly resolve alleged violations of U.S. export controls and sanctions laws. You can expect to see additional coordinated enforcement actions from us in the near future.

            In addition to DOJ and Treasury, we’ve also worked with the interagency more broadly to publish an unprecedented number of advisory notes, guidance documents, and alerts. From the applicability of our controls to non-U.S. persons, to Iran’s UAV-related activities, to the need for the transportation industry to “know their cargo,” it’s hard to find a topic where we haven’t published something. It’s unheard of for the government to release so many multi-agency guidance documents in such a short amount of time. That’s a testament to our partners at the Departments of Justice, State, Homeland Security, and Treasury. And it reflects our core belief that we would much rather help industry understand and comply with our rules on the front end than pursue violations of them on the back end. When we’re pursuing violations on the back end, it typically means the sensitive technology has already gone where it shouldn’t and the national security harm has already happened.

            Most recently, we partnered with the National Security Agency to build and deploy the Commerce Screening System (CSS), a brand-new game-changing information technology tool. Through the CSS, we are now able to screen every foreign party to a license application against certain intelligence holdings. Prior to the CSS, such screening was done manually, which meant that we were only able to screen about 800 license applications a year. Now, thanks to our new automated system, we’ll be able to screen all of the approximately 40,000 applications that BIS receives annually. While the CSS just went live in October, it’s already demonstrating real results. After two months of operation, this tool has enabled us to screen over 7,300 license applications and identify over 420 unique licenses where the intelligence holdings needed further review by a licensing officer prior to the licensing decision being made.

2.      International partnerships

            On the international front, while export controls have long been coordinated multilaterally on the policy side, there have not been any corresponding multilateral coordination mechanisms when it comes to enforcement. Thanks to our leadership efforts, and those of our allies and partners, I’m proud to say that’s no longer the case. We’ve established – for the first time ever – three different enforcement coordination mechanisms.

            First, we worked with the G7 to create a Sub-Working Group on Export Control Enforcement. The Sub-Working Group, established last year, provides the G7 countries and the European Commission a forum for exchanging information and operational results, discussing trends in research and analysis, and sharing best practices for enforcement. A few months ago, the G7 countries and the European Commission published, for the first time ever, joint guidance for industry on preventing evasion of the export controls and sanctions imposed on Russia.

             Second, we established the Disruptive Technology Protection Network (DTPN) with the governments of Japan and South Korea, to expand information sharing and the exchange of best practices across the three countries’ enforcement agencies. This past April, we held a high-level summit here in D.C. to formally launch the initiative, after it was first announced at the Trilateral Leaders’ Summit at Camp David last summer. Since then, our teams have met regularly to exchange information, including just last week. 

            And, third, we established the Export Enforcement Five, or E5, with the governments of Australia, Canada, New Zealand, and the United Kingdom. The E5 works with industry, including by publishing novel guidance, to harden supply chains of the items that Russia needs to sustain its unlawful full-scale invasion of Ukraine. The E5 also works to identify entities that have violated our coordinated export controls and to share investigative information for coordinated enforcement actions against them. 

            In addition to these unprecedented multilateral efforts, we’ve signed individual bilateral agreements for the first time with the European Anti-Fraud Office and with the Australian, Japanese, South Korean, and Swiss governments, to facilitate law enforcement cooperation and information sharing. We’ve also expanded our international footprint to better collaborate with partner governments across the globe. We now have 11 Export Control Officers in nine locations abroad, including two newly stationed in Taiwan and Finland. And, for the first time ever, we placed an enforcement analyst outside the United States, in Ottawa.

3.      Private sector partnerships

            Last but certainly not least, we’ve enhanced our partnerships with industry and academia. Over the past three years, we’ve conducted outreaches to nearly 6,000 companies, an all-time high, to ensure they’re aware of regulatory changes and to warn them against illicit procurement attempts. We’ve issued supplier list and red flag letters, along with a guide explaining the difference between the two. In addition to our numerous multi-agency guidance documents, we also published BIS-specific recommendations for exporters on Russian evasion typologies, high-priority Harmonized System (HS) codes, and evasion red flags. Expanding beyond our more traditional stakeholders, we also recently published new BIS guidance for freight forwarders and for financial institutions containing best practice recommendations on how to avoid liability for export violations. 

            For academia, we launched the Academic Outreach Initiative to help universities protect their sensitive research from nation-state adversaries who seek to acquire it. The open and collaborative nature of our research institutions is fundamental to their success as science and technology leaders – but at the same time presents an inviting target for foreign adversaries who wish to exploit that environment and misappropriate those institutions’ research. Over the last few years, we’ve doubled our reach – expanding the initiative from an initial 20 research institutions to 40, with 11 added this past October. For each of the 40 institutions, we’ve assigned a dedicated “Outreach Agent,” a specific agent from their local BIS field office who meets with the institution regularly and serves as a resource and point of contact. We’ve also conducted webinars on identifying red flags for academia and other topics. And we published – for the first time ever – a compendium of resources to help universities comply with our export rules and an analysis of voluntary self-disclosure trends to help them identify high-risk areas. 

            We’ve developed similar innovations to help industry comply with our antiboycott rules. We implemented a new data field to collect the names of foreign parties making boycott requests and then used that data to create – for the first time – a public list of such foreign parties. This innovative boycott Requester List now lets U.S. companies know which foreign parties have made boycott requests in the past – so that if they’re dealing with those parties, they know to scrutinize transaction paperwork closely for reportable boycott requests. Beyond that, the Requester List has driven foreign parties to change their behavior by eliminating boycott language from their transaction documents, thus reducing boycott requests at their source. To date, over 20 companies have removed boycott-related language from their transaction documents. That benefits both U.S. companies and U.S. foreign policy interests.

            As intended, these partnerships have worked as force multipliers. They’ve allowed us to galvanize resources across the interagency, across industry, and across the world to help protect sensitive technology from being misappropriated by our adversaries. The national security challenge we face is massive. Through prioritized enforcement efforts, an enhanced profile, and expanded partnerships, we’re doing everything in our power to meet it.

*          *          *

            So, I began my remarks by telling you about the “Steamboat Inspection” carving I see every day as I enter the Commerce Department. I want to close by telling you about a different part of what has been my daily commute for the past three years. Just before I arrive at work each morning, I drive down 14^th Street through the National Mall. Each day, I take the conscious action of looking to my left, at the Washington Monument, and then to my right, at the United States Capitol. I do this intentionally to remind myself of the immense privilege I have been given – the privilege of serving the people of the United States, the privilege of waking up every day and driving to a job where the mission is to protect our national security by bringing to justice those who would transfer our country’s most sensitive technology to our country’s most serious adversaries.

            It’s been my deep and profound honor to serve as the Assistant Secretary for Export Enforcement these past three years. When this Administration began, I never could have predicted that this role would be the one I was asked to fill. But I am beyond fortunate to have had the opportunity to serve in it. The commitment, dedication, and impact of the men and women in Export Enforcement are second to none. It has been humbling to lead them and to learn from them. And while the time is rapidly approaching when I will no longer have the responsibility of leading them, I can’t wait to see what they accomplish next.

Thank you.

WASHINGTON, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) is releasing a report on the use of mature-node semiconductor chips, or legacy chips, in supply chains that directly or indirectly support U.S. critical infrastructure. The report includes key findings related to U.S. companies’ use of legacy chips manufactured by entities based in the People’s Republic of China (PRC). 

The report, based on data BIS collected pursuant to an authority under the Defense Production Act (DPA), shows:

• Companies that sell products containing legacy chips continue to lack visibility into their semiconductor supply chains. About half of surveyed companies were unable to determine whether their products contained any chips manufactured by PRC-based foundries.
• Based on the information respondents provided, U.S. companies’ use of chips made in PRC-based foundries is pervasive. More than 2/3 of their products contain PRC-origin chips. However, these legacy chips represent a limited share of the total number of chips used in those products. 
• Capacity expansion in China has already begun to cause pricing pressure that may weaken U.S. chip suppliers’ competitive positions. 

“We are committed to creating a level playing field in the semiconductor industry to ensure that U.S. companies, and those in like-minded countries, can compete. But unfair practices from the PRC to expand legacy chip production will create significant challenges for U.S. economic and national security,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “Our survey results indicate that companies remain shockingly unaware of the sources of chips used in their products. While government cannot act alone, more action is needed to build strong, diverse, and resilient semiconductor supply chains.”

“This work has provided invaluable data that will help the U.S. government continue building secure semiconductor supply chains,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler. “Legacy chips are essential components in almost every part of our critical infrastructure, and it’s imperative we understand our exposure to any supply chain risks and act accordingly to address them.” 

In January 2024, BIS initiated a DPA survey and assessment to learn how companies are sourcing these mature-node semiconductors. The survey and assessment were initiated at the direction of the Secretary of Commerce to bolster the Department’s ongoing work to develop robust semiconductor supply chains, support domestic production of semiconductors, and protect U.S. national security. 

The report’s findings illuminate how U.S. companies are currently directly and indirectly sourcing legacy chips and the extent of the use of chips manufactured by companies based in the PRC in critical U.S. industries, to include telecommunications, automotives, medical devices, and the defense industrial base. 

The report’s findings will help inform future U.S. government actions to address PRC overconcentration and oversupply concerns, as well as companies’ lack of visibility into the supply chains for these critical semiconductor components. The Department remains committed to securing critical supply chains for semiconductors and safeguarding the U.S. economy from the distorting effects of non-market activity.

Review the report here.

For more information, visit www.bis.gov. 

# # # 

Final Rule Formalizes Implementation of ICTS Program Authorities to Address Undue and Unacceptable Foreign Adversary Risks to ICTS Transactions in the United States

WASHINGTON, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a final rule cementing the procedures it will follow in investigating foreign adversary threats to information and communications technology and services (ICTS) transactions that may harm U.S. national security, pursuant to Executive Order (EO) 13873: Securing the Information and Communications Technology and Services Supply Chain.

This final rule demonstrates the Biden-Harris Administration’s proactive efforts to address the potential national security risks associated with the ICTS supply chain and the abuse of U.S. critical infrastructure by foreign adversaries. It is a significant step in formalizing the operations of the Office of Information and Communications Technology and Services (OICTS), which was established within BIS in March 2022 to implement EO 13873 and related executive orders. 

Since its formation, OICTS has completed or undertaken several key investigations and rulemakings. In June 2024, OICTS announced a first-of-its-kind final determination prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from selling its software within the United States or providing updates to software already in use, amongst other activities.

Additionally, in September 2024, OICTS issued a proposed rule that would prohibit the sale or import of connected vehicles integrating specific pieces of hardware and software, or those components sold separately, with a sufficient nexus to the People’s Republic of China (PRC) or Russia. These actions underscore the critical role of OICTS in protecting American technologies and services from potentially malicious foreign adversary intervention or interference.

“This final rule clarifies and strengthens BIS’s existing authorities to investigate, mitigate, and prohibit ICTS transactions involving our foreign adversaries. It significantly enhances our ability to protect the resilience of our national infrastructure and technology and communications sectors,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “The further formalization of the OICTS is an important part of a pivotal year in the office’s growth as it continues to advance U.S. national security.”

“Today’s rule affirms the Department’s commitment to preventing foreign adversaries from using U.S. technology and communications systems to harm U.S. persons or critical infrastructure,” said OICTS Executive Director Elizabeth Cannon. “The rule makes important updates to the processes our office uses to identify and mitigate risks and enforce our regulations on foreign adversary ICTS in the United States.”

An interim final rule published on January 19, 2021, solicited public comments on how the Department should implement various provisions of EO 13873. The final rule addresses feedback from the public on a number of issues, including the scope of the rule, the timeline for completing investigations, the procedures the Department will follow in making determinations, and the role of the Department’s interagency partners. 

Changes made in today’s final rule include consolidating the list of technologies within the scope of the rule, outlining the sources of information the Secretary of Commerce may consider when formulating Initial and Final Determinations, and refining the recordkeeping requirements for parties to transaction(s). The Department intends these changes to be consistent with industry and public concerns regarding potential foreign adversary threats to the ICTS supply chain

The text of the final rule released today is available on the Federal Register’s website here. 

For more information, visit https://www.bis.gov.

###

Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler Delivers Remarks at the WorldECR Forum

London, United Kingdom

December 3, 2024

Remarks as Prepared for Delivery

Introduction

Thank you to WorldECR and editor Tom Blass for including me in this terrific event, focused on trade control law and regulations, policy, and practice.  I’m particularly glad to participate in the London version of this conference – my time as Assistant Secretary of Commerce for Export Administration in the Biden-Harris Administration has been marked by extensive cooperation and collaboration with my United Kingdom counterparts, so it’s especially fitting that I’m here this week for my last international outreach during my tenure. 

For three years now, I have led the part of the U.S. Commerce Department’s Bureau of Industry and Security (BIS) that designs policy to control the proliferation of “dual-use” items.  We are in a time of increasingly rapid evolution of both technologies and national security threats.  This requires our team to even more nimbly identify technologies for which guardrails are necessary and amend our controls as appropriate.

Even as we conduct the traditional work of screening transactions and adjudicating license applications, our ever-changing environment places new demands on our ability to assess technical performance; review available intelligence on destinations, end users, and risk of diversion; and scrutinize end uses.  

I am proud of what our team has accomplished during my tenure, and the creativity they have brought to their work in a resource constrained environment to protect U.S. national security and safeguard global peace and stability.  

Biden-Harris Administration Export Controls Achievements

When I took on this role almost exactly three years ago, we established three clear priorities that have not wavered:

1. Degrade Russia’s military capabilities and thwart Russia’s unjustifiable invasion of Ukraine;
2. Impede the People’s Republic of China’s (PRC’s) ability to modernize its military, a threat that is exacerbated by the Chinese Communist Party’s Military-Civil Fusion (MCF) strategy; and
3. Deepen our export control relationships and coordination with our allies and partners.

Degrading Russia’s Military  

Russia has been at the forefront of the Biden-Harris Administration’s policy decisions, and that is reflected in how I spent my first weeks on the job – and at least part of each week since then.  Using our authorities, since February 2022, we increasingly ramped up our controls on Russia, its enablers in Belarus and Iran, and the DPRK. We published nearly fifty rules imposing a range of restrictions on Russia, controlling not just all items on our Commerce Control List but also around 2,500 lower-level (EAR99) technologies based on Harmonized Tariff Schedule (HTS) code.  And we added over one thousand organizations in Russia and those who supply Russia to our Entity List.  This is what was expected of us in export controls, classic controls on items and entities. 

It’s an axiom in our field that export controls are only effective when other manufacturers of the same technology implement comparable controls – it's the premise underlying our four multilateral regimes and the plurilateral arrangements we’ve built in this Administration.  In contrast, controls applied to items widely available from foreign sources generally are less effective.  We know there are situations in which unilateral controls are necessary, especially when our values are at stake.  But unilateral controls not only do not accomplish our national security goals, they also create an unlevel business environment for companies operating in – or in our case, for companies that produce technology in – the country that imposes the controls.  

We confirmed the truth of this axiom as we crafted – and iterated – our response to Russia’s invasion of Ukraine.  We established closer than ever export control relationships with the UK, Japan, and the European Union.  And we built on those relationships to form with 38 partners the Global Export Control Coalition that continues to coordinate controls targeting Russia. 

It is because we reinvigorated our international partnerships that we created the possibility of even more effective controls.  I'm continually impressed by how far the word has spread about our “Common High Priority List” (CHPL) for Russia, which comprises fifty Harmonized Tariff Schedule (HTS) codes at the six-digit level – the international language of trade.  The CHPL was developed through careful analysis of the items Russia depends on for its military, including components recovered from the battlefield.  If the United States had acted alone to create and disseminate this list, we might have convinced a number of partners to join us in extra controls on these items.  It is because we worked with our partners that the list has worldwide recognition – not just by Customs services, but to the point that it has been adopted into the law of several partners. 

Notably, HTS codes are Export Control Classification Number (ECCN) agnostic.  Items like microelectronics, which top the CHPL, are controlled for Russia whether they fall under our advanced computing controls or are EAR99, commercial-grade legacy chips.  This is a new approach to export controls, enabled only by our global approach.  And we’re grateful to our partners who share our concerns – consider, for example, Armenia, which adopted a law specifically requiring export licenses for these items going to Russia last year.  Customs data shows that the average of CHPL exports from Armenia to Russia has fallen around 70 percent compared to the same period last year, and the latest data reported shows the lowest monthly total in exports to Russia since May 2021.

Thanks to this partnership, our coalition restricts thousands of items to Russia, and has cut off trade with much of the procurement network that feeds Russia's defense industrial base.

While we have pursued these government-to-government measures, we have also increased outreach efforts with U.S. industry to map out supply chains, assisting our efforts to completely cut Russia off from U.S.-origin and U.S.-branded components.  The effectiveness of export controls, of course, hinges on the compliance efforts of industry.  As you and our industry partners know, Russia continues to build sophisticated procurement networks to illicitly access U.S.-origin and branded components.  And so, we continue to work with the private sector to ensure they know who the end users of their items – especially microelectronics – are, which helps industry strengthen its compliance and due diligence activities.

In this area, too, our team identified a creative way forward – we began adding addresses to our Entity List.  This allowed us to specifically target corporate secretaries and shell companies, putting all parts of Russia’s global procurement networks on notice.  Our partnership with industry, combined with information sharing with our government partners, results in increased visibility into Russia’s procurement network that influences our rulemaking.

We have seen the impact of our actions on Russia, evidenced by Russia’s frustration over its military ambitions due to increasing costs, delays, and reduction in equipment quality.  And prices are driven up by the cost of establishing and re-establishing illicit procurement networks as we continue to disrupt them. Customs data shows that:

•  
  • Russia was forced to pay over 135% more on average for microelectronics after the invasion than it did in the preceding years, based on average cost by weight.[1]
  • Russia was forced to pay prices inflated by more than 320% to procure advanced coalition origin machine tools via the PRC and Türkiye.[2]
  • Russia was forced to pay over 210% more to smuggle critical U.S.-origin items through third countries.[3]
  • Our team – in close cooperation with our BIS law enforcement colleagues and partners throughout the U.S. and partner governments – constantly analyzes potential new avenues for Russia to evade our controls so that we can act swiftly to cut them off.  Our partnerships with industry and coordination with partners and allies have, and will continue to be, essential in achieving that end.

We haven’t just learned valuable lessons from our response to Russia, we’ve built new institutional muscle.

Impeding PRC Military Modernization

Principal Deputy Assistant Secretary for Strategic Trade and Economic Security Matt Borman has said that we spend “100% of our time on Russia, 100% on China, and 100% on everything else.”  It’s true – we have a tremendous team, working at a backbreaking pace.  This is doubly clear when we look at this Administration’s actions in impeding PRC military modernization.

BIS has worked tirelessly to comprehensively restrict the PRC’s access to tools and technologies for leading edge indigenous semiconductor production capabilities.  This includes our “October rules” in 2022 and 2023, the April 2024 clarification rule, and the controls we announced yesterday on semiconductor manufacturing equipment.

I want to start by taking a step back to answer why all of these controls are necessary.

First, remember that we are operating in an environment in which the PRC’s military-civil fusion (MCF) strategy is a whole-of-government, at-all-costs approach.  Its goal is to ensure that innovations in the “civilian” sector advance PRC military capabilities.  Together there, the strategy involves eliminating barriers between the PRC’s (1) civilian research and commercial sectors, and (2) military and defense industrial sectors.  To meet its objectives, the PRC has mandated and incentivized relevant domestic firms to dedicate significant resources sourcing foreign technologies that are relevant to military modernization with the goal of indigenizing their production in the PRC. 

In the semiconductor context, the PRC is making every attempt to indigenize production of leading-edge chips.  PRC leadership at the highest levels has focused on building an indigenous and self-sufficient semiconductor ecosystem, referring to integrated circuits in particular as critical to PRC national security strategy.  Reporting from PRC state-owned media outlets has even referred to integrated circuits as the “main battlefield” of the PRC’s MCF strategy.  The PRC views its semiconductor dependence on the United States and U.S. allies as a major threat to PRC efforts towards military modernization, WMD development, and technologically-enabled human rights abuses.

We know semiconductors are the foundation of the world’s economy – every device with an on/off switch has a semiconductor in it.  In the national security context, though, it is the advanced compute integrated circuits that present the greatest threat to the United States, and our allies and partners.  This is because those chips feed artificial intelligence (AI) capabilities.

U.S. and partner country semiconductor manufacturing equipment is used to manufacture advanced compute chips.  Those chips are clustered together, enabling never-before seen advances in military capability.   In fact, we know that the PRC is making investments in AI in weapons systems.  Here is one example, based on publicly-available information:

• The PRC is reported to be the world’s leading exporter of combat drones. 
  • These military drones are reportedly used by the People’s Liberation Army to patrol the PRC-India border, the Taiwan Strait, and Tibet.  Earlier this year, they were reported to have deployed in the East China Sea, approaching Japan.
  • And the PRC is reportedly collaborating with Russian firms to advance the two countries’ military drone technology.
• Now think of what is possible with drones enhanced by AI – AI built on the back of U.S. and partner semiconductor advanced chips or with advanced chips manufactured with U.S. and partner equipment.
• Most software is basically built out of if-then statements: if this, then that; if this, then that. For traditional software, you want chips that are good at taking many of these logical steps really fast, one after another. 
• In contrast, an AI model works more like a human brain: it can take in rich inputs – audio and visual signals, for example – and make sense of them, and even recommend or take appropriate actions. AI chips can do many operations in parallel. 
• Using AI-accelerator chips, those unmanned combat drones become autonomous.  They can intelligently swarm independently, and navigate, select targets, and fire, without human instruction.
• Their lethality increases by leaps and bounds, and that lethality can be targeted precisely where the PLA and its partners are already deploying these systems.

This is just one example of AI-enhanced military modernization, which can be applied across all areas of military weapons systems – including hypersonic missiles, cyberweapons, and chemical, biological, radiological, and nuclear (CBRN) weapons of mass destruction – command and control, and logistics.  The key developer of China’s hypersonics program is publicly reported to have used a supercomputer to model and aid in military aircraft design; with more AI capacity would come more military capability.  It’s exactly what we’re trying to forestall with our export controls. 

Our goal from the beginning has been to protect our collective security by impeding the PRC’s ability to indigenize the most advanced technologies, without unduly interfering with the continuing trade and development of technology.

Our response has been four iterations of controls on certain advanced computing items, supercomputers, and semiconductor manufacturing equipment. Because we started these actions in 2022, before ChatGPT and the hype around generative AI, we have had time to iterate on our approach and counter PRC attempts at diversion.

The update we announced yesterday adjusts our controls in several critical ways:

• We're adding new controls on many types of semiconductor manufacturing equipment, software tools for developing or producing semiconductors, and high-bandwidth memory (HBM), which is used in almost all AI data center chips.

• We’re also making several changes that build on the effectiveness of our controls, including new red flag guidance that will work to address compliance and diversion concerns, and a significant number of Entity List additions that span PRC tool manufacturers, semiconductor fabs, and investment companies involved in executing the PRC government’s furtherance of PRC military modernization.

This set of actions underscores the central role BIS has taken in this Administration for U.S. national security strategy – there is no Administration that has been tougher on the PRC, and that legacy will live on.

As a result of our controls, despite tens of billions of dollars in subsidies and a whole-of-government focus on semiconductor technology transfer, the PRC has only limited chipmaking capabilities at the 7nm node, which is itself more than 5 years behind the current leading edge.

As this technology gap continues to grow, the PRC will struggle increasingly to develop AI supercomputers capable of pushing the frontiers of weapons modeling, surveillance, and military modernization.

Cooperating with Allies and Partners

Through all of these measures, whether against the PRC or Russia, or any of the other myriad export control actions we’ve taken in this Administration, one thing is crystal clear:  we must work with our allies.  For the most part, the diligence this requires doesn't show up in our published regulations.  We may put a photo of a meeting on our website here and there, but we don’t tend to crow about the regularized efforts to ensure our allies and partners understand what we’re doing and why we’re doing it. 

I have spoken extensively with foreign counterparts about the U.S. technology ecosystem and how they can align their export controls so that once our technology is exported, we have confidence it will be protected the same way it would be protected in the United States. When countries align their controls with ours, they reap the benefits of superior U.S. technology.

This isn’t just theoretical.  

In April, we updated our regulations to foster technological innovation with the UK and Australia, streamline defense and dual-use trade, and realize the goals of AUKUS, the security partnership with the United Kingdom and Australia. We: (1) removed license requirements for the export/reexport to the UK and Australia of a host of items including munitions, missile technology, and section engine technologies; (2) increased the availability of license exceptions for reexport; and (3) removed restrictions on the export of high-speed and thermal imaging cameras to armed forces or for the production of military equipment.

In August, we published controls on quantum computing, with a carveout for countries that have similar controls, including Canada, Denmark, France, Finland, Germany, Japan, Netherlands, Spain, and the UK, and we understand that additional countries will follow suit. This action strengthens our trade and diplomatic relationships with like-minded countries and ensures that U.S. export controls keep pace with rapidly advancing technologies that pose serious threats to our national security when in the wrong hands.

In October, we provided additional license-free treatment for certain space-related exports to the UK and other allied countries. Specifically, we no longer require a license for the export of certain remote sensing or space-based logistics, assembly, and servicing satellites/spacecraft to some of our closest allies.

I previously mentioned our Global Export Control Coalition – I can’t help but mention it again here as a glaring success story of countries coming together, driven by shared a national security perspective, to take coordinated and direct action to impede Russia from using U.S. technology on the battlefield in Ukraine.

Finally, we're working to apply these principles in the AI context, as well. In September, we expanded our Validated End User (VEU) program to include AI data centers. This action moves us in the same direction as our allies, in a way that pulls in individual companies. Our update contributes to the development of a trusted ecosystem for the responsible use of AI – an element of the Biden-Harris Administration’s broader strategy to ensure the United States leads the way in responsible AI innovation and development. When companies demonstrate that they have high standards for physical security and cybersecurity measures, they unlock predictable and reliable flows of controlled data center technology.

Technology moves fast, and sometimes our governments are slow in our response. By creating trusted technology ecosystems through these examples, we create an environment with our allies and partners in which we have confidence that they will ensure our dual-use technologies are used in an aligned manner.

Only in collaboration with our allies can we address today’s technology proliferation threats.

Conclusion

Our actions set the next Administration up to conduct sophisticated assessment of technology-based national security threats, and to take on strategic and targeted actions to protect our national security, together with our allies.

Dual-use export controls work has never been more timely, more relevant, or more effective, and our relationships have never been stronger. I am extraordinarily proud of our export control accomplishments, and want to close by expressing my thanks to all of my partners in this endeavor:  the unparalleled team in BIS’s Export Administration, whose hard work and passionate commitment to export controls make all of these efforts possible; Biden-Harris Administration leadership, especially Commerce Secretary Gina Raimondo, for their focus on export controls as a primary tool in national security policy; the foreign government counterparts who are deeply engaged in using export controls to enhance global peace and security; and the private sector actors who recognize their role on the front lines of export control compliance and enable the effectiveness of our regulations.

Thank you and I welcome your questions.

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) announced a package of rules designed to further impair the People’s Republic of China’s (PRC) capability to produce advanced-node semiconductors that can be used in the next generation of advanced weapon systems and in artificial intelligence (AI) and advanced computing, which have significant military applications. This action is a proactive measure enhancing the Department of Commerce’s work to impede the PRC’s ability to procure and produce the technologies necessary for its military modernization.

The rules include new controls on 24 types of semiconductor manufacturing equipment and 3 types of software tools for developing or producing semiconductors; new controls on high-bandwidth memory (HBM); new red flag guidance to address compliance and diversion concerns; 140 Entity List additions and 14 modifications spanning PRC tool manufacturers, semiconductor fabs, and investment companies involved in advancing the PRC government’s military modernization; and several critical regulatory changes to enhance the effectiveness of our previous controls.

“This action is the culmination of the Biden-Harris Administration’s targeted approach, in concert with our allies and partners, to impair the PRC’s ability to indigenize the production of advanced technologies that pose a risk to our national security,” said U.S. Secretary of Commerce Gina Raimondo. “Further strengthening our export controls underscores the central role of the Department of Commerce in executing the United States’ broader national security strategy. No Administration has been tougher in strategically addressing China’s military modernization through export controls than the Biden-Harris Administration.”

“The United States has taken significant steps to protect our technology from being used by our adversaries in ways that threaten our national security. As technology evolves, and our adversaries seek new ways to evade restrictions, we will continue to work with our allies and partners to proactively and aggressively safeguard our world-leading technologies and know-how so they aren’t used to undermine our national security,” said National Security Advisor Jake Sullivan.

“This action builds on BIS’s laser-focused work, undertaken over the past few years, to impose strategic controls that have hindered the PRC’s ability to produce advanced semiconductors and AI capabilities directly impacting U.S. national security. We are constantly talking to our allies and partners as well as reassessing and updating our controls. Today’s announcement represents the next step in that ongoing work,” said Under Secretary of Commerce for Industry and Security Alan Estevez. “This package is proactive and innovative in how we are responding to increasingly sophisticated actors and complex supply chains. We must ensure that we stay ahead of the PRC by protecting our advanced technology.”

“The PRC’s Military-Civil Fusion strategy presents a significant risk that advanced node semiconductors will be used in military applications that threaten the security of the United States, as well as the security of our allies and partners,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler. “These rules build on previous actions taken in service of our longstanding goal: protecting our collective security by constraining the PRC’s ability to indigenize the most advanced technologies, without unduly interfering with the continuing trade of technology.”

“The purpose of these Entity List actions is to stop PRC companies from leveraging U.S. technology to indigenously produce advanced semiconductors,” said Matthew S. Axelrod, Assistant Secretary for Export Enforcement. “By adding key semiconductor fabrication facilities, equipment manufacturers, and investment companies to the Entity List, we are directly impeding the PRC’s military modernization, WMD programs, and ability to repress human rights.”

Taking Novel Approaches to Impair and Impede the PRC’s Military Modernization

Throughout the Biden-Harris Administration, in coordination with U.S. allies and partners, BIS has taken novel approaches to address an ever-changing geopolitical and technological landscape and respond to increasingly sophisticated threat actors.

All of the policy changes announced today are designed to limit the PRC’s ability to indigenize the production of advanced technologies – such as advanced-node integrated circuits and the equipment used to produce them – that pose a substantial risk to U.S. national security. The semiconductor manufacturing equipment controlled by today’s rules is needed to produce advanced-node integrated circuits, which are necessary for advanced weapon systems and advanced AI used in military applications.

Advancements in large-scale AI models have shown striking performance improvements across many human abilities and may be used in advanced military and intelligence applications. These models have the ability to rapidly review and synthesize large amounts of information into actionable points. Advanced AI models could be used for rapid response scenarios on the battlefield; lowering the barrier to develop cyberweapons or chemical, biological, radiological, or nuclear weapons; and utilizing facial and voice recognition to repress and surveil minorities and political dissidents.

Today’s announcement underscores the United States’ “small yard, high fence” strategy and will restrict the PRC’s ability to produce technologies key to its military modernization or repression of human rights.

These actions serve two primary objectives:

• Slowing the PRC’s development of advanced AI that has the potential to change the future of warfare; and
• Impairing the PRC’s development of an indigenous semiconductor ecosystem – an ecosystem built at the expense of U.S. and allied national security.

In line with these objectives, BIS is implementing several regulatory measures, including but not limited to:

• New controls on semiconductor manufacturing equipment needed to produce advanced-node integrated circuits, including certain etch, deposition, lithography, ion implantation, annealing, metrology and inspection, and cleaning tools.
• New controls on software tools for developing or producing advanced-node integrated circuits, including certain software that increases the productivity of advanced machines or allows less-advanced machines to produce advanced chips.
• New controls on high-bandwidth memory (HBM). HBM is critical to both AI training and inference at scale and is a key component of advanced computing integrated circuits (ICs). The new controls apply to U.S.-origin HBM as well as foreign-produced HBM subject to the EAR under the advanced computing Foreign Direct Product (FDP) rule. Certain HBM will be eligible for authorization under new License Exception HBM.
• Addition of 140 entities to the Entity List, in addition to 14 modifications, including semiconductor fabs, tool companies, and investment companies that are acting at the behest of Beijing to further the PRC’s advanced chip goals which pose a risk to U.S. and allied national security.
• Establishment of two new Foreign Direct Product (FDP) rules and corresponding de minimis provisions:
  • Semiconductor Manufacturing Equipment (SME) FDP: Extends jurisdiction over specified foreign-produced SME and related items if there is “knowledge” that the foreign-produced commodity is destined to Macau or a destination in Country Group D:5, including the PRC
  • Footnote 5 (FN5) FDP: Extends jurisdiction over specified foreign-produced SME and related items if there is “knowledge” of certain involvement by an entity on or added to the Entity List with a FN5 designation. Such entities are being designated on the Entity List for specific national security or foreign policy concerns described in the Entity List companion rule, such as these entities’ involvement in supporting the PRC’s military modernization through the PRC’s attempts to produce advanced-node semiconductors, including for military end-uses.  
  • De minimis: Extends jurisdiction over specified foreign-produced SME and related items described in the above FDP rules that contain any amount of U.S.-origin integrated circuits.
• New software and technology controls, including restrictions on Electronic Computer Aided Design (ECAD) and Technology Computer Aided Design (TCAD) software and technology when there is “knowledge” that such items will be used for the design of advanced-node integrated circuits to be produced in Macau or a destination in Country Group D:5.
• Clarification to the EAR regarding existing controls on software keys. Export controls now apply to the export, reexport, or transfer (in-country) of software keys that allow access to the use of specific hardware or software or renewal of existing software and hardware use licenses.

In October 2022, BIS published an interim final rule (IFR) to restrict the PRC’s ability to both purchase and manufacture certain high-end semiconductors critical for military applications. As part of BIS’s commitment to continually evaluating the effectiveness of export controls, it released updated rules in October 2023 and April 2024. Today’s rules build on those efforts.

Additional Background

The PRC has both mandated and incentivized relevant domestic firms to dedicate significant resources to realizing a whole-of-society approach to indigenization that the PRC is taking to shape the global semiconductor ecosystem for its benefit and at the expense of the national security of the United States and its allies.

PRC leadership at the highest levels has stressed the importance of building an indigenous and self-sufficient semiconductor ecosystem, referring to ICs as critical to national security and military capabilities. The Chinese Communist Party’s semiconductor strategy intends to further the PRC’s military modernization, weapons of mass destruction (WMD) development, and control agenda to promote transnational regression and stifle human rights, threatens the security and undermines the values of the United States and our allies. Today’s rules hamper the PRC’s ability to realize these objectives.

BIS’s actions are taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

Under these authorities, BIS possesses a variety of tools to control the export of U.S.-origin and certain foreign-produced commodities, software, and technology, as well as specific activities of U.S. persons, for national security and foreign policy reasons. These tools include issuing federal regulations, as well as using the licensing and regulatory process to take party-specific actions.

Today’s rules are available on the Federal Register’s website here and here. The rules are effective today with a delayed compliance date of December 31, 2024 for certain controls. Public comments can be submitted on the Interim Final Rule.

For more information, please visit BIS’s website at: https://www.bis.gov/

###

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) published a final rule imposing new controls on exports, reexports, and transfers (in-country) involving six key categories of items – some of which were previously controlled for nuclear nonproliferation reasons – to Pakistan to address diversion concerns. BIS has determined that these items have been sought by entities on the Entity List, as well as front companies acting on their behalf. Controlling such items on a countrywide basis will allow the U.S. Government to review proposed transactions to mitigate the risk of diversion to an end use or end user of concern, while facilitating trade for legitimate commercial and civil end uses.

“We routinely investigate parties around the world based on diversion concerns,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “Today’s controls will strengthen our national security by making it harder for entities of concern in Pakistan to procure these items from the United States.”

“Today’s action builds on our existing controls for specific entities of concern in Pakistan to ensure more broadly that key dual-use items do not contribute to activities that are contrary to U.S. national security or foreign policy,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler.

BIS imposed licensing requirements on certain entities in Pakistan determined to have been involved in nuclear or missile activities after Pakistan’s detonation of a nuclear explosive device in 1998. There are currently 162 entities located in Pakistan on the Entity List. Beginning in 2019, BIS has also maintained due diligence guidance for evaluating proposed transactions involving Pakistan.

The items controlled in today’s rule are listed on the Commerce Control List under Export Control Classification Numbers (ECCNs) 1B999, 2A992, 2B999,¹ 3A992, 3A999, and 6A996. Items that fall within the scope of these ECCNs include the following:

• Particle accelerators
• Certain stainless or alloy pipes and valves
• Certain pumps and welders
• Oscilloscopes
• Chromatographs and spectrometers
• Magnetometers

A BIS license will now be required for regional stability reasons to export, reexport, or transfer items (in-country) under these six ECCNs to or within Pakistan. Applications for such transactions will be denied if the U.S. Government determines that there is an unacceptable risk of use in an end use of concern or diversion to an end user of concern. The availability of license exceptions is limited.   

The text of today’s final rule is available on the Federal Register’s website here. The rule will take effect 30 days after publication in the Federal Register.

More information is available at www.bis.gov.

¹ Other than 2B999.h.2

Order

Washington, D.C. – Today, the Department of Commerce’s Bureau of Industry and Security (BIS) Export Enforcement published an updated version of Don’t Let This Happen to You!, a compendium of case examples highlighting BIS criminal and administrative enforcement efforts. The publication was last updated in July 2024. 

The updated version includes new enforcement cases involving: the first Disruptive Technology Strike Force case to result in a stand-alone administrative penalty; a criminal case against an illicit Russian procurement network; a criminal case where export-controlled items were smuggled outside of the United States and used in an assassination plot; an administrative case against a semiconductor wafer manufacturing company for unauthorized shipments to a party on the Entity List; and violations of the antiboycott regulations. Exporters are encouraged to review the publication, which provides useful illustrations of the type of conduct that gets companies and universities in trouble. 

BIS Export Enforcement protects and promotes U.S. national security by aggressively investigating violations of export control and antiboycott regulations and by partnering with industry and academia to facilitate compliance with those regulations. 

BIS urges everyone to report suspected export control violations through the BIS Office of Export Enforcement online tip portal. You can also call the Enforcement Hotline at 1-800-424-2980 or email [email protected].

More information about the work of Export Enforcement to keep our country’s most sensitive items out of the world’s most dangerous hands can be found at https://www.bis.gov/enforcement.

Washington, D.C. – Today, as part of a settlement agreement, the Department of Commerce’s Bureau of Industry and Security (BIS) imposed a civil penalty of $500,000 against GlobalFoundries U.S. Inc., a semiconductor wafer manufacturing company headquartered in Malta, New York, and its subsidiary, GlobalFoundries U.S. 2 LLC (collectively, “GlobalFoundries”).

The penalty relates to GlobalFoundries’ shipments of semiconductor wafers valued at approximately $17.1 million to SJ Semiconductor (SJS), a company on the BIS Entity List, without the requisite license or other authorization from BIS. GlobalFoundries voluntarily disclosed the conduct to BIS, cooperated with the investigation by BIS’s Office of Export Enforcement (OEE), and took remedial measures after discovering the conduct at issue, which resulted in a significant reduction in the penalty.

“We want U.S. companies to be hypervigilant when sending semiconductor materials to Chinese parties,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “And when, as here, that vigilance falls short and semiconductor materials have gone where they shouldn’t, we want companies to make voluntary disclosures, remediate, and cooperate with us.”

“GlobalFoundries’ voluntary self-disclosure (VSD) and extensive cooperation throughout the investigation resulted in a significant reduction in the monetary penalty, which is the main incentive of our VSD policies,” said OEE Director John Sonderman.

As alleged in the Proposed Charging Letter (PCL), between February 2021 and October 2022, GlobalFoundries violated the Export Administration Regulations (EAR) by sending 74 separate shipments of semiconductor wafers, collectively valued at approximately $17.1 million, to SJS without the requisite license or other authorization from BIS.  

At the time of the violations, GlobalFoundries was aware that shipments to SJS of items subject to the EAR required a BIS license. While SJS itself was not a GlobalFoundries customer, SJS was the third-party outsource assembly and test service provider (“OSAT”) designated by a GlobalFoundries’ customer and, as a result, should have been screened by GlobalFoundries’ transaction screening system. Due to a data entry error, however, SJS was not properly identified in GlobalFoundries’ transaction screening system and consequently was not screened.

SJS is a Semiconductor Manufacturing International Corporation (SMIC)-related party. SMIC and its related entities – including SJS – were added to the BIS Entity List in 2020 as a result of China’s military-civil fusion doctrine and evidence of activities between SMIC and entities of concern in the Chinese military-industrial complex.

The full order, settlement agreement, and PCL are available online here. This case was investigated by OEE’s Boston Field Office.

Additional Information:

BIS actions are taken under the authority of the Export Control Reform Act of 2018 (50 U.S.C. §§ 4801-4852) and its implementing regulations, the EAR. BIS controls exports of dual-use commodities, technology, and software for reasons of national security, missile technology, nuclear non-proliferation, chemical and biological non-proliferation, crime control, and regional stability. Criminal and administrative sanctions can be imposed for violations of the EAR. Under the Export Control Reform Act of 2018, among possible administrative sanctions, administrative monetary penalties can reach up to $364,992 per violation or twice the value of the transaction, whichever is greater. For more information, please visit https://www.bis.gov/enforcement.

Report suspected export control violations through the BIS online tip portal. You can also call the Enforcement Hotline at 1-800-424-2980 or email [email protected].

# # #

Washington, D.C. – Today, the Commerce Department’s Bureau of Industry and Security (BIS) is adding 40 foreign entities, as well as 4 addresses, to the Entity List in connection with their support for the Kremlin’s illegal war in Ukraine and tightening restrictions on 49 foreign entities that were already on the Entity List to address their procurement of high-priority U.S.-branded microelectronics and other items on behalf of Russia. These entities are located in the People’s Republic of China (PRC), as well as India, Malaysia, Russia, Singapore, Türkiye, Estonia, Finland, the United Arab Emirates (UAE), and the United Kingdom (UK). BIS is also imposing additional restrictions on the export of 9 chemical precursors used to produce riot control agents (RCAs) and chemical weapons used on the battlefield against Ukraine in violation of treaty commitments. These actions underscore the extensive controls the United States has placed on entities enabling Russian aggression against Ukraine since the further invasion in February 2022.

Today’s actions targeting procurement networks are taken in concert with similar actions by the Departments of State and Treasury and continue to demonstrate the importance of preventing the use of U.S.-origin and U.S.-branded products by Russia’s defense industrial base.

“American products do not belong in the hands of those who prop up Russia’s defense industrial base,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “We will continue to thwart Russian procurement networks operating in the People’s Republic of China (PRC) and wherever else we see them.”

“Russia has been at the forefront of the Biden-Harris Administration’s policy decisions. Our mandate is to use export controls to strategically and proactively address national security, technological, and geopolitical threats posed by our adversaries. This is especially true of Russia and its unjustified attacks against Ukraine,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler. “Today’s action is an important step forward in slowing the procurement networks Russia has turned to in the face of aggressive U.S. and allied export controls. We will not stop until Russia has nowhere to turn.”

“Today’s Entity List additions – 40 entities and four corporate secretary addresses in Hong Kong – send a crystal-clear message: BIS works relentlessly to prevent Russia from acquiring the technology it needs to wage war against the Ukrainian people,” said Assistant Secretary of Commerce for Export Enforcement Matthew S. Axelrod. “If you’re supporting Russia’s aerospace, chem-bio warfare, or drone programs, or you enable the activities of Russian shell companies, we will do everything possible to ensure you end up on our Entity List.”

Russia-related Entity List Additions and Modifications:

BIS is adding 40 entities under 42 entries to the Entity List. These additions combat the diversion of U.S.-origin or U.S.-branded products to Russia through third countries. Other additions include military end-users in Russia and companies involved in Russia’s chemical and biological weapons program. BIS is also adding four addresses to the Entity List that are associated with the significant transshipment of sensitive items to Russia and are linked to entities whose activities risk violating BIS controls.

In addition, BIS is modifying 49 entities under 52 entries on the Entity List to identify Russian procurement entities and subject these entities to expanded controls on exports, reexports, and transfers (in-country) involving certain foreign-produced items – ensuring that U.S.-branded electronic components are not diverted to Russia through these foreign procurement networks.

Chemical Weapons

BIS is adding controls on 9 chemical precursors that can be used to produce certain chemical weapons or RCAs. Although these chemical precursors have mostly commercial uses, Russia’s use of riot control agents as a method of warfare and the use of chemical weapon chloropicrin against Ukraine has raised concerns about Russia’s further production and weaponization of these chemicals. It is important to ensure that none of these items falls into Russia’s hands for misuse.

Earlier this year, the Department of State issued an assessment that Russia had used Riot Control Agents (RCAs) as a method of warfare against Ukrainian forces in violation of the Chemical Weapons Convention (CWC). Subsequently, the Department of State issued a determination that Russia had used chloropicrin against Ukrainian troops in violation of the CWC.

Additional Background on the Entity List Process

The Entity List actions were taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR). The Entity List (supplement no. 4 to part 744 of the EAR) identifies entities and addresses for which there is reasonable cause to believe, based on specific and articulable facts, that the entities—including businesses, research institutions, government and private organizations, individuals, and other types of legal persons—or parties that are operating at an address that presents a high diversion risk, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR. 

Entity List additions are determined by the interagency End-User Review Committee (ERC), comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury. The ERC makes decisions regarding additions to, removals from, or other modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

Additional information on the Entity List is available on BIS’s website.

For additional information, please visit: www.bis.gov

###

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) added 26 entities to the Entity List for activities contrary to U.S. national security and foreign policy under the destinations of the People’s Republic of China (PRC) (6), Egypt (1), Pakistan (16), and the United Arab Emirates (UAE) (3). These additions are related to alleged violations of export controls, involvement in weapons programs of concern, and evasion of U.S. sanctions and export controls on Russia and Iran.  

Nine of the entities under the destination of Pakistan were added for acting as front companies and procurement agents for the Advanced Engineering Research Organization, a Pakistan-based company added to the Entity List in 2014. The remaining 7 Pakistani entities were added for contributions to Pakistan’s ballistic missile program.

Three entities under the destination of the UAE and one under the destination of Egypt were added for acquiring and attempting to acquire U.S.-origin parts to evade U.S. sanctions and export controls imposed following Russia’s full-scale invasion of Ukraine in February 2022.

Six entities under the destination of the PRC were added for acquiring U.S.-origin items in support of the PRC’s military modernization, dilatory and evasive conduct during end-use checks, and procurement of U.S.-origin items for Iran’s weapons of mass destruction and unmanned aerial vehicle (UAV) programs.

This rule also removes two entities from the Entity List following new information received and reviewed by the interagency End-User Review Committee, chaired by BIS and in which the Departments of Defense, State, and Energy participate. Hefei Bitland, an entity listed under the destination of the PRC, has been removed following its dissolution. Sandvine Incorporated, an entity listed under the destinations of Canada, India, Japan, Malaysia, Sweden, and the UAE, has been removed following significant reforms to address and prevent the misuse of its technology in ways that undermine democracy and abuse human rights. More information on the removal of Sandvine may be found here.   

“We are vigilant in defending U.S. national security from bad actors who seek to evade U.S. sanctions and export controls,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “Our actions today send a message to malicious actors that if they violate our controls, they will pay a price.”

“We will continue to cut off entities that seek to evade our controls and act contrary to U.S. national security,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler. “Programs such as Iran’s WMD program, their unmanned aerial vehicle program, and Pakistan’s ballistic missile program pose significant threats to the national security of the United States and will not be aided by U.S. technologies.”

“When, as here, we identify parties that have transshipped U.S. items to support WMD and UAV programs in countries like Pakistan and Iran, or to enable Russia’s war efforts, we take action,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “Today’s listings also make clear that when foreign parties engage in dilatory or evasive conduct with respect to our end-use checks, they will face consequences.”

The text of the rule, which includes the list of entities, is available on the Federal Register’s website here.

Additional Background on the Entity List Process

These BIS actions were taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

The Entity List (supplement no. 4 to part 744 of the EAR) identifies entities and addresses for which there is reasonable cause to believe, based on specific and articulable facts, that the entities—including businesses, research institutions, government and private organizations, individuals, and other types of legal persons—or parties that are operating at an address that presents a high diversion risk, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

Entity List additions are determined by the interagency End-User Review Committee (ERC), comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury. The ERC makes decisions regarding additions to, removals from, or other modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

Additional information on the Entity List is available on BIS’s website.

For more information, visit www.bis.gov.

###

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS), in conjunction with the U.S. Department of State, announced the removal of Canada-based Sandvine Incorporated (Sandvine) from the Entity List in light of changes the company has made to its corporate governance and business practices.

Sandvine was added to the Entity List in February 2024 after its products were used to conduct mass web-monitoring and censorship and target human rights activists and dissidents, including by enabling the misuse of commercial spyware. It has since taken significant steps to address the misuse of its technology that can undermine human rights.

Over the past several months, Sandvine has overhauled its corporate structure, leadership, and business model. The company has pivoted to focus on servicing democracies committed to the protection of human rights. Sandvine’s actions include, amongst others: exiting non-democratic countries, with 32 already exited and an additional 24 countries in process; fostering deeper relationships with civil society; dedicating profits to the protection of rights; adding human rights experts to its new leadership team; vetting business decisions through the newly created Business Ethics Committee; and closely monitoring technology misuse in countries in which they plan to remain.

The Departments of Commerce and State will closely monitor Sandvine's implementation of its commitments.

“Recognizing when a company has changed its behavior to protect national security and human rights is just as critical as restricting trade with parties of concern,” said Principal Deputy Assistant Secretary of Commerce for Export Administration Matthew Borman. “Sandvine’s delisting is a clear example of how the Entity List may be used to shape corporate behavior in favor of human rights and digital safety.”

“Promoting and protecting human rights is not just critical for U.S. national security and foreign policy, it’s good business. The U.S. government won’t hesitate to use all available tools – including export controls, sanctions, and others – to promote accountability and advance human rights. As Sandvine’s listing and subsequent delisting shows, these tools work in driving reform and strengthening human rights due diligence,” said Deputy Assistant Secretary of State Christopher Le Mon. “This action demonstrates clearly that accountability for human rights abuses has a positive impact on addressing past harm and preventing future abuses. We will continue to work with industry and civil society to promote reforms and counter the misuse of technology to violate or abuse human rights worldwide.” 

This action supports the United States’ commitments under the Export Controls and Human Rights Initiative (ECHRI) and comprehensive approach to countering the misuse of surveillance and censorship technologies, including commercial spyware. The United States continues to advance the promotion and protection of human rights globally, including by using export controls to prevent the misuse of items that may enable human rights abuses.

The removal of Sandvine from the Entity List reaffirms the United States’ commitment to put human rights at the center of U.S. foreign policy and the effectiveness of the United States’ tools to bolster business and human rights reforms.  

Additional Background on the Entity List Process

This BIS action was taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

The Entity List (supplement no. 4 to part 744 of the EAR) identifies entities and addresses for which there is reasonable cause to believe, based on specific and articulable facts, that the entities – including businesses, research institutions, government and private organizations, individuals, and other types of legal persons – or parties that are operating at an address that presents a high diversion risk, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

Entity List additions are determined by the interagency End-User Review Committee (ERC), comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury. The ERC makes decisions regarding additions to, removals from, or other modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

Additional information on the Entity List is available on BIS’s website at: /node/17019.  

For more information, visit www.bis.gov.

###

Washington, D.C. –Today, the Commerce Department’s Bureau of Industry and Security (BIS) released three rules—one Final Rule, one Interim Final Rule, and one Proposed Rule—to modernize BIS’s space-related export controls. These updated controls will further U.S. innovation and technology leadership while protecting U.S. national security and foreign policy interests.

Today’s action is the result of an extensive review—directed by the National Space Council, which is led by Vice President Kamala Harris—to enable a globally competitive U.S. space industrial base, while strengthening U.S. international space partnerships. These updates reflect the Biden-Harris Administration’s commitment to maintaining U.S. leadership in space, protecting our national security, and strengthening our foreign alliances.

“The United States has always been a global leader in fostering a competitive and responsible space sector,” said Deputy Secretary of Commerce Don Graves. “As the diversity of commercial activity in space grows, these rules will reduce the burden for U.S. industry to continue innovating and leading in the space sector. This update also significantly advances our ability to broaden and deepen international partnerships, to grow our economy, and to collaborate on mutual space priorities.”

“With today's updates to our export controls, the United States is taking a bold step forward in fostering a strong space industrial base,” said Deputy Assistant to the President and Executive Secretary of the National Space Council Chirag Parikh. “These changes will strengthen international alliances and reflect America’s commitment to innovation and leadership in space.” 

The series of regulatory changes modernizing space-related export controls consists of the following rules:

1. In a Final Rule, BIS is removing license requirements for exports of certain items involving remote sensing or space-based logistics, assembly, or servicing spacecraft destined for Australia, Canada, and the United Kingdom. This rule deepens the United States’ commitment to some of its closest allies, furthering our collective security, reducing unnecessary export control restrictions, and ensuring secure trade.
2. In an Interim Final Rule, BIS is removing license requirements for exports of certain spacecraft components to over 40 allies and partners worldwide, reducing licensing requirements for the least sensitive components for most destinations, and broadening license exceptions to support additional National Aeronautics and Space Administration (NASA) cooperative programs. These changes advance international cooperation and bolster America’s global leadership in space technology.
3. Additionally, in a Proposed Rule published in concert with the Department of State, BIS outlines initial proposals to transfer jurisdiction of certain space-related defense articles that no longer provide a critical military or intelligence advantage from the U.S. Munitions List (USML) maintained by the Department of State to the Commerce Control List. Examples include spacecraft capable of refueling other spacecraft and spacecraft capable of autonomous collision avoidance. This proposed transfer would enable the use of BIS license exceptions that facilitate exports of commercial space items to close allies and partners. BIS welcomes public comment from all interested parties on this Proposed Rule within 30 days of publication. 

These actions mark a pivotal step in updating and modernizing the U.S. Government’s space-related export controls and enhancing international partnerships while continuing to deny critical technologies to our adversaries.

“Modernizing our space-related controls to keep pace with today’s commercial space innovation and foreign policy environment is of critical importance,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “Today’s rules maintain stringent controls on sensitive technologies to destinations of concern while promoting collaboration and trade with our allies and partners around the world.”

“Our comprehensive review of space-related export controls was informed by both the extensive commercialization of the space industry and the need to collaborate with foreign partners to ensure continued U.S. and allied technological leadership, a key component of national security,” said Assistant Secretary of Commerce for Export Administration Thea D. Rozman Kendler. “We welcome further proposals from the public to inform a final rule that will reduce barriers for the space industry while protecting U.S. national security interests.”

These rules follow and are informed by responses to a 2019 Advanced Notice of Proposed Rulemaking (ANPRM), recommendations from BIS’s Transportation and Related Equipment Technical Advisory Committee (TRANSTAC), engagements with the private sector, and a recent survey and assessment of the U.S. civil space industrial base (CSIB) conducted by BIS in collaboration with NASA and the National Oceanic and Atmospheric Administration (NOAA). Through the survey, BIS was able to gather data on respondents’ views on current export control regulations as well as suggestions for revisions to inform the modernization of BIS’s space-related export controls.

For more information, visit BIS’s website at: https://www.bis.gov

###

WASHINGTON, D.C. – Today, the Department of Commerce’s Bureau of Industry and Security (BIS) published guidance for financial institutions (FIs) containing best practice recommendations for complying with the Export Administration Regulations (EAR). 

The guidance provides both background information on the EAR and recommendations on steps financial institutions can take to minimize the likelihood of EAR violations. The recommendations include a description of EAR-related due diligence best practices, the encouragement of ongoing transaction reviews for red flags, and a delineation of which types of real-time transaction screenings are and are not regarded as a best practice. 

“Every export – every single one – has a related financial transaction,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “Today’s guidance provides recommendations to financial institutions on how to best comply with our regulations so they can spot red flags and avoid being used as instruments to facilitate export evasion.” 

The guidance focuses on General Prohibition 10 (GP 10), which prohibits financial institutions (and other persons) from financing or otherwise servicing any item subject to the EAR with knowledge that a violation of EAR has occurred, is about to occur, or is intended to occur. Such knowledge of a circumstance includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence. 

To avoid potential violations of GP 10 of the EAR, the guidance outlines several best practices, including: screening customers when onboarded and after against the U.S. Consolidated Screening List; recommending that customers of FIs who deal with EAR items certify compliance with the EAR under certain circumstances; and establishing risk-based procedures to detect and investigate red flags post-transaction and, where necessary, to take action to prevent violations of the EAR before proceeding with any transactions involving the same customer or counterparties. 

The guidance also recommends that financial institutions closely review their customers (and, where appropriate, their customers’ customers) against lists of entities that, according to publicly available trade data (such as the Trade Integrity Project), have shipped Common High Priority List (CHPL) items to Russia since 2023, and determine whether any other red flags are present.  

Today’s guidance builds on ongoing efforts by BIS to provide information to industry and enhance the overall security and integrity of the international trade system. BIS, along with the Departments of the Treasury, Justice, and others previously issued several joint alerts, advisories, and notices on topics ranging from Russian evasion tactics to voluntary self-disclosures.   

For more information, visit https://www.bis.gov/enforcement/enforcement-policy-memos.   

### 

Washington, D.C. – Today, the Department of Commerce’s Bureau of Industry and Security (BIS) published its second quarterly update of the boycott Requester List. This list notifies companies, financial institutions, freight forwarders, individuals, and other U.S. persons of potential sources of certain boycott-related requests they may receive during the regular course of business. A party’s inclusion on the Requester List does not mean that U.S. persons are restricted from dealing with the listed party; a party’s inclusion does mean that U.S. persons are on notice that the listed party is more likely to make reportable boycott-related requests. The updated public list of entities who have been identified as having made a boycott-related request in reports received by BIS includes a total of 36 additions. BIS has also removed 21 entities. Today’s announcement builds on the first quarterly update in June.

“The boycott Requester List has had a meaningful impact on both antiboycott compliance and antiboycott enforcement,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “The Requester List has also changed behavior – since the list was implemented, more than 20 foreign entities have certified to us that they have ceased imposing boycott-related requirements in their transactions with U.S. persons.” 

A party’s inclusion on the Requester List does not mean that U.S. persons are restricted from dealing with the listed party. Rather, U.S. persons are on notice that the listed party is more likely to make reportable boycott-related requests.  

Each entity on this list has been recently reported to BIS on a boycott request report form, as required by Section 760.5 of the Export Administration Regulations (EAR), as having made a boycott-related request in connection with a transaction in the interstate or foreign commerce of the United States. New additions are identified on the Requester List by “September 2024” in column C. If you believe that you have been listed in error or would like to discuss a listing, please contact the Office of Antiboycott Compliance (OAC). 

U.S. persons are encouraged to diligently review transaction documents from all sources, especially those involving these listed parties, to identify possible boycott-related language and to determine whether U.S. person recipients have a reporting requirement to BIS. The boycott request reporting form can be found here.  

The updated boycott Requester List is posted on the OAC webpage link with the objective of helping U.S. persons comply with the reporting requirements of the antiboycott regulations set forth in Part 760 of the EAR, 15 CFR Parts 730-774. 

Additional Information: 

The antiboycott provisions set forth in Part 760 of the EAR discourage, and in certain circumstances prohibit, U.S. persons from taking certain actions in furtherance or support of a boycott maintained by a foreign country against a country friendly to the United States (an unsanctioned foreign boycott). 

U.S. persons must report to OAC their receipt of certain boycott-related requests. Reports may be filed electronically or by mail on form BIS-621P for single transactions or on form BIS-6051P for multiple transactions involving boycott requests received in the same calendar quarter. U.S. persons located in the United States must postmark or electronically date stamp their reports by the last day of the month following the calendar quarter in which the underlying request was received. For U.S. persons located outside the United States, the postmark or date stamp deadline is the last day of the second month following the calendar quarter in which the request was received. Forms for both electronic transmission and mail submission may be accessed from the forms request page. 

 For information regarding the application of the antiboycott regulations, please contact the OAC Advice Line at (202) 482-2381 or through the online portal.  

Parties Removed from the Requester List

WASHINGTON, D.C. – Today, the Department of Commerce’s Bureau of Industry and Security (BIS) imposed a civil penalty of $151,875 against Quantum Corporation (Quantum), a data storage, management, and protection company based in San Jose, California, to resolve 45 alleged violations of the antiboycott provisions of the Export Administration Regulations (EAR). Quantum voluntarily self-disclosed the conduct to BIS, cooperated with the investigation by BIS’s Office of Antiboycott Compliance (OAC), and implemented remedial measures after discovering the conduct at issue, all of which resulted in a significant reduction in penalty. 

“Today’s settlement highlights how important it is that companies ensure their antiboycott compliance programs reach all the way throughout their organizations,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “A company with foreign subsidiaries, distributor agreements, or other contractual relationships in boycotting countries has extra work to do to amplify awareness of the antiboycott regulations among their foreign partners.” 

Case Background: 

As part of the settlement with BIS, Quantum admitted to the conduct set forth in the Proposed Charging Letter, which alleged 45 violations of Section 760.5 of the EAR (Failing to Report the Receipt of a Request to Engage in a Restrictive Trade Practice or Foreign Boycott Against a Country Friendly to the United States). Specifically, between July 2018 and December 2019, Quantum received 45 requests from its customer, a distributor located in the United Arab Emirates (UAE), to refrain from importing goods of Israeli origin into the UAE in fulfillment of purchase orders from that customer. Quantum failed to report to BIS the receipt of these requests.  

The order, settlement agreement, and proposed charging letter are available here. 

Additional Information:  

These BIS actions were taken under the authority of the Anti-Boycott Act of 2018, a subpart of the Export Control Reform Act of 2018, and its implementing regulations, the EAR. The antiboycott provisions set forth in Part 760 of the EAR discourage, and in certain circumstances prohibit, U.S. persons from taking certain actions in furtherance or support of a boycott maintained by a foreign country against a country friendly to the United States (an unsanctioned foreign boycott).  

In addition, U.S. persons must report to OAC their receipt of certain boycott-related requests, whether or not they intend to comply with them. Reports may be filed electronically or by mail on form BIS-621P for single transactions or on form BIS-6051P for multiple transactions involving boycott requests received in the same calendar quarter. U.S. persons located in the United States must postmark or electronically date stamp their reports by the last day of the month following the calendar quarter in which the underlying request was received. For U.S. persons located outside the United States, the postmark or date stamp deadline is the last day of the second month following the calendar quarter in which the request was received. Forms for both electronic transmission and mail submission may be accessed from the forms request page. 

BIS maintains a boycott Requester List on the OAC webpage with the objective of helping U.S. persons comply with the reporting requirements of the antiboycott regulations set forth in Part 760 of the EAR. Each entity on the Requester List has been recently reported to BIS on a boycott request report form, as required by Section 760.5 of the EAR, as having made a boycott-related request in connection with a transaction in the interstate or foreign commerce of the United States. U.S. persons are encouraged to diligently review transaction documents from all sources, but especially transaction documents with or involving these listed parties, given that they have been identified by others as a source of boycott-related requests. A party’s inclusion on the Requester List does not mean that U.S. persons are restricted from dealing with the listed party. Rather, U.S. persons are on notice that the listed party is more likely to make reportable boycott-related requests. 

Pursuant to Section 764.8 of the EAR, a party may submit a voluntary self-disclosure if it believes that it may have violated Part 760 or Part 762 of the EAR (recordkeeping requirements relating to Part 760).  More information on voluntary self-disclosures can be found online. 

BIS has enhanced its antiboycott enforcement efforts to prevent U.S. companies from being used to support unsanctioned foreign boycotts, most notably the Arab League boycott of Israel. In October 2022, BIS raised its penalties and instituted a requirement that companies entering into settlement agreements for antiboycott violations admit to a statement of facts outlining their conduct.  In July 2023, BIS announced a renewed focus on foreign subsidiaries of U.S. companies and noted that it would explore additional ways to deter foreign parties from issuing or making boycott requests.  BIS also modified the boycott reporting form to require submitters to indicate the identity of the requesting party.  

For additional information regarding the application of the antiboycott provisions of the EAR, please contact OAC through the OAC Advice Line at (202) 482-2381 or through the online portal. 

For more information, visit BIS’s website at: https://www.bis.gov

###

WASHINGTON, D.C. – Today, the Department of Commerce’s Bureau of Industry and Security (BIS) announced an administrative settlement of $439,992 (partially suspended) against First Call International Inc. (First Call), located in Fort Worth, Texas, for the submission of a backdated document to make it appear that a transaction complied with the Export Administration Regulations (EAR) and for exporting military parts without BIS authorization.  

“BIS will not tolerate exporters undermining the integrity of our export control system through the submission of false or misleading information,” said Assistant Secretary of Commerce for Export Enforcement Matthew S. Axelrod. “Today’s enforcement action once again highlights the need for companies who do business abroad to have robust training efforts and effective export compliance programs.”   

BIS identified the false document after requesting a copy of a Prior Consignee Statement (PCS) that exporters are required to obtain prior to utilizing License Exception Strategic Trade Authorization (STA). First Call had not obtained the required statement, but instead of admitting the mistake to BIS, advised its overseas customer to back-date the PCS. Without License Exception STA, this export would have required a license from BIS. This settlement also resolves the allegations set forth in a Proposed Charging Letter (PCL) regarding violations related to the export of certain military aircraft parts without the required BIS license or authorization to export to entities located in Malaysia and South Korea.   

Under the final order, First Call is required to provide export compliance training on the EAR to its relevant employees and has agreed to a one-year probationary period. As a part of the settlement agreement, First Call agreed to pay $75,000, with the remaining penalty amount of $364,992 suspended due to the company’s financial condition. The remaining penalty amount will eventually be waived provided that First Call has complied with all provisions of the settlement agreement at the conclusion of the one-year probationary period.  

The full order, settlement agreement, and PCL are available online here. 

For more information on BIS, visit https://www.bis.gov. 

###

Washington, D.C. – Today, the Commerce Department’s Bureau of Industry and Security (BIS) announced the expansion of the Validated End User (VEU) program to include data centers.  This update will contribute to the development of a trusted ecosystem for the responsible use of advanced computing and artificial intelligence (AI). This new license exception is an element of the Biden-Harris Administration’s broader strategy to ensure the United States leads the way in responsible AI innovation and development.

This update to the VEU program was designed to protect national security by ensuring high standards for physical and cybersecurity at data centers that house advanced AI systems. It will also reduce licensing burdens on industry by allowing data centers to fulfill the stringent requirements of the VEU program up front, enabling U.S. exporters to ship designated items to pre-approved entities under a general authorization, instead of under multiple individual export licenses.

“BIS is committed to facilitating international AI development while mitigating risks to U.S. and global security,” said Under Secretary of Commerce for Industry and Security, Alan F. Estevez. “The Data Center VEU program will rigorously vet applicants to ensure that any authorization includes appropriate safeguards and security measures that protect our most advanced technologies.”

“AI is the quintessential dual-use technology; it is in the interest of U.S. national security to work with industry and partner governments to develop a secure global technology ecosystem,” said Assistant Secretary of Commerce for Export Administration, Thea D. Rozman Kendler. “Through the Data Center VEU program, working with our interagency partners, we will ensure that data centers that demonstrate commitment to the highest security standards obtain facilitated access to advanced U.S. technological innovation.”

The Data Center VEU updates the existing VEU program and builds on the Biden-Harris Administration’s imposition of controls on advanced computing semiconductor chips (87 FR 62186), which were expanded in October 2023, to cover a wider group of countries identified in country groups D:1, D:4, and D:5 of the Export Administration Regulations (EAR) (88 FR 73424).  It incorporates much of the existing VEU program’s framework, adding new requirements tailored to the needs and security concerns of a data center.

Data center operators will only be admitted into the program after a thorough interagency review and approvals process whereby the Departments of Commerce, Defense, Energy and State determine that the applicant meets the strict standards established for Validated End Users.

This rigorous review process of each application by the U.S. Government ensures necessary safeguards are in place to protect U.S. technology from diversion or misuse contrary to U.S. national security and foreign policy. In return for their commitment to fulfill U.S. national security requirements, these entities will obtain, consistent with other applicable regulations, facilitated access to predictable exports and reexports of items required to operate a data center as well as transfers (in-country) by and among Authorized VEU locations by the same VEU.

This program requires that certain assurances exist prior to any authorization. Additionally, it may include assurances by the government of the country in which the data center operates, agreement to facilitate on-site data center compliance reviews, commitments to extensive physical and logical security, and new reporting requirements specific to data center operations. Once a data center is authorized under this new program, it will be identified by name and location(s) in the EAR and at that point may begin receiving items pursuant to the terms of its entity-specific approval under VEU.

While the Department is currently developing additional, forthcoming regulation and guidance related to the data center VEU program, eligible companies are now able to begin applying. See here for eligibility and application information.

Additional Background on the Validated End User (VEU) Program:

The End-User Review Committee (ERC), composed of representatives of the Departments of State, Defense, Energy, and Commerce, and other agencies as appropriate, is responsible for determining whether to add to, to remove from, or otherwise amend the list of VEUs and associated eligible items. The Department of Commerce chairs the ERC. Applications are reviewed based on a variety of national security factors including technology levels, end customers, compliance plans, and other information.

For more information, visit BIS’s website at: https://www.bis.gov.

###

Washington, D.C. – Today, the United States, Canada, France, Germany, Italy, Japan, the United Kingdom, and the European Union (the G7) published, for the first time ever, joint guidance for industry on preventing evasion of the export controls and sanctions imposed on Russia.

“Preventing Russia from obtaining the components it needs to power its deadly missiles and UAVs is a top priority for G7 members,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod. “But the G7’s anti-diversion efforts cannot succeed without the partnership of industry, which is why we today issued our first-ever guidance document designed to provide industry across the G7 the information necessary to identify and respond to Russia’s changing evasion tactics.”

The joint guidance outlines the following priority areas:

• Items that pose a heightened risk of being diverted to Russia;
• Red flag indicators of potential export control and/or sanctions evasion; and
• Best practices for industry to use to address these red flags and conduct enhanced due diligence.

Representatives from the G7 Sub-Working Group on Export Control Enforcement met today in Brussels, Belgium to announce the release of the guidance document and reaffirm their ongoing commitment to robust, multilateral export control and sanctions enforcement. By issuing this, the G7 Sub-Working Group aims to assist industry in identifying evolving Russian evasion practices and complying with multilateral export controls and sanctions. The goal of the guidance is to protect common high priority list items from misappropriation, prevent reputational harm, and mitigate liability risk, all while supporting the continued success of coordinated export controls and sanctions.

Since February 24, 2022, the G7, in coordination with the other members of the Global Export Control Coalition (GECC) (countries listed in supplement no. 3 to part 746 of the Export Administration Regulations), has implemented unprecedented sanctions and export controls that restrict Russia’s access to technologies and other materials required to sustain its military operations and illegal war in Ukraine. One year ago, in September 2023, the G7’s Enforcement Coordination Mechanism established the Sub-Working Group on Export Control Enforcement to provide a forum for exchanging information and operational results, discussing trends in research and analysis, and sharing best practices for enforcement, including through coordinated guidance to industry.

For more information, visit https://www.bis.gov.

###

Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) published a Notice of Proposed Rulemaking (NPRM) that would prohibit the sale or import of connected vehicles integrating specific pieces of hardware and software, or those components sold separately, with a sufficient nexus to the People’s Republic of China (PRC) or Russia.    

The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated Driving System (ADS). These are the critical systems that, through specific hardware and software, allow for external connectivity and autonomous driving capabilities in connected vehicles. Malicious access to these systems could allow adversaries to access and collect our most sensitive data and remotely manipulate cars on American roads. The proposed rule would apply to all wheeled on-road vehicles such as cars, trucks, and buses, but would exclude vehicles not used on public roads like agricultural or mining vehicles.

BIS and its Office of Information and Communications Technology and Services (OICTS) have found that certain technologies originating from the PRC or Russia present an undue risk to both U.S. critical infrastructure and those who use connected vehicles. Today’s action is a proactive measure designed to protect our national security and the safety of U.S. drivers.  

“Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet. It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens. To address these national security concerns, the Commerce Department is taking targeted, proactive steps to keep PRC and Russian-manufactured technologies off American roads,” said U.S. Secretary of Commerce Gina Raimondo.   

“The Biden-Harris Administration is ensuring that Americans can drive the car of their choice safely and securely – free from risks posed by Chinese technologies,” said National Economic Advisor Lael Brainard.

“Today, the U.S. government is taking strong action to protect the American people, our critical infrastructure, and automotive supply chains from the national security risks associated with connected vehicles produced by countries of concern. While connected vehicles yield many benefits, the data security and cybersecurity risks posed by software and hardware components sourced from the PRC and other countries of concern are equally clear, and we will continue to take necessary steps to mitigate these risks and get out ahead of the problem,” said National Security Advisor Jake Sullivan.

“This rule marks a critical step forward in protecting America’s technology supply chains from foreign threats and ensures that connected vehicle technologies are secure from the potential exploitation of entities linked to the PRC and Russia,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez. “The Department of Commerce will continue to take a proactive approach to address this national security risk before Chinese and Russian suppliers proliferate within the U.S. automotive ecosystem. Our goal is always to safeguard our national security.” 

“Our regulatory focus remains steadfast on enhancing the security of our nation’s critical technologies,” said Elizabeth Cannon, Executive Director of OICTS. “Without this proposed rule, we would be leaving an open door for foreign adversaries looking to compromise one of our most important assets, our cars. BIS is committed to safeguarding our technology supply chains from foreign adversary manipulation.”   

Today’s proposed rule would prohibit the import and sale of vehicles with certain VCS or ADS hardware or software with a nexus to the PRC or Russia. The VCS is the set of systems that allow the vehicle to communicate externally, including telematics control units, Bluetooth, cellular, satellite, and Wi-Fi modules. The ADS includes the components that collectively allow a highly autonomous vehicle to operate without a driver behind the wheel. 

The rule would also prohibit manufacturers with a nexus to the PRC or Russia from selling connected vehicles that incorporate VCS hardware or software or ADS software in the United States, even if the vehicle was made in the United States.   

The prohibitions on software would take effect for Model Year 2027 and the prohibitions on hardware would take effect for Model Year 2030, or January 1, 2029 for units without a model year.  

The proposed rule is implemented under BIS’s ICTS authorities, as provided for under Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain.” EO 13873 allows the Department of Commerce to issue regulations that establish criteria by which particular technologies may be included in EO 13873’s prohibitions when transactions involving those technologies (1) pose an undue or unacceptable risk of sabotage to or subversion of ICTS in the United States; (2) pose an undue risk of catastrophic effects on the security or resiliency of U.S. critical infrastructure or the digital economy of the United States; or (3) otherwise pose an unacceptable risk to the national security of the United States or the security and safety of U.S. persons.  

This NPRM incorporates public feedback submitted in response to an Advance Notice of Proposed Rulemaking (ANPRM) on connected vehicles published by BIS on March 1, 2024. BIS is seeking additional public comment on today’s proposed rule from all interested parties. 

Additional Information: 

The text of the proposed rule is available here. BIS invites public comments, which are due 30 days after publication. Stakeholders are encouraged to submit their feedback by the deadline to ensure that the final provisions reflect broad industry and public input. You may submit comments for the rule by identified docket number BIS-2024-0005 or RIN 0694-AJ56. All comments must be submitted through the Federal eRulemaking Portal (https://www.regulations.gov) or emailed directly to [email protected] with “RIN 0694-AJ56” included in the subject line.    

# # #