On January 5, 2021, the White House issued an Executive Order to restrict certain transactions “with persons that develop or control” eight designated software applications, due to their perceived connections with the government of the People’s Republic of China and the Chinese Communist Party. While uncertainties remain on whether the announced restrictions will take full effect in the Biden administration, companies should take note and be prepared to review their use of the designated applications and transactions with the companies that “develop or control” these applications.
The contemplated actions under this Executive Order are intended to take effect 45 days following its release — on February 19, 2021. Once effective, the Executive Order would impose restrictions in the form of licensing requirements on “any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with persons that develop or control” these software applications: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay and WPS Office. The terms “develop” and “control” are not defined.
The Executive Order directs the U.S. Commerce Department to promulgate regulations by February 19, 2021, to clarify the scope of these restrictions and “identify the transitions and persons that develop or control” these designated software applications. Although that list is not yet available, this Executive Order would likely affect some companies with reported ownership interest in or active control over the designated software applications, such as Alibaba (China), Ant Group (China), IntSig Information (China), Kingsoft Corporation (China), Smart Media4U Technology (Singapore) and Tencent (China). February 19, 2021, also functions as a deadline for the Commerce Department, the Justice Department, and the Director of National Intelligence to make recommendations on any additional regulations and policies to identify, control and license the export of U.S. user data that could prevent the sale or transfer of those data to or access by “foreign adversaries.”
According to the Executive Order, the designated applications “automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information.” Such information could, as the Trump administration determined, allow the Chinese government “access to Americans’ personal and proprietary information,” thereby posing a threat to U.S. national security, foreign policy and economic interests. In support, the Executive Order cites India’s recent action that “banned the use of more than 200 Chinese connected software applications,” ostensibly out of concern that those applications were “stealing and surreptitiously transmitting users’ data in an unauthorized manner.”
At this time, it is unclear when, whether and to what extent these restrictions will go into effect. Because the expected effective date is after the January 20, 2021 inauguration of President Joe Biden, the contemplated actions will need to be implemented, if at all, by the incoming administration. Biden has previously expressed concern over how Chinese or other applications handle user data and has called for the United States to rely on cyber-experts to develop appropriate responses. At the same time, however, Biden has stated his intent to pivot from the Trump administration’s current “rip and replace” approach in achieving a “clean network” in favor of a more targeted approach that is built on global alliance to deter cybertheft and protect data security. Further muddying the waters are recent court challenges that have blocked or delayed similar Trump administration actions to ban Chinese social media services TikTok and WeChat.
One thing is for sure: There is no sign that the Trump administration is slowing down its “whole of the government” approach to target perceived threats to U.S. national security from companies with alleged connections to the Chinese government. As the countdown of this presidential term continues, we may expect further actions in the remaining few days, including an early Commerce Department implementation of the latest Executive Order. Companies that use the designated applications in their business operations or that have ongoing business relationships with persons known to “develop or control” those applications should carefully review the latest Executive Order and be prepared to act to protect their interests.