Where’d You Get Your Tech? New Rules May Allow the U.S. Government to Unwind Your Latest IT Purchase
On November 26, 2019, the U.S. Department of Commerce issued a proposed rule that could change how you procure IT goods and services.
The rule would allow the Commerce Department to review your company’s purchase of information and communications technology and services (ICTS), and to impose mitigation measures or unwind your transaction.
Go ahead. Read that again. We’ll wait.
Yep, that’s right: if you obtain information or communications technology or services, but the Secretary of Commerce decides it violates this new rule, you might lose what you’ve bought or you may be penalized up to about $300,000 per violation.
Moreover, the rule does not allow companies to check with the Commerce Department before procuring ICTS to make sure the purchase will not be a violation. The rule states that the Secretary will not issue an advisory opinion or a declaratory ruling with respect to any particular transaction. It appears companies will be apprised of the review when the Secretary provides notice to the parties that he is conducting an evaluation of a transaction and that he has reached a preliminary determination regarding that transaction.
Currently, there is no list of covered or not-covered ICTS to guide companies. According to the rule, the Secretary has declined to identify classes of transactions that are subject to prohibition or are excluded from prohibition. The rules do allow for the possibility of further guidance in the federal register “if needed.”
Finally, the review may be based on the “information submitted to the Secretary by credible private parties” including, we presume, your competitors.
On May 15, 2019, the President issued Executive Order (E.O.) 13873 (84 FR 22689), “Securing the Information and Communications Technology and Services Supply Chain”. The E.O. provides the Secretary authority to prevent or modify transactions involving ICTS originating in countries designated as “foreign adversaries” that pose an undue risk to critical infrastructure or the digital economy in the United States, or an unacceptable risk to U.S. national security or the safety of United States persons. The E.O. allows for case-by-case review of transactions by the Secretary that were initiated on of after May, 15, 2019.
In accordance with the E.O., the Proposed Regulations provide that the Secretary will consider the following three elements in determining whether a transaction initiated after May 15, 2019 by any person, or involving property, subject to U.S. jurisdiction is covered and whether or not to allow the transaction:
The transaction involves any property in which any foreign country or national has an interest;
The transaction involves ICTS designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; and
The transaction poses certain undue risks to critical infrastructure or the digital economy in the United States or certain unacceptable risk to U.S. national security or U.S. persons.
2. Secretary Review
The Secretary will adopt a case-by-case, fact-specific approach to identify ICTS transactions that meet the requirements discussed above, and thus are prohibited or must be mitigated. In that sense, the proposed rule does not recognize particular technologies or particular participants in the market for ICTS as categorically included or excluded from the prohibitions established by the E.O.
The proposed rule does not prescribe for a pre-notification process that would allow for upstream clearance of the transaction, mentioning that the Secretary will not issue advisory opinion or declaratory ruling with respect to any particular transaction.
The Secretary may begin an evaluation in one of three ways:
At the Secretary’s discretion,
Upon request of other Government department, agency, governmental body, or the Federal Acquisition Security Council (FASC); or
Based on information submitted to the Secretary by credible private parties.
The proposed review framework and its timeline are detailed in Section 7.103 as follows:
The Secretary shall provide a written notice to the parties to a transaction that the aforementioned criteria have been met (the preliminary determination).
Within 30 days after receipt of the notice, the party may submit an opposition to the preliminary determination and supporting information or information on proposed mitigation measures.
Within 30 days of receipt of such information, the Secretary will then issue a final determination describing whether the transaction is prohibited, not prohibited, or an otherwise prohibited transaction is permitted pursuant to the adoption of mitigation measures. A summary of the Secretary’s final determination will be made public here and in the Federal Register.
For each of those deadlines, the Secretary may, but is not required to, grant an extension of time.
Any determination to either prohibit a transaction or permit an otherwise prohibited transaction based on mitigation measures shall also provide a clear statement of the penalties that parties will face if they fail to comply fully with either the prohibition or those mitigation measures.
A determination to impose penalties will be made by the Secretary with a written notice to the penalized party. Upon receiving notice of the imposition of a penalty under either of those two situations, the penalized party may, within 15 days of receipt of the notice of the penalty, submit a petition for reconsideration to the Secretary, including a defense, justification, or explanation for the penalized conduct. The Secretary will review the petition and issue a final decision within 30 days of receipt of the petition.
4. Request for Comments
The Commerce Department invites comment on all aspects of the proposed regulation, but notes that the determination of a “foreign adversary” is a matter of executive branch discretion that will not be open to comments. The Commerce Department requests comments on various open issues including potential exemptions, mitigation measures and on the definition of “transaction.”
Comments must be submitted to Commerce on or before December 27, 2019.
 In fact, any person who violates any determination, regulation, prohibition, mitigation measure, material provision, or other action issued under the regulations, or makes false or misleading representation to the Commerce Department, may be liable for a civil penalty up to $302,584 per violation, adjusted for inflation, or an amount that is twice the value of the relevant transaction.
Co-author Julien Blanquart is an intern at Sheppard Mullin