As US-China trade expands to higher value goods and services, companies should carefully assess how us export control laws may affect their activities.
US-China trade has grown beyond trade in low-cost goods, and now entails more activities higher up the value chain, such as research and development (R&D), high-tech manufacturing, and Chinese investments in US firms. A consequence of this trend is the increased exchange of technology between the United States and China.
Such exchanges of technology, while often seemingly a normal part of business collaboration, create a serious risk for companies subject to stringent US laws applicable to the export of technology, which include the so called “deemed export rule.” The risk of technology exchange is that a company may unknowingly release technology to China or Chinese nationals in violation of such export control laws, forcing the company to suffer the legal, financial, and reputational damage of an enforcement action brought by the US government.
THE US EXPORT CONTROL REGIME
The US government restricts the export of two types of items: munitions items and dual use items. Munitions items, also known as defense articles, are those that theoretically have only a military application. Dual use items are those that theoretically have both commercial and military applications.
Restrictions on the export of munitions items are administered and enforced by the Department of State, through its Directorate of Defense Trade Controls (DDTC) under the authority of the International Traffic in Arms Regulations (ITAR). The regulations contain the US Munitions List (USML), which exhaustively identifies the many classes of items considered to have only military applications. Furthermore, under the regulations, DDTC may also restrict the export of any item designed specifically for a military application, even if it is not identified on the munitions list. Any item controlled by DDTC generally requires a license for export. China is a special case because of the United States’ existing arms embargo against the country; any item controlled by DDTC is generally prohibited from being exported to China.
Restrictions on the export of dual use items are administered and enforced by the Department of Commerce, through its Bureau of Industry and Security (BIS) under the authority of the Export Administration Regulations (EAR). Like the ITAR and its USML, the EAR contains the Commerce Control List (CCL), which identifies classes of items considered dual use. Each item on the CCL is subject to a certain level of control. A license may be needed from BIS to export a given item depending on the level of control and the destination country. For example, an item subject to missile technology controls would require a license for export to China, but not to Canada.
Compliance with US export controls requires a jurisdiction determination to decide whether an item is a munitions item or a dual use item. It also requires a proper classification of the item on the USML or CCL, called a classification determination. An item controlled by DDTC or identified on the CCL generally requires a license for export and is thus considered export controlled. If an item is neither controlled by DDTC nor subject to a BIS license requirement, it is still technically subject to BIS’s control, but generally would not require a license and is not considered export controlled.
EXPORT OF TECHNOLOGY AND THE DEEMED EXPORT RULE
Many companies fail to recognize that export controls also apply to software and technology. The export of software and technology to China constitutes an export of technology, regardless of the nationality of the recipient in China (even if the recipient in China is a US citizen) and regardless of the form of export (whether by fax, e-mail, or manual download). The export controls that apply to the software or technology largely depend on the export controls that apply to the corresponding item. If the export of the item requires a license, then the export of any corresponding software or technology would likely require a license, even if exported independent of the item.
Complicating the matter is the deemed export rule, under which the release of software and technology to a person who is not a US citizen or US permanent resident (i.e., green card holder) is deemed to be an export to that person’s country of birth or permanent residency (depending on which regulations apply). The rule applies regardless of where the release takes place and even if it takes place in the United States. “Release” is broadly defined to include visual inspection and oral exchange of information and, by DDTC’s standard, may even include merely making information accessible to a non-US citizen. The release of technology to a Chinese national in the United States would therefore constitute an export of that technology to China. Combining the principle of direct technology exports explained above, if software or technology is exported to a Chinese national in Thailand, an export of the technology to both China and Thailand occurs.
COMMON BUSINESS SCENARIOS MAY CARRY EXPORT CONTROL RISKS
Many common business scenarios involving China create risks under US export controls on technology.
Manufacturing in China
Manufacturing in China may require an export license to allow Chinese workers to access US-origin, export-controlled software or technology, even if a US company owns or controls the manufacturing facility or the manufactured product will be exported to the United States exclusively. Examples include specification sheets and technical diagrams required for manufacture. Even the reliance on US-origin, export-controlled software or technology for manufacturing in China may result in the end item also becoming subject to US export control laws. In 2011, US company ArvinMeritor Inc. was fined $100,000 by BIS for, among other things, exporting technical drawings to China without the required license; the drawings related to export-controlled vehicle components and were presumably intended for manufacturing the components.
Conducting R&D in China
Like manufacturing, R&D activities in China may also require an export license if using US-origin, export-controlled software or technology. A common example is the use in China of R&D from the United States. Reliance on such software or technology for R&D may lead the outcome of such R&D, whether an item or further developed technology or software, itself to become subject to US export control laws.
Collaborating with Chinese researchers
If access to US-origin, export-controlled technology by Chinese nationals is not required for manufacturing or R&D, but collaboration involving such technology is nevertheless required, US government authorization may be required to engage in such collaboration. As a general rule, collaboration implies sharing of non-public intellectual property (IP), which serves as a red flag that authorization is required.
Selling to Chinese customers
Potential sales to Chinese customers may require an export license if, during the sales process, the customers are exposed to US-origin, export-controlled technology that goes beyond general system descriptions. Examples include presentations containing proprietary information not readily available to the public.
Supporting Chinese customers
Continued technical support of Chinese customers may require an export license if such support entails access to US-origin, export-controlled software or technology. Examples include a customer-only Intranet consisting of non-public information, such as user or repair manuals, and software updates.
Employing Chinese nationals
Employment of Chinese nationals, which is becoming more frequent, is the most common risk scenario for companies. Companies are responsible for obtaining an export license before releasing certain US-origin, export-controlled technology to any Chinese national employee, regardless of where the release takes place. As an example, BIS just recently imposed a $110,000 fine against a Singapore company, Technetics Group Singapore Pte. Ltd., for transferring export-controlled manufacturing instructions to two of the company’s Chinese national employees in Singapore without the required export license.
Licensing software or technology to Chinese partners
Licensing of certain US-origin, export-controlled software or technology to Chinese companies would also require an export license. Red flags that would indicate a license requirement include arrangements in which the software or technology is proprietary or involves access to source code. As an example, DDTC and the Department of Justice (DOJ) recently fined United Technologies Corp. $75 million for its role in helping China develop a military attack helicopter; among other things, the company’s Canadian subsidiary supplied the Chinese military with US-origin, export-controlled software that was modified specifically for use in that helicopter.
Engaging in corporate transactions with Chinese investors
A corporate transaction that requires Chinese nationals to conduct any due diligence or pre-acquisition review entailing US-origin, export-controlled information could require an export license. For example, due diligence that would require a review of non-public IP suggests that an export license may be required. The value of the target in a merger and acquisition scenario may be affected by export restrictions applicable to its IP assets. Chinese investors should know that US-origin, export-controlled technology may not be disclosed to Chinese nationals or transferred to China without the required license, even if a Chinese company owns the technology through acquisition of the technology’s designer or manufacturer.
Visiting US companies
Visits to US companies by Chinese nationals may also require an export license if the visit would result in the release of US-origin, export-controlled technology. This is particularly true if the visit entails a tour of the assembly line for an export-controlled item, which could be viewed by the agencies as a release of technology. The requirement for a license applies in this scenario even if a Chinese company owns the US company.
SCOPE OF THE EXPORT LICENSE REQUIREMENT
Several factors may relieve companies of an export license obligation. First, generally no export license is required if the software or technology to be released to the Chinese national is not export controlled, i.e., neither controlled by DDTC nor subject to a BIS license requirement. Therefore, correct classification of software and technology is crucial for determining the applicable restrictions. The existence of a minor difference in technical characteristics can dictate whether a particular item is export controlled.
Second, for some export-controlled items, the corresponding software and technology may simply not be export controlled. In those cases, the US government has made the policy decision not to subject the software or technology to the same controls as the item. This determination also requires a careful classification review.
Third, technology is not export controlled if does not rise to the level of “development,” “production,” or “use” technology. Definitions for those terms are in the EAR and should be reviewed carefully against the technology at issue in determining whether the technology is export controlled.
Fourth, publicly available information is generally not subject to export controls. This exception is subject to many conditions, highly fact-specific, and subject to different interpretations depending on whether the software or technology is controlled by DDTC or BIS. Companies should review the regulations and the software or technology carefully before relying on this exception.
Finally, foreign nationals who have been awarded US permanent residency or refugee or asylum status are treated as US citizens under US export control laws. Thus, such nationals are not subject to the deemed export rule and may access US-origin, export-controlled software and technology without an export license.
RISKS ARE ESPECIALLY ACUTE WITH RESPECT TO CHINA
China is subject to more controls than most other countries under the US export regime. Because China is subject to a US arms embargo, the United States prohibits the export of any DDTC-controlled item, technology, or software to China. For BIS-controlled items, technology, and services, China is subject to many more controls than most countries. In addition, a “military end-use” rule applies to China that prohibits the export of various classes of items, technology, and software to China if the export is for a military end-use. Violation of those controls may lead to enforcement actions for which civil penalties may reach $500,000 per violation and criminal penalties may reach $1 million per violation and imprisonment.
Export control enforcement actions have involved China more than most other countries. Based on civil and criminal export enforcement data from BIS, 36 out of 161 actions closed in 2010 and 2011 involved China, second only to Iran at 44. In contrast, only seven cases involved Russia and only three involved South Korea. Similarly, in a DOJ list of major US export enforcement, economic espionage, trade secrets, and embargo-related criminal cases, China was involved in 32 of the 141 “major” cases since 2010, tied with Iran.
The enforcement focus on China, particularly with respect to technology transfers, will likely continue, if not increase. A widely quoted 2011 report by the Office of the National Counterintelligence Executive named China as the “most active and persistent perpetrator of economic espionage” and warned that illegal technology transfer to China is a threat to US national “prosperity and security.” That report represents only the latest public concern raised by the US government about Chinese theft of US-origin IP. Recent informal statements by DOJ and BIS officials confirm that the enforcement agencies have begun addressing such concerns by stepping-up prosecution of such theft through US export control laws.
Moreover, enforcement of the deemed export rule is set to intensify. In 2011, the Government Accountability Office (GAO) issued the latest in a string of reports criticizing BIS for not effectively preventing unauthorized technology releases to non-US persons in the United States. The report recommended that BIS assess compliance with the deemed export rule by reviewing a sample of existing H-1B specialty visas to “determine whether employers of the applicants should have applied for deemed export licenses.” The GAO also urged BIS to “develop and implement procedures for incorporating Department of Homeland Security immigration data into its enforcement screening activities.”
In February 2011, the US government began requiring US employers petitioning to hire foreign workers under H-1B, L-1, or similar visas to certify compliance with the deemed export rule. Specifically, US companies are required to certify that they have assessed the technologies that would be released to the foreign worker and determined whether an export license would be required.
Unfortunately, the US government’s current effort to reform the US export control system, even if successful, is not likely to alter the status quo with respect to China. Although one of the many aims of that effort is to relax export controls on certain items, software, and technology, it proposes to do so for only select US allies and retains many of the China-specific policies and restrictions currently in effect. Existing national security concerns with respect to China are all but likely to preclude any attempt to liberalize export controls for that country.
Given the above regulatory environment and the US government’s security concerns related to China, companies can expect continued, intensified enforcement against unauthorized release of US technology to China, either through direct or deemed exports. US companies that possess potentially export-controlled technology and employ Chinese nationals or collaborate with Chinese parties now face greater compliance risks than ever before.
The first step in the prudent management of that risk is to assess whether and which of the company’s items, technology, and software is export controlled by carefully determining the jurisdiction and classification of each. This can be accomplished by comparing your company’s items, technology, and software with the classes of items, technology, and software subject to the ITAR or identified in the CCL. Depending on the company’s skills, resources, and experience, help from third-party export control practitioners may be warranted.
A concurrent assessment, with the help of human resources, must identify the foreign nationals employed by the company, the potential access points for export-controlled items, technology and software, and the mechanisms required to cut off those access points absent required licenses.
Finally, where technology or deemed export risks are real, companies need to draft new or update existing export control policies that restrict access to export-controlled technologies and implement a compliance program commensurate with their risk level.
[author] Jian Bin (Ben) Gao ([email protected]) is a senior associate at law firm Miller & Chevalier. His practice focuses on corporate compliance and white collar defense. David Hardin ([email protected]) is a counsel at Miller & Chevalier. His practice focuses on export control matters for various US agencies. [/author]