At the start of the Biden administration, the president made a consequential decision to retain the Executive Order on Securing the Information and Communications Technology and Services Supply Chain, which was issued by President Trump and prohibits the import of information and communications technology and services (ICTS) from foreign adversaries. The executive order and its implementing regulations (together, the ICTS rules) are a critically important effort to prevent capable foreign cyber actors, notably China and Russia, from exploiting the open nature of the U.S. ICTS market. Notwithstanding this strong security rationale, the industry has heavily criticized the ICTS rules as overly broad and vague. To address these concerns, the Department of Commerce, the agency that leads the implementation of the ICTS rules, committed to implement a voluntary licensing process, which would allow transacting parties to apply for preapproval of their ICTS transactions. The objective of the licensing process is to provide certainty to transacting parties, allowing them to engage in nonrisky, commercially beneficial ICTS transactions without fear that the government will seek to unwind or ban the transactions in the future.
While laudable in intent, establishing a licensing regime based on the current structure of the ICTS rules is likely to fail.
This is simply a matter of numbers. According to the Commerce Department’s own assessments, up to 4.5 million firms may engage in ICTS transactions on a regular basis. Opening up a licensing process for any—or all—of these firms would likely lead to an unmanageable flood of applications, forcing the department to divert its extremely limited resources to processing licenses for ICTS transactions that may not present any genuine national security risks. The department will inevitably be pressured to narrow the scope of the ICTS rules in order to effectively manage the licensing process, which would erode the national security benefits of the rules.
To address these challenges, the Commerce Department should restructure the ICTS rules to adopt a sanctions framework by creating a new list of entities that would be prohibited from selling ICTS into the U.S. market. In other words, this could function as an ICTS sanctions list. An ICTS sanctions approach would mirror the regulatory structure of existing U.S. sanctions authorities, preserving the broad authority and discretion of the government to respond to evolving threat and technology environments. A designations process for listing sanctioned ICTS entities, along with the scope of ICTS transactions subject to a prohibition, would provide much needed certainty to the private sector. This approach avoids the need for a resource-intensive, generally available voluntary licensing process, as the ICTS designations list would provide bright line rules around which transactions are or are not prohibited.
Read the full article from Lawfare.
More from CNAS
ReportsSanctions by the Numbers: 2021 Year in Review
Introduction The first year of President Joe Biden’s administration witnessed major developments in U.S. sanctions strategy, including a general review of all sanctions progra...
By Jason Bartlett & Euihyun Bae
VideoKim Jong-un Attends N. Korea's Recent Missile Test: Analysis
North Korea fired another missile on Tuesday in less than a week, and it claims the latest launch was also a hypersonic missile and it was a success. Its leader, Kim Jong-un, ...
By Dr. Go Myong-Hyun
VideoChina's Digital Currency and Authoritarianism
China is the first major economy to develop and implement a central bank digital currency (CBDC). Its CBDC has many names: Digital Currency/Electronic Payment (DCEP), the digi...
CommentaryAnother Security Breach at the Inter-Korean Border Reinforces Concerns Over South Korea’s Ability to Protect Itself
The fact that an individual can enter and exit the “most heavily fortified border in the world” without capture raises serious concerns regarding South Korea’s ability to adeq...
By Jason Bartlett