Export Control Regulatory Change Summary, October – December 2021

This rule amended the Export Administration Regulations (EAR) by making targeted editorial corrections and clarifications to ensure language and policies already set forth in the EAR remain consistent throughout.

Examples of edits include:

• Updates to the “Subject to the EAR?” flowchart in supplement no. 2 of part 732 to reflect previous regulatory changes.
• Revision of part § 748.3(c) to include how to submit advisory opinion requests via email or through the BIS website.

This final rule added a new Export Control Classification Number (ECCN) 2D352 to the CCL to control nucleic acid assembler and synthesizer “software” capable of designing and building functional genetic elements from digital sequence data. In addition, this rule amended ECCN 2E001 to control, “technology” for the “development” of this “software.” 

Certain nucleic acid assemblers and synthesizer equipment were already controlled, and BIS’ new rule now expands the export licensing requirements for nucleic acid assemblers and synthesizers to cover related software and associated technology.

On October 29 OFAC designated a network of companies and individuals that have provided support to the Unmanned Aerial Vehicle (UAV) programs of Iran’s Islamic Revolutionary Guard Corps (IRGC) and its expeditionary unit, the IRGC Qods Force (IRGC-QF). Companies designated include:

• Oje Parvaz Mado Nafar Company
• Kimia Part Sivan Company

The Directorate of Defense Trade Controls added Ethiopia to ITAR § 126.1(n) and updated the entry for Eritrea at § 126.1​(h). ​These changes establish a policy of denial for exports of defense articles and defense services to or for the armed forces, police, intelligence, or other internal security forces of Ethiopia ​or Eritrea.

This final rule added four entities to the Entity List determined by the U.S. Government to be acting contrary to the national security or foreign policy interests of the United States.

Specifically, investigative information has shown that the Israeli companies NSO Group and Candiru developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.

And specifically, Positive Technologies, located in Russia, and Computer Security Initiative Consultancy PTE. LTD., located in Singapore, traffic in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.

Israel

• Candiru
• NSO Group

Russia

• Positive Technologies

Singapore

• Computer Security Initiative Consultancy PTE. LTD.

The U.S. Department of the Treasury announced actions to disrupt criminal ransomware actors and virtual currency exchanges that launder ransomware proceeds, including the designation of Chatex, a virtual currency exchange, and its associated support network, for facilitating financial transactions for ransomware actors.

The U.S. Department of State, U.S. Department of the Treasury, and U.S. Department of Commerce issued an advisory to caution U.S. businesses currently operating in or considering operating in Cambodia to be mindful of interactions with entities and sectors potentially involved in human rights abuses, criminal activities, and corrupt business practices.

This final rule added twenty-seven entities to the Entity List determined by the U.S. Government to be acting contrary to the national security or foreign policy interests of the United States. See the federal register notice for more details on the addition of these entities.

China

• Corad Technology (Shenzhen) Ltd.
• Hangzhou Zhongke Microelectronics Co., Ltd.
• Hefei National Laboratory for Physical Sciences at Microscale
• Hunan Goke Microelectronics
• New H3C Semiconductor Technologies Co., Ltd.
• Peaktek Company Ltd.
• Poly Asia Pacific Ltd., (PAPL)
• QuantumCTek Co., Ltd.
• Shaanxi Zhi En Electromechanical Technology Co., Ltd.
• Shanghai QuantumCTek Co., Ltd.
• Xi’an Aerospace Huaxun Technology
• Yunchip Microelectronics

Japan

• Corad Technology Japan K.K.

Pakistan

• Al-Qertas
• Asay Trade & Supplies
• Broad Engineering (Pakistan)
• Global Tech Engineers
• Jade Machinery Pvt. Ltd.
• Jiuding Refrigeration & Air-conditioning Equipment Co (Pvt) Ltd.
• K-SOFT Enterprises
• Muhammad Ashraf
• Muhammad Farrukh
• Prime Tech
• Q&N Traders
• Seljuk Traders (SMC-Private) Limited
• U.H.L. Company

Singapore

• Corad Technology Pte Ltd.

In addition, this rule added one entity to the Military End-User (MEU) List under the destination of Russia.

• Moscow Institute of Physics and Technology

The Department of Commerce published this final rule in conjunction with a U.S. Nuclear Regulatory The Department of Commerce published this final rule in conjunction with a U.S. Nuclear Regulatory Commission (NRC) final rule to remove the NRC’s licensing authority for exports of deuterium for non-nuclear end use.

The responsibility for the licensing of exports of deuterium for non-nuclear end use is being transferred to the Department of Commerce’s Bureau of Industry and Security (BIS).  Exports of deuterium for nuclear end use will remain under the NRC’s export licensing jurisdiction.

The NRC’s recent licensing experience has shown that deuterium has been exported almost exclusively for non-nuclear industrial and research end uses including for use as tracers in hydrological, biological, and medical studies.

This final rule applies more restrictive requirements for exports to Cambodia of items subject to the EAR.

BIS indicated it took this action to address deepening Chinese military influence in Cambodia, which undermines and threatens regional security, as well as growing corruption and human rights abuses by the Government of Cambodia.

BIS updated the Country Group designation for Cambodia under the EAR to reflect the country’s identification by the State Department as subject to a United States arms embargo.

The Department of State’s Directorate of Defense Trade Controls (DDTC) final rule added Cambodia to the list of ITAR § 126.1 countries for which it is the policy of the United States to deny licenses for export and import defense articles and defense services.  These changes were made in response to evidence of corruption, human rights abuses, and an exclusive agreement with the People’s Republic of China (PRC) on military expansion in Cambodia by the Cambodian government.

OFAC identified eight Chinese technology firms pursuant to Executive Order (E.O.) 13959, as amended by E.O. 14032. These eight entities actively support the biometric surveillance and tracking of ethnic and religious minorities in China, particularly the predominantly Muslim Uyghur minority in Xinjiang. U.S. persons are prohibited from purchasing or selling certain publicly traded securities connected with these entities, as described in E.O. 13959, as amended.

• Cloudwalk Technology Co
• Dawning Information Industry Co., Ltd.
• Leon Technology Company Limited
• Megvii Technology Limited
• Netposa Technologies Limited; SZ DJI Technology Co., Ltd.
• Xiamen Meiya Pico Information Co., Ltd.
• Yitu Limited

For more information see this OFAC press release.

The Bureau of Industry and Security issued a final rule that added 37 entities to the Entity List. See the federal register notice for more details. Generally the rule added:

• 12 entities in China that use biotechnology processes to support Chinese military end-uses and end-users, to include purported brain-control weaponry
• 8 entities in China for their support of China’s military modernization
• 5 entities in China for acquiring or attempting to acquire U.S.-origin items in support of military modernization for China’s army
• 3 entities in China for supplying or attempting to supply U.S.-origin items that could provide material support to Iran’s advanced conventional weapons and missile programs
• 4 entities in China, 1 entity in Georgia and Turkey, 1 entity in China and Malaysia, 1 entity in China and Georgia, 1 entity in Georgia, and 1 entity in Turkey that are part of a network used to supply or attempt to supply Iran with U.S.-origin items that would ultimately provide material support to Iran’s defense industries

China

• Academy of Military Medical Sciences
• Academy of Military Medical Sciences, Field Blood Transfusion Institution
• Academy of Military Medical Sciences, Institute of Basic Medicine
• Academy of Military Medical Sciences, Institute of Bioengineering
• Academy of Military Medical Sciences, Institute of Disease Control and Prevention
• Academy of Military Medical Sciences, Institute of Health Service and Medical Information
• Academy of Military Medical Sciences, Institute of Hygiene and Environmental Medicine
• Academy of Military Medical Sciences, Institute of Medical Equipment
• Academy of Military Medical Sciences, Institute of Microbiology and Epidemiology
• Academy of Military Medical Sciences, Institute of Radiation and Radiation Medicine
• Academy of Military Medical Sciences, Institute of Toxicology and Pharmacology
• Academy of Military Medical Sciences, Military Veterinary Research Institute
• Aerosun Corporation
• Changsha Jingjia Microelectronics Co., Ltd.
• China Electronics Technology Group Corporation 52nd Research Institute
• Comtel Technology Limited
• Fujian Torch Electron Technology Co., Ltd.
• Hangzhou Hikmicro Sensing Technology Co., Ltd.
• HMN International Co., Ltd.
• Hong Kong Cheung Wah Electronics Technology Company Limited
• HSJ Electronics
• Hyper Systems Union Limited
• Inner Mongolia First Machinery Group Co., Ltd.
• Integrated Scientific Microwave Technology
• Jiangsu Hengtong Marine Cable Systems Co., Ltd.
• Jiangsu Hengtong Optic-Electric Co., Ltd.
• ROV Solutions
• Shaanxi Reactor Microelectronics Co., Ltd.
• Shanghai Aisinochip Electronics Technology Co., Ltd.
• Shanghai Aoshi Control Technology Co., Ltd.
• Shenzhen Rion Technology
• Thundsea Electric Limited
• Wavelet Electronics
• Zhongtian Technology Submarine Cable Co.

Georgia

• Gensis Engineering
• ROV Solutions
• SAEROS Safety ERO Company

Malaysia

• Integrated Scientific Microwave Technology

Turkey

• Gensis Engineering
• Vangurd Tec Makina Sanyi Ithalat

For these entities BIS imposed a license requirement for exports, reexports, and transfers (in-country) of all items subject to the EAR as well as a license review policy of presumption of denial. In addition, no license exceptions are available for such shipments to these entities.

Treasury’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet on the, “Provision of Humanitarian Assistance to Afghanistan and Support for the Afghan People”.

There are no OFAC-administered sanctions that generally prohibit the export or reexport of goods or services to Afghanistan, moving or sending money into and out of Afghanistan, or activities in Afghanistan, provided that such transactions or activities do not involve sanctioned individuals, entities, or property in which sanctioned individuals and entities have an interest. In all cases, authorized transactions and activities must comply with the terms and conditions set forth in the applicable General License. Notably, the General Licenses available explicitly do not authorize financial transfers to the Taliban or the Haqqani Network, other than for the purpose of effecting the payment of taxes, fees, or import duties, or the purchase or receipt of permits, licenses, or public utility services related to the activities specified. For more information, please see GLs 17, 18, and 19.

This interim final rule, published October 21, 2021, amends the EAR to add controls on cybersecurity exploitation, intrusion and monitoring tools. And creates a new License Exception “Authorized Cybersecurity Exports (ACE)”.

The Interim Rule implements multilateral controls over cybersecurity hardware and software originally added by the Wassenaar Arrangement in 2013 and subsequently modified. BIS originally proposed to implement controls over these types of items in 2015 but paused after receiving hundreds of comments expressing concern that the control parameters were overly broad.

New controls

• ECCN 4A005 “Systems,” “equipment,” and “components” therefor, “specially designed” or modified for the generation, command and control, or delivery of “intrusion software”.
• ECCN 4D004 “Software” “specially designed” or modified for the generation, command and control, or delivery of “intrusion software”.
  Note: 4D004 does not apply to “software” specially designed and limited to provide “software” updates or upgrades meeting all the following:
  1. The update or upgrade operates only with the authorization of the owner or administrator of the system receiving it; and
  2. After the update or upgrade, the “software” updated or upgraded is not any of the following:
  1. “Software” specified by 4D004; or
  2. “Intrusion software.”
• ECCN 4E001
• a. “Technology” according to the General Technology Note, for the “development”, “production”, or “use” of equipment or “software” controlled by 4A (except 4A980 or 4A994) or 4D (except 4D980, 4D993, 4D994).
• c. “Technology” for the “development” of “intrusion software.”
• Note: 4E001 does not apply to “vulnerability disclosure” or “cyber incident response”
• ECCN 5A001.j IP network communications surveillance systems or equipment, and “specially designed” components therefor, having all of the following:
• j.1. Performing all of the following on a carrier class IP network (e.g., national grade IP backbone):
• j.1.a. Analysis at the application layer (e.g., Layer 7 of Open Systems Interconnection (OSI) model (ISO/IEC 7498-1));
• j.1.b. Extraction of selected metadata and application content (e.g., voice, video, messages, attachments);
• j.1.c. Indexing of extracted data; and
• j.2. Being “specially designed” to carry out all of the following:
• j.2.a. Execution of searches on the basis of “hard selectors”; and
• j.2.b. Mapping of the relational network of an individual or of a group of people.

934. Are the United Nations and the U.S. government permitted to conduct stabilization and early recovery-related activities and transactions involving Syria?  Does this apply to their contractors and grantees as well?

Answer

Yes.  The Syrian Sanctions Regulations (SySR) § 542.513 authorize, subject to certain conditions, the United Nations, its Specialized Agencies, Programmes, Funds, and Related Organizations and their employees, contractors, or grantees to engage in all transactions and activities in support of their official business in Syria, including any stabilization and early recovery-related activities and transactions in support of their official business.  This authorization applies to all employees, grantees, and contractors carrying out the official business of the United Nations, its Specialized Agencies, Programmes, Funds, and Related Organizations, including nongovernmental organizations (NGOs) and private sector entities that are acting as grantees or contractors.  Please be aware that grantees or contractors conducting activities and transactions authorized under § 542.513 must provide a copy of their contract or grant with the United Nations, or its specialized Agencies, Programmes, Funds, and Related Organizations to any U.S. person, including U.S. financial institutions processing funds transfers in support of the authorized activities, before the U.S. person engages in or facilitates any transaction or activity.

In addition, § 542.211(d) and the general license at § 542.522 exempt and authorize, respectively, subject to certain conditions, the Federal Government and its employees, grantees, or contractors to engage in all transactions in support of their official business in Syria, including any stabilization and early recovery-related activities and transactions in support of their official business.  This exemption and authorization apply to all employees, grantees, and contractors carrying out the official business of the Federal Government, including NGOs and private sector entities that are acting as grantees or contractors.  Please be aware that grantees or contractors conducting transactions authorized under § 542.522 must provide a copy of their grant or contract with the Federal Government to any U.S. person, including U.S. financial institutions processing funds transfers in support of the authorized activities, before the U.S. person engages in or facilitates any transaction.

For NGOs that are not acting as grantees or contractors of the aforementioned international organizations or the Federal Government, please see § 542.516 for authorizations under the SySR related to the export or reexport of certain services to Syria in support of certain NGO activities.

Separately, non-U.S. persons, including NGOs, private sector entities, and foreign financial institutions facilitating or assisting in the aforementioned activities, do not risk exposure to U.S. secondary sanctions pursuant to the Caesar Syria Civilian Protection Act of 2019 for engaging in the above activities that are authorized or exempt for U.S. persons under the SySR.  Please see FAQ 884 for additional information.

Please note that this guidance does not apply to transactions and activities that may be subject to sanctions under other sanctions programs administered by OFAC (e.g., transactions with persons blocked under OFAC’s counterterrorism authority (E.O. 13224, as amended) or OFAC’s Syria-related authority (E.O. 13894)), unless exempt or otherwise authorized by OFAC.

Date Released
November 8, 2021