Russia, China, Semiconductors and Reimagining National Security: US Export Controls 2022 Year in Review

• The volume and impact of changes to United States export control regulations in 2022 were unprecedented, and we expect 2023 will likely bring additional changes. This alert provides a summary of key changes, themes and priorities, by regulator.
• On the EAR front, BIS published over 400 pages of rule changes with respect to restrictions on Russia, China, advanced computing and semiconductors and other day-to-day updates. The changes include significant expansion of U.S. export control jurisdiction through the creation of broad new foreign direct product rules and rules regulating the activities of U.S. persons around the world.
• Through the Russia Trade Controls Resource Center on our OverRuled platform, we have catalogued the Russia-related export controls and sanctions updates from the U.S., EU, United Kingdom and other countries, and made these compiled actions, commentary and analysis available to subscribers.
• On the ITAR front, DDTC announced several major enforcement actions, consolidated and restructured the regulations, and issued new license types. DDTC also approved a tremendous volume of licenses for exports, reexports and brokering efforts to facilitate the total $24.3 billion in security assistance the U.S. has provided Ukraine since the war with Russia began.
• More broadly, the U.S. government more clearly announced a reconsideration of what “national security” means in the context of export controls. As best set out in speeches by National Security Advisor Jake Sullivan in September and October of 2022, export controls should also be tools to achieve strategic objectives regarding “force multiplying” commercial technologies. The new way of thinking is the foundation of the new controls against Russia and China. It has also led to significant discussions with allies about how to move their export control systems and policies beyond those largely limited to implementing controls on items identified on lists developed by the four multilateral export control regimes.
• 2023 is poised to be another intense year with novel and expanded uses of export controls to protect national security. We anticipate significant efforts for more plurilateral coordination, with the U.S. strongly advocating for expanded controls by allies, a continued focus on semiconductors and advanced computing controls, and additional focus on quantum computers/computing controls, artificial intelligence controls, biotechnologies and biomanufacturing controls (including related supply chains), clean energy technology support and human rights protections.
• 2023 is poised to be another intense year with novel and expanded uses of export controls, with continued, active discussion within the administration, Congress and elsewhere regarding what “national security” means with respect to export controls.

Updates to the Export Administration Regulations by the Department of Commerce Bureau of Industry and Security

2022 brought an unprecedented degree of change to the U.S. export controls system under the Export Administration Regulations (EAR). In total, the Bureau of Industry and Security (BIS) published over 400 pages of rule changes, expanding controls on exports to Russia and Belarus in response to Russia’s invasion of Ukraine, creating novel controls targeting the advanced computing and semiconductor manufacturing sectors in China, and implementing a number of other administrative updates.

A. Iterative Executive Orders and Rules Preventing the Flow of Goods and Technologies to Russia and Belarus

In response to Russia’s invasion of Ukraine, and Belarus’ enabling of it, beginning February 24 and continuing throughout the year, BIS imposed significant, novel and complex controls on the export and reexport to, and transfer within, Russia and Belarus of a wide-range of previously uncontrolled U.S.- and foreign-made items.

As 2022 came to a close, controls newly applicable to Russia and Belarus included the following:

• Controls on the export, reexport or transfer of any commodity, software or technology subject to the EAR described on the EAR’s Commerce Control List (CCL), if destined to Russia or Belarus.
• Controls on the export, reexport or transfer of the following types of foreign-produced items, when sent from foreign countries that have not committed to imposing new controls against Russia or Belarus that are substantially similar to those imposed by the U.S.
  • Foreign-produced items of a type described on the CCL and produced with more than 25 percent U.S.-origin content, including content controlled for Anti-Terrorism reasons only. Note that these controls apply through application of the EAR’s normal de minimis rules due to the controls under § 746.8(a)(1).
  • Foreign-produced items described on the CCL (i.e., that are not EAR99 items) that are the direct product of U.S. technology or software described on the CCL or produced with equipment that is the direct product of such U.S. origin technology or software.
  • With limited exceptions, foreign-produced items of any type (i.e., including EAR99 items) that are the direct product of technology or software subject to the EAR and described on the CCL or produced with equipment that is the direct product of U.S. origin software or technology described on the CCL, if one of the newly identified Russian or Belarusian Military End Users on the Entity List is involved in the transaction, directly or indirectly.
• Controls on the export, reexport or transfer of any item subject to the EAR, when there is knowledge that it is intended for, entirely or in part, a military end-use/user in Russia or Belarus (expanding the EAR’s traditional military end-use/user rules, which are limited to a subset of items controlled on the CCL for Anti-Terrorism-only reasons).
• Controls on the export, reexport or transfer of “luxury goods” to Russia or Belarus, or to Russian or Belarusian oligarchs/actors supporting the Russian or Belarusian governments, wherever located.
• Expansion of 746.5 of the EAR, which, prior to the new controls, only imposed licensing requirements on oil and gas-related exports, reexports and transfers to Russia, to (1) apply the controls under § 746.5 to Belarus as well as Russia, (2) control additional oil and gas-related exports to Russia and Belarus, (3) control new types of EAR99 items for industrial and commercial sectors based on their Harmonized Tariff Schedule (HTS) description and (4) control certain items for export to Russia/Belarus that may be useful for Russia’s chemical and biological weapons production capabilities and for quantum computing and advanced manufacturing.

Our March 2022 alert (U.S. Government Imposes Expansive, Novel and Plurilateral Export Controls Against Russia and Belarus) contains more details on the first rounds of controls that BIS published on February 24 and March 2. BIS created additional controls, which are described on its website that compiles resources related to the new controls. The site includes press releases announcing the controls as they were created, FAQs explaining certain aspects of the controls and actions BIS has taken to enforce the controls. In addition, Akin Gump continues to track Russia-related changes by the U.S., U.K., European Union (EU) and other jurisdictions on our Russia Trade Controls Resource Center, which is available to subscribers.

B. New Rules Targeting Advanced Computing/Semiconductor Manufacturing in China

On October 7, 2022, BIS amended the EAR to create new controls on items intended to support the advanced computing and semiconductor manufacturing industries in China. BIS enacted these changes to address concerns that China has “mobilized vast resources to support its defense modernization, including the implementation of its military-civil fusion development strategy.” Specifically, BIS added controls on:

• Certain types of (i) advanced integrated circuits, (ii) commodities containing such integrated circuits, (iii) semiconductor production equipment and (iv) related components, software and technology.
• Certain activities involving (i) advanced node semiconductor fabrication facilities, (ii) semiconductor production equipment and (iii) supercomputers.
• Certain items produced outside of the U.S. when transactions involving such items also involve (i) certain Chinese companies listed on the Entity List that are subject to a new Footnote 4 designation, (ii) supercomputer-related activities in China or (iii) advanced computing applications in China.
• U.S. person activities related to the development or production of (i) integrated circuits at semiconductor fabrication facilities in China that develop or produce advanced node semiconductors or (ii) specific types of semiconductor production equipment in China.

As a result, U.S. and non-U.S. companies (and individual U.S. citizens) that engage in transactions pertaining to the advanced computing, artificial intelligence, supercomputer, semiconductor production equipment or semiconductor-related supply chains involving China will need to review closely the complex rules to determine whether their internal compliance programs and business plans need to change. Our October client alert (BIS Imposes New Controls to Limit the Development and Production of Advanced Computing and Semiconductor Capabilities in China) provides more details.

C. Sanctions and Defense Services-like Controls on U.S. Persons

As part of the October 2022 rules targeting advanced computing and semiconductor manufacturing in China, BIS issued novel controls regulating “U.S. persons” whose activities support these industries. These controls are similar in operation to the economic sanctions administered by the Department of the Treasury’s Office of Foreign Assets Control (OFAC), prohibiting U.S. person entities and individuals from engaging in activities to support advanced computing and semiconductor manufacturing in China, even where such activities do not involve items subject to the EAR.

In a similar vein, on December 23, 2022, President Biden signed into law the 2023 National Defense Authorization Act (NDAA), which includes a provision granting BIS the statutory authority to create controls on the activities of U.S. persons, wherever located, in “support” of “military, security, or intelligence services.” The Biden-Harris administration has not stated how or when it plans to implement these new authorities in the EAR, but they set the stage for new controls akin to controls on defense services found in the International Traffic in Arms (ITAR). Our January 2023 alert describes these changes in more detail (BIS Has New Authorities to Impose Controls over Activities of U.S. Persons in Support of Foreign Military, Security, or Intelligence Services).

D. Entity Listings and Unverified List/Entity List Expansions

Throughout 2022, BIS added hundreds of entities to the Entity List, including over 355 Russian entities, 27 Belarusian entities, 33 Chinese entities and various entities from Belize, Estonia, Kazakhstan, Latvia, Lithuania, Malta, Pakistan, Singapore, Slovakia, Spain, the U.K., the United Arab Emirates (UAE), Uzbekistan and Vietnam. Many of these entries result in essentially complete prohibitions on the export of items subject to the EAR to the listed entities. In addition, some entities were designated with footnotes (including Footnote 4 entities and Russia/Belarus military end-users) resulting in additional foreign (i.e., non-U.S.)-produced direct products of U.S. software or technology being subject to the restrictions. The newer application of these novel extraterritorial controls over foreign-produced commercial items outside the U.S. were largely limited to shipments to Chinese companies involved in advanced computing and artificial intelligence (AI)-related support for the Chinese government. A significant issue to watch in 2023 is whether the foreign direct product rule will be applied to additional categories of foreign-made commercial items.

On October 7, 2022, BIS amended the EAR to clarify that BIS may add entities to the Unverified List (UVL) due to a sustained lack of foreign government cooperation, which effectively prevents BIS from conducting an end-use check on the entity. On the same day, the Assistant Secretary for Export Enforcement issued a memorandum outlining a two-step policy under which (1) BIS will add entities to the UVL if an end-use check cannot be completed within 60 days of request and (2) BIS will transition entities from the UVL to the Entity List if BIS is still unable to complete an end-use check within 60 days of listing the entity on the UVL. Some companies may be unable to comply with end-use checks due to interference by their home government (e.g., China). Our October client alert (BIS Announces Significant Changes to How It Administers Unverified and Entity Lists) contains more details. On December 16, 2022, pursuant to the above policy, BIS moved nine Russian entities from the UVL to the Entity List and removed 27 entities (26 of which from China) from the UVL.

E. Other Notable Regulatory Actions from BIS

• Expanding and Reorganizing U.S. Jurisdiction on Foreign-Produced Direct Products: In February 2022, BIS reorganized and clarified the EAR’s foreign-produced direct product rules, i.e., regulations that describe when an item produced outside of the U.S. is and is not subject to the licensing and other obligations of the EAR. This reorganization added greater clarity about when EAR jurisdiction may apply to foreign-produced items, but also set the stage for easier extensions of these extraterritorial rules to situations in addition to those related to Russia and China. See our February 2022 alert (U.S. Government Clarifies, Reorganizes and Renames Descriptions of How Foreign-Produced Items Outside the United States are Subject to U.S. Export Controls as the U.S. Contemplates New Restrictions on Russia) for more details.
• Other New Controls on Certain Items/Software/Technology:
  • Implementation of Cybersecurity Controls: An interim final rule creating new controls on cybersecurity items, such as systems “specially designed” for the generation, command and control, or delivery of “intrusion software,” became effective on March 7, 2022. This and a related rule created a license exception (Authorized Cybersecurity Exports (ACE)) specific to certain cybersecurity exports, which BIS further modified in a final rule on May 26, 2022.
  • Extension of Temporary Control 0D521: On January 6, 2022, BIS published an interim final rule extending the validity of temporary controls under 0D521 to control geospatial imagery “software” “specially designed” for training a Deep Convolutional Neural Network to automate the analysis of geospatial imagery and point clouds. This temporary control was originally published in 2020 and has now been extended twice.
  • Implementation of Controls on Emerging and Foundational Technology: On August 15, 2022, BIS published an interim final rule implementing four new controls agreed to under the 2021 Wassenaar Plenary meeting. These include controls on certain substrates (Gallium Oxide (Ga₂O₃) and diamond) of Ultra-Wide Bandgap Semiconductors (revisions to Export Control Classification Numbers (ECCN) 3C001, 3C005, 3C006 and 3E003), software for Electronic Computer Aided Design (ECAD) for the development of integrated circuits with Gate-All-Around Field-Effect Transistor (GAAFET) (new ECCN 3D006) and pressure gain combustion (PGC) (revisions to ECCN 9E003).
• Standards Activity-Related Authorizations to Entities on the Entity List: On September 9, 2022, BIS published an interim final rule authorizing the release of certain software and technology to entities on the BIS Entity List when the release is made in the context of “standards-related activity.” This rule broadened BIS’s authorization for the release of technology in the context of standards organizations, which it originally published in June 2020 following the addition of Huawei and its specified affiliates to the Entity List.
• Guidance on Antiboycott Enforcement Policies: On October 6, Assistant Secretary for Export Enforcement Matthew Axelrod published a memo providing updated guidance on BIS’s policies to enforce the U.S. antiboycott regulations, which prohibit compliance with foreign boycotts that are not sanctioned by the U.S. The memo informed the public that Commerce (i) would be adjusting the categories of antiboycott violations it considers to be most serious for purposes of determining penalties during enforcement actions, (ii) will enhance penalty determinations for antiboycott violations, (iii) will require admissions of misconduct when settling matters involving antiboycott violations and (iv) will renew its enforcement focus on foreign subsidiaries of U.S. companies involved in violations of U.S. antiboycott regulations. On October 7, BIS published a final rule revising Supplement No. 2 to Part 766 of the EAR, implementing item (i) from the policy memo. See our October client alert (BIS Announces Significant Changes to How It Administers Unverified and Entity Lists) for more information.
• Export Enforcement-Related Changes: In January 2022 and 2023, the Commerce Department adjusted the value of civil monetary penalties for the regulatory provisions it administers to account for inflation. The current maximum penalty for a violation of the EAR is $353,534. Additionally, on June 30, 2022, BIS published a speech and memorandum outlining changes to enforcement practices, including eliminating “no admit, no deny” statements in settlements.

Updates to the International Traffic in Arms by the Department of State Directorate of Defense Trade Controls

2022 also saw significant actions from the Directorate of Defense Trade Controls (DDTC), which administers the ITAR.

Notably, DDTC did not take regulatory action in response to Russia’s invasion of Ukraine. The ITAR already prohibits exports to Russia. Developments were more consequential in relation to licensing/brokering management, for which DDTC approved large numbers of applications to support Ukraine’s resistance of Russia’s invasion.

• Consent Agreements and Debarments:
  • Consent Agreements and Debarments of U.S. Persons Providing Unlicensed Defense Services Involving Computer Network Exploitation Software to UAE Government: On August 29, 2022, DDTC imposed three-year administrative debarments on Ryan Adams, Marc Baier and Daniel Gericke, following Consent Agreements that Adams and Baier entered on July 7, 2022, and that Gericke entered on August 5, 2022. Between January 2016 and November 2019, Adams, Baier and Gericke worked for a UAE-based company furnishing cyber services to the UAE government. Among other activities, Adams, Baier and Gericke used their expertise in computer network exploitation (CNE) to create zero-click computer hacking and intelligence gathering systems to allow the government of the UAE’s intelligence function access to tens of millions of devices. DDTC treated these activities as controlled defense services based on its determination that the activities involved assistance by U.S. persons to a foreign person (the UAE government) with respect to defense articles (electronic systems, equipment and software specially designed for intelligence purposes to collect, survey, monitor, exploit, analyze or produce information from the electromagnetic spectrum).
  • Consent Agreement Involving Torrey Pines Logic, Inc. and Dr. Leonid Volfson: On January 31, 2022, Torrey Pines Logic, Inc. and Dr. Leonid Volfson entered a Consent Agreement with DDTC to resolve alleged violations of the ITAR involving the unauthorized export and the attempted unauthorized export of certain thermal imaging systems described on the U.S. Munitions List (USML) to various countries, including China, Lebanon and Russia, the involvement in ITAR-regulated activities while ineligible, and the failure to maintain and produce records.
• ITAR Consolidation and Restructuring: On September 6, 2022, the U.S. Department of State amended the ITAR to consolidate and restructure the regulations pursuant to an interim final rule published on March 23, 2022. These amendments were purely organizational, intended to better organize the purposes and definitions within the regulations and co-locate authorities, general guidance and definitions. The amendments did not change any substantive requirements under the ITAR. However, due to the organizational changes, companies involved in ITAR activities may need to revise their compliance policies/procedures to reflect the correct citations of the ITAR going forward.
• Guidance for U.S. Persons Abroad Authorization Requests: On December 7, 2022, DDTC updated guidance to assist industry in making submissions for requests to authorize exports of defense services by U.S. Persons Abroad (USPABs). In addition to general guidance and descriptions of submission requirements, these updates include a sample USPAB Submission Letter Template and a Sample § 126.13 Certification Letter for USPAB Authorization Requests (both accessible here). DDTC also modified 14 FAQs on the same topic to provide greater clarification to USPABs regarding the application of defense services controls.
• Publication of Two Open General Licenses: On July 20, 2022, DDTC published two Open General Licenses (OGLs) for reexports and retransfers of unclassified defense articles to pre-approved parties in Australia, Canada and the U.K. The OGLs are part of a pilot program that will run between August 1, 2022, and July 31, 2023.
• Updated Agreements Guidelines: In 2022, DDTC twice revised its Agreement Guidelines. The first revision, on February 24, 2022, was to restructure the Agreement Guidelines in a more logical and orderly fashion and to remove duplicative information. The updated guidelines clarify that applicants are not required to apply for an amendment for the sole purpose of conforming their agreements to any language or format change presented in the Agreement Guidelines. The second revision, on September 6, 2022, was an administrative update to conform the Agreement Guidelines to the September 6, 2022, consolidation of the ITAR. The most recent version of the Agreement Guidelines (5.1) is available here on DDTC’s website.
• Update to definition of “activities that are not exports, reexports, retransfers, or temporary imports”: On December 16, 2022, DDTC published a proposed rule to §120.54 of the ITAR (activities that are not exports, reexports, retransfers or temporary imports). Comments on the proposed rule are due to DDTC by February 14, 2023.
• Civil Monetary Penalty Adjustment: In January 2022 and 2023, the State Department adjusted the value of civil monetary penalties for the regulatory provisions it administers to account for inflation. The current maximum penalty for a violation of the ITAR is $1,200,000.

What to Expect in 2023

2023 is poised to be another intense year with novel and expanded uses of export controls. We expect to continue to see active discussion within the administration, Congress and elsewhere regarding what “national security” means with respect to export controls, as well as debate about how export controls should be used to address foreign policy concerns, including human rights issues that traditionally have not been addressed through export controls. At the same time, we expect policymakers will consider whether and how U.S. multilateral controls support national security, particularly in light of the current relationships with Russia and China. All of this discourse will revolve around whether the multilateral regime process set up after the end of the Cold War is still effective at addressing both classical non-proliferation objectives as well as newer economic security concerns. This has and will continue to lead to the use of ad hoc plurilateral controls among close allies to impose novel controls outside the regime system, which was the case with the allied response to Russia’s invasion of Ukraine.

We anticipate 2023 will also bring continued rulemaking and enforcement similar to that in 2022, with regulators concentrating on individual culpability and admissions of wrongdoing. We expect to see the definition of national security continue to broaden, with even more focus on human rights protections, and to see increased enforcement, with the regulators concentrating on individual culpability and admissions of wrongdoing. Finally, we anticipate extensive licensing requirements and guidance as the technologies, review standards, end-use concerns and multinational considerations grow more complex.

In addition to seeking guidance from the contacts below, OverRuled, currently expected to launch by the second quarter of this year, will provide on-demand to view rule changes, enforcement trends and enforcement by industry. It also houses the Russia Trade Controls Resource Center, which catalogues the Russia-related export controls and sanctions updates from the U.S., U.K. and other countries.