BIS publishes interim rule on surveillance / cybersecurity products
The US Commerce Department’s Bureau of Industry and Security (‘BIS’) has released an interim final rule, which establishes controls ‘on the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities.’
BIS says the rule ‘also creates a new License Exception Authorized Cybersecurity Exports (“ACE”) and requests public comments on the projected impact of the proposed controls on U.S. industry and the cybersecurity community.’
It notes that ACE would ‘allow the export, reexport and transfer (in-country) of “cybersecurity items” to most destinations, while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern. In addition, countries subject to a U.S. arms embargo will require a license.’
BIS says that ‘the United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices.
‘U.S. exporters are likewise encouraged to consult the State Department’s Guidance on Implementing the “Guiding Principles” for Transactions Linked to Foreign Government End Users for Products or Services with Surveillance Capabilities to minimize the risk that their products or services are misused by governments to violate or abuse human rights.’
The rule, it says, is ‘consistent with the result of BIS’s negotiations in the Wassenaar Arrangement multilateral export control regime and with a review of comments from Congress, the private sector, academia, civil society, and other stakeholders.’