Experts Call for Entity List Improvements, Stress Emerging Tech Compliance Challenges

Experts also said they are concerned industry and academia don’t have the adequate compliance infrastructure to address future emerging and foundational technology export restrictions. Military end-use controls are especially challenging, one expert said, because it remains unclear how much due diligence is expected by governments.

The U.S. should consider reforming how it structures the Entity List, perhaps splitting companies into “different levels,” said Mike Beck, vice president of TradeSecure, speaking during a Feb. 15 virtual launch event for Strategic Trade Review’s winter and spring issue. Beck said the list began as a way to help industry identify foreign institutions linked to weapons programs, but it has expanded to include entities involved in human rights abuses, Chinese surveillance activities, suppliers to Russia’s defense industrial base and more. Not all of those entities should be treated equally, he said.

“The Entity List, as it's structured now, doesn't distinguish between a seriously dangerous end user, a nuclear weapons laboratory, or one that’s supplying it from some entity that may have provided some component used for surveillance in China,” said Beck, also a nonresident fellow at the Stimson Center. “It's just lumping a lot of different entities together, which I think is problematic.”

He said the list should be “disaggregated” or “regrouped,” because each entity presents “varying degrees of risk.” Beck also said it’s “very difficult” to be removed from the list, a process that involves submitting an application to the interagency End-User Review Committee.

“What if an institution goes on the listforengaging in activities or transactions but wants to do penance and get off that list? It's not easy to do,” Beck said. “Perhaps there needs to be an examination of how it can be used more nimbly to get the kind of cooperation perhaps that we want from institutions in China or internationally that engage in transactions or activities that we find problematic.”

Ian Stewart, who previously oversaw dual-use licensing assessments with the U.K. government, pointed out that the U.S. often explains in the Federal Register the reasons for adding each entity to the list, which can help companies separate the more dangerous end users from ones that may have committed less-serious offenses. “For entities where that accompanying text is there, it does provide the level of nuance that would be required,” said Stewart, executive director of the James Martin Center for Nonproliferation Studies. “Then it becomes a data issue” where the text may be provided “in a more optimal way.”

But he also said the Entity List has “huge gaps” and doesn’t always list all the “key entities” linked to parties involved in weapons of mass destruction. “And I sort of go beyond WMD concern, because the China challenge is more than WMD. It's sort of military-strategic,” Stewart said. “And the Entity List doesn't quite do that yet.”

Stewart also pointed to resource challenges faced by government export control agencies. “It’s a risk-based system, and with a risk-based system, you're never going to have enough resources to kind of eliminate risk,” he said. During his time with the U.K. government, he said, “you’re doing as much as you can with the resources that you have. That also means that mistakes will happen, things will get through.”

Some regulators, for example, “don't yet have the capacity to give the concrete guidance” craved by industry and academia surrounding human rights export controls, said Julia Bell, director of global export controls and sanctions at Deloitte. She specifically pointed to the EU.

“When it comes to the extra layer of guidance that industry has sought on how do we comply with this, what are our best practices, particularly around end-use controls,” Bell said, “that's something that we haven't seen much come out yet.”

She also pointed to other export control hurdles industry faces, including end-use controls for emerging technologies. Even though identifying controlled emerging technologies is a “challenge,” Bell said, “at least you have defined criteria established to assess whether or not your technologies are controlled.” But end-use controls are “much more of a challenge,” Bell said, particularly because they impose due-diligence requirements on exporters to ensure a product won’t ultimately be obtained by a restricted end-user.

“You are having to make your own assessment about whether or not an end-use or an end-user meets a prohibited or restricted criteria, whether someone would qualify as a military end-user, for example, which is, in a way, much more difficult than telling whether or not your technology meets the defined criteria of the list,” she said.

Bell said she’s seen “a lot of companies” try to establish new ways of “evaluating their supply chain to identify those risks, but it's still an emerging area, so there's not that many established criteria.” Questions still remain, such as: “How far down do you go through the supply chain? How do you evidence the assessment that you've done? So that’s really another challenge that we see in that area.” U.S. exporters have long struggled with due diligence requirements and expectations from the Bureau of Industry and Security, including surrounding the agency’s 2020 military end-user controls (see 2007090075, 2102190042 and 2105050048) and the recent China chip restrictions released in October (see 2302020034 and 2301260052).

Beck said he’s a “bit pessimistic” about the ability of research institutions and universities to “effectively monitor and regulate” transfers of emerging and foundational technologies. Even though research universities have invested more in compliance and hired more export compliance staff over the past decade, “everyone knows that our major research universities are comprised largely of foreign nationals, including from” China, he said. “So trying to weed out graduate students and faculty that are somehow here for nefarious purposes from those that are here doing legitimate work is difficult.”