Eliminate Mass-Market Items From MEU Controls, Trade Group Says
A trade group is urging the Bureau of Industry and Security to revise its export controls surrounding encryption and mass-market goods, saying some of those less-sensitive items should no longer be subject to strict license requirements. The group also asked BIS to eliminate some encryption-related reporting requirements that burden compliance professionals and said the agency should devote more resources to its licensing division, which will help speed up decisions on applications and classification requests.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The Technology Trade Regulation Alliance formally submitted the recommendations to BIS on Nov. 15, previewing them during a BIS technical advisory committee meeting last week. Ken Montgomery, executive director of the alliance, said during the meeting that he hadn’t yet received feedback from BIS.
One recommendation asks BIS to modify or remove certain mass-market encryption items from the scope of the agency’s military end-use controls. Those controls call on exporters to conduct due diligence on certain exports to make sure they aren’t being sent to certain foreign militaries or won't be used for military purposes, but many companies selling mass-market items don’t have that level of insight into their customers, said Wesley Demory, a Thomsen and Burke trade lawyer and co-chair of TTRA’s encryption and data security working group.
Exporters of mass-market items “don't necessarily have all of the information they would need to form adequate due diligence to understand if this is a military end user,” he said. He also noted that most mass-market sales are “high-volume, low-value type transactions,” which makes it difficult for compliance employees to “justify throwing a lot of resources” at due diligence.
“You may only have a name and an address, and it may not be a situation where you can dig any further into the end user,” Demory said during the TAC meeting. “We've seen extreme difficulty in applying the military end user controls for those types of items specifically.”
Since BIS released its MEU rules in 2020 (see 2004270027), exporters and forwarders of other items have also said they’re unsure how thorough their due diligence needs to be to satisfy BIS enforcement officials (see 2105050048, 2007090075 and 2102190042).
The TTRA, which Montgomery said lobbies on customs and export control issues, also wants BIS to remove a range of “less sensitive encryption items” from the scope of Commerce Control List Category V, part two, which covers telecommunications and information security items. Demory said some “key length parameters” described in the controls “haven't been updated significantly in 25 years.”
BIS also should eliminate certain mass-market items from those license requirements if they’re controlled only for anti-terrorism reasons, he said, adding that they are “essentially consumer-oriented goods that the U.S. unilaterally controls." Demory said those mass market items “in many cases” are eligible for license exceptions in embargoed countries, such as Cuba and Iran. “So those items, I think, have been recognized as supporting foreign policy and are of less national security concern and could warrant removal."
But he stressed that doesn’t mean BIS should instead classify them under the Export Administration Regulations as EAR99, which are items that generally aren’t subject to license requirements. “They could be controlled under other categories still,” Demory said. “But I think there's a recognition, at least from historical license exceptions, that those are less sensitive.”
The alliance also asked BIS to reduce either the number or frequency of export filings and reports that need to be submitted for encryption-related products. Although Demory said those reports are “not extremely burdensome in isolation with a single product,” companies shipping multiple products are “devoting more and more time to preparing filings, to recognizing when they need to report, to submitting the reports and tracking them.”
He suggested BIS eliminate multiple reporting requirements, including the annual self-classification report required for many encryption products, adding that it’s “unclear if there is a significant benefit” to the U.S. collecting those reports. “It would just free up some time that we're seeing compliance professionals spending,” Demory said. The agency also can eliminate certain required post-export reports, which would “reduce that burden so that compliance programs can focus more of their energy on higher priority items.”
BIS in 2021 eliminated certain reporting requirements for encryption items, including a self-classification reporting requirement for certain items (see 2103260019).
TTRA also wants BIS to devote more resources to its licensing division. Although the group’s members “appreciate the hard work” of the agency’s licensing officers, Demory said faster licensing and classification decisions “helps the compliance team to ensure that they're designing their compliance program appropriately.”
Demory said some companies already know how their item is classified and submit classification requests only because they want to make sure they're "checking the box." But other companies may “really need to know,” he said, especially if their customers won’t agree to buy from them unless they see a formal classification.
To address this, BIS should add a feature to SNAP-R, the agency’s online license application and classification application, so exporters can signal whether they’re submitting a routine classification request or because “they really need an outcome,” Demory said. This way, BIS can prioritize more pressing classifications.
Exporters are "looking and waiting for an outcome from BIS because it impacts their own compliance program,” he said. "We don't want them to overcomply and not be competitive, but we don't want them to undercomply and only find out later that the classification is different than what they thought it was.”