December 17, 2021
Using a Sanctions Framework to Fix the ICTS Executive Order
At the start of the Biden administration, the president made a consequential decision to retain the Executive Order on Securing the Information and Communications Technology and Services Supply Chain, which was issued by President Trump and prohibits the import of information and communications technology and services (ICTS) from foreign adversaries. The executive order and its implementing regulations (together, the ICTS rules) are a critically important effort to prevent capable foreign cyber actors, notably China and Russia, from exploiting the open nature of the U.S. ICTS market. Notwithstanding this strong security rationale, the industry has heavily criticized the ICTS rules as overly broad and vague. To address these concerns, the Department of Commerce, the agency that leads the implementation of the ICTS rules, committed to implement a voluntary licensing process, which would allow transacting parties to apply for preapproval of their ICTS transactions. The objective of the licensing process is to provide certainty to transacting parties, allowing them to engage in nonrisky, commercially beneficial ICTS transactions without fear that the government will seek to unwind or ban the transactions in the future.
While laudable in intent, establishing a licensing regime based on the current structure of the ICTS rules is likely to fail.
This is simply a matter of numbers. According to the Commerce Department’s own assessments, up to 4.5 million firms may engage in ICTS transactions on a regular basis. Opening up a licensing process for any—or all—of these firms would likely lead to an unmanageable flood of applications, forcing the department to divert its extremely limited resources to processing licenses for ICTS transactions that may not present any genuine national security risks. The department will inevitably be pressured to narrow the scope of the ICTS rules in order to effectively manage the licensing process, which would erode the national security benefits of the rules.
To address these challenges, the Commerce Department should restructure the ICTS rules to adopt a sanctions framework by creating a new list of entities that would be prohibited from selling ICTS into the U.S. market. In other words, this could function as an ICTS sanctions list. An ICTS sanctions approach would mirror the regulatory structure of existing U.S. sanctions authorities, preserving the broad authority and discretion of the government to respond to evolving threat and technology environments. A designations process for listing sanctioned ICTS entities, along with the scope of ICTS transactions subject to a prohibition, would provide much needed certainty to the private sector. This approach avoids the need for a resource-intensive, generally available voluntary licensing process, as the ICTS designations list would provide bright line rules around which transactions are or are not prohibited.
Read the full article from Lawfare.
More from CNAS
-
Our Man in Damascus? Sanctions and Governance in Post-Assad Syria
The complexity of the legal and policy issues presented by the sanctions thicket surrounding Syria—and the disparate authorities responsible for various parts of it—will requi...
By Alex Zerden
-
Ziemba: Russia & Iran Concentrating on Own Battles
The rebel-led alliance in Syria is set to form a transitional government, after overthrowing President Bashar Al Assad. Reports say the reason the Assad regime fell so quickly...
By Rachel Ziemba
-
Sharper: Tariffs
The incoming Trump administration has signaled that tariffs will be a central pillar of its economic strategy, with significant implications for international trade, the Ameri...
By Eleanor Hume, Charles Horn & Gwendolyn Nowaczyk
-
Taking Trump’s Tariffs Threats Seriously
Join Emily and Geoff to catch up on a whole bunch of economic security news, including the ill fated Nippon Steel / U.S. Steel deal, new chips export controls, and TikTik’s ba...
By Emily Kilcrease & Geoffrey Gertz