BY ELECTRONIC SUBMISSION AT: http://www.regulations.gov
RE: [Docket No. 191119-0084] RIN 0605–AA51; COMMENTS TO PROPOSED RULE ON SECURING THE INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES SUPPLY CHAIN
Business Roundtable, an association of chief executive officers who collectively lead companies with more than 20 million employees and more than $9 trillion in annual revenues, welcomes the opportunity to provide comments to the “Securing the Information and Communications Technology and Services Supply Chain” Interim Final Rule (“IFR”) as requested by the Department of Commerce Federal Register Notice dated January 19, 2021. Despite some improvements, significant changes are needed to improve the IFR’s clarity and efficacy, and to avoid potentially significant unintended consequences to the U.S. economy. Business Roundtable respectfully requests that the Department of Commerce extend the IFR’s effective date until after the new Administration has had sufficient time to engage with key stakeholders and further refine and better target its approach.
Securing the information and communications technology and services (“ICTS”) supply chain is vital to the U.S. economy and U.S. national security. Business Roundtable supports the intent of the IFR to enhance ICTS supply chain security. On January 10, 2020, Business Roundtable submitted comments on the November 2019 Proposed Rule expressing concerns that the then-Proposed Rule would prove unworkable and undermine U.S. innovation leadership and economic strength without achieving its national security and ICTS security objectives (see attached). Business Roundtable appreciates the U.S. Government’s efforts to address our earlier comments and the IFR improves the Proposed Rule in some areas. Business Roundtable continues, however, to have a number of fundamental concerns with the IFR. In its current form, the IFR could significantly disrupt the U.S. economy and would not best advance its intended national security objectives.
We appreciate that the IFR now identifies specific foreign adversaries, limits the retroactivity of the authority, recognizes the need for a safe harbor option, and provides greater transparency to the review process by providing affected parties notice and an opportunity to be heard. These adjustments, however, represent only incremental improvements to the Proposed Rule, and they do not sufficiently resolve the rule’s fundamental lack of clarity and overly expansive scope:
- The IFR remains overly broad with respect to the scope of covered ICTS transactions. The six newly-identified categories of covered technologies remain too broad to provide adequate guidance to affected U.S. companies regarding the intended scope of the rule.
- The IFR does not identify any categorical exclusions, such as for mass market electronic devices and commercial off-the-shelf items. Such exemptions are needed to permit low risk transactions to continue to facilitate economic growth without the undue and unclear threat of regulatory intervention.
- The IFR subjects transactions to multiple, redundant, and potentially conflicting regulatory reviews and does not exempt transactions that are subject to other U.S. regulatory reviews involving an assessment of national security risks – for example, all transactions subject to the Committee on Foreign Investment in the United States, not just those that are under or have been reviewed; export controls; and Team Telecom review.
- The IFR does not define vague terms such as “interest” in property, “dealing in,” or “use of.”
- The IFR does not tie the rule’s scope to any specific threat or vulnerability identified in a public U.S. government assessment.
- The IFR does not clearly limit the application of penalties for violations of final determinations to the specific parties to the transaction that is the subject of the Commerce action. Penalties for violations of a final determination, mitigation agreement, or other direction issued under the ICTS regulations should be assessable only against the specific parties to the subject transaction and not third parties that may be indirectly involved (e.g., through shipping, financing, insuring, etc.).
These deficiencies in the IFR present U.S. companies and their customers and suppliers with significant questions and insufficient information to comply with the rule’s requirements, which could result in both under- and over-compliance with the rule. The IFR would subject U.S. companies to potentially unnecessary and costly compliance burdens that could undermine this Administration’s efforts to promote U.S. jobs and economic recovery. Conversely, other transactions that do pose a legitimate national security risk could go unaddressed unless specifically identified by Commerce, thereby diminishing the rule’s impact on effectively mitigating national security risks to the ICTS supply chain.
Moreover, some of the IFR’s changes from the Proposed Rule have introduced new concerns and added layers of needless complexity to the rule. For example, the six-month timeline provided to reach a final determination regarding a specific business transaction is not aligned with commercial realities of a typical ICTS transaction. The Commerce Department estimates that the IFR could potentially affect millions of businesses and result in significant compliance costs estimated between $1 billion and $53 billion – and annualized costs between $235 million and $20 billion. Business Roundtable respectfully requests that the Administration undertake a closer collaboration with U.S. industry stakeholders to better understand the full impacts of the IFR on U.S. companies and the U.S. economy before it takes effect. We recommend:
- Leaving the comment period open beyond March 22 to allow for additional feedback on recommended substantive and technical fixes to the IFR.
- Holding town halls and public meetings to hear directly from impacted U.S. companies and to provide an opportunity for Q&A with the Commerce officials who will administer the IFR.
- Extending the IFR’s effective date until the new Administration has had sufficient time to engage with key stakeholders and further refine and better target its approach.
Thank you for consideration of these comments. Business Roundtable appreciates the opportunity to continue working with the Administration on its ICTS supply chain security efforts.