August 22, 2018
On August 13, 2018, President Trump signed into law the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019. The NDAA includes export control reform provisions designed to identify and establish export controls for sensitive technologies not currently controlled for export. The NDAA also includes reforms increasing the power of the Committee on Foreign Investment in the United States (CFIUS) to block business transactions with national security implications.
The Export Controls Act of 2018, which is found in Sections 1741-1768 of the NDAA, will now provide the permanent statutory authority for the Export Administration Regulations (EAR). The EAR had previously been operating under emergency authority of the International Emergency Economic Powers Act (IEEPA) since the lapsing of the Export Administration Act of 1979.
The Export Controls Act of 2018 makes several important changes to the current export control regime. It establishes an interagency process for identifying and controlling “emerging and foundational technologies” that are essential to U.S. national security. The Emerging Technology and Research Advisory Committee, which was established under the EAR, will be tasked with responsibility for identifying these new technologies.
The Act also directs the Secretary of Commerce to establish interim controls for such technologies, which are not currently controlled under the EAR and thus could be currently classified as EAR99 and subject to only minimal export restrictions. The level of control to be assigned must take into consideration the countries to which exports from the U.S. are restricted and the potential end-uses and end-users of the emerging technologies.
The Export Controls Act of 2018 also increases the maximum civil penalties per violation to $200,000 or two times the value of the transaction.
The NDAA also contains the Foreign Investment Risk Review Modernization Act (FIRRMA), which increases the CFIUS’ power to block business transactions that threaten U.S. national security. The FIRRMA expands the types of transactions subject to CFIUS jurisdiction to now include “investments involving critical infrastructure, critical technologies, or sensitive data.” The CFIUS review period will now be increased to 45 days, with a 15-day extension available in exigent circumstances. The FIRRMA also expands the number of transactions where CFIUS notifications are mandatory, including those involving the acquisition of a “substantial interest” in a U.S. business involved in critical infrastructure, critical technology or sensitive data by a foreign person in which a foreign government owns a “substantial interest.”