On June 24, 2020, the US Department of Defense (“DoD”) sent a letter to Senator Tom Cotton enclosing a list of twenty companies headquartered in the People’s Republic of China (“PRC”) which DoD determined are operating directly or indirectly in the United States and are “Communist Chinese military companies.”  Titled “Qualifying Entities Prepared in Response to Section 1237 of the National Defense Authorization Act for Fiscal Year 1999 (PUBLIC LAW 105-261),” the “DoD List” includes some Chinese companies frequently associated with the Chinese military, and others that may not have been previously associated with the Chinese military.

For companies doing business with the US government, the US government may consider the inclusion of any of the listed companies in a government contractor’s supply chain as a “supply chain risk” that must be assessed, particularly in connection with information technology.  DoD contractors are already prohibited by their contracts from acquiring certain items and services from “any Communist Chinese military company.”

While not a sanctions list itself, the DoD List may lead to sanctions actions by the US government, as well as reactions from business partners assessing the risk of further action against the listed companies by the US government, particularly for listed companies that are not currently subject to US sanctions.  Pressure from Congress may continue for the administration to continue to update this list, and to impose restrictions on the companies on this list.

Section 1237 of the Act

In relevant part, Section 1237(a) authorizes, but does not require, the President to impose sanctions, with the exception of import-related restrictions, under the International Emergency Economic Powers Act (“IEEPA”) “in the case of any commercial activity in the United States by a person that is on the list” published under Section 1237(b).  It appears that the President is not required to declare a national emergency in order to impose such sanctions, as is typically the case under IEEPA.

According to the original Section 1237(b), the Secretary of Defense, within 90 days after enactment of the Act (i.e., within 90 days after October 17, 1998), “shall make a determination of those persons operating directly or indirectly in the United States or any of its territories and possessions that are Communist Chinese military companies and shall publish a list of those persons in the Federal Register.”  An amendment to the Act in 2000 required the initial determinations to be made “not later than March 1, 2001,” suggesting that DoD had failed to make any determination prior to that date.

The Act as amended requires the Secretary of Defense to produce classified and unclassified versions of the list, update the list on an annual basis, and share the list with the US Congress and with relevant US government agencies.   Changes to the list are to be made in consultation with the Attorney General, the Director of National Intelligence, and the Director of the Federal Bureau of Investigation.

The Act defines the term “Communist Chinese military company” as:

(A) any person identified in the Defense Intelligence Agency publication numbered VP-1920-271-90, dated September 1990, or PC-1921-57-95, dated October 1995, and any update of those publications for the purposes of this section; and

(B) any other person that: (i) is owned or controlled by the People’s Liberation Army; and (ii) is engaged in providing commercial services, manufacturing, producing, or exporting.

The term “People’s Liberation Army” means the land, naval, and air military services, the police, and the intelligence services of the People’s Republic of China, and any member of any such service or of such police.

Impacts on US Government Contractors and Subcontractors

The publication of this list by DoD has immediate ramifications for US government contractors and other companies participating in the supply chain for the US government.  Based on existing rules addressing the supply chain for the US government, companies should assess whether the publication of this list triggers any existing prohibitions on doing business with companies owned or controlled by the Chinese military or a foreign government.

Under the Federal Acquisition Regulation (“FAR”), federal agencies are prohibited from “procuring or obtaining” “any equipment, system, or service” that uses “covered telecommunications equipment or services” for certain critical technology or a “substantial or essential component of any system.”  FAR 4.2101.  When this prohibition was initially introduced by Congress in 2018, it made headlines because it expressly identified five major China-based technology companies.  But the statute and the implementing regulations broadly define this prohibition as including other unnamed companies if telecommunications or video surveillance equipment or services are “produced or provided by an entity that the Secretary of Defense . . . reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.”  FAR 4.2101(4).

Section 514 of the Consolidated Appropriations Act for FY 2018 provides that, for a “high-impact or moderate-impact information system” (as defined by NIST’s Standards for Security Categorization of Federal Information Systems), agencies must review the “supply chain risk for the information systems against criteria developed by NIST and the Federal Bureau of Investigation (FBI) to inform acquisition decisions.”  This includes consideration of risk related to sabotage presented by involvement of “one or more entities identified by the United States Government as posing a cyber threat, including … those that may be owned, directed, or subsidized by the People’s Republic of China.”

Outside the area of information technology, there are existing prohibitions that might be triggered by this publication.  For example, DoD’s supplement to the FAR (DFARS Subpart 225.770) prohibits contractors from delivering any supplies or services covered by the United States Munitions List that are acquired, directly or indirectly, from a “Communist Chinese military company.”

These are only a few examples.  In any procurement, particularly those involving information systems or information technology, the US government has broad discretion to undertake assessments of cybersecurity and supply chain risk, and those considerations could adversely impact a company’s eligibility for award.  As a result, companies should assess whether this publication has a potential impact on supply chain risk for their business.

IEEPA Sanctions

Although the DoD List is not a sanctions list, Section 1237(a) of the Act does authorize the President to impose at least some IEEPA sanctions against persons included on the list.  Under IEEPA, the President has broad authority to investigate, regulate, block, or prohibit transactions that are “subject to the jurisdiction of the United States.”  Examples of such transactions include transactions that involve US persons, the US financial system, or US-origin goods or services. When IEEPA sanctions are applied to specific companies, it is usually done by adding them to OFAC’s List of Specially Designated Nationals (“SDNs”) and Blocked Persons.

Observations

Timing

Although the Section 1237 reporting requirement has been in place for over 20 years, it is not clear whether DoD has created prior versions of the list.  We are not aware of any previous instances in which prior versions of the DoD List (if any) have been made public by the Executive Branch or Congress.  The controversy surrounding this law and DoD’s resistance to publishing such a list go back many years.

DoD’s letter to Senator Cotton states that the DoD staff “developed a methodology and produced an initial list of companies that meet the congressionally-directed criteria in Section 1237” (emphasis added). DoD’s letter and its creation of the list follow a letter to the Secretary of Defense dated September 11, 2019 from Senators Cotton and Schumer and Representatives Gallagher and Gallego demanding that DoD update the list.  DoD previously had acknowledged that it had developed, but not disclosed, a list of software that failed to meet DoD’s national security standards.  This list reportedly includes Chinese software products.

Likelihood of IEEPA Sanctions

At this time, there is no indication that the President intends to impose IEEPA sanctions on the entities on the DoD List, and the Act does not require any further action.  If the Administration does impose new sanctions on the listed entities, such sanctions could include a variety of potential measures with a range of severity, including possibly prohibiting transactions through the US financial system (e.g., most US dollar transactions) and, in the most extreme case, blocking sanctions (i.e., designation on the SDN list), which would require US persons to block (i.e., freeze) all property and property interests of blocked persons that come within the possession or control of the US person.

Nature of any Possible IEEPA Sanctions

The authority to impose sanctions restrictions “in the case of any commercial activity in the United States by a person that is on the list” (other than those related to importation into the United States) could potentially be viewed as authorizing only narrower sanctions measures, rather than full SDN designations.  The effect of an SDN designation goes well beyond “commercial activity in the United States,” and impacts much activity outside the United States as well.  However, this statutory language may not be viewed as restricting the nature or extent of sanctions that can be imposed and may instead simply define the conduct trigger for when these sanctions can be imposed, i.e., when the covered companies conduct commercial activity in the United States.  Under that latter view, the statutory intent would appear to be to incentivize such PRC companies not to do business in the United States.

Impact on the EAR’s Military End-Use/End-User Rule

The DoD List is not related or linked to recent amendments to US export controls targeting military end-uses and end-users in the PRC, set forth in section 744.21 of the Export Administration Regulations (“EAR”) controlling the transfer of certain dual use civilian/military items.  These amendments, effective June 29, 2020, imposed, inter alia, a licensing requirement for exports, reexports, or transfers (in-country) of certain products and technologies “subject to the EAR” to PRC “military end-users” that had not previously required a license.  (Even before this action, certain US-controlled exports already were restricted for “military end-uses” in China.)

This rule defines military end-users to include any “person or entity whose actions or functions are intended to support ‘military end-uses.’”  Following the amendments, the regulatory agency responsible for the EAR, the Department of Commerce’s Bureau of Industry and Security (“BIS”), stated that it would provide guidance regarding the entities that would be considered to be supporting military end-uses.  This DoD List could be considered a “red flag” by exporters or reexporters subject to section 744.21.  At minimum, suppliers who send products or technologies subject to section 744.21 of the EAR to the listed companies should consider conducting enhanced due diligence to determine if the licensing requirement is triggered.

Companies will need to evaluate these situations on a case-by-case basis, and it would be quite useful for BIS to publish the additional guidance that it has promised to industry which hopefully will shed additional light on these challenging regulatory questions.

For further information on the military end-use/end-user Rule, please see our earlier blog post available here.