On 9 November the German Presidency of the Council of the EU and representatives of the European Parliament reached a provisional political agreement on the review of the EU Dual-Use Regulation. The EU’s current export control framework for dual-use items, set out in Regulation (EC) No 428/2009, has been in place since 2009. The regulatory process to review this system and to adapt it to the changing technological, economic and political circumstances has been ongoing for several years.
The revision of the EU Dual-Use Regulation aims at further strengthening EU action on the non-proliferation of WMD, including their means of delivery; contributing to regional peace, security and stability; and helping ensure respect for human rights and international humanitarian law. Most notably, the EU institutions agreed to expand the scope of the framework to cover cyber-surveillance technology with the stated aim of preventing human rights violations and security threats linked to the potential misuse of such technology.
The agreement now needs to be endorsed by EU Member States’ ambassadors sitting on the Permanent Representatives Committee (Coreper). The European Parliament and the Council of the EU will then be called on to adopt the proposed Regulation at first reading.
Main features of the agreed Regulation
The provisional political agreement provides for a number of important features, including:
- new provisions on stricter export controls for cyber-surveillance technology,
- an EU-level coordination mechanism which allows for greater exchange between the Member States as regards the export of cyber-surveillance items,
- two new, EU general export authorizations, covering cryptographic items and intra-group technology transfers respectively,
- stronger enforcement of export controls through enhanced cooperation between licensing and customs authorities, including mechanisms allowing Member States to strengthen intra-state cooperation in this area,
- a new provision on transmissible controls, allowing a Member State to introduce export controls on the basis of the legislation established by another Member State,
- harmonization at EU-level of certain rules applicable to technical assistance,
- new reporting rules aiming at increasing transparency on trade in dual-use items.
Export controls for cyber-surveillance items
Unlike initially suggested by the European Commission, the compromise proposal does not provide for the inclusion of any cyber-surveillance equipment in the EU dual-use control list in Annex I to the EU Dual-Use Regulation. However, a new article 4a sets out a catch-all clause covering exports of non-listed cyber-surveillance technology. An authorization is required if the exporter has been informed by the national competent authority that the items are or may be intended for use in connection with internal repression or the commission of serious violations of international human rights and international humanitarian law. Additionally, if an exporter is aware according to its own due diligence findings that non-listed cyber-surveillance items are intended for such uses, it shall notify the competent authority, which must decide whether or not to make the export concerned subject to authorization.
Article 7 of the compromise proposal sets out notification and authorization requirements for technical assistance related to listed dual-use items, if they are intended for use in connection with WMD or certain specific military uses. Member States may extend the application of this provision to non-listed dual-use items.
The revised Regulation provides for a broad definition of “supplier of technical assistance” which includes (1) natural or legal persons supplying technical assistance from the EU to the territory of a third country; (2) natural or legal persons resident or established in the EU which supply technical assistance within the territory of a third country; and (3) natural or legal persons resident or established in the EU which supply technical assistance to a resident of a third country temporarily present in the EU.
Based on the new article 8a on transmissible controls, Member State may introduce export controls on the basis of the legislation established by another Member State. More specifically, an authorization shall be required for dual-use items not listed in Annex I but listed on a national control list of another Member State if the exporter has been informed by the competent authority that the items in question are or may be intended for uses of concern with respect to public security or to human rights considerations.
The transmissible controls provision accounts for the failure of the EU institutions to agree on the inclusion of cyber-surveillance equipment in Annex I to the EU Dual-Use Regulation. While Member States remain responsible to consider the risk of cyber-surveillance items and decide on the need for an authorization, their vigilance and observations are formally communicated to other Member States and the Commission. This is likely to lead to a certain coordination among Member States.
The reviewed EU Dual-Use Regulation will widen the scope of EU export controls for dual-use items. At the same time, the EU institutions made efforts to reduce the administrative burden for both companies and licensing authorities by creating new EU general export authorizations for cryptographic items and intra-group technology transfers. Moreover, the revised Regulation will further harmonize rules among Member States, in particular as regards transmissible controls as well as technical assistance.