Photo of Meredith Rathbone

Meredith Rathbone

Subscribe to Meredith Rathbone's Posts

Meredith Rathbone focuses on export controls and economic sanctions, and has assisted clients in the energy, manufacturing, telecommunications, information security, banking, insurance, pharmaceutical, and service industries, among many others, in navigating the requirements of the Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR) and US sanctions regulations administered by the Office of Foreign Assets Control (OFAC) and US Department of State. She regularly assists companies in developing compliance policies, conducting internal investigations, performing training, and conducting due diligence in M&A transactions. She has represented individuals and companies facing civil and criminal investigations in this area, and has also represented clients in their efforts to be removed from OFAC’s list of Specially Designated Nationals (SDNs). She is a frequent writer and speaker on export controls and sanctions topics. She is the co-chair of the American Bar Association’s Export Controls and Economic Sanctions Committee, and also serves on the Sanctions Subcommittee of the State Department’s Advisory Committee on International Economic Policy.

Read Meredith's full bio.

Contact:Read more about Meredith Rathbone

On March 21, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule under the U.S. Export Administration Regulations (“EAR”) that imposes new export controls on certain individuals and entities identified on the U.S. Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC’s”) List of Specially Designated Nationals and Blocked Persons (“SDN List”).  More specifically, the final rule imposes a BIS licensing requirement on exports, reexports, or transfers (in-country) of all items “subject to the EAR” when certain categories of SDNs are parties to the transaction.  The covered types of SDNs are designated under 11 OFAC-administered sanctions programs (as noted by BIS), including those relating to Russia, Belarus, transnational criminal organizations, and narcotics traffickers (as well as making slight changes to similar preexisting controls on SDNs designated for activities related to terrorism or proliferation of weapons of mass destruction).

The U.S. government has described these broader EAR restrictions as a “force multiplier” to complement OFAC’s jurisdiction, by allowing these controls in Part 744 of the EAR to “act as a backstop for activities over which OFAC does not exercise jurisdiction.”  OFAC’s sanctions regulations generally prohibit U.S. persons from engaging in any transactions or dealings involving SDNs and blocked parties (i.e., entities owned 50 percent or more by one or more SDNs or blocked parties), and the property or interest in property of such parties in the United States or within the possession or control of a U.S. person must be blocked (i.e., frozen) and reported to OFAC.  Non-U.S. persons can violate U.S. sanctions programs by, among other things, “causing” a U.S. person to violate U.S. sanctions.  With limited exceptions such as under the Cuban Assets Control Regulations and the Iranian Transactions and Sanctions Regulations, OFAC’s sanctions regulations generally do not specify whether they apply to transactions taking place entirely outside the United States that do not involve U.S. persons simply because the transactions involve items subject to the EAR.  This new rule aims to close this gap by providing BIS with clear authority to take export controls enforcement action in such cases where U.S. products or technologies, but not U.S. persons, are involved.   

As a result of BIS’s rule, non-U.S. persons outside the United States, who may not clearly be prohibited (absent the involvement of U.S. persons) by U.S. sanctions regulations from dealing in the property or interests in property of an SDN or blocked party, will now generally be subject to licensing requirements under the EAR if reexporting or transferring (in-country) any item “subject to the EAR” when an SDN designated under at least one of these sanctions programs is a “party to the transaction,” including as purchaser, intermediate consignee, ultimate consignee, or end user.  This underscores the guidance in the Tri-Seal Compliance Note of March 6, 2024 that non-U.S. persons have export controls (and sanctions) licensing obligations under U.S. law, even if operating wholly offshore, and therefore, they should consider enhancing compliance screening protocols and controls to prevent violations of U.S. export controls and sanctions.Continue Reading Export Controls and Sanctions Converge: New BIS Restrictions on SDNs

On February 28, 2024, the Biden administration announced the creation of a new national security regulatory regime that will prohibit or restrict certain transactions involving bulk sensitive US personal data or government-related data and specified “countries of concern.” The Biden administration announced the regime in a new executive order, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO 14117), which was accompanied by an advance notice of proposed rulemaking (ANPRM) issued by the National Security Division (NSD) of the Department of Justice (DOJ), the component and agency with primary responsibility for implementing and enforcing the forthcoming regulations. The White House and DOJ also published fact sheets regarding the new regime.

Executive branch officials and members of Congress have long been concerned about the lack of a national security regulatory regime covering the transfer of sensitive US personal data to countries of concern, particularly China. As explained in EO 14117, such data has the potential to be used for a variety of nefarious purposes, including surveillance, extortion, and influence campaigns targeting US government employees and members of the US military, among others. The order highlights that such risks have become more acute due to the rapid advancement of artificial intelligence (AI) and its ability to analyze and manipulate data sets. Bulk sensitive personal data can also be used in the creation and refinement of AI models and other advanced technologies.

According to the White House, the EO is “the most significant executive action any President has ever taken to protect Americans’ data security.”

The public may submit comments on the ANPRM through April 19, 2024 and will likely have an additional opportunity to comment on the language contained in a proposed rule, once issued.

Although intended to be tailored in its scope, our initial assessment is that the new regulatory scheme, once fully implemented, will likely have a profound impact on a number of industries and entities around the world. At a minimum, it seems certain that regulatory compliance costs could be substantial, particularly on entities that have not previously focused on building out a risk-based compliance program in this or other related areas.Continue Reading Biden Administration to Implement New National Security Rules Targeting Personal Data

In a first of its kind action, the US Department of Commerce has begun a rulemaking process to prohibit or impose conditions on certain transactions involving foreign technology used in so-called “connected vehicles” or “CVs,” as defined below for automotive applications.

The measure, announced by Commerce on February 29, 2024 in a press release and an advanced notice of proposed rulemaking (ANPRM), is Commerce’s first attempt to cover a class of transactions under the Department’s Information and Communications Technology and Services (ICTS) rules.

The ICTS rules, contained at 15 CFR Part 7, were first issued in 2021, but Commerce has not yet implemented or used the rules to cover a particular class of transactions. However, Commerce recently created a new Office of Information and Communications Technology and Services (OICTS) within the Bureau of Industry and Security (BIS) and appointed the first ever director of that office (see additional detail here). Those measures, coupled with the ANPRM on CVs, suggest that Commerce has ramped up its efforts in this area and is becoming increasingly active in its use of the ICTS rules. It is all but certain that the ANPRM on CVs is just the first example of industries to be targeted, and we expect to see similar efforts in relation to other high-priority industries going forward.

Comments on the ANPRM are due by April 30, 2024. Commerce will likely publish a proposed rule after reviewing public comments on the ANPRM and provide an additional opportunity to comment on the proposed rule at that time.Continue Reading In First of Its Kind Action, Commerce Moves to Regulate Foreign Tech in Vehicles

On February 23, 2024, the United States issued a broad set of new Russia-related sanctions and export controls in response to the second anniversary of Russia’s invasion of Ukraine and the February 16, 2024, death of opposition leader, Aleksey Navalny, in Russian custody.

The Treasury Department’s Office of Foreign Assets Control (OFAC), the Commerce Department’s Bureau of Industry and Security (BIS), and the State Department all issued new designations.  The agencies also issued an inter-agency advisory warning non-Russian companies from doing business in or with Russia.Continue Reading US Government Imposes New Russia Sanctions, Designating Over 500 Parties and Issuing Interagency Russia Business Advisory

On January 16, 2024, the Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS) issued a memorandum, announcing that:

  1. parties disclosing minor or technical violations that occurred close in time can submit a single Voluntary Self-Disclosure (VSD) on a quarterly basis, which may include an abbreviated narrative account of the suspected violations; and
  2. parties sending formal requests to BIS’s Office of Exporter Services to engage in otherwise prohibited activities with respect to items involved in violations of the Export Administration Regulations (EAR) should also send courtesy copies to the Office of Export Enforcement (OEE), which will help expedite BIS’s processing of such requests.

The memorandum builds upon previous changes to BIS’s administrative enforcement program, which were announced in memoranda dated June 30, 2022 and April 18, 2023.  These changes are intended to help OEE fast-track its review of “minor” or “technical” VSDs and to encourage additional disclosures of potentially significant violations of the EAR, but do not apply to VSDs relating to Part 760 of the EAR (antiboycott and restrictive trade practices).  For a detailed analysis of the previous memoranda, see our blog posts from July 6, 2022 and April 26, 2023.  Continue Reading BIS Makes Further Changes to Administrative Enforcement, But Questions Remain

Overview

On August 9, 2023, the White House issued a long-awaited Executive Order, entitled Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO 14105”). The EO establishes a new national security regulatory regime, implemented principally by the US Department of the Treasury (“Treasury”), in consultation with other federal agencies including the US Department of Commerce, that will require the notification of, as well as prohibit, certain investment activity by US persons in named “countries of concern,” currently China.

EO 14105 does not restrict all US person investment activity regarding China, and is tailored to focus on specific products, technologies, and capabilities involving: (1) semiconductors and microelectronics (including advanced integrated circuits and supercomputers); (2) quantum information technologies (e.g., computers, sensors, networking, and systems); and (3) certain artificial intelligence systems (e.g., with certain military, intelligence, or surveillance end uses).Continue Reading Biden Administration Announces New Outbound Investment Regime Targeting China

On June 16, 2023, the US Department of Commerce published a final rule (the “June 16 rule”) to implement Executive Order (EO) 14034, Protecting Americans’ Sensitive Data From Foreign Adversaries, by amending Commerce’s previously-issued Securing the Information and Communications Technology Supply Chain regulations (the “ICTS rule”).   Among other requirements, EO 14034 directed the Secretary of Commerce to consider the risks posed by “connected software applications” and take “appropriate action” in accordance with the previously issued ICTS rule and EO 13873, Securing the Information and Communications Technology and Services Supply Chain, pursuant to which the ICTS rule was issued. 

The ICTS rule authorizes Commerce to prohibit or otherwise regulate certain transactions involving information and communications technology or services (“ICTS”) with a nexus to “foreign adversaries” that pose an “undue or unacceptable risk” to US national security.  (For additional detail on the ICTS rule, see our prior blog post.)  The June 16 rule amends the ICTS rule to clarify Commerce’s ability to regulate transactions involving software, including so-called “connected software applications,” and to further enumerate the criteria that Commerce will consider when reviewing such transactions.   The changes are effective July 17, 2023.Continue Reading Commerce Issues Final Rule Targeting Connected Software Applications

On April 18, 2023, Matthew Axelrod, Assistant Secretary for Export Enforcement at the Department of Commerce’s Bureau of Industry and Security (BIS), issued a memorandum outlining two important changes to BIS’s settlement guidelines when significant potential violations of the Export Administration Regulations (EAR) are identified. Specifically, BIS announced that (1) the deliberate non-disclosure of a significant potential violation will now be treated as an aggravating factor in civil enforcement cases, and (2) whistleblowing of significant potential violations by another party that ultimately results in a BIS enforcement action will be considered a mitigating factor in any future enforcement action involving the whistleblower, even for unrelated conduct. The policy changes are intended to incentivize the submission of disclosures to BIS when industry or academia uncovers significant EAR violations (i.e., those reflecting possible national security harm, as opposed to minor, technical violations).

BIS’s new policy of treating non-disclosure of significant potential violations of the EAR as an aggravating factor marks a potential sea change in the voluntary self-disclosure (VSD) risk calculus for exporters and reexporters. By reorienting the purpose of the VSD to serve as both carrot and stick, BIS has now interjected more complexity into the voluntary disclosure decision making process. Companies that may have been inclined, previously, to remediate significant potential violations but not disclose may now face a more difficult choice. While it may take years for the civil penalty data to demonstrate the concrete costs of non-disclosure of significant potential violations of the EAR, consideration of that factor is likely to weigh heavily in any future BIS VSD decisions.Continue Reading A Carrot and a Stick: BIS Clarifies Policy on Self-Disclosures and Whistleblowing

On February 24, 2023, the US government announced a range of new export controls, sanctions, and tariffs to coincide with the first anniversary of Russia’s ongoing war against Ukraine. These actions by the US Department of Commerce, Bureau of Industry and Security (BIS), the US Department of the Treasury, Office of Foreign Assets Control (OFAC), the US Department of State, and the White House reflect the continued efforts of the US – in coordination with its allies – to impose costs on Russia for the war.

Each successive round of US export controls and sanctions presents new compliance challenges, against the backdrop of heightened enforcement risk resulting from aggressive, well-coordinated US government actions. US and non-US entities and individuals who engage in transactions related to Russia or Belarus should pay close attention to this complex and evolving regulatory framework. Additionally, entities and individuals exporting to Iran should take note of the expanded scope of the US Export Administration Regulations (EAR) under a new Iran Foreign Direct Product (FDP) Rule.Continue Reading US Imposes Additional Export Controls, Sanctions, and Tariffs targeting Russia, Belarus, and Iran On First Anniversary of Russia’s War Against Ukraine

On October 7, 2022, in a move that was hailed by senior U.S. government officials as a paradigm shift in U.S. export controls policy toward China, the Department of Commerce’s Bureau of Industry and Security (BIS) issued an interim final rule that amends the Export Administration Regulations (EAR) to impose new and expanded controls on advanced computing integrated circuits (ICs), computer commodities that contain such ICs, and certain semiconductor manufacturing items. Transactions for supercomputer end-uses and transactions involving certain entities on the Entity List are now subject to additional export controls, as are certain semiconductor manufacturing items and transactions for certain IC end uses. U.S. person activities as they relate to certain semiconductor activities in China are also now restricted.

Certain aspects of the rule, specified below, including the availability of license exceptions, became effective immediately on October 7, 2022. The new restrictions on U.S. person activities under § 744.6 became effective on October 12, 2022. The remainder of the provisions with a delayed effective date are specified below and will become effective on October 21, 2022. BIS is also accepting public comments on the interim final rule through December 12, 2022.

Separately, also on October 7, 2022, BIS issued a final rule, which revised the Unverified List (UVL) and clarified the activities and criteria that may lead to the addition of an entity to the Entity List. BIS stated that a sustained lack of cooperation by the host government in a country where an end-use check is to be conducted, such as China, that effectively prevents BIS from determining compliance with the EAR, will be grounds for adding an entity to the Entity List.

The U.S. policy goals behind the new rules are ambitious and seek to degrade China’s advanced computing capabilities in an unprecedented manner. As summarized recently by National Security Advisor Jake Sullivan: “On export controls, we have to revisit the longstanding premise of maintaining ‘relative’ advantages over competitors in certain key technologies.  We previously maintained a ‘sliding scale’ approach that said we need to stay only a couple of generations ahead. That is not the strategic environment we are in today. Given the foundational nature of certain technologies, such as advanced logic and memory chips, we must maintain as large of a lead as possible.”

The broad implications of these new rules, along with their efficacy from a policy standpoint, may take some time to come fully in to focus. For now, it is clear that any U.S. or non-U.S. individuals or entities that play any role in the global semiconductor supply chain—whether as manufacturers, producers, consumers, or otherwise—need to carefully review the new rules to determine what is required to comply and, if necessary, seek guidance or a license from BIS.Continue Reading BIS Issues Expansive New Rules Targeting China