WASHINGTON – In comments submitted to the U.S. Department of Commerce today, global tech trade association ITI offered a new approach for the agency to fundamentally reshape and better target its Notice of Proposed Rulemaking (NPRM) on Securing the Information and Communications Technology Supply Chain to ensure the future iterations of the rule effectively protect U.S. national security, U.S. economic competitiveness, and overall due process.

The association also urged the Department to issue any additional rulemaking in the form of a Supplemental Notice of Proposed Rulemaking (SNPRM), while allowing industry sufficient time to consult, engage, and provide feedback.

“Of paramount importance to ITI and its member companies is our shared obligation to address risks to global information and communications technology supply chains and national security more broadly,” ITI wrote. “We believe government and industry must work together to achieve the trusted, secure, and reliable global supply chain that is a necessary priority for protecting national security and an indispensable building block for supporting innovation and economic growth. We urge the Commerce Department to continue to work with industry to create a systematic and focused approach to implement the framework laid out in the rule.

“That the balance of our comments is intended to provide constructive advice should not obscure the fact that the proposed rule, as written, is fundamentally flawed in several respects,” ITI continued. “Nothing less than a very significant reconsideration of both substance and process will render such a rule workable or effective in preserving American national security, U.S. economic competitiveness, and overall due process. We appreciate the Commerce Department’s understanding of the need for a calibrated approach and look forward to continuing to engage on this rulemaking.”

In its comments, ITI offers the Department a “roadmap” with specific recommendations to shape and target its rule to implement the Executive Order, Securing the Information and Communications Technology and Services Supply Chain. Specifically, ITI advises the Department to:

  • Designate foreign adversaries by establishing a set of criteria to define foreign adversary with a focus on entities or persons and not entire countries.
  • Avoid duplicative review processes by considering existing mechanisms already in place for reviewing transactions potentially raising national security risks, such as the Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and Committee on Foreign Investment in the United States (CFIUS).
  • Ensure evaluation criteria is country-agnostic, which seems better aligned to the fact-specific, case-by-case approach contemplated by the NPRM.
  • Narrow scope to address national security objectives to provide businesses with a greater level of certainty about what sorts of transactions will trigger a review based on those transactions that present national security risks.
  • Establish a pre-clearance method and waiver process to help companies comply with the NPRM given its breadth, which creates significant business and competitive risk and uncertainty for U.S. companies seeking to comply with the rule.
  • Allow advisory opinions to be issued to provide concrete guidance to businesses seeking to comply with the Executive Order.

Failure to reexamine and more appropriately calibrate the rule, ITI writes, could do lasting harm to the United States’ global technological leadership and isolate the tech sector from the world, including “making partners outside of the U.S. hesitant to enter into relationships with companies for fear that those relationships could suddenly and unexpectedly be severed, eroding trust in buying from U.S. suppliers and making U.S. companies appear as unreliable business partners.”

ITI also provided the Department several guiding principles to consider when developing its rule to ensure the security of the information and communications technology (ICT) supply chain, such as

  • The rule should advance and protect U.S. national security objectives without putting American competitiveness at risk or eroding trust in American or allied country companies as partners.
  • The rule should address only identifiable, material concrete national security risks for a narrow subset of ICTS elements.
  • The rule should provide clear guidance to industry by including parameters and criteria for a fair, workable, and repeatable process that Commerce will use when evaluating transactions.
  • The rule should seek to evaluate only pending or future transactions; looking backwards to potentially reopen closed transactions diminishes business certainty and raises legal questions.

ITI has engaged with the Department on rulemaking to implement the Supply Chain Executive Order since its introduction in May 2019. In November, ITI commended the Department for its ongoing efforts to develop a fact-based and focused analysis but in recent correspondence underscored the need for additional time to ensure industry could provide thorough feedback, which it reiterated in its comments submitted today.

Read ITI’s full comments here.

Related [Cybersecurity]