Ninety-odd days ago, the US Bureau of Industry and Security (BIS) added Huawei and 68 of its affiliates to its “Entity List.” BIS added another 46 Huawei affiliates last week (collectively, “Huawei”), thereby making it illegal for US individuals and entities to disclose certain technology and software to Huawei and such blacklisted affiliates without a license. At the same time, it tempered the blow by issuing a Temporary General License that, among other things, allowed US entities to continue to participate with Huawei to develop 5G standards. For all other standards, Huawei’s continued participating would be legal only to the extent a given standard setting organization (SSO) either applied for, and received, a license from the BIS, or could credibly analogize its processes to an exception recognized under existing Export Administration Regulations (EAR). The closest exceptions are disclosures at public conferences and in connection with coauthoring journal articles. Ever since, standards setting organizations (SSOs) counting Huawei as a member have been scrambling, trying to figure what they can and cannot allow Huawei to do. On Monday of this week, three things happened that provided some answers. But almost all the answers were bad.
The first thing BIS did was to roll over the Temporary General License for another 90 days, thereby allowing Huawei customers and partners more time to adapt. That was helpful, but the second was to remove the 5G standards development exception. And the third was to issue a General Advisory Opinion Concerning Prohibited Activities in the Standard Setting or Development Context When a Listed Entity is Involved. Unfortunately, the Advisory Opinion leaves most questions unanswered.
While the issues at hand are of concern to all SSOs, the impact is particularly concerning in the area of 5G standards, where Huawei enjoys an almost unprecedented degree of dominance. Some SSOs developing broadband standards and their members believe Huawei is essential to the development and implementation of the range of standards needed to make the roll out of 5G networks efficient rather than chaotic. That’s crucial, given the importance of 5G technology and the hundreds of billions of dollars that will be spent converting to 5G technology.
But if 5G and other SSOs allow Huawei to participate, they and their members will be at great legal risk if they guess wrong in complying with the BIS rules. The result is that they urgently need clarity on what they can and cannot do. Earlier, we, along with attorneys at two other firms, helped 26 SSOs petition the BIS, requesting a specific exception tailored to standards development. Many of our clients and other SSOs also placed direct information requests. The response from the BIS for the last many weeks was that a single response would be forthcoming.
What we hoped was that the BIS would describe a “safe harbor” set of rules tailored to ensure the continuing smooth operation of standards development that SSOs could reliably conform to without disruption and thereby be immune from risk. What came back was a set of “thou shalt not” examples that reinforce the conclusion that the great majority of SSOs may have to not only significantly modify their rules, but also dramatically weaken the protections they have evolved over decades to prevent owners of “standards essential patents” from holding up the marketplace. Worse, it’s still not possible to tell exactly what can and cannot be done.
The significant points in the Advisory Opinion are as follows:
- All types of SSOs are covered by the bar to disclosure of US-origin and other covered technology and software (collectively, “Technology”) if Huawei is present, regardless of the operational model or accreditation of the SSO (e.g., by ANSI, the American National Standards Institute) unless they conform to an exception, or obtain (if possible) a specific license from the BIS.
- To qualify under an exception, an SSO may only support the “exchange, transfer, or other disclosure” of Technology that is “available to the public without restrictions upon its further dissemination.”
- More specifically, this means that all activities (working groups, in person and face to face meetings, on-line presentations and discussions, etc.), and all access to Technology-related documents, must be “public.” By way of example, documents must be shared on a public repository or website.
- SSOs (and perhaps any of their members) wishing further clarity may request an Advisory Opinion under procedures established in the Export Administration Regulations (EAR).
While these rules may superficially seem clear, they leave open many questions of significant impact, including the following:
- Does “public” mean that an SSO can, or cannot, charge a fee for someone to be a participant in a working group? The answer appears likely to be yes, or which more below. If not, must such a participant have voting rights as well? If so, how will an SSO support itself if anyone can participate for free?
- What does “without restrictions on further dissemination mean”? Is that equivalent to saying that anyone must have the right to download, copy, and then further distribute to anyone a draft standard with no limitations at all, or could this be limited to a summary of the standard? If the former, what would prevent someone who is not subject to the intellectual property rights (IPR) policy of the SSO from filing a standards essential patent claim relating to the draft standard, and then shaking down the marketplace after everyone had become “locked in” to the standard?
- Can an SSO charge for access to a public site page from which a draft standard can be downloaded? Here again the answer here appears likely to be yes, since subscriptions to academic and technical journals are normative, and often even extremely expensive. Traditional SSOs typically make a significant, and sometimes even a majority, of their revenues from the sale of standards. If it can charge, could it also require the buyer to pay a royalty every time that buyer gives someone else a copy? How would the SSO know or police the situation?
- Many SSOs try to bar members from implementing draft interoperability standards before they are final, because products can begin to flood the market that don’t comply with the final standard, leaving customers unhappy and the reputation of the SSO potentially damaged. How could this be prevented if anyone can get a copy of the draft standard with no restrictions? Could the dissemination right be limited to a summary? Could it be subject to use a legally enforceable restriction (e.g., “for study purposes only?”)
- To the extent that an open source project looks to the Advisory Opinion for guidance in addition to the previous guidance, could the distribution of source code under a “copyleft” license comply? Such a license imposes multiple restrictions on some downstream users, such as contributing back its modifications to the copyleft code if it intends to distribute both in a commercial product. The distribution in commercial products of certain open source encryption software is permitted under Section 734.7 of the EAR, but all other covered software is subject to the “without restrictions on its further dissemination” rules in the same Section.
Unhappily, there are no definitive answers to these questions, although earlier BIS guidance on some of the current exceptions is helpful. For example, in response to a question relating to disclosures at conferences, BIS stated that a conference would be considered to be “open” and disclosed information could be considered to be disseminated “without restriction” even if (a) a “registration fee reasonably related to cost” was charged to attend, (b) attendance was limited to a set number of attendees who were “technically qualified members of the public” and accepted on a first-come basis or on the basis of their skills and knowledge, and (d) participants could take notes at, but not record, the proceedings. Those criteria are useful, but they are also based on a particular factual setting.
Moreover, when one tries to construct a way forward that preserves as much of the current standards development system as possible, the odds seem to lengthen that an SSO could adapt its procedures without significantly impacting some foundational aspects of its intellectual property rights (IPR) policies and the dangers those policies were created go guard against. For example, to guard against patent abuse, participation in a working group would at minimum require that the free participant must agree to be bound by the IPR policy of the SSO.
Going beyond this, in order to avoid the potential for third party patent traps, such an individual would also have to agree that if it wanted to “further disseminate” a draft standard, it would need to require each recipient to sign an agreement saying either that it would not implement the standard, or, if it did, it would not only also agree to the terms of the SSO’s IPR policy. It would also need to require each of its own downstream recipients to do the same, and so on.
Could the above requirements be assumed to be consistent with an exception based on “public” participation and no “restrictions on further dissemination?” The overall tone of the Opinion strongly suggests otherwise.
Where this leaves SSOs with Huawei as a member is in a tight place. If they bar Huawei from participating, they risk undermining their efforts to create useful standards. If they allow Huawei to participate under the sort of rules described above, they may find they have gone too far, either finding themselves liable in the future, or losing the participation of members who take a more conservative view.
If an SSO goes all the way and makes changes that would seem to certainly meet the new guidance, some members may again refuse to participate, because they do not wish to be at risk for future patent traps, while others may quit and become “free riders,” taking advantage of their right to enjoy their many of their former rights for free. True, an SSO that wants definitive guidance can submit a request for an Advisory Opinion or a license, but it will then have to wait – who knows how long – for a response.
And meantime, no one knows where the BIS may go next, given the pressures on the agency from the current administration and the uncertain path of the ongoing trade war between the US and China.
What’s a poor SSO to do?
Unfortunately, for now, all it can do is get the best advice it can, make the most informed decisions it can, and then live with the consequences.
[Note] The rules discussed above are very technical and their applicability in any give case is highly fact specific. Moreover, the political and enforcement landscape is changing rapidly. For all these reasons, the above should be regarded as a discussion only and under no circumstances construed to be legal advice. Any entity that believes it may be impacted by the addition of Huawei to the Entity List should consult with, and rely upon, the advice of legal counsel rather than this blog post.