Department of Commerce Gives Industry What it asked for Regarding the Entity List

9/15/2022

The U.S. Department of Commerce Bureau of Industry and Security (BIS) added Chinese 5G technology giant Huawei to its Entity List more than three years ago. The immediate result was the spread of uncertainty and doubt among the hundreds of standards setting organizations (SSOs) in which Huawei participated as well as throughout the multitudes of U.S. companies who participated in those organizations. The reason was that the rules bar U.S. companies from disclosing a broad array of technology to Entity List companies, and that’s what can happen in standards working groups. Many SSOs either refused or failed to make adequate changes to their operations to fit within the vague exemptions available to avoid the concern. In consequence, many American companies believed they needed to drop out of SSOs creating the standards those companies most wanted to influence.

On September 9, following several prior BIS releases of interim guidance and the submission of ongoing comments and requests for relief from industry (many of which we facilitated), the Department of Commerce and BIS have finally released a new Interim Final Rule that provides virtually everything commenters have asked for, and in language that in most cases is clear and actionable. While complexities and nuances remain (e.g., relating to the type of technical work being undertaken) that will still require legal analysis, the good news is that the way is clear for most SSOs to allow any Entity List company to fully participate in standards development, as well as in related activities such as conformance assessment.

Eligibility Requirements

In order for a standard to be eligible for exemption under the new rule, all of the following must be true:

1) The technology or software must be designated as EAR99; controlled for AT reasons only on the Commerce Control List; or specifically for the “development,” “production,” and “use” of cryptographic functionality;

2) The “release” of technology or software must be made in the context of a “standards-related activity;” and

3) There must be intent to “publish” the resulting standard. If there is no intent to publish the resulting standard, then a license will still be required.

More specifically, the new, immediately effective Interim Final Rule:

Deletes the previous references to “standards” and “standards organizations,” each of which was linked to the OMB A-119 definitions that mapped in some cases to processes common to traditional SSOs but not consortia. Instead, the new rule refers to “standards-related activity,” focusing on the purpose of the exercise rather than the particular processes used to support that activity. Consortia may therefore no longer concern themselves with conforming to (for example) the ANSI Essential Requirements in order to ensure that they fit within an identified exception category.
Applies to all standards areas (earlier versions of the rule were said to be considering addressing only information technology standards).
Covers the entire Entity List and not just Huawei.
Covers traditional standards-related activities in addition to actual standards development, such as conformance assessment and certification testing.
Covers the development of various types of software created in support of standards work.
Exempts standards-related activity for EAR99 and Anti-Terrorism (AT)-controlled technologies and software, including in respect of certain types of cryptographic functionality.

Analysis Still Required

While overall the news is good, ambiguities remain. Some examples:

The Interim rule makes several references to insignificant risks associated with the release of “low-level technology” without addressing where the boundaries may exist for such technology.
Can a standard made available only to the members of an SSO be considered to be “published?”

Comments Requested

While the Interim Final Rule takes immediate effect, the Federal Register Notice announcing its effectiveness invites comments on the rule as released and also and poses four questions on topics where the Agency seeks further guidance (see the end of this post for the list). Comment periods may, but do not always, result in modifications to already released rules.

The Upshot

The upshot is that an SSO will want to do a careful review of all of its in-process and proposed work streams, as well as of its internal rules, to be sure they lie within the bounds of the new rule. But that aside, the long wait is over. SSOs that meet the requirements of the new Interim Final Rule can get back to the work they do best without spending scarce time on needlessly retooling their processes. And U.S. companies can once again help create the best standards possible to enable important new technologies to do their part in assisting the recovery of the world economy.

* * *

BIS Questions for Public Comment

Industries involved in standards development: BIS is requesting comments and additional information on whether the current scope of this authorization is adequate for the United States to retain its participation and lead in other areas that are important to the United States Government and industry, such as energy, artificial intelligence (AI), biotech, aerospace, and transportation. Does the current scope of the authorization hinder U.S. participation and leadership in standards development in industries where there is or may be participation by listed entities? Interested parties should provide specific examples of industries and commercial sectors which are or would be adversely affected by the current scope of the standards authorization as stated in this final rule.

Impact of other end use/end user controls: BIS is requesting comment on whether there are other provisions of the EAR that may negatively impact U.S. national security by limiting leadership and participation in standards-related activities, such as licensing requirements for other end use or end user-based controls listed in part 744 of the EAR. Commenters are asked to provide specific examples of how U.S. participation and/or leadership has (or will be) impacted by the limited application of this authorization to the license requirements in § 744.11.

Compliance burden: BIS is requesting comment from interested parties on industries and commercial sectors that are actively involved in standards development, including information on how they are affected by compliance burdens resulting from the changes promulgated in this and the previous rule.

International participation and scope of standards-related activities: BIS is requesting comment on whether the definition of “standards-related activities” promulgated in this interim final rule allows for full and open participation by U.S. companies in the development of standards. Are there aspects of the definition that should be better-defined or excluded?

Instructions for submission of comments can be found in the Addresses Section at the beginning of the CFR notice found here.

Six Standards Recommendations for the Biden Administration

9/10/2021

It is now seven months since Joe Biden took office. During that time, his administration has announced many positions and policies while continuing to work on others. One policy area previous administrations have too often neglected relates to standards, despite the vital role they play in almost all areas of commerce. This neglect has been particularly unfortunate with respect to international trade, as the United States has historically influenced global standards development and adoption more than any other single nation.

Adopting an enlightened standards policy could greatly advance the national interest in the area of information and communications technology (ICT) standards. And at no time in recent memory has the need to do so been more urgent, as trade tensions with China sustain rather than abate. Absent a change in direction in policy, there is the potential for standards wars between East and West in areas such as 5G technology.

Maintaining a healthy standards development ecosystem domestically is equally important, as standards setting organizations (SSOs) annually create hundreds of standards that are referenced into law, at great savings in time and tax dollars when compared to the costs of drafting regulations within the government.

There are six areas in which standards policy action – and in some cases inaction – by the Biden administration is most urgently needed. They are as follows:

Reduce Uncertainty for BIS Compliance

American companies are barred from disclosing many areas of technology to companies and others added to the “Entity List” maintained by the Bureau of Industry and Security (BIS). Disclosure of technology is an essential element of developing most ICT standards, and Huawei, among many other Chinese companies and universities, was added to the Entity List under the previous administration.

While BIS has issued guidance on two occasions on what processes SSOs must observe in order to permit US companies to participate when Huawei is also present, this guidance has been vague and insufficient. This ambiguity has led to multiple unfortunate consequences: SSOs have struggled to determine what specific changes they must undertake to permit risk-free participation by all; non-US SSO members are understandably unhappy with the diversion and cost of these efforts; and US companies have sometimes felt unable to participate in specific SSOs crucial to their businesses. Some SSOs have even relocated to Europe in protest of these impositions by a single country.

To rectify this situation, the Biden Administration should:

• Give clear guidance on reasonable and appropriate actions an SSO can take to permit participation by both U.S. companies and Entity List companies whose participation is essential to developing the highest quality, most universally adopted ICT standards.

• Abandon the OMB A-119 “voluntary consensus body” compliance benchmark which unfairly forces consortia to adopt fundamental changes to their processes that needlessly add to costs and delay the development of standards.

• Apply these rules to all Entity List companies, and not just Huawei.

• Restore the ability of SSOs to submit business review letters describing proposed process changes for prior approval by BIS, allowing them to take a minimal, rather than an excessively precautionary approach to compliance.

Reduce the Risk of Standards Wars

With the exception of specific treaty obligations, international adoption of standards is entirely voluntary and market driven. Competing standards can, and often have, been used as competitive weapons, both to exclude or burden foreign products or to avoid licensing costs associated with “standards essential patents” (SEPS). While both the US and China are signatories of the World Trade Organization Treaty on Technical Barriers to Trade (TTBT), which bars signatory nations from adopting local standards where suitable global standards have become widely adopted, this did not prevent China from launching its own wireless standard (WAPI) in competition with Wi-Fi a decade and a half ago, alleging that the Wi-Fi standard developed by the IEEE provided insufficient security.

The WAPI standard was encumbered by many SEPS owned by Chinese companies (as, indeed, the competing Wi-Fi standard was encumbered by SEPS owned by Western companies). Licenses to those standards were available only to certain Chinese companies. China also developed its own 4G standard (CDMA) in competition with two Western contenders. With the largest population in the world, China was able to use its competing standards to the benefit of its domestic vendors. It has every incentive to do the same now if trade tensions between the US and China do not lessen.

Significantly, Huawei is recognized as owning more 5G patents than any other company in the world. It is also believed to have been a member of c. 400 SSOs, many of which ejected Huawei or suspended its participation after it was placed on the Entity List. The intellectual property rights (IPR) policies of virtually all of these SSOs require participants to either license their SEPS on “reasonable and non-discriminatory” (RAND) terms, or to disclose them so that an attempt can be made to revise the related standards to avoid infringement. But this obligation only attaches to companies participating in the working groups that create the standards.

Excluding Huawei from participation in SSOs, and therefore from licensing obligations under the IPR policies of those SSOs, gives China the opportunity and the incentive to “weaponize” Huawei 5G patents, a great many of which will inevitably be SEPS under the standards developed by these SSOs. Huawei will be free to demand above-market fees for licenses to these SEPS – or even to withhold licenses entirely.

To avoid this potentially dangerous result, the Biden Administration should recognize that:

• There is near-universal support by US companies for participation by Huawei in 5G standards development.

• Independent of security concerns involving 5G technology, the US is better off when SSOs have access to Huawei technology and Huawei SEPs are bound by SSO RAND licensing obligations.

• China may be nearing a tipping point at which it may believe its interests would be best served by launching multiple competing standards.

Don’t Impose “Democratic Values” on Global SSOs

Beginning this past spring, a series of novel amendments were proposed to draft legislation and policy initiatives. These proposals were based on the concept that global SSOs should be required to incorporate requirements relating to openness, transparency, and consensus into their processes. Sometimes these requirements were referred to as “democratic values.” In some amendments proposed but not ultimately included in the draft United States Innovation and Competition Act of 2021 (originally titled the Endless Frontier Act), the BIS would have been required to add SSOs deemed to be lacking in democratic values to a disfavored list, with vague, threatened consequences to those that participate in their activities. While there is always the potential for a given SSO to be manipulated, and openness and transparency in themselves are laudable, respected SSOs already incorporate those values in processes. But each includes them in a fashion appropriate to its history, industry and membership.

More seriously, virtually all trade relies on the efficient operation of a global infrastructure made up of hundreds of SSOs, participation in which is voluntary, as is compliance with their standards. Each SSO is free to adopt the rules and processes it believes will best serve its goals and members. The system only works because of this flexibility, and because all stakeholders, from the largest companies and nations to the smallest, can participate on an equal basis. If individual nations begin to impose their individual litmus tests for process and governance, there is a very real possibility that this vital system, evolved over almost a century and a half, may collapse.

To reverse this trend, the Biden administration should:

• Recognize the diversity and strength of global SSOs rather than seek unnecessary and harmful rules of uniformity.

• Recognize the existential threat represented by single-nation requirements on the vast network of multinational, voluntary NGOs that is the SSO community.

• Resist calls to impose specific requirements or expectations based on “democratic values” and other specific expectations on SSOs.

• Recognize that US obligations as a signatory to the World Trade Organization TTBT are incompatible with unilaterally re-defining acceptable standards development norms and processes.

Recognize and Promote the Importance of Consortia

Since 1980, more than six hundred SSOs have been formed to develop ICT standards. In many areas of ICT, these organizations produce many more essential standards than the traditional legacy organizations (often referred to as standards development organizations, or SDOs), notably ISO, IEC, the ITU and, in the United States, SDOs accredited by the American National Standards Institute (ANSI). While the governance and processes of these new organizations (most commonly referred to as consortia) are in most respects very similar to those of SDOs, they typically operate on a more streamlined basis than SDOs in order to meet the demands of the fast-moving technology marketplace. US companies have been particularly active in forming consortia, and the standards released by these organizations have enabled the rapid development of myriad products and services in areas such as wireless, AI, “big data,” robotics, and much more.

At the same time, the US government continues to favor the definition mentioned above of “voluntary consensus standards” that originated in the Technology Transfer and Advancement Act of 1995, as further developed in Office of Management and Budget (OMB) Circular A-119. That definition maps to the traditional SDO process rather than the more expedited approach favored by consortia. While there is much to be said for adhering to the voluntary consensus body requirements in the case of health and safety standards that are referenced into law, there is little benefit to burdening the development of ICT standards with all of the same requirements. Indeed, even in the case of government procurement and statutory references, OMB A-119 only expresses an “all other things being equal” preference for voluntary consensus standards over consortium standards, citing more than a dozen examples of factors that may lead to a different standard being chosen.

To avoid needlessly burdening the essential role of consortia in ICT standards development, the Biden administration should:

• Limit the application of the OMB A-119 definition of voluntary consensus standards and standards bodies to their appropriate targets: government procurement and standards referenced into law.

• Not adopt the OMB A-119 as a reference when pursuing other standards policy goals.

• Resist international efforts (e.g., in the US-EU Trade and Technology Council) to embed SDO-derived process requirements into rules and treaties.

Restore the Country’s Reputation in Global Standards Development

In 2001, in reaction to the 9/11 attacks, the US tightened border restrictions. Global SSOs typically have multiple face-to-face meetings, and non-US participants chaffed at being fingerprinted, or having their visa requests denied entirely. These impediments have grown more burdensome for Chinese participants, despite the fact that participation by Chinese technologists in developing open standards and open source software is often highly valued by U.S. participants. Adding Huawei and other Chinese companies to the Entity List, and the disruption to hundreds of SSOs that followed, has increased international exasperation and animosity towards unilateral US requirements. There is today a growing backlash against such impositions, leading to a sense that new SSOs should be organized outside the US.

To reverse this trend, the Biden administration should:

• Avoid and reverse unilateral demands on global SSOs and standards development.

• Work to reestablish its reputation as a team player dedicated to breaking down barriers to trade.

• Recommit to its TTBA obligations and avoid messaging and initiatives that are inconsistent with these obligations.

Support Open Source Software Development

Over the past two decades, open source software (OSS) has become essential to virtually every ICT product and service. An astonishing percentage of essential technologies today are fundamentally based on OSS stacks, from operating systems to telecommunications to much more. Indeed, there is very little proprietary software today that does not incorporate some – and often a great deal – of OSS.

This dramatic evolution in software development practices has occurred with almost no recognition or support by the U.S. government; in contrast, the European Union is highly supportive of OSS, partly with the goal of leveling the competitive playing field for European SMEs. The time has come for Congress and the administration to recognize and support the vast importance and value of OSS to critical infrastructure, the economy, and all other aspects of our technology-based world.

In order to avoid impeding the further benefits of OSS, the Biden administration should:

• Recognize the importance of OSS to the national interest.

• Avoid taking actions that may inadvertently impede the further development and uptake of OSS.

• Increase the uptake of OSS by government agencies, many of which continue to utilize archaic systems.

• Amend OMB A-119 to provide the same encouragement to government personnel to participate in SSO projects and foundations as in SSOs.

The Time for Standards Policy Reform is Now

Each of the recommendations above would fine wide support in the ICT industry, and there would be little or no associated government cost to implement them. The time to act is now.

If you would like to receive an email alert of future blog posts, please complete the sign-up form in the right hand column.

Invitation to Participate in Comments Regarding Huawei Participation in Standards Development

8/05/2020

Since May of 2019, standards setting organizations (SSOs) and U.S. companies have been struggling with the blowback from the decision by the U.S. Department of Commerce (DoC) to add Huawei and scores of its affiliated companies to the “Entity List” maintained by the U.S. Bureau of Industry and Security. In June of 2020, the DoC then released a long awaited “Interim Final Rule,” providing a safe harbor for U.S. companies and Huawei et al. to work together on standards. Until August 17, the DoC is accepting recommendations to improve the Interim Final Rule from interested parties. We have prepared detailed feedback which we will be submitting on behalf of Gesmer Updegrove LLP, multiple clients, and any other SSOs and interested parties that may wish to lend their support.

The concerns addressed in these comments arise from the fact that U.S. law prevents U.S. companies from disclosing a broad range of technology to companies on the Entity List, and that’s what usually happens during standards development. Those who disclose covered technology in violation of the rules can incur criminal liability.

Although the Interim Final Rule provides a safe harbor, it has various limitations, including that it only applies to Huawei and its affiliates and not other companies on the Entity List, and only benefits SSOs that qualify as “Voluntary Consensus Standards Bodies” under a preexisting rule called OMB Circular A-119. Unfortunately, most information and communications technology (ITC) SSOs don’t meet that test. Of those, some will not want to make the changes needed to meet the new test, while others that do will be saddled with additional processes and delays, most of which are not necessary to achieve the policy goals behind the Entity List restrictions.

Our detailed comments, reproduced in full below, include recommendations that urge the D0C to:

Create a standards-specific exception that is based on prevailing norms of Information and Communications Technology (ICT) SSO best practices rather than the more stringent VCSB rules that the government itself is not rigidly bound by under OMB Circular A-119. Ideally, the eventual rule would simply state that U.S. companies may safely participate in any SSO formed with the intention of creating global standards and which admits all interested parties as members on a non-discriminatory basis. Failing that, providing an SSO-specific exception referencing only the Openness and Consensus elements of the VCSB definition, tailored to ICT SSO realities, would provide a next-best solution.
Clarify that additional collaborative activities commonly associated with standards development and necessary to achieve market needs are also included within the exception. These activities include the creation of reference implementations, participating in and sharing the results of conformance testing, and related activities that help foster adoption, implementation, and improvement of ‎standards conducted by, or under the auspices, of an SSO.
Include all industry participants that at any time are included in the Entity List, and not just Huawei and its affiliates.

If you have questions or are interested in lending your support to these comments and recommendations, please contact me at Andrew.updegrove@gesmer.com before August 16. We would welcome your participation.

The full text (minus footnoted citations) of our submission follows. You may find further background regarding the Huawei situation and the Interim Final Rule here.

* * *

DRAFT COMMENTS AND RECOMMENDATIONS TO U.S. DEPARTMENT OF COMMERCE
RELATING TO HUAWEI AND ITS AFFILIATES
RIN 0694-AI06

Thank you for the opportunity to present comments in relation to 15 CFR Parts 744 and 772, RIN 0694–AI06, “Release of ‘Technology’ to Certain Entities on the Entity List in the Context of Standards Organizations” (the “Interim Final Rule”). The following remarks are made on behalf of Gesmer Updegrove LLP and the [__] standards setting organizations (SSOs) listed on the attachment to this letter.

I. Summary of Concerns

In the view of the SSOs supporting these comments, the Interim Final Rule in its current form does not adequately meet the needs of the dynamic ICT standardization world, nor is it likely in its current form to meet the Department of Commerce’s announced policy goals to protect U.S. economic and national security and to advance its foreign policy interests through U.S. participation and leadership in technical standards setting. Specifically, we believe that:

The OMB Circular A-119 definitions of “voluntary consensus standards body” (VCSB) and “standard” include criteria that are unduly difficult to meet, inconsistent with ICT standardization needs, and unrelated to U.S. policy objectives. The result will likely be that some SSOs of great importance to U.S. companies will not qualify under the Interim Final Rule, while others will be forced to add steps to their processes that will make their operations more costly, less efficient and less capable of bringing essential standards swiftly to the global marketplace.
Several global SSOs (including 5G SSOs) have indicated they believe they are already exempt under preexisting BIS rules and Advisory Opinions. Many of their U.S. company members concluded otherwise, and therefore decided they are unable to participate in those SSOs. We believe it is highly unlikely that any of these SSOs will make changes intended to address an Interim Final Rule that imposes additional VCSB requirements, is restricted only to Huawei (and its affiliates identified on the Entity List), and applies only to technology that is either EAR99 or controlled only for antiterrorism reasons. In these cases, U.S. companies will remain at a critical disadvantage.
Compliance with the existing publication and meeting exceptions under EAR Section 734.7 is substantially less onerous than compliance with the Interim Final Rule, applies to a wider range of technologies, and allows participation by all Entity List companies, meaning that many SSOs that wish to admit Huawei (or any of its Entity List affiliates) will likely choose to comply with these exceptions rather than the Interim Final Rule, making the latter less useful than industry participants had hoped.
Restricting the Interim Final Rule’s applicability to a single company and its affiliates runs counter to traditional standards of fairness and falls short of meeting any market needs relating to other Entity List companies. SSOs and U.S. companies will continue to encounter difficulties whenever any other Entity Listed company applies to, or is accepted for membership by, an SSO in which U.S. companies participate.
ICT SSO intellectual property rights (IPR) policies ensure that companies that help create standards will license any essential patents they own relating to those standards on reasonable and non-discriminatory (RAND) terms. When Huawei and its affiliates are barred from helping create a standard, they remain free to assert their patents on non-RAND terms against that standard, and are given every incentive to do so, potentially hampering the uptake and driving up the costs of 5G and other essential technology.
Importantly, we also note that neither the current nor any previous version of OMB Circular A-119 has ever limited government use of standards to just those developed by VCSBs. Instead, Section 5(b) of OMB A-119 establishes a “preference” for the use of such standards. In fact, whether a standard is the work product of a VCSB is only one of no fewer than nineteen factors a government agency “should” consider “on a case-by-case basis” in “evaluating whether to use a standard.” To require that BIS apply OMB A-119 more rigidly in reference to Entity List company participation in standards development is inconsistent with past government practice and unnecessary in order to accomplish the current policy goal.

II. Amendments Recommended

We urge the Department of Commerce to amend the Interim Final Rule to:

Create a standards-specific exception that is based on prevailing norms of Information and Communications Technology (ICT) SSO best practices rather than the more stringent VCSB rules that the government itself is not rigidly bound by under OMB Circular A-119. Ideally, the eventual rule would simply state that U.S. companies may safely participate in any SSO formed with the intention of creating global standards and which admits all interested parties as members on a non-discriminatory basis. Failing that, providing an SSO-specific exception referencing only the Openness and Consensus elements of the VCSB definition, tailored to ICT SSO realities, would provide a next-best solution.
Clarify that additional collaborative activities commonly associated with standards development and necessary to achieve market needs are also included within the exception. These activities include the creation of reference implementations, participating in and sharing the results of conformance testing, and related activities that help foster adoption, implementation, and improvement of ‎standards conducted by, or under the auspices, of an SSO.
Include all industry participants that at any time are included in the Entity List.

III. Background

1. Non-VCSB Consortia Reflect Marketplace Needs and Realities. ICT standards are created in many hundreds of independent SSO. The governance, intellectual property policy and other rules of these organizations are market driven and periodically updated to meet evolving market needs. While virtually all SSOs implement some number of the VCSB attributes established by OMB Circular A-119, only some (such as SSOs accredited by the American National Standards Institute (ANSI)) implement all of them. Beginning in c. 1990, U.S. (and other) ICT companies have increasingly chosen to launch new standards development projects within non-ANSI accredited SSOs, often referred to generically as consortia, in large part to avoid process requirements they viewed as being unnecessary and limiting. Over the past twenty years, the great majority of ICT standards development has taken place in such organizations. These consortia are subject to domestic and foreign antitrust and competition laws, and have been actively monitored by U.S., E.U. and other regulatory bodies.

The processes of consortia typically diverge from those mandated under the VCSB definition in several important respects. As an example, a requirement to maintain “a fair and impartial process for resolving conflicting views,” as traditionally practiced, involves requiring each member voting “no” on a standard to give its reasons for withholding its approval, and the changes it would require before it would vote yes. These responses are then compiled, and each comment is reconciled, either by agreement with the requested change, by recommendation of a different compromise change, or by providing an explanation of why no change is recommended. The aggregate comments are then circulated for consideration by all working group members, after which a new voting period is begun. In contrast, a consortium would typically debate concerns in real time and ballot a final draft, thereby saving months in the development process. Famously, the process of the Internet Engineering Task Force, one of the most fundamental and important ICT consortia in the world since its initiation by the U.S. government, is self-described as “rough consensus and running code.”

Formal appeals mechanisms are also less common in consortia, partially because they have been found to be infrequently necessary, and partly because such processes can be abused to delay the finalization of a standard.

Stated another way, in the fast-paced world of ICT, where technology life cycles are invariably short and competitive pressures extreme, the marketplace has found its own balance between due process formalities and time to market pressures, adopting those elements of a VCSB in which it found value, and disregarding those where the perceived benefits are outweighed by related delays or incur the potential for gaming the system. Today, there are thousands of global consortium SSO standards in use that have been created through the ICT process. Many, if not most, of these standards enable “interoperability,” allowing components within a given system to work together, and permitting each system to interoperate with other compliant systems. When government agencies procure technology under OMB Circular A-119, they necessarily specify compliance with these standards on a daily basis. In doing so, they give appropriate weight to “the prevalence of the use of the standard in the national and international marketplaces,” and “[t]he extent to which the standard is an international standard.”

2. ICT SSOs are not often Controlled by U.S. Companies. It is vital to note that ICT SSOs are almost always global in membership. While U.S. companies are important contributors to such SSOs, they represent only one national constituency and therefore may not have a voting majority. By their nature, SSOs find it important to maintain both the reality and the perception of neutrality so that they will be accepted by the global marketplace. Expecting such organizations to make meaningful changes to their rules at the request of a single government is unrealistic, and progressively more so to the extent that the changes impair their ability to meet market needs. It also sets a dangerous precedent for other national governments, some of which might seek to force SSOs to make changes that would disadvantage U.S. participants.

Given that the announced goal of the Interim Final Rule is to, “Clear [the] Way for U.S. Companies to More Fully Engage in Tech Standards-Development Bodies,” it is essential that the ultimate version of that rule impose only requirements that ICT SSOs can realistically be expected to accommodate, and that provide SSOs and U.S. companies with a clear and reliable path forward for decision making.

3. OMB Circular A-119 Definitions have never before been Prescriptive. OMB Circular A-119 was amended in 1998 to support the implementation of the U.S. Technology Transfer and Advancement Act of 1995 (the Act). Most recently, OMB Circular A-119 was amended in 2016. It is important to note that throughout this time period, the Circular has never required that government entities reference only VCSB-created standards in a procurement order, nor has it rigidly limited which private sector standards could be referenced into law by reference to the VCSB definition. Instead, OMB Circular A-119 expresses a preference for such standards, while noting many other factors a government agency may take into account before settling instead on a non-VCSB SSO standard.

4. SSO IPR Policies. Under the terms of the great majority of ICT SSO intellectual property rights (IPR) policies, members of a working group developing a standard are required to either agree to license any patent claims they own that are essential to use of that standard on reasonable and non-discriminatory terms, or disclose those claims and the affected parts of the standard so that the working group can seek to “design around” the infringement. As of November 2019, Huawei and its Entity List affiliates were reported to own more 5G patents than any other company, some percentage of which will inevitably become essential under 5G standards. Where Huawei and its affiliates are not members of an SSO creating a standard, they will have no obligation to license those patents on RAND terms – or at all.

IV. Specific Comments and Recommendations

1. OMB A-119 has been too Broadly and Prescriptively Applied in the Interim Final Rule. The detailed requirements of OMB Circular A-119 can make sense in the context of (for example) health and safety standards that are referenced into law. In such situations, it is appropriate that a quasi-legislative process that ensures balance, consensus and rights of appeal should be preferred. Unlike standards referenced into law that must be complied with, ICT standards succeed or fail based upon market acceptance. That acceptance is based in large part on the credibility of the process employed, and such processes have evolved in response to what the market finds value in.

While OMB Circular A-119 definitions have the obvious appeal of being long standing and therefore widely understood, it is not obvious why all attributes of the VCSB definition should be mandated under the Interim Final Rule when they have been considered to be advisory in the past with respect to equally important policy objectives. Importantly, two considerations under OMB Circular A-119 justifying use of non-VCSB standards relate to wide international market adoption of a standard.

To impose OMB Circular A-119 requirements on ICT SSOs without exception (and with potentially severe criminal and civil sanctions for violations) at the same time that Congress and government agencies remain free to utilize standards that do not meet the same requirements is inconsistent and serves no obvious policy goal. At the same time, such a rigid requirement will at worst result in SSOs of crucial interest to U.S. companies being unable to comply, and at best impose needless burdens on SSOs attempting to comply.

2. A Narrow, Rigid Final Rule is Unlikely to be Useful to Many Consortia. While the Interim Final Rule withdraws the earlier standards-specific guidance issued by BIS, it does not bar SSOs from relying instead on the pre-existing meeting and publication exceptions under EAR 734.7(a)(3) and 734.7(a)(5). These exceptions are based upon the concept that no useful purpose would be gained by barring disclosure of technology of concern to an Entity List company if that information had been, or soon would be, made public. Most (but, importantly, not all) SSO activities broadly map to one or the other of these exceptions, and any SSO that wishes to adapt its rules and processes may therefore be more likely to do so under the EAR 734.7 exceptions since the burdens would be lower, the technology scope restrictions of the Interim Final Rule would not apply, and any Entity List company (not just Huawei and its affiliates) could then participate.

The result is that, while some SSOs (like ANSI-accredited organizations) will take comfort in the Interim Final Rule as written (assuming their activities fit within the technology scope limitations), many consortia will not. Although the benefit to accredited SSOs is not to be ignored, absent further change the far greater number of SSOs developing ICT standards may not see compliance with the Interim Final Rule as a desirable way out of their current dilemma.

We believe that the best path for the Interim Final Rule to take would be to recognize that U.S. companies may safely participate in any SSO that was formed with the intention of creating global standards and which permits all interested parties to become members on a non-discriminatory basis, without adding the additional requirements found under the VCSB definitions.

If that approach is not deemed to be acceptable, SSOs and U.S. companies could still greatly benefit from a Final Rule that would incorporate only the openness and consensus elements of the VCSB definition, and benchmark them against prevailing practices in consortia as well as ANSI-accredited SSOs.

A third alternative would be to create a specific public disclosure exception tailored to standards development. Currently, SSOs seeking to comply with one of the existing exceptions under EAR 734.7 must guess how to adapt existing guidance relating to specific use cases – meetings and publications – to processes that are analogous but meaningfully different. In this regard, we note that the earlier, and now withdrawn, standards-specific guidance, while well-intentioned, was not sufficiently tailored to the realities of standards development to be helpful.

Finally, we note that many standards are insufficiently detailed to allow vendors to create reliably interoperable products. This “last mile” of interoperation is frequently bridged by SSOs convening “plug-fests,” at which vendors can work out the final wrinkles necessary to allow end-users to enjoy the benefits of seamless interoperation and avoidance of vendor lock-in. Such activities may result in some incidental technical disclosures, and it is difficult to draw any useful guidance from the existing public disclosure and meeting exceptions in this regard. Other common, collaborative, standards-related activities, such as compliance testing and reference implementation development, may also involve technology disclosures. In order to allow the full commercial benefit of standards development to be achieved, these activities need to be permitted without risk as well.

3. Imposing Single Country Requirements on Global SSOs Sets a Bad Precedent. Simply put, it is unreasonable for a single country to impose requirements on global membership organizations, regardless of the perceived merit of the goal it is pursuing. In the first instance, the U.S. does not have the power to unilaterally compel an SSO to change its rules, and in the second, such actions exacerbate anti-U.S. sentiments already resulting from the difficulty of some SSO members to enter the U.S. to participate in SSO meetings. Normalizing such impositions invites retaliation by other countries at worst, and ongoing disruption at best.

4. Excluding Entity List Companies from ITC SSOs Invites “Patent Hold Up.” The creation of standards inevitably creates monopoly powers in the hands of the owners of standards essential patents. The time-honored way of avoiding the abuse of such rights is to bring together all interested owners of such rights in an effort to create standards that can be implemented under RAND licenses provided by participating member/patent owners. Where an SSO decides to exclude Huawei and its affiliates rather than comply with VCSB requirements, these companies are given both the opportunity and incentive to “weaponize” any patent claims they own that become essential under the standards of that SSO. U.S. and international business interests can best be served by facilitating rather than restricting the participation of Huawei and its affiliates in vital 5G SSOs and other important standards development organizations.

V. Summary

We applaud the efforts of the Department of Commerce to make it clearer how SSOs can permit Huawei and its affiliates to participate in their standards development activities, and for U.S. companies to assess which SSOs they may participate in while complying with applicable law. However, we believe the path chosen in the Interim Final Rule is unlikely to achieve the greater goal of allowing full participation by U.S. companies in the global standards development system while avoiding the addition of needless burdens on SSO operations. We therefore recommend that one of the approaches offered above form the basis for the Final Rule.

Department of Commerce Clears Huawei for Standards Development – Part Way

6/16/2020

The long face-off between the Trump administration and Huawei involving standards development has finally been resolved. Well, yes and no, on which more below.

Initially the issue was whether standards setting organizations (“SSOs”) would be able to permit the Chinese 5G technology company and scores of its affiliates (collectively, “Huawei”) to participate in their working groups. But over time, the political landscape shifted – many of the SSOs where the action was taking place took the position that their processes were sufficiently open to make the issue moot. But some of the most active American technology companies came to a different conclusion, thereby making it impossible for them to participate without risking liability to their own government (more details can be found here).

The saga began in May of 2019, when Huawei was added to the Bureau of Industry and Security (“BIS”) Entity List, making it illegal for U.S. companies to share many kinds of technology with Huawei without a special BIS license. Initially, a Temporary General License (“TGL”) was provided that included a clause that allowed Huawei to continue to participate in (only) 5G standards development, but in August 2020, that clause was removed. At the same time, BIS released a General Advisory Opinion, noting its determination that existing regulations sufficiently addressed how the Entity List-based license requirements applied to standards development bodies, including 5G. That left SSOs in the difficult position of determining whether their standards development rules were sufficiently open to meet the requirements of one of two safe harbors (participating in meetings and contributing to journals), neither of which was a very good fit.

In response, global SSOs fell into three camps: those that concluded their processes didn’t meet the safe harbors and were unwilling to change. They either terminated Huawei’s membership or allowed it to remain a member but not participate in working groups. Others changed their rules to allow Huawei to continue to participate in development, or even moved their headquarters and/or reincorporated abroad (not because it made the issue go away, but in part out of frustration with the present and uncertainty about the future). The last group concluded that their processes would pass muster without change. In some cases, U.S. member companies agreed. But in others, particularly in the case of those that were more European-centric, the SSOs decided that they made the cut by taking a more liberal view of what was needed to comply.

The result was that, far from limiting Huawei’s impact, the Department of Commerce’s position ended up diminishing the ability of American companies to influence crucial 5G technology outcomes.

Months of lobbying by U.S. companies succeeded in getting the Department to try to come up with a solution, but the efforts repeatedly hit snags, notwithstanding a request by five Republican senators in mid-April to accelerate the process.

Yesterday, the logjam broke, when the Department issued a press release stating that a new regulation would be issued that would permit U.S. companies to participate in SSOs with Huawei. In it, Secretary Wilbur Ross is quoted as follows:

The United States will not cede leadership in global innovation. This action recognizes the importance of harnessing American ingenuity to advance and protect our economic and national security. The Department is committed to protecting U.S. national security and foreign policy interests by encouraging U.S. industry to fully engage and advocate for U.S. technologies to become international standards.

As a measure of the urgency with which the regulation was (finally) issued, the new permission is being released as an “interim final rule,” meaning that it is subject to a comment period and possible adjustments down the road based on those comments. Normally, the process is reversed – comments on a draft regulation are solicited and responsive changes are often made before a legally binding rule is released.

That all sounds good, but there are two “buts.” The first is that not all types of technology can be disclosed. On that topic, the regulation stipulates as follows:

Specifically, technology subject to the EAR that is designated as EAR99 or controlled on the Commerce Control List only for anti-terrorism (AT) reasons may be released to members of a standards organization without a license, including Huawei, if released for the purpose of contributing to the revision or development of a standard.

The parsing of that limitation is beyond the scope of this blog entry, but suffice it to say that a necessary step in determining whether the new regulation will be useful to a given SSO will rely in part on performing that analysis.

The second condition of concern is that an SSO must qualify as a “voluntary consensus standards bodies,” and be engaged in developing a “standard,” each as defined in Office of Management and Budget Circular A-119 (Rev. 2016).

The full text of the draft regulation can be found here.

The good news is that the OMB Circular A-119 rules are reasonably well understood in the industry. However, in order to meet the VCSB definition, an SSO must embed a variety of processes in its rule book, including a requirement for a balance of relevant types of industry participants in working groups, a formal appeals process, and more. While wholesome in concept, these rules can slow down the process of standards development and are therefore lacking in many SSOs, particularly those in the fast-moving technology sector.

Why impose OMB Circular A-119 requirements? Compliance with this more due process-oriented approach has generally been favored for government procurement, in the case of health and safety standards, and where a standard may be referenced into law. But non-VCSB Standards are regularly consumed for all these purposes all the time despite this preference. There seems to be no compelling reason why these requirements would serve a useful purpose in this instance.

True, transparency is part of the OMB Circular A-119 requirements, and the existing exceptions for disclosing technology to Entity List companies are all based on establishing that the disclosed information can be regarded as “public.” But OMB Circular A-119 has lots of other requirements that relate only to due process, and are therefore not relevant to national security concerns. Presumably OMB Circular A-119 was simply a convenient and familiar benchmark that could be recycled to meet this new and quite different need. (See the full list of requirements at the end of this blog post).

That said, a number of industry consortium SSOs will likely decide to retool their processes in order to meet the new requirements. The bad news is that the same 5G SSOs that took a liberal view of compliance with the old rules may be similarly unwilling to make any changes to meet the new ones. Happily, some of them may already fit within the box. Others likely will not make any amendments. Where that’s the case, U.S. companies may still be left out in the cold.

Underlying these SSO decisions is the fact that many non-U.S. companies have no reason to wish to accommodate the Trump administration. Others are 5G vendors themselves, and therefore may be happier if U.S. companies were kept outside the fold. All the SSOs involved have anywhere from scores to hundreds of members, and US companies are often not in the majority.

A final interesting point about the new regulation is that it does not explicitly “preempt” the exceptions that some SSOs were relying on already to permit Huawei to participate. Given that the new regulation includes so many restrictions in addition to openness, and the fact that it only applies to Huawei, some SSOs may elect to ignore the new safe harbor and address the situation solely by increasing the level of openness and transparency of their operations in reliance on the preexisting exceptions, rough fit though they may be.

So, where does that leave us today? Better off than before, but not as well off as we would have been if the Department of Commerce had simply exempted “any SSO generally recognized in the marketplace.” In other words, everywhere the action actually takes place. My firm will likely file comments Department urging that the OMB Circular A-119 requirements be pared back to reference only those that actually relate to transparency.

It will be interesting to see how things shake out from here: which SSOs will make changes and which won’t, and which companies will satisfy themselves that a given SSO makes the grade – or doesn’t. Where the last possibility occurs, many U.S. companies will be right back where they started.

* * *

OMB Circular A-119

The two key elements of the Circular for current purposes are the definitions of “voluntary consensus standards body” and “standard,” which reads as follows:

“Voluntary consensus standards body” is a type of association, organization, or technical society that plans, develops, establishes, or coordinates voluntary consensus standards using a voluntary consensus standards development process that includes the following attributes or elements:

(i) Openness: The procedures or processes used are open to interested parties. Such parties are provided meaningful opportunities to participate in standards development on a non-discriminatory basis. The procedures or processes for participating in standards development and for developing the standard are transparent.

(ii) Balance: The standards development process should be balanced. Specifically, there should be meaningful involvement from a broad range of parties, with no single interest dominating the decision-making.

(iii) Due process: Due process shall include documented and publically available policies and procedures, adequate notice of meetings and standards development, sufficient time to review drafts and prepare views and objections, access to views and objections of other participants, and a fair and impartial process for resolving conflicting views.

(iv) Appeals process: An appeals process shall be available for the impartial handling of procedural appeals.

(v) Consensus: Consensus is defined as general agreement, but not necessarily unanimity. During the development of consensus, comments and objections are considered using fair, impartial, open, and transparent processes.

See Section 5h of this Circular for a discussion of “international standards.”

* * *

a. The term “standard,” or “technical standard,” (hereinafter “standard”) as cited in the NTTAA, includes all of the following:

(i) common and repeated use of rules, conditions, guidelines or characteristics for products or related processes and production methods, and related management systems practices;

(ii) the definition of terms; classification of components; delineation of procedures; specification of dimensions, materials, performance, designs, or operations; measurement of quality and quantity in describing materials, processes, products, systems, services, or practices; test methods and sampling procedures; formats for information and communication exchange; or descriptions of fit and measurements of size or strength; and

(iii) terminology, symbols, packaging, marking or labeling requirements as they apply to a product, process, or production method.

b. The term “standard” does not include the following:

(i) professional standards of personal conduct; or

(ii) institutional codes of ethics.