Rule2022-28263
Protecting Against National Security Threats to the Communications Supply Chain Through the Equipment Authorization Program
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
February 6, 2023
Effective
February 6, 2023
Issuing agencies
Federal Communications Commission
Abstract
In this document, the Federal Communications Commission (Commission) amends its rules related to equipment authorization to further secure our communications networks and supply chain from equipment that poses an unacceptable risk to national security of the United States or the security and safety of United States persons. The Commission implements revisions to the equipment authorization program to prohibit authorization of equipment that has been identified on the Commission's Covered List--published pursuant the Secure and Trusted Communications Networks Act of 2019--as posing an unacceptable risk to national security of the United States or the security or safety of United States persons, and the Commission prohibits the marketing and importation of such equipment in the United States. The Commission also addresses what constitutes "covered" equipment for purposes of implementing the equipment authorization prohibition that the Commission is implementing. The actions being taken comply with Congress's directive in the secure Equipment Act of 2021 to prohibit authorization of "covered" equipment on the Covered List within one year of that Act's enactment and to lay the foundation to prohibit the authorization of any additional "covered" equipment that may be added to the Covered List based on a determination that such equipment poses an unacceptable risk to national security.
Full Text
<html>
<head>
<title>Federal Register, Volume 88 Issue 24 (Monday, February 6, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 24 (Monday, February 6, 2023)]
[Rules and Regulations]
[Pages 7592-7626]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-28263]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Parts 2 and 15
[ET Docket No. 21-232 and EA Docket No. 21-233; FCC 22-84; FR ID
120432]
Protecting Against National Security Threats to the
Communications Supply Chain Through the Equipment Authorization Program
AGENCY: Federal Communications Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Communications Commission
(Commission) amends its rules related to equipment authorization to
further secure our communications networks and supply chain from
equipment that poses an unacceptable risk to national security of the
United States or the security and safety of United States persons. The
Commission implements revisions to the equipment authorization program
to prohibit authorization of equipment that has been identified on the
Commission's Covered List--published pursuant the Secure and Trusted
Communications Networks Act of 2019--as posing an unacceptable risk to
national security of the United States or the security or safety of
United States persons, and the Commission prohibits the marketing and
importation of such equipment in the United States. The Commission also
addresses what constitutes ``covered'' equipment for purposes of
implementing the equipment authorization prohibition that the
Commission is implementing. The actions being taken comply with
Congress's directive in the secure Equipment Act of 2021 to prohibit
authorization of ``covered'' equipment on the Covered List within one
year of that Act's enactment and to lay the foundation to prohibit the
authorization of any additional ``covered'' equipment that may be added
to the Covered List based on a determination that such equipment poses
an unacceptable risk to national security.
DATES: Effective February 6, 2023.
FOR FURTHER INFORMATION CONTACT: Jamie Coleman, Office of Engineering
and Technology, (202) 418-2705 or <a href="/cdn-cgi/l/email-protection#fdb79c909498d3be929198909c93bdbbbebed39a928b"><span class="__cf_email__" data-cfemail="98d2f9f5f1fdb6dbf7f4fdf5f9f6d8dedbdbb6fff7ee">[email protected]</span></a>. For additional
information concerning the Paperwork Reduction Act information
collection requirements contained in this document, contact Nicole
Ongele, (202) 418-2991 or send an email to <a href="/cdn-cgi/l/email-protection#065654474660656528616970"><span class="__cf_email__" data-cfemail="09595b48496f6a6a276e667f">[email protected]</span></a>.
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's
document, Report and Order, Order, and Further Notice of Proposed
Rulemaking, ET Docket No. 21-232 and EA Docket No. 21-233; FCC 22-84,
adopted November 11, 2022 and released November 25, 2022. The full text
of this document is available for public inspection and can be
downloaded at: <a href="https://www.fcc.gov/document/fcc-bans-authorizations-devices-pose-national-security-threat">https://www.fcc.gov/document/fcc-bans-authorizations-devices-pose-national-security-threat</a>. When the FCC Headquarters
reopens to the public, the full text of this document also will be
available for public inspection and copying during regular business
hours in the FCC Reference Center, 45 L Street NE, Washington, DC
20554. Alternative formats are available for people with disabilities
(Braille, large print, electronic files, audio format) by sending an
email to <a href="/cdn-cgi/l/email-protection#93d5d0d0a6a3a7d3f5f0f0bdf4fce5"><span class="__cf_email__" data-cfemail="54121717616460143237377a333b22">[email protected]</span></a> or calling the Commission's Consumer and
Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432
(TTY).
Procedural Matters
Final Regulatory Flexibility Analyses. The Regulatory Flexibility
Act of 1980 (RFA) requires that an agency prepare a regulatory
flexibility analysis for notice and comment rulemakings, unless the
agency certifies that ``the rule will not, if promulgated, have a
significant economic impact on a substantial number of small
entities.'' Accordingly, the Commission has prepared a Final Regulatory
Flexibility Analysis (FRFA) concerning the possible impact of the rule
changes contained in this Second Order on Reconsideration on small
entities. As required by the RFA, an Initial Regulatory Flexibility
Analysis (IRFA) was incorporated in the Notice of Proposed Rulemaking
(NPRM) (86 FR 46644, August 19, 2021). The Commission sought written
public comment on the proposals in the NPRM, including comments on the
IRFA. No comments were filed addressing the IRFA. Accordingly, the
Commission has prepared a Final Regulatory Flexibility Analysis (FRFA)
concerning the possible impact of the rule changes contained in the
document on small entities. The present FRFA conforms to the RFA and
can be viewed under Appendix B of the item.
Paperwork Reduction Act. This document contains new and modified
information collection requirements subject to the Paperwork Reduction
Act of 1995 (PRA), Public Law 104-13. It was submitted to the Office of
Management and Budget (OMB) for emergency review under section 3507(d)
of the PRA. Public comment on this
[[Page 7593]]
submission has been waived pursuant to 5 CFR 1320.13(d). Amendments of
parts 2 and 15 of the Commission's rules as set forth in Appendix A are
effective on the date of publication in the Federal Register, including
Sec. Sec. 2.903(b), 2.911(d)(5), (6), and (7); 2.929(c); 2.932(e);
2.938(b)(2); 2.1033(b)(1), (2), (3), and (4); 2.1033(c)(1), (2), (3),
and (4); 2.1043(b)(2)(i)(B), (C), (D), and (E); and 2.1043(b)(3)(i)(B),
(C), (D), and (E), which contain new and modified information
collection requirements that were reviewed and approved by the Office
of Management and Budget (OMB) under the Paperwork Reduction Act, with
an expiration date of June 30, 2023. The Office of Engineering and
Technology establishes and announces the effective date of these
sections in this document published in the Federal Register.
Because the emergency approval of this information collection has
an expiration date of June 30, 2023, the Commission, as part of its
continuing effort to reduce paperwork burdens and in the standard
course of information collection review procedures, will issue a
separate document inviting the general public to comment on the
information collection requirements contained in this Final Rule as
required by the Paperwork Reduction Act of 1995, Public Law 104-13. In
addition, the Commission notes that pursuant to the Small Business
Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C.
3506(c)(4), we previously sought specific comment on how the Commission
might further reduce the information collection burden for small
business concerns with fewer than 25 employees. The Commission has
described impacts that might affect small businesses, which includes
most businesses with fewer than 25 employees, in the Final Regulatory
Flexibility Analysis (FRFA), and can be viewed under Appendix B of the
item.
Congressional Review Act. The Commission has determined, and the
Administrator of the Office of Information and Regulatory Affairs,
Office of Management and Budget, concurs, that this rule is ``non-
major'' under the Congressional Review Act, 5 U.S.C. 804(2). The
Commission will send a copy of this document to Congress and the
Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).
Synopsis
Background
In the Notice of Proposed Rulemaking (86 FR 46644, August 19, 2021)
and Notice of Inquiry (86 FR 46641, August 19, 2021) (NPRM and NOI),
the Commission proposed to revise its rules and procedures relating
both to its equipment authorization program and its competitive bidding
program to leverage the processes associated with these programs to
help keep untrusted equipment and vendors out of U.S. networks. As the
Commission made clear, the efforts underway in the instant proceedings
are intended to be among the additional steps that the Commission is
taking to be consistent with, and build upon, other efforts underway at
the Commission, Congress, and the Executive Branch to protect our
nation's supply chain from equipment and services that pose a national
security risk or a threat to the safety of U.S. persons.
In March 2020, the Secure Networks Act was enacted. These
provisions include: requiring (pursuant to section 2(a)) that the
Commission publish, and periodically update, a list of ``covered
communications equipment and services'' that have been determined to
pose national security risks, requiring (per section 2(b)) that the
Commission place on that list the equipment or services that are
produced or provided by entities and meets certain capabilities, and
further requiring (per section 2(c)) that the equipment or services
placed on the list be ``based solely on'' determinations made by four
enumerated sources. In particular, these determinations and sources are
limited to--(1) a ``specific determination made by any executive branch
interagency body with appropriate national security expertise,
including the Federal Acquisition Security Council . . .;'' (2) a
``specific determination made by the Department of Commerce pursuant
Executive Order No. 13873 . . . relating to securing the information
and communications technology and services supply chain;'' (3) the
``communications equipment or service being covered telecommunications
equipment or services, as defined in Sec. 889(f)(3) of [the 2019
NDAA];'' or (4) a ``specific determination made by an appropriate
national security agency.''
The Secure Networks Act also adopted other provisions. These
included requiring the Commission to: prohibit any Federal subsidy made
available through a program administered by the Commission that
provides funds used for the capital expenditures necessary for the
provision of advanced communications service to purchase or otherwise
obtain or maintain ``covered'' communications equipment or services
(section 3); establish the Secure Networks Act Reimbursement Program to
make reimbursements to certain advanced communications service
providers to facilitate the removal, replacement, and disposal of
certain ``covered'' communications equipment and services (section 4);
and require each provider of advanced communications service to submit
annual reports to the Commission regarding whether it has purchased,
rented, leased, or otherwise obtained and ``covered'' communications
equipment or services on or after August 14, 2018 or 60 days after new
covered equipment and services are subsequently added to the Covered
List (section 5).
Pursuant to the Secure Networks Act and Sec. 1.50002(a) of the
Commission's rules, PSHSB is required to publish the ``Covered List,''
which identifies ``covered communications equipment or service'' that
has been determined, by one or more of four enumerated sources outside
of the Commission, as posing an unacceptable risk to the national
security of the United States or the security and safety of United
States persons. The Commission tasked PSHSB with ongoing
responsibilities for monitoring the status of the determinations and
periodically updating the Covered List to address changes as
appropriate.
On March 12, 2021, PSHSB published its first Public Notice on the
Covered List. That list specifically identified equipment and services
that, pursuant to the Secure Networks Act, had been determined by
Congress in section 889(f)(3) of the 2019 NDAA--one of the four
enumerated sources identified under the Secure Networks Act--as posing
an unacceptable risk to national security. Among others things, that
Covered List listed as ``covered'' equipment certain equipment produced
by five different entities: Huawei, ZTE, Hytera, Hikvision, and Dahua
(and their respective subsidiaries and affiliates).
On March 25, 2022, PSHSB published a Public Notice updating the
Covered List; this list retained the earlier identified ``covered''
equipment (equipment produced by Huawei, ZTE, Hytera, Hikvision, and
Dahua) while announcing additions to the Covered List based on new
determinations by two of the other enumerated sources, DHS and an
executive branch interagency body (Team Telecom) with appropriate
expertise. Most recently, on September 20, 2022, PSHSB published
another Public Notice updating the Covered List; this list also
retained the earlier identified ``covered'' equipment (equipment
produced by Huawei, ZTE, Hytera, Hikvision, and Dahua) while announcing
certain additions to the Covered List based on new
[[Page 7594]]
determinations by the Department of Justice, in coordination and
concurrence with the Department of Defense.
The NPRM and NOI. The Commission adopted an NPRM and an NOI on June
17, 2021. This initiated two separate dockets, with one docket
concerning revisions to the Commission's equipment authorization
program and the other concerning the Commission's competitive bidding
program. In the NOI, the Commission sought broad comment on possible
additional steps that it could take to leverage the equipment
authorization program to promote cybersecurity.
NPRM concerning the Equipment Authorization Program (ET Docket No.
21-232). The Commission's equipment authorization rules play a critical
role in enabling the Commission to carry out its responsibilities under
the Communications Act. The Commission's equipment authorization
program, codified in part 2 of its rules, promotes efficient use of the
radio spectrum and addresses various responsibilities associated with
certain treaties and international regulations, while ensuring that RF
devices in the United States comply with the Commission's technical
requirements before they can be marketed in or imported to the United
States. As a general matter, for an RF device to be marketed or
operated in the United States, it must have been authorized for use by
the Commission, although a limited number of categories of RF equipment
are exempt from this requirement.
In the NPRM, the Commission proposed to revise its equipment
authorization program under its part 2 rules to prohibit authorization
of ``covered'' equipment on the Commission's Covered List, i.e.,
equipment that had been determined to pose an unacceptable risk to the
national security of the United States or the security and safety of
United States persons. To achieve this goal, the Commission proposed to
revise the rules and procedures for its two pathways for equipment
authorization--certification and the supplier's declaration of
conformity (SDoC). Recognizing that ``covered'' equipment might also
include some equipment that is currently exempted from authorization
requirements, the Commission sought comment on whether such exemptions
should continue. The Commission also sought comment on whether any
existing equipment authorization of ``covered'' equipment should be
revoked, and if so, under what procedures. The Commission noted that
adopting rules that take security into consideration in the equipment
authorization process would serve the public interest by addressing
significant national security risks that had been identified, and would
be consistent with the Commission's statutory ``purpose of regulating
interstate and foreign commerce in communications by wire and radio . .
. for the purpose of the national defense [and] for the purpose of
promoting safety of life and property.'' It tentatively concluded that
the Commission has the authority to prohibit authorization of equipment
on the Covered List, pointing to section 302 of the Communications Act
of 1934, section 303(e), and other bases, including the Communications
Assistance for Law Enforcement Act (CALEA), as well as ancillary
authority under section 4(i) of the Act.
NPRM on Competitive Bidding Program (EA Docket No. 21-233). The
Commission uses competitive bidding (i.e., auctions) to determine which
among multiple applicants with mutually exclusive applications for a
license may file a full application for the license. Pursuant to this
authority, the Commission has required each applicant that participates
in competitive bidding to make various certifications. These required
certifications address a range of public interest concerns related to
the conduct of competitive bidding and the national security interest
in precluding some parties from obtaining licenses through competitive
bidding. Parties unable to make the required certifications have their
applications to participate dismissed.
In the NPRM, the Commission sought comment on requiring any entity
participating in the Commission's competitive bidding processes to
certify that its bid does not and will not rely on financial support
from any entity that the Commission has designated, under Sec. 54.9 of
its rules, as a national security threat to the integrity of
communications networks or the communications supply chain. Under those
existing rules, Huawei and ZTE and their parents, affiliates, and
subsidiaries have been so designated.
NOI on Equipment Authorization Program (ET Docket No. 21-232). In
the NOI, the Commission sought broad comment on other possible actions
the Commission could take to create incentives in equipment
authorization processes for improved trust through the adoption of
cybersecurity best practices in consumer devices.
The Secure Equipment Act of 2021. On November 11, 2021, subsequent
to the Commission's adoption of the NPRM and NOI, the President signed
and enacted into law the Secure Equipment Act of 2021 (Secure Equipment
Act). This Act specifically concerns the Commission's equipment
authorization program in the instant proceeding (ET Docket No. 21-232),
in which the Commission has proposed prohibiting future authorizations
of equipment on the Commission's Covered List published under section
2(a) of the Secure Networks Act. In section 2(a)(1), the Secure
Equipment Act provides that, not later than one year after the date of
its enactment, the Commission ``shall adopt rules'' in the [instant]
proceeding.''
Discussion
In this proceeding, the Commission builds upon ongoing efforts by
Congress, the Executive Branch, and the Commission to protect our
nation's networks and supply chains from equipment and services that
pose an unacceptable risk to national security or the safety of U.S.
persons. Consistent with the Commission's proposals in the NPRM (ET
Docket No. 21-232), the Commission implements several revisions to the
Commission's equipment authorization program to prohibit authorization
of ``covered'' equipment identified on the Commission's Covered List in
order to protect our nation's communications systems from equipment
that has been determined to pose an unacceptable risk. The Commission's
actions in this proceeding fulfill Congress's mandate that the
Commission adopt such rules within one year of enactment of the Secure
Equipment Act of 2021. They also lay the foundation for future actions
by the Commission to implement prohibitions in the equipment
authorization program that will serve to protect the American people.
The Commission first finds that it has clear legal authority, as
underscored by the Secure Equipment Act, for modifying the Commission's
equipment authorization program to prohibit authorization of
``covered'' equipment identified on the Commission's Covered List. The
Commission then discusses several rule revisions that it's adopting in
the equipment authorization program (administered under part 2 of the
Commission's rules) that will serve to prohibit the authorization of
``covered'' equipment, whether that equipment is listed on the current
Covered List or is listed subsequently on an updated Covered List based
on any future determinations made by our nation's national security
agencies. The Commission also discusses the Covered
[[Page 7595]]
List, including the statutory framework associated with the list, the
``covered'' equipment on the current Covered List that the Commission
is prohibiting from authorization, and how additional ``covered''
equipment identified in future updates to the Covered List will be
prohibited from authorization under the Commission's equipment
authorization program. Finally, the Commission addresses other issues
raised by commenters (e.g., cost-effectiveness and constitutional
claims), as well as provide an overview of the Commission's anticipated
outreach efforts to inform manufacturers, industry, other interested
parties, and the public that will be affected by the actions to protect
the American public through elimination from the United States'
equipment supply chain of equipment that poses an unacceptable risk to
national security.
A. Legal Authority To Address Security Concerns Through the Equipment
Authorization Program
The Commission finds that it has authority to adopt the proposals
in the NPRM with regard to prohibiting authorization of ``covered''
equipment on the Covered List. The Commission reaches this
determination based on two grounds.
First, the Commission finds that the Secure Equipment Act provides
the Commission with express authority to adopt rules that prohibit the
review or approval of any application for equipment authorization for
equipment that is listed on the Commission's Covered List and requires
the Commission to act. Section 2(a)(1) of the Secure Equipment Act
expressly states that, no later than one year after its enactment, the
Commission shall adopt rules in the instant proceeding to do so. By
determining here--as specified in more detail below--that the agency
will no longer review or approve any equipment authorization for
equipment that is on the Commission's Covered List, the Commission is
acting based on the clear and express statutory language contained in
section 2(a)(1) of the Secure Equipment Act. Thus, the Commission has
legal authority to adopt those rules.
Second, the Commission has legal authority to take the relevant
equipment authorization actions to prohibit authorization of
``covered'' equipment specified in the Report and Order (as well as
with regard to revocation of authorizations discussed below) based on
the agency's statutory authority that predates Congress's 2021
enactment of the Secure Equipment Act. Before that enactment, the
Commission's NPRM in this proceeding relied on a number of preexisting
statutory provisions to support this view. The Commission continues to
believe, as noted in the NPRM, that section 302 of the Communications
Act provides additional authority to adopt the rule and procedure
changes proposed in the NPRM. The directive in section 302 to,
``consistent with the public interest, convenience, and necessity, make
reasonable regulations . . . governing the interference potential of
devices which in their operation are capable of emitting radio
frequency energy by radiation, conduction, or other means in sufficient
degree to cause harmful interference to radio communications,'' gives
the Commission authority to implement other statutory responsibilities.
And the inclusion of the phrase ``public interest'' in section 302(a)
provides independent authority to take into account, in the
Commission's consideration of the public interest, the national
defense, and the promotion of safety of life and property, goals which
must inform the Commission's exercise of its statutory
responsibilities. As explained extensively in the Report and Order,
prohibiting authorization of equipment that has been placed on the
Covered List is essential to the national defense and to the promotion
of public safety. It is well-established that the promotion of national
security is consistent with the public interest and part of the purpose
for which the Commission was created. As section 1 of the Act states,
the Commission was created ``for the purpose of the national defense
[and] for the purpose of promoting safety of life and property through
the use of wire and radio communication . . . .'' And as the Supreme
Court has instructed, the Commission does not read any ``particular
statutory provision in isolation,'' but rather ``in [its] context and
with a view to [its] place in the overall statutory scheme.''
In this regard, as further noted in the NPRM issued prior to the
Secure Equipment Act, the Commission's statutory authority also
included the authority under Sec. 303(e) of the Communications Act to
``[r]egulate the kind of apparatus to be used with respect to ``its
external effects'' (among other things). Further, as suggested in the
NPRM, section 105 of the Communications Assistance for Law Enforcement
Act (CALEA) supports the Commission's authority to prescribe the rules
that the Commission adopted in the Report and Order. That section
requires telecommunications carriers to ensure that the surveillance
capabilities built into their networks ``can be activated only in
accordance with a court order or other lawful authorization and with
the affirmative intervention of an individual officer or employee of
the carrier acting in accordance with regulations prescribed by the
Commission,'' and the Commission has concluded that its rule
prohibiting the authorization of equipment on the Covered List that
poses a national security threat implements that provision. The
Commission is required to prescribe rules necessary to implement
CALEA's requirements, and the Commission concludes that the rules it
implements here will help ensure that equipment that carriers include
in their networks will not include such unlawful interception
capabilities because use of equipment from companies that are
identified by Congress and national security agencies to pose a
national security threat is far more likely to be subject to
unauthorized access. Finally, as noted in the NPRM, the Commission has
ancillary authority to implement these statutory provisions by adopting
such rules ``as may be necessary in the execution of [these foregoing
Commission] functions.''
The Commission's reading of its pre-existing authority is confirmed
by Congress's enactment of the Secure Equipment Act. By specifying both
this proceeding, by its docket number, in referring expressly to ``the
Notice of Proposed Rulemaking'' pending before the Commission, and by
directing the Commission to ``clarify'' that it would no longer review
or approve any application for equipment that is on the Covered List,
Congress clearly intended to ratify the Commission's tentative
conclusions in the NPRM that it had authority as discussed therein.
For all these reasons, the Commission now determines that it has
the requisite legal authority to take these actions. Indeed, the
argument to the contrary can be summarized as follows: even though the
Commission has authority to approve equipment for use in the United
States, the Commission has no statutory discretion to determine not to
authorize that equipment in the event that a national security agency
determines that the equipment poses an unacceptable risk to our
national security. The Commission rejects the argument that the
foregoing collective sources of statutory authority--in the absence of
the Secure Equipment Act--would have deprived the Commission of such
discretion. And Congress expressly endorsed this view in the Secure
Networks Act.
[[Page 7596]]
B. Revisions to the Equipment Authorization Program
In the NPRM, the Commission proposed to adopt revisions to its
equipment authorization rules and processes to prohibit authorization
of ``covered'' equipment on the Covered List. The Commission proposed
or sought comment on several potential revisions to various rule
provisions related to the equipment authorization processes that would
implement the proposed prohibition on authorization of equipment on the
Covered List. In particular, the Commission proposed or sought comment
on revisions to the Commission's general part 2 rules and to specific
provisions relating to authorization of equipment processed through the
Commission's equipment certification and SDoC processes. The Commission
notes at the outset that the Commission received numerous comments in
support of its general objectives in proposing rules prohibiting
authorization of equipment on the Covered List. Several of these and
other commenters also offer particular views on how the Commission
should implement the prohibition, and some oppose significant elements
of the proposal. The Commission addresses the particular issues raised
by commenters, below.
1. General Provisions
In the NPRM, the Commission proposed to adopt, in the ``General
Provisions'' section of its part 2, subpart J rules, a general
prohibition of authorization of ``covered'' equipment identified on the
Covered List. In particular, the Commission proposed to add new Sec.
2.903 to clearly establish that the equipment on the Covered List--
whether subject to the certification process or the SDoC process--would
be prohibited from obtaining a Commission equipment authorization. The
Commission sought comment on the proposal and whether modifications or
clarifications of the proposed new rule were needed. In response, the
Commission received one comment expressing general support and one of
general opposition, largely arguing that the Commission lacks the
authority to enact such a prohibition. As discussed in the Report and
Order, Congress, through the Secure Equipment Act, directed the
Commission to adopt rules, no later than November 11, 2022, to clarify
that it would no longer review or approve any application for
authorization of equipment on the Covered List. The Commission thus has
an explicit statutory mandate to adopt such rules.
In accordance with the direction provided by the Secure Equipment
Act, the Commission adopted new rule 2.903 in subpart J of the
Commission's part 2 equipment authorization rules. This general
prohibition makes clear that ``covered'' equipment identified on the
Covered List will no longer be eligible for either of the two
Commission equipment authorization procedures-- certification or SDoC.
In accordance with section 2(d) of the Secure Networks Act, the
prohibition will extend to any communications equipment that is
included in an updated Covered List in the future, and will no longer
extend to any communications equipment that is removed from the Covered
List. As discussed further in the Report and Order, this new provision
also serves to prohibit marketing such equipment under subpart I of the
Commission's rules and importation of such equipment under subpart K.
The Commission also includes within this new rule, additional
general provisions associated with implementation of this prohibition
in the Commission's equipment authorization program under part 2. These
provisions include definitions to be used in connection with the
Covered List (e.g., ``subsidiary'' and ``affiliate''), as well the
requirement that OET and PSHSB publish and maintain on the Commission's
website information concerning on what constitutes ``covered''
equipment for purposes of implementing the prohibition on authorization
of ``covered'' equipment.
2. Certification Rules and Procedures
In the NPRM, the Commission proposed several revisions to various
rules and procedures concerning the certification of equipment, and
sought comment on other potential revisions, in order to ensure that
equipment on the Covered List would no longer receive equipment
authorization. The Commission noted that its intent is to revise the
equipment authorization process in a way that efficiently and
effectively prohibits authorization of ``covered'' equipment without
delaying the authorization of innovative new equipment that benefits
Americans' lives. Thus, the Commission sought comment on ``[w]hat
information may be pertinent to assist the TCBs and the Commission in
ensuring'' against equipment authorization for such ``covered''
equipment, and on revisions to its rules that could better ensure
compliance with those new requirements.
As explained in the NPRM, the equipment certification procedures
apply to certain radiofrequency devices that have the greatest
potential to cause harmful interference to radio services.
Certification generally is required for equipment that consists of
radio transmitters as well as some unintentional radiators. Examples of
equipment that requires certification include wireless provider base
stations, mobile phones, point-to-point and point-to-multipoint
microwave stations, land mobile, maritime and aviation radios, wireless
medical telemetry transmitters, Wi-Fi access points and routers, home
cable set-top boxes with Wi-Fi, and most wireless consumer equipment
(e.g., tablets, smartwatches, and smart home automation devices).
Applicants for equipment certification are required to file their
applications, which must include certain specified information, with an
FCC-recognized Telecommunications Certification Body (TCB). The
Commission, through its Office of Engineering and Technology (OET),
oversees the certification process, and provides guidance to
applicants, TCBs, and test labs with regard to required testing and
other information associated with certification procedures and
processes, including correspondence and pre-approval guidance provided
via OET's knowledge database system (KDB). Each applicant must provide
the TCB with all pertinent information as required by the Commission's
rules, including documentation that addresses compliance with the
testing requirements that broadly apply to RF devices, specific
technical requirements in particular service rules, and other
applicable policy-related Commission requirements. The TCB then
evaluates the submitted documentation and test data to determine
whether the device complies with the relevant Commission rules. Once a
TCB grants an application, information about that authorization is
publicly announced ``in a timely manner'' through posting on the
Commission-maintained equipment authorization system (EAS) database,
and referenced via unique FCC identifier (FCC ID). Certified equipment
also is subject to various other requirements, including rules for
modifying the equipment, marketing the equipment, and changing or
transferring ownership of the associated FCC ID.
The Commission's goal is to revise the equipment authorization
process in a way that efficiently and effectively prohibits
authorization of covered equipment without delaying the authorization
of innovative new equipment that benefits Americans' lives. In the
NPRM, the Commission proposed and sought comment on a
[[Page 7597]]
requirement for each applicant for certification to make an attestation
that the equipment is not ``covered'' equipment on the Covered List. It
also asked whether the applicant should be required to provide specific
additional information that would help establish that the equipment is
not ``covered.'' In addition, the Commission proposed that the party
responsible for ensuring that equipment complies with applicable
requirements be located within the United States and that the
application for certification include relevant contact and address
information.
Attestation requirement. In the NPRM, the Commission specifically
proposed to add a new provision to Sec. 2.911 that would require
applicants for certification to provide a written and signed
attestation that, as of the date of the filing of the application, the
equipment is not ``covered'' equipment produced by entities identified
on the Covered List. The Commission proposed, further, that this
attestation would encompass an attestation that no equipment, including
any ``component part,'' is comprised of ``covered'' equipment. The
Commission sought comment on whether such an attestation would be
sufficient to implement the prohibition against authorization of
covered equipment, the exact wording of the attestation, and the
applicant's responsibility related to any changes in the Covered List.
In addition, the Commission asked whether it should require the
applicant to provide, under Sec. 2.1033, additional information
(possibly including a ``parts'' list) that could help establish that
the equipment is not ``covered'' in order to assist TCBs and the
Commission in ensuring that applicants do not seek certification of
``covered'' equipment. Finally, in the NPRM, the Commission proposed to
direct OET, working with other bureaus and offices across the
Commission (including PSHSB, WCB, IB, and EB), to develop pre-approval
guidance or other guidance for applicants and TCBs in order to
implement the prohibition on authorization of ``covered'' equipment.
The Commission adopted a general attestation requirement in the
form of a written and signed certification that the equipment is not
prohibited from receiving an equipment authorization pursuant to new
Sec. 2.903. Specifically, the Commission revises Sec. 2.911 to
include a requirement that each applicant for equipment authorization
in the certification process expressly provide a written and signed
certification that, as of the date the applicant submits the required
information to a TCB, the subject equipment is not prohibited from
receiving an equipment authorization pursuant to Sec. 2.903.
The Commission also will require that each applicant indicate, as
part of this certification, whether it is an entity identified on the
Covered List with respect to ``covered'' equipment. The Commission
notes that such entities on the Covered List could include entities
specifically identified by name, as well as other associated entities,
such as their subsidiaries and affiliates, and if so, then the
applicant must indicate whether it is any such entity. The Commission
finds that requiring submission of this additional information as part
of the application for equipment certification will help ensure that
prohibited ``covered'' equipment is not authorized. The rules that the
Commission adopted to prohibit authorization of ``covered'' equipment
rely in the first instance on the attestations by applicants at the
beginning of the application process. Considering that applications for
equipment certifications can be quite numerous, the Commission finds
that knowing whether an applicant for equipment certification is an
entity identified on the Covered List is essential to the efficient and
effective administration by the Commission and the TCBs of the
statutory prohibition in the Commission's equipment authorization
program. The Commission agrees with Motorola that transparency
concerning the subsidiary or affiliate status of an applicant is
important, and this requirement will facilitate such transparency.
While the Commission notes that indicating that the applicant is an
entity on the Covered List does not mean that the subject equipment
qualifies as ``covered'' equipment as such, such information
nonetheless can potentially assist the TCBs, as well as the Commission
in the oversight, and will be another feature that will be integral to
ensuring that ``covered'' equipment in not authorized. In sum, the
Commission finds this requirement both reasonable and justified,
particularly given the national security concerns related to preventing
authorization of ``covered'' equipment and the directive of Congress in
the Secure Equipment Act.
The Commission notes that the Covered List must be periodically
updated, which will likely result in periodic modifications as to the
equipment or entities identified on the Covered List. Implementing a
general attestation requirement, as opposed to a specific provision
that directly relates to the equipment identified on the current
Covered List, provides the flexibility for accommodating potential
changes in the ``covered'' equipment on an updated Covered List. The
Commission recognizes that there may be instances in which the Covered
List is modified while an application for certification is pending. To
ensure that the Commission adequately addresses such changes to the
Covered List, the Commission adopted an additional requirement under
Sec. 2.911 specifying that, if the Covered List is modified after the
date of the attestation but prior to grant of the authorization, then
the applicant must provide a new written and signed certification that
the subject equipment is not ``covered'' equipment identified on the
Covered List as so amended.
Based on the record before us and the concerns raised, the
Commission finds that any attestation that more broadly encompasses all
``component parts'' raises several issues that require additional
consideration, and accordingly, the Commission seeks further comment on
those issues in the Further Notice of Proposed Rulemaking in this
proceeding. Thus, the Commission is not requiring, at this time, that
the attestation specifically address individual component parts
contained within the subject equipment, or provide any additional
information in the application filed in accordance with Sec. 2.1033.
The Commission will require that applicants for equipment
certification, when attesting that their equipment is not ``covered,''
take into consideration the Commission's definitions and guidance
regarding what constitutes ``covered'' equipment, as separately
discussed in more detail. Several commenters note the importance of
clear guidance for purposes of the attestation requirement. This
guidance, which will be posted on the Commission's website, will be
updated as appropriate to incorporate any further updates to the
Covered List that affect ``covered'' equipment for purposes of the
equipment authorization program, and will provide additional clarity
regarding the requisite attestation. Attestations by each applicant
that the subject equipment is not prohibited from receiving an
equipment authorization must be true and accurate. As discussed below,
in order to protect against abuse of the application process that
relies on this attestation, the Commission also adopted new procedures
for revoking equipment certifications for false statements or
representations made by any applicant in its application for
certification regarding ``covered'' equipment.
Agent for service of process located in the United States. In the
NPRM, the Commission sought comment on actions
[[Page 7598]]
that it should take that would better ensure that equipment
certification applicants and grantees comply with the requirements
proposed in the NPRM. In particular, the Commission proposed requiring
that the party responsible for compliance with the applicable
requirements concerning certified equipment have a party located within
the United States that would be responsible for compliance, akin to the
current requirement applicable for equipment authorized through the
SDoC process. The Commission also asked whether it should require the
applicant for an equipment certification to identify an agent for
service of process that must be located within the United States.
Finally, the Commission sought comment on how much additional burden
such requirements would place on the applicant and whether similar
requirements should be placed on grantees of existing equipment
authorizations.
The Commission continues to believe that it is important to
facilitate enforcement of its rules, and the actions in this proceeding
to prohibit future authorization of ``covered'' equipment that poses an
unacceptable risk to national security underscore the need for
effective enforcement of applicable rules associated with certified
equipment. For many certified devices that are imported to and marketed
in the United States, the grantees of the associated equipment
authorizations are located outside of the United States. It is not
always easy to communicate effectively with grantees, particularly
foreign-based grantees, in order to engage in relevant inquiries,
determine compliance, or even enforce the Commission's rules where
appropriate. Accordingly, the Commission believes it's important to
have a reliable and effective means to readily identify and contact a
representative of the grantee of an FCC equipment certification.
Accordingly, in the Report and Order, the Commission adopted a
requirement that each applicant for equipment certification designate a
contact located in the United States for purposes of acting as its
agent for service of process, regardless of whether the applicant is a
domestic or foreign entity. The Commission believes that this
requirement is straightforward, easy to implement, and should not place
much of a burden on applicants seeking equipment authorization.
However, as for the proposal to require that, for equipment
certification, the party responsible for compliance be located in the
United States, the Commission finds that defining specific requirements
that the Commission should adopt and implementing them within its
processes raises more complicated issues. Thus, the Commission further
concludes that it would benefit from further consideration of these
issues in the Further Notice of Proposed Rulemaking portion of this
proceeding.
An agent for service of process traditionally holds the obligation
to accept the service of process and other documents on behalf of the
party chiefly responsible, and to swiftly and dutifully deliver them to
that party. Service of process includes, but is not limited to,
delivery of any correspondence, notices, orders, decisions, and
requirements of administrative, legal, or judicial process related to
Commission proceedings. The rule the Commission adopted reflects other
well-established service of process requirements in the Commission
rules.
For purposes of implementing this requirement, the Commission
revises its rules to require that the applicant for equipment
certification include with its application for certification a written
certification identifying the agent for service of process by name,
U.S. physical address, U.S. mailing address (if different), email
address, and telephone number. An applicant that is located in the
United States may designate itself as the agent for service of process.
The attachment designating the agent for service of process must
include a statement, signed by both the applicant and its designated
agent for service of process, if different from the applicant,
acknowledging the applicant's consent to accept service of process in
the United States at the physical mailing address, U.S. mailing address
(if different), and email address of its designated agent, as well as
the agent's acceptance of its obligation. Requiring that the agent
expressly consent to service within the United States will enable the
Commission to efficiently carry out its enforcement duties, and if the
grantee is foreign-based, will facilitate enforcement without the need
to resort to unwieldy procedures that may otherwise apply under
international law. The written certification must also include the
applicant's acknowledgment that the designation of the agent must
remain in effect for no less than one year after the grantee has
terminated all marketing and importing of the associated certified
equipment within the United States or the conclusion of any Commission-
related administrative or judicial proceeding involving the equipment,
whichever is later. In line with existing Commission rules, service is
deemed to be complete when the document is sent to the U.S. physical
address, U.S. mailing address (if different), or email address of the
U.S.-based agent for service of process. While, as discussed in the
NPRM, the Commission sought comment on whether to apply such a
requirement for an agent for service of process located in the United
States to equipment already authorized pursuant to the certification
process, the Commission declined to do so in the Report and Order
unless there is a change in the name or address of the grantee or the
grantee modifies the authorized equipment, as discussed immediately
below.
Modification of equipment, including permissive changes. In the
NPRM, the Commission sought comment on possible revisions to the part 2
rules to ensure that equipment users will not make modifications to
existing equipment that would involve replacement with ``covered''
equipment. In particular, the Commission asked whether it should revise
Sec. 2.932 regarding modifications to equipment (e.g., changes in the
design, circuitry, or construction of the device) or the Sec. 2.1043
provisions concerning changes to certified equipment, such as
``permissive changes.''
The Commission finds that, in order to fully implement the newly
adopted prohibition on authorization of ``covered'' equipment the
Commission must also revise Sec. 2.932 concerning modification of
equipment. A modification to authorized equipment could result in the
later identification of that equipment as ``covered.'' the Commission
cannot allow the continued authorization of modified equipment if, at
the time of such modification, the equipment is ``covered'' equipment
on the Covered List. Accordingly, the Commission adopted revisions to
Sec. 2.932 to require, similar to the revised provisions of Sec.
2.911, that all applications or requests to modify already certified
equipment include a written and signed certification that the equipment
is not prohibited from receiving an equipment authorization pursuant to
Sec. 2.903. The Commission also requires an affirmative or negative
statement as to whether the applicant is identified on the Covered
List, as well as the written and signed certifications required under
Sec. 2.911(d)(6) regarding an agent for service of process within the
U.S. Similarly, the Commission also adopted the same provisions for
requests for Class II and III permissive changes pursuant to Sec.
2.1043. The Commission finds that these revisions are sufficient to
prevent modified equipment from maintaining authorization when such
modifications occur at a time after which such equipment has been
identified as posing
[[Page 7599]]
a risk and thereby appearing on the Covered List.
Requirements that grantees update certain changes following grant
of certification. Considering that Sec. 2.929 includes provisions
regarding changes in the name, address, ownership, or control of the
grantee of an equipment authorization, in the NPRM, the Commission also
asked whether revisions were appropriate to that rule, consistent with
the goals of this proceeding. Section 2.929 sets forth the requirements
that the grantee of an equipment certification must maintain accurate,
up-to-date contact information on file with the Commission:
``[w]henever there is a change in the name and/or address of the
grantee of certification, notice of such change(s) shall be submitted
to the Commission via the internet at <a href="https://apps.fcc.gov/eas">https://apps.fcc.gov/eas</a> within
30 days after the grantee starts using the new name and/or address.''
The grantee also must report the assignment, exchange, or certain
transactions affecting the grantee (e.g., transfer of control or sale
to another company, mergers, and/or manufacturing rights), irrespective
of whether the Commission requires a new application for certification.
The current rule also permits a grantee to license or otherwise
authorize a second party to manufacture the equipment. The Commission
did not receive comments on updating Sec. 2.929.
The Commission adopted revisions to Sec. 2.929 in order to ensure
that certain post-authorization changes do not result in that equipment
becoming ``covered'' equipment that poses an unacceptable risk to
national security. The Commission finds that certain changes in the
name, address, ownership, or control of the grantee of an equipment
authorization could result in previously authorized equipment being
produced by an entity identified on the Covered List as producing
``covered'' equipment, thus resulting in the equipment becoming
``covered'' equipment. Accordingly, the Commission revises the
requirements in Sec. 2.929 to ensure that a grantee cannot circumvent
the prohibition on authorization of equipment on the Covered List by
transferring ownership or control, or licensing or otherwise
authorizing a second party to manufacture the equipment associated with
the grant of the equipment authorization. Specifically, the Commission
revises Sec. 2.929 to prohibit the grantee of an equipment
authorization from licensing or otherwise authorizing a second party to
manufacture the equipment covered by the grant of the equipment
authorization if such licensing or authorization would result in the
equipment falling within the scope of ``covered'' equipment. The
Commission further adopted a requirement that notice of any change in
the name or address of the grantee of certification, or transactions
affecting the grantee (such as a transfer of control or sale to another
company, mergers, or transfer of manufacturing rights), include
provisions similar to the revised provisions of Sec. 2.911.
Specifically, the Commission requires that the notice include a written
and signed certification that as of the date of the filing of such
notice, the equipment to which the change applies is not prohibited
from receiving an equipment authorization pursuant to Sec. 2.903. The
Commission also requires that the notice include an affirmative or
negative statement as to whether the grantee is identified on the
Covered List (e.g., is subsidiary or affiliate of an entity named on
the Covered List as producing ``covered'' equipment.
The Commission also revises Sec. 2.929 to help ensure compliance
with the effective service of process requirement added to Sec.
2.1033, described above. For the same reasons that the Commission
requires a U.S.-based agent for service of process for applicants, the
Commission will require that the grantee maintain an agent for service
of process that is located in the United States. Therefore, the
Commission adds to Sec. 2.929 the requirement that grantees must
report any change to the information of the designated U.S.-based agent
for service of process in updating the information on file with the
Commission along with the written and signed certifications required
under new Sec. 2.911(d)(7).
Conforming edits in part 2. The Commission makes several conforming
edits in the part 2 rules to reflect the requirements that the
Commission adopted in the Report and Order. Several part 2 rules are
revised, as appropriate to reflect that the requirements for equipment
authorization now include the responsibility to comply with non-
technical requirements such as the Covered List prohibitions. The
Commission notes that it also adopted in Sec. 2.1033 the provisions
adopted in Sec. 2.911(d) to clarify that the required information must
be provided with the application for certification.
Other issues raised in the NPRM. In the NPRM, the Commission sought
comment on other possible steps that it should consider that would
affect its certification rules, such as actions that could be taken
following grant of an equipment authorization that might be helpful in
enforcing the prohibition on authorization of ``covered'' equipment.
These included whether the Commission should consider adopting any
post-grant review procedures following the grant of an equipment
authorization, or any revisions or clarifications concerning ``post-
market surveillance'' activities with respect to products that have
been certified. In the few comments the Commission received on these
issues, most opposed any changes, and the Commission is not at this
time adopting any revisions or clarifications to the Commission's rules
on these issues. The Commission does, however, think they merit further
consideration, particularly now that the Commission has adopted a
specific set of rules and procedures prohibiting authorization of
``covered'' equipment. Accordingly, the Commission seeks further
comment in the Further Notice portion of this proceeding, requesting
comment in light of the rule revisions that the Commission adopted in
the Report and Order.
3. Supplier's Declaration of Conformity (SDoC) Rules and Procedures
In the NPRM, the Commission proposed that any equipment produced by
any of the entities (or their respective subsidiaries or affiliates)
that produce covered equipment, as specified on the Covered List, would
no longer be authorized pursuant to the Commission's SDoC processes,
and that the equipment of any of these entities would be subject to the
Commission's certification process. Under this approach, responsible
parties would be prohibited altogether from relying on authorization
using the SDoC process with respect to any equipment produced or
provided by these entities (or their respective subsidiaries or
affiliates), as such equipment could not be authorized utilizing the
SDoC process. The Commission sought to ensure consistent application of
its prohibition on further authorization of any ``covered'' equipment
by requiring a single process, the certification process, which
involves more active Commission oversight than the SDoC process for
equipment produced by any entity identified on the Covered List as
producing ``covered'' equipment. The Commission also invited comment on
the specific information that should be included in the SDoC compliance
statement that would ensure that responsible parties do not use the
SDoC process for equipment produced by entities identified on the
Covered List as producing ``covered'' equipment.
As discussed in the NPRM, the SDoC procedures, which are available
for specific equipment generally considered
[[Page 7600]]
to have reduced potential to cause harmful RF interference, permits
equipment to be authorized through reliance on the responsible party's
self-declaration that the equipment complies with the pertinent
Commission requirements. Accordingly, the SDoC process differs
significantly from the certification process, and does not involve the
more active and transparent oversight of the certification process.
Many devices eligible for an SDoC authorization do not contain a radio
transmitter and include only digital circuitry (e.g., computer
peripherals; microwave ovens; industrial, scientific, and medical (ISM)
equipment; switching power supplies; light-emitting diode (LED) light
bulbs; radio receivers; and TV interface devices), although an SDoC
authorization is also permitted for certain transmitters used in
licensed services. As the Commission noted, under existing rules, the
use of SDoC procedures are ``optional,'' as each responsible party for
an SDOC-eligible device could choose to obtain equipment authorization
using either certification or SDoC procedures.
For each particular RF device, the completion of the SDoC process
signifies that the responsible party affirms that the necessary
measurements have been made, or other procedures that have been found
acceptable to the Commission have been completed, to ensure that the
particular equipment complies with the applicable requirements. As set
forth in the Commission's rules, the responsible party may be the
equipment manufacturer, the assembler (if the equipment is assembled
from individual component parts and the resulting system is subject to
authorization), or the importer (if the equipment by itself or the
assembled system is subject to authorization), or, under certain
circumstances, retailers or parties performing equipment modification.
For devices subject to SDoC, the information the responsible party must
keep on file includes a compliance statement that lists a U.S.-based
responsible party. The SDoC process is ``streamlined'' in the sense
that, unlike the certification process, it does not require submission
of applicable information to a Commission-recognized TCB or the use of
an FCC-recognized accredited testing laboratory. However, the
Commission can specifically request that a responsible party provide
compliance documentation or device samples as necessary.
Prohibition on use of SDoC process for entities producing
``covered'' equipment on the Covered List. In proposing in the NPRM
that equipment produced by any of the entities (or their respective
subsidiaries or affiliates) identified on the Covered List as producing
``covered'' equipment would no longer be authorized pursuant to the
Commission's SDoC process, the Commission sought to ensure consistent
application of its proposed prohibition on authorization of ``covered''
equipment. The Commission contends that by shifting such equipment to
the certification process, which involves more active oversight,
including proactively providing guidance when working directly with
TCBs prior to any equipment authorization, it would facilitate more
effective post-market surveillance as appropriate. Because the
Commission does not have direct involvement in the SDoC process (e.g.,
nothing is filed with or recorded by the Commission), that process
presents significant additional challenges to ensure that covered
equipment that might otherwise be eligible for the SDoC process does
not make its way into the U.S. market.
The Commission is not persuaded by opponents of the proposal who
assert that it is unnecessarily burdensome. Entities following either
the certification or the SDoC process must both prove compliance with
FCC rules through testing and supporting documentation. Given that
information on equipment authorized via the SDoC process is not readily
transparent to the Commission, the certification process provides the
Commission with the necessary oversight to ensure that the Commission
is achieving the goals in this proceeding to prohibit authorization of
equipment that poses an unacceptable risk, as required by the Secure
Equipment Act, and will help prevent ``covered'' equipment from
improper authorization through the SDoC process in the first place. The
Commission finds that it is appropriate and reasonable to foreclose the
SDoC process to equipment produced by any entity identified on the
Covered List as producing ``covered'' equipment and require equipment
authorization through the certification process. The Commission adopted
as proposed a rule prohibiting any of the entities identified on the
Covered List as producing ``covered'' equipment from using the SDoC
process to authorize any equipment--not just ``covered'' equipment
identified on the Covered List. Thus, any equipment eligible for
equipment authorization that is produced by any entities so identified
on the Covered List must be processed pursuant to the Commission's
certification process, regardless of any Commission rule that would
otherwise permit use of the SDoC process.
As explained in the NPRM, the Commission believes that requiring
use of only one process by entities that have already been determined
to produce ``covered'' equipment will serve the important goal of
ensuring consistent application of the Commission's newly adopted
prohibition on further authorization of any ``covered'' equipment,
while also providing for more active oversight. Considering the
importance of prohibiting equipment for devices that pose an
unacceptable risk to national security, and that this is the
Commission's first foray into implementing rules and procedures that
require effective identification and prohibition of equipment that
poses an unacceptable risk to national security, the Commission finds
this approach at this time is consistent with the public interest. The
Commission notes that, as the Commission, industry, and manufacturers
gain more experience over time on the effectiveness of its SDoC
procedures concerning ``covered'' equipment, the Commission may revisit
this process.
Attestation requirement. In the NPRM, the Commission sought comment
on what information should be included in the SDoC compliance statement
to ensure that responsible parties do not use the SDoC process to
authorize ``covered'' equipment. In the Commission's view, this
compliance statement would need to be sufficiently complete to ensure
that a responsible party exercises the necessary diligence to confirm
that equipment that is subject to the SDoC process is not ``covered''
equipment for purposes of equipment authorization. Further, the
Commission indicated that this compliance statement should be crafted
in such a manner as to assist responsible parties in ensuring
authorization is achieved through the appropriate process by
identifying equipment produced by any entity identified on the Covered
List as producing ``covered'' equipment, which can no longer be
authorized through the SDoC process. This statement would also ensure
that responsible parties are held accountable, by their compliance
statement, for any misrepresentations or violation of the prohibition
that the Commission adopted.
As the Commission did for the certification process, the Commission
adopted a general attestation requirement in the form of a written and
signed certification that the equipment is not produced by any entity
identified on the Covered List as producing ``covered'' equipment,
pursuant to Sec. 1.50002 of the Commission's rules.
[[Page 7601]]
Specifically, the Commission revises Sec. 2.938 to include a
requirement that the responsible party maintain record of a written and
signed certification that, as of the date of first importation or
marketing, the equipment for which the responsible party maintains
Supplier's Declaration of Conformity is not produced by any entity that
is identified on the Covered List as producing ``covered'' equipment.
The Commission finds that the existing SDoC operational framework, in
which the responsible party declares that the equipment complies with
the pertinent Commission requirements, in concert with an explicit
attestation by each responsible party completing the SDoC process that
the subject equipment is not produced by any entity identified on the
Covered List as producing ``covered'' equipment, pursuant to Sec.
1.50002 of the Commission's rules, should be sufficient to render
unlikely the possibility that equipment required to be processed
through the Commission's certification procedures will instead be
erroneously processed under the Commission's SDoC procedure. The
Commission finds that JVCKenwood's suggestions that the attestation
include other considerations beyond whether the equipment is
``covered'' (e.g., an attestation that the equipment was not unlawfully
acquired) are beyond the scope of the Commission's proposal in this
proceeding.
The required attestation by the responsible party for each device
authorized under SDoC is similar to that required of applicants in the
certification process. As with the attestation included in a
certification application, the Commission will require a simple
attestation here that the equipment is not produced by an entity
identified on the Covered List as producing ``covered'' equipment,
pursuant to Sec. 1.50002 of the Commission's rules. The Commission
does not believe that such a requirement will present an undue burden
when weighed against the potential security risks described by Congress
nor should it present any delay in authorizing equipment through the
SDoC process. Such an attestation will also provide a mechanism for the
Commission to, as needed, verify the origin of equipment authorized by
SDoC and ensure accountability for a responsible party dealing with
equipment provided by entities on the Covered List. The Commission
expects that these measures will be sufficient to deter responsible
parties from seeking the SDoC process for authorization of equipment on
the Covered List, and the Commission will rely on the enforcement
procedures to ensure compliance. The Commission notes that the current
rules require that the SDoC responsible party be located within the
United States, and that the party's name, address, and telephone number
or internet contact information be included in the compliance
information that is provided with authorized equipment, and the
Commission does not alter this requirement.
Enforcement. In the NPRM, the Commission also asked several
questions relating to enforcement of the SDoC prohibitions and related
requirements. In this regard, the Commission noted its existing
authority to request equipment samples and compliance information, and
asked questions about the circumstances that would warrant Commission
requests and what information would be useful in proving/disproving
such compliance. The Commission received no comments or suggestions on
how it should approach these issues.
As noted in the NPRM, the Commission already has the authority to
request that the responsible party provide information regarding any
equipment that has been authorized through the SDoC procedures.
Accordingly, the Commission will exercise oversight, as appropriate, by
requesting that the responsible party provide relevant information--
e.g., an equipment sample, representative data demonstrating
compliance, and the compliance statement itself, including the
attestation (in the form of a written and signed certification)
required by this action, and any information necessary to assess the
validity of that attestation--regarding any equipment that the
Commission deems requires confirmation of its compliance with the
rules. As with equipment authorized through the certification process,
the Commission will take any available enforcement action to ensure
that equipment identified on the Covered List does not receive
equipment authorization and to hold accountable any entity that fails
to accurately attest that any equipment for which they seek
authorization is ``covered'' equipment. The Commission also will work
with their federal partners to identify and block the importation of
``covered'' equipment that is placed on the Covered List and is
prohibited from equipment authorization pursuant to the rules adopted
in the Report and Order.
Finally, in light of the newly established SDoC rules and
procedures to prohibit authorization of ``covered'' equipment, the
Commission invites further comment in the Further Notice of Proposed
Rulemaking on other actions the Commission should consider when
carrying out its responsibilities to ensure compliance with the
prohibitions on authorization of ``covered'' equipment that the
Commission adopted in the Report and Order.
4. Importation and Marketing Rules
As the Commission noted in the NPRM, if it adopted its proposal to
revise the Commission's subpart J equipment authorization rules to
prohibit any further authorization of covered equipment through the
certification or SDoC processes, this decision also would prohibit the
marketing of such equipment under subpart I of the Commission's part 2
rules (Marketing of Radio-Frequency Devices) and importation of
equipment under subpart K (Importation of Devices Capable of Causing
Harmful Interference) of the part 2 rules. In the NPRM, the Commission
sought comment on whether to revise or provide clarification with
regard to how the proposal to prohibit authorizing covered equipment
would affect the Commission's rules in either subpart I or subpart K.
Specifically, the Commission asked whether the general prohibition it
proposed for equipment subject to certification and SDoC made any
changes to subparts I or K unnecessary and, if not, what changes were
needed to the rules in those subparts.
The Commission affirms the conclusion that revising the general
equipment authorization provisions in subpart J also effectively
prohibits the marketing and importation of ``covered'' equipment
prohibited from authorization under the equipment authorization
program. Section 2.803(b) only permits persons to market RF devices
that are subject to authorization under either the certification or
SDoC process, as set forth in the Commission's subpart J rules, once
those devices have been authorized, unless an exception applies.
Similarly, the revisions in this proceeding to the equipment
authorization process in subpart J, above, also prohibits importing or
marketing of covered equipment if it is subject to authorization
through either the certification or SDoC process in subpart J and has
not been authorized, per Sec. Sec. 2.1201(a) and 2.1204(a).
The Commission recognizes that commenters have raised points
related to technical concerns and the intended use of imported
equipment. However, as with the other rule revisions that the
Commission adopted in the Report and
[[Page 7602]]
Order, the Commission focuses review of the importation and marketing
rules on how they relate to addressing equipment on the Covered List in
terms of equipment authorization. The Commission emphasizes that,
generally under the rules, RF devices may be imported only when certain
conditions are met. Many of those conditions are based on equipment
authorization, with other very limited conditions based on personal
use, demonstration, and other very restrictive conditions. As such, the
Commission found that, there was no need to adopt revisions to the
importation or marketing rules to address equipment on the Covered List
because the revisions to the equipment authorization rules prohibiting
any further authorization of covered equipment also serve to prohibit
the importation and marketing of such equipment.
5. Exempt Equipment
As a general matter, the Commission's equipment authorization
program is concerned with ensuring that RF emissions do not cause
harmful interference to radio communications. However, in the NPRM, the
Commission recognized that this proceeding involves concerns about
equipment that poses an unacceptable risk to our nation's
communications networks, which are distinct from the Commission's
concerns related to interference to authorized radio services. Asking
whether ``covered'' equipment potentially could include equipment that
currently is exempt from its equipment authorization processes, the
Commission sought comment on whether to reconsider whether, in order to
address security concerns, providing such exemptions continues to be
appropriate.
Background. The most diverse set of exempt devices operate under
the Commission's part 15 unlicensed device rules. Certain unlicensed RF
devices are exempt from demonstrating compliance under either of the
Commission's equipment authorization procedures (certification or SDoC)
because these devices generate such low levels of RF emission that they
have little potential for causing harmful interference to authorized
radio services, although some devices may be exempt for other reasons.
In addition, certain equipment that operates within licensed services
are also exempt from part 2 equipment authorization due to a variety of
reasons beyond interference concerns and are not subject to the
Commission's specific part 2 testing, filing, or record retention
requirements. However, such devices are subject to complying with the
unique operational and technical requirements associated with the
particular licensed service.
In the NPRM, the Commission sought specific comment on whether the
Commission should revise its rules to eliminate any equipment
authorization exemption for ``covered'' equipment based on the
potential of such equipment, regardless of RF emissions
characteristics, to pose an unacceptable risk to U.S. networks or
users. The Commission further sought comment on whether such a revision
should apply only to exempt part 15 unlicensed devices or should
include currently exempt devices that operate under other rule parts.
The Commission also asked whether to require that any equipment (in
whole or in part), regardless of any applicable rule exemption, that is
produced by any entity that has produced ``covered'' equipment on the
Covered List be processed pursuant to the Commission's certification
process (similar to the proposal and the requirement that the
Commission is adopting that such entities must use the certification
process for equipment, even if existing rules had permitted processing
through the SDoC process).
In the NPRM, the Commission tentatively concluded that the legal
authority associated with the Commission's proposal to prohibit
authorization of ``covered'' equipment in its equipment authorization
process also provided, pursuant to sections 302 and 4(i) of the Act,
for actions that the Commission might take with respect to precluding
``covered'' equipment from being exempted from the equipment
authorization process.
Discussion. The Commission concludes that it will no longer exempt
``covered'' communications equipment, i.e., equipment that has been
determined to pose an unacceptable risk to national security pursuant
to the Secure Networks Act, from equipment authorization requirements.
Accordingly, the Commission will require that any equipment produced by
any of the entities identified on the Covered List as producing
``covered'' equipment be processed through the certification process
just as the Commission is requiring equipment previously subject to the
SDoC procedures to be processed through the certification processes. By
no longer exempting equipment produced by these entities, the
Commission is taking another step to protect our nation's supply chain
from new equipment that has been determined to be ``covered.''
As noted in the NPRM, certain RF equipment for various reasons has
been exempted from the need to demonstrate compliance under the
Commission's equipment authorization procedures, which are generally
concerned with ensuring that devices do not cause harmful interference
to authorized radio services. Also as discussed in the NPRM, this
proceeding involves concerns about equipment that poses an unacceptable
risk to our nation's communications networks, which are distinct from
the Commission's concerns related to harmful interference to authorized
radio services. Whether communications equipment poses an unacceptable
risk to national security simply does not turn on considerations of RF
interference. Nor is the Secure Networks Act or Secure Equipment Act so
concerned.
The Commission concludes that certain types of equipment that is
currently exempt from equipment authorization requirements and produced
by entities identified on the Covered List could constitute ``covered''
equipment. Later in this document, the Commission discusses certain
types of communications equipment that is ``covered'' equipment. Among
other things, the Commission concludes that, for purposes of
implementing the prohibition on ``covered'' equipment, such equipment
includes ``access layer,'' ``distribution layer,'' and ``core layer''
equipment produced by entities identified on the Covered List and that
is used in networks providing advanced communications services.
Pursuant to section 5 of the Secure Networks Act, the Commission
requires that advanced communications service providers report whether
they have purchased, leased, rented, or otherwise obtained such
``covered'' equipment (after August 18, 2018). ``Access layer''
equipment is equipment associated with providing and controlling end-
user access to the network over the ``last mile,'' ``local loop,'' or
``to the home'' (e.g., optical terminal line equipment, optical
distribution network devices, customer premises equipment (to the
extent owned by the advanced services provider), coaxial media
converters, wavelength-division multiplexing (WDM) and optical
transporting networking (OTN) equipment, and wireless local area
network (WLAN) equipment). ``Distribution equipment'' includes middle
mile, backhaul, and radio area network (RAN) equipment (e.g., routers,
switches, network security equipment, WDN and OTN equipment, and small
cells). ``Core layer'' equipment is associated with the backbone
infrastructure (e.g., optical networking equipment, WDN and OTN,
microwave equipment, antennas, RAN
[[Page 7603]]
core, Cloud core, fiber, and data transmission equipment). Thus, to the
extent that equipment currently exempt from equipment authorization
procedures is produced by any entity identified on the Covered List,
such equipment will no longer be eligible for such exemption and must
seek authorization through the certification process, and the
Commission will revise the part 15 rules to so indicate.
Similar to the Commission's decision to no longer permit these
entities to avail themselves of the SDoC process, requiring all
equipment they produce to undergo more rigorous scrutiny as well as
complying with the attestation requirements is the best way the
Commission can fulfil its statutory obligation to ensure that
``covered'' equipment is no longer able to be purchased and used,
thereby protecting national security. The Commission further concludes
that the measures that it's taking are consistent with long-standing
legal authority (as discussed above) and are reasonable and appropriate
both to prohibit authorization of ``covered'' equipment on the Covered
List pursuant to the Secure Networks Act and to further comply with
Congress's mandate in the Secure Equipment Act.
6. Revocation of Authorizations of ``Covered'' Equipment
In the NPRM, the Commission sought comment on revocation of
equipment authorizations on the grounds that the equipment
authorization involved ``covered'' equipment. The Commission
tentatively concluded that, if it adopted new rules prohibiting
authorization of ``covered'' equipment, the Commission had the
authority to revoke any authorization that may have been granted after
adoption of such rules based on applicants' false statements or
representations that the equipment was not ``covered.'' The Commission
also tentatively concluded that the current rules provide the
Commission with the authority to revoke any existing equipment
authorizations--i.e., authorizations granted before adoption of rules
in this proceeding prohibiting any future authorization of ``covered''
equipment--if such equipment constituted ``covered'' equipment, and
sought comment on whether there are particular circumstances that would
merit revocation of any specific equipment authorization(s) and, if so,
the procedures that should apply (including whether to adopt possible
revisions to the current procedures).
With respect to equipment authorized subsequent to adoption of
proposed rules prohibiting authorization of ``covered'' equipment, the
Commission tentatively concluded that Sec. 2.939(a)(1) and (2) applied
to ``covered'' equipment, such that the Commission could revoke any
equipment authorization that may have been granted based on false
statements or representations in the application for authorization
attesting that the equipment is not ``covered.'' Under this proposed
approach, the Commission would revoke any such equipment authorization
granted after adoption of the rules proposed in the NPRM, even if the
TCBs or the Commission had not acted to set the grant aside within the
30-day period following the posting of the grant on the EAS database.
In addition, the Commission tentatively concluded that, pursuant to
Sec. 2.239(a)(3), if authorized equipment is subsequently changed
(e.g., the responsible party initiates a permissive change which
changes the equipment status from not covered to ``covered''
equipment), that equipment authorization could be revoked because such
a change would violate the Commission's newly adopted prohibition on
authorization of ``covered'' equipment.
As for revocation of any existing equipment authorizations
involving ``covered'' equipment, the Commission sought comment on
whether Sec. 2.939(a)(4), which allows revocation `[b]ecause of
conditions coming to the attention of the Commission which would
warrant it in refusing to grant an original application'' would provide
the Commission basis for revoking equipment granted prior to adoption
of the prohibition on authorization of ``covered'' equipment. In
addition, the Commission tentatively concluded that if it were to adopt
rules prohibiting authorization of ``covered'' equipment, then Sec.
2.939(c), which states that the Commission ``may also withdraw any
equipment authorization in the event of changes in its technical
standards,'' could constitute such a change in technical standards that
warrants withdrawal of the equipment authorizations.
To the extent the Commission sought to revoke any equipment
authorizations, it noted the current procedures set forth in Sec.
2.939(b), and requested comment on whether it should use these specific
procedures or other procedures, and on what process the Commission
could use to help identify equipment authorizations for revocation.
Finally, the Commission asked whether it should make any revisions to
Sec. 2.939, including whether that section should specifically address
the revocation process for ``covered'' equipment.
The Secure Equipment Act, enacted subsequent to the close of the
comment period on the NPRM, includes specific provisions concerning the
Commission's actions that concern revocation of equipment
authorizations involving ``covered'' equipment. In section 2(a)(2),
Congress directed the Commission to adopt new rules prohibiting
authorization of ``covered'' equipment. As for revocation of existing
equipment authorizations involving ``covered'' equipment, section
2(a)(3)(A) of the Act provides that ``[i]n the rules adopted'' by the
statutory deadline, the Commission ``may not provide for review or
revocation of any equipment authorization'' granted before the adoption
date of such rules. Section 2(a)(3)(B), however, provides generally
that, other than in ``the rules adopted'' by the statutory deadline,
the Secure Equipment Act does not prohibit the Commission from
examining the necessity of review or revocation of any equipment
authorization on the basis of the equipment being on the Covered List
or adopting rules providing for any such review or revocation.
In the Report and Order, the Commission did not adopt any rules
providing for the review or revocation of any currently existing
equipment authorization granted prior to adoption of the Report and
Order. With respect to equipment authorized after adoption of the
Report and Order prohibiting authorization of ``covered'' equipment,
the Commission adopted streamlined revocation procedures to apply if
the authorization had been granted based on false statements or
representations in the applications that the equipment is not
``covered,'' or if the authorized equipment is modified or changed in
such a way as to become ``covered'' equipment. In addition, the
Commission concludes that it has the authority, as affirmed by Congress
in the Secure Equipment Act, to consider the necessity to review or
revoke an existing authorization of ``covered'' equipment approved
prior to adoption of the Report and Order, and that it has such
authority to consider such action without considering additional rules
providing for any such review or revocation of existing authorizations.
Streamlined revocation of authorizations based on false statements
or representations about ``covered'' equipment. With regard to
revocation of equipment authorizations granted after adoption of rules
prohibiting authorization of ``covered'' equipment, the Commission
concludes, as in the NPRM, that the Commission already has authority,
under its current rules in Sec. 2.939(a)(1), to revoke
[[Page 7604]]
authorizations if the Commission discovers, post-authorization, that
the application (or in materials or responses submitted in connection
therewith) contained false statements or representations. The
Commission notes that revoking authorizations on this basis is clearly
permitted under the Secure Equipment Act, which did not proscribe
adopting rules for revocation of authorizations that are granted after
adoption of the Report and Order.
However, because Congress established that ``covered'' equipment
poses an unacceptable risk to national security, the Commission finds
that it is necessary to adopt an expedited mechanism for review and
revocation of equipment authorizations that were granted after adoption
of the Commission's prohibitions where the application for such
authorization contained a false statement or representation regarding
the ``covered'' status of such equipment at the time of such statement
or representation. To that end, the Commission adopted a new provision,
Sec. 2.939(d), providing for streamlined procedures to address such
situations, as discussed further below.
Nothing in the Commission's statutory authority requires that the
process for revocation of equipment authorizations be conducted
pursuant to existing rule Sec. 2.939(b), i.e., the revocation process
generally afforded radio licensees. As the Commission noted in its 2020
order adopting streamlined procedures for certain administrative
hearings, the hearing provisions in the Communications Act do not
expressly require formal hearings (e.g., hearings conducted with live
witness testimony and cross examination and the introduction of
evidence before a presiding officer). Instead, revocation proceedings
generally are subject only to informal adjudication requirements under
the Administrative Procedure Act, which requires that an authorization
holder be given written notice of the facts or conduct which may
warrant the revocation and an opportunity to demonstrate or achieve
compliance with all lawful requirements. The Commission may resolve
disputes of fact in an informal hearing proceeding on a written record.
Thus, the Commission concludes that, going forward, where the
Commission has reason to believe that an equipment authorization was
granted on the basis of a false statement or representation by the
applicant concerning whether the subject equipment is ``covered''
equipment, the more streamlined informal hearing procedures described
below, based on a written record, will apply. However, the Commission
may in its discretion determine to hold oral hearings when needed to
resolve a genuine dispute as to an outcome-determinative fact, and such
hearings may be limited to testimony and cross-examination necessary to
resolve that dispute.
As discussed in this document above, the Commission also is
prohibiting the modification of equipment if such modification would
alter the equipment's status such that it would become ``covered''
equipment. In implementing this prohibition, the Commission requires
that applications or requests to modify already certified equipment
include a written and signed certification that the equipment is not
``covered.'' The Commission concludes that, pursuant to existing Sec.
2.939(a)(3), the Commission already has authority to revoke an
equipment authorization granted after the adoption of rules in the
Report and Order if that equipment is changed in the future in such a
way as to become ``covered'' equipment. Again, because ``covered''
equipment poses an unacceptable risk to national security, the
Commission also will include within the streamlined procedures the
authority to revoke equipment authorization in which equipment is
changed in such a way that it becomes ``covered'' equipment where the
application or request for modification is found to include false
statements or representations that the equipment is not ``covered.''
Streamlined procedures. In cases in which OET and PSHSB, working
with other Bureaus/Offices as may be appropriate, have reason to
believe that a particular equipment authorization or modification of an
equipment authorization granted after adoption of the rules in the
Report and Order was or may have been based on a false statement or
representation made by an applicant, either in the application or in
the materials connected therewith, regarding the required attestations
under revised Sec. 2.911 concerning whether the equipment was
``covered'' or whether the applicant is an entity identified on the
Covered List, OET and PSHSB will investigate whether such authorization
was improperly granted or otherwise should be revoked. OET and PSHSB
will provide written notice to the equipment authorization holder of
the initiation of a revocation proceeding and the grounds under
consideration for such revocation. As discussed above, the Commission
is requiring that applicants for equipment authorization make certain
attestations under Sec. 2.911 regarding the subject equipment in the
context of ``covered'' equipment. False statements or representations
with respect to the application under this section provide grounds for
revocation of the authorization pursuant to Sec. 2.939(a)(1).
The Commission will model this procedure along lines consistent
with section 558 of the Administrative Procedure Act. OET and PSHSB
will issue an order to show cause why revocation proceedings should not
be initiated, which order will provide notice of the facts or conduct
which may warrant revocation, and an opportunity to demonstrate or
achieve compliance. The equipment authorization holder will have 10
days thereafter to provide a written submission responding to the
notice of proposed revocation. After reviewing the record and any
supplemental information requested by OET and PSHSB, if they find that
the equipment is ``covered'' or that the applicant did not disclose
that it was an entity identified on the Covered List, they will
initiate revocation proceedings, providing the basis for such decision.
The Commission notes that the determination as to whether to revoke an
authorization focuses on whether the attestation was true, and it does
not require any finding that the applicant has the specific intent to
make a false statement or representation. In the event of revocation of
an equipment authorization, OET and PSHSB will issue an order
explaining its reasons as well as how such revocation will be
implemented (e.g., halting distribution, marketing, and sales of such
equipment, requiring other appropriate actions) and enforced.
Revocation of existing equipment authorizations on grounds that the
equipment is ``covered'' equipment. The Commission also concludes that
it has the requisite authority under the Communications Act to review
any existing equipment authorization that would, under the rules that
the Commission adopted in the Report and Order, be ``covered''
equipment, and to determine the necessity for revoking such
authorization, and that the Commission can undertake such revocation
pursuant to current rules. The Commission reaches this determination
based on the reading of the Commission's existing authorities. Pursuant
to the same authorities discussed above with respect to the equipment
authorization program, the Commission has long relied on its authority
(modelled along the lines of section 312 of the Communications Act with
respect to spectrum licensees) to revoke equipment authorizations under
Sec. 2.939(a)(4) ``[b]ecause of conditions
[[Page 7605]]
coming to the attention of the Commission which would warrant it in
refusing to grant an original application.'' The Commission concludes
that it is well within its responsibilities and mandate, as IPVM has
suggested, to revoke an existing equipment authorization under Sec.
2.939(a)(4).
That the Commission has such authority to revoke is confirmed by
the Secure Equipment Act. Indeed, as a matter of statutory structure,
the Secure Equipment Act can be read as saying two complementary
things: one, that the Commission has no discretion with respect to
reviewing or approving requests for equipment authorization for
equipment listed on the Covered List (as discussed above) after the
Report and Order--i.e., the Secure Equipment Act requires that the
Commission no longer review or approve them; and two, that the
Commission does have discretion (``other than in the rules adopted''
here) to exercise its statutory authority to decide whether to take
equipment authorization action regarding authorizations granted prior
to the Commission's decision.
First, in sections 2(a)(1) and 2(a)(2), Congress determined that
the Commission shall adopt rules that clarify--on a going forward
basis--that the Commission will no longer review or approve equipment
that is on the Covered List. This is reinforced by Congress's inclusion
of section 2(a)(3)(A), which specifically states that ``[i]n the rules
adopted under paragraph [2(a)](1),'' i.e., the rules the Commission
adopted in the Report and Order, ``the Commission may not provide for
review or revocation of any equipment authorization granted before the
date on which such rules are adopted on the basis of the equipment
being on the [Covered List].'' Read together, sections 2(a)(1),
2(a)(2), and 2(a)(3)(A) state that, with respect to the scope of the
Commission's section 2(a)(2) rules, those rules shall not provide for
the review or revocation of existing authorizations. Second, in section
2(a)(3)(B), Congress made clear that the Commission could use its
existing authority to adopt non-section 2(a)(2) rules or otherwise
examine the necessity of providing for the review or revocation of
equipment authorizations granted before any section 2(a)(2) rules--even
in cases where the sole basis for the Commission's equipment
authorization action in those circumstances is the equipment being
included on the Covered List.
Thus, with regard to the Commission's discretion under the Secure
Equipment Act, with regard to new equipment authorizations going
forward, Congress has taken the discretion out of the Commission's
hands and directed us to stop reviewing or approving applications
involving ``covered'' equipment. Congress has exercised its authority
to draw a bright and clear line. As for existing equipment
authorizations, Congress has preserved the Commission's existing
authority--and the discretion that comes with the exercise of that
authority--to decide whether the Commission should take action based on
equipment being added to the Covered List.
Finally, the Commission noted that it's making no decision in the
Report and Order as to whether any particular existing equipment
authorization should be revoked. Whether and to what extent and
pursuant to what processes the Commission exercises that authority
would be based on several considerations, including the public interest
and an assessment of the costs and benefits of any such action. As
noted above, the procedures for revoking authorizations that would be
applicable to authorization(s) granted before adoption of these rules
are set forth in Sec. 2.939(b). In the Further Notice of Proposed
Rulemaking in this proceeding, the Commission explores streamlining
these procedures and seeks comment on other issues relating to
revocation.
C. ``Covered'' Equipment
In the NPRM, the Commission proposed revisions to its equipment
authorization rules and procedures under part 2 to prohibit
authorization of any ``covered'' equipment that is identified on the
Covered List published by PSHSB. As noted, this Covered List identifies
certain equipment that, to date, has been determined--pursuant to the
Secure Networks Act--to be communications equipment that poses an
unacceptable risk to national security and safety of U.S. persons.
Equipment is on the Covered List only if one of four enumerated sources
determines such equipment ``poses an unacceptable risk to the national
security of the United States or the security and safety of United
States persons.'' As future determinations are made by these four
enumerated sources about ``covered'' equipment, PSHSB will update the
Covered List to reflect those determinations.
In the NPRM, the Commission proposed and sought comment on how to
identify and address particular ``covered'' equipment that would no
longer be permitted to obtain equipment authorizations. Comments on the
scope of what constitutes ``covered'' equipment vary widely (as
discussed in detail below). Several commenters ask for Commission
clarification of what constitutes ``covered'' equipment for the
purposes of the instant proceeding. The Commission agrees that
sufficient clarity is needed to provide guidance for purposes of
administering the prohibition on authorization of ``covered'' equipment
in the Commission's equipment authorization program pursuant to the
part 2 rules. As discussed in the NPRM, the Commission's efforts to
revise its equipment authorization program rules to prohibit
authorization of ``covered'' equipment is one of several different
efforts by the Commission, as well as various federal agencies,
including those pursuant to the Secure Networks Act and section 889 of
the 2019 NDAA, to identify and prohibit the use of ``covered''
equipment that poses an unacceptable risk to national security. Several
commenters, including industry associations, express concern that the
Commission not take actions in the instant proceeding that would create
confusion or conflict with other Commission actions (e.g., the
Commission's Reimbursement Program), and otherwise stress the
importance that the Commission work with other federal agencies on
these concerns.
Below, the Commission discusses what constitutes ``covered''
equipment for purposes of the Secure Networks Act, as implemented by
the Commission and placed on the Covered List, and the Secure Equipment
Act. This includes discussion of the equipment that already has been
included on the Covered List to date, specifically ``telecommunications
equipment'' and ``video surveillance equipment'' produced by five named
entities--Huawei, ZTE, Hytera, Hikvision, and Dahua--pursuant to the
Secure Networks Act and the determination made by Congress in Sec.
889(f)(3) of the 2019 NDAA. For purposes of implementing the
prohibition of the authorization of such equipment in the Commission's
equipment authorization process, the Commission provides guidance on
the scope of ``covered'' equipment. Because the equipment placed on the
Covered List is expected to evolve over time based on new
determinations concerning equipment made outside of the Commission, the
Commission also discusses how any future such determinations will be
addressed with respect to prohibiting authorizations of ``covered''
equipment in the Commission's equipment authorization program.
[[Page 7606]]
1. Current ``Covered'' Equipment on the Covered List
In the NPRM, the Commission proposed revisions to its equipment
authorization rules and procedures under part 2 to prohibit
authorization of any ``covered'' equipment that is identified on the
Covered List published by PSHSB. At the time that the NPRM was adopted
in June 2021, the only equipment on the Covered List, published
pursuant to section 2(c) of the Secure Networks Act, was based on the
determination under section 2(c)(3) of that Act, namely Congress's
determination under section 889(f)(3) of the 2019 NDAA concerning
equipment produced by five entities--Huawei, ZTE, Hytera, Hikvision,
and Dahua (and their respective affiliates and subsidiaries). The
Commission notes that, although PSHSB updated the Covered List in March
2022 and in September 2022 to include additional ``covered'' services
and products, the list regarding ``covered'' equipment has not been
updated or otherwise revised. Accordingly, the Commission discusses the
``covered'' equipment with respect to these same five entities below,
the same equipment on the Covered List as discussed in the NPRM.
As the Secure Networks Act makes clear, ``covered'' equipment only
includes equipment determined by any of the four enumerated sources to
pose an unacceptable risk. The Commission has affirmed this in the
instant proceeding as it has in earlier decisions by the Commission.
Accordingly, the Commission disagrees with any assertion by commenters
that the Commission should prohibit authorization of any equipment that
has not been determined to pose an unacceptable risk by the four
enumerated sources and placed on the Covered List.
In the NPRM, the Commission proposed that OET, with assistance from
bureaus across the agency (including PSHSB, WCB, WTB, IB, and EB),
develop necessary guidance for use by all interested parties--including
applicants and TCBs that help administer the equipment authorization
program--as the Commission implements the proposed prohibition on
future authorizations of ``covered'' equipment. The Commission first
discusses what, in the first instance, is ``covered'' equipment on the
current Covered List for purposes of the prohibition in the equipment
authorization program. The Commission then provides further guidance on
the types of equipment that will be included with regard to
implementing and administering the Commission's prohibition of future
authorizations of ``covered'' equipment under the revised equipment
authorization program rules that the Commission adopted in the Report
and Order.
``Covered'' equipment produced by Huawei and ZTE. As proposed in
the NPRM, the Commission will prohibit from equipment authorization all
equipment produced by Huawei and ZTE (as well as their subsidiaries and
affiliates) that is on the Covered List. As identified pursuant to the
Secure Networks Act and Congress's determination under section
889(f)(3) of the 2019 NDAA, such equipment includes both
``telecommunications equipment'' and ``video surveillance equipment''
produced by these two entities (and their subsidiaries and affiliates).
Specifically, Congress defines ``covered telecommunications equipment
or services'' in section 889(f)(3)(A) as ``telecommunications
equipment'' produced by Huawei and ZTE, and in section 889(f)(3)(C)
Congress included ``telecommunications or video surveillance services
provided'' by Huawei or ZTE ``or using such equipment (emphasis
added).'' Combining the equipment identified by Congress in sections
889(f)(3)(A) and (C), the Covered List published by PSHSB states that
``covered'' equipment under the Secure Networks Act includes
``[t]elecommunications equipment'' produced or provided by Huawei or
ZTE, ``including telecommunications or video surveillance services
produced or provided by such entity using such equipment.'' The
Commission was required to place this equipment on the Covered List,
and had no discretion not to do so. As the Commission has explained,
the Secure Networks Act requires the Commission to accept and
incorporate on the Covered List the determinations as provided, and
should interested parties seek to reverse or modify the scope of one of
these determinations, the party should petition the source of the
determination. The Commission further notes that the Congress in the
Secure Equipment Act, with its direct reference to this rulemaking, in
which the Commission expressly proposed to prohibit authorization of
the ``telecommunications equipment'' and ``video surveillance
equipment'' specified on the Covered List, endorsed inclusion of this
equipment on the Covered List as equipment that must not be authorized
by the Commission.
In addition, as explained in the Supply Chain 2nd R&O and Supply
Chain 3rd R&O, the Commission need not make any Secure Networks Act
section2(b)(2) ``capability'' assessment of the Huawei or ZTE
equipment, under either section 2(b)(2)(A) or (B) of the Secure
Networks Act, since, in effect, the Commission finds that Congress
under section 889(f)(3) of the 2019 NDAA has made that capability
determination regarding this equipment, i.e., that it ``otherwise
pos[es] an unacceptable risk'' to national security, pursuant to
section 2(b)(2)(C). Thus, for purposes of the prohibition that the
Commission is adopting in this proceeding, ``covered'' equipment
includes ``telecommunications equipment'' and ``video surveillance
equipment'' produced by Huawei and ZTE.
The Commission provided additional guidance and explanation about
what equipment constitutes covered ``telecommunications equipment'' and
``video surveillance equipment'' for purposes of the prohibition on
such equipment authorization.
``Covered'' equipment produced by Hytera, Hikvision, and Dahua. The
Commission first addresses the various arguments regarding whether
``telecommunications equipment'' and ``video surveillance equipment''
produced by Hytera, Hikvision, and Dahua falls within the scope of
``covered'' equipment under the Secure Networks Act section 2(c)(3) and
the determination by Congress under section 889(f)(3)(B) and (C) of the
2019 NDAA concerning those companies' equipment, and belongs on the
Covered List. In its decision, the Commission explains that their
``telecommunications equipment'' and ``video surveillance equipment''
was previously determined to be ``covered'' and has accordingly been
placed on the Covered List. The Commission then addresses the extent to
which the Commission can, through its equipment authorization program,
prohibit authorization of any of the ``video surveillance equipment and
telecommunications equipment'' produced by these companies (or their
respective subsidiaries and affiliates). The Commission concludes that
it will prohibit in the equipment authorization program authorization
of such equipment produced by Hytera, Hikvision, and Dahua ``for the
purpose of public safety, security of government facilities, physical
security surveillance of critical infrastructure, and other national
security purposes.''
The Commission notes that while this section focuses on the overall
scope of what constitutes ``covered'' equipment on the Covered List,
the Commission provides further guidance regarding what types of
equipment constitutes ``telecommunications equipment'' and
[[Page 7607]]
``video surveillance equipment'' that will be prohibited from obtaining
authorization under the Commission's equipment authorization program.
``Covered'' equipment includes certain ``video surveillance and
telecommunications equipment'' produced Hytera, Hikvision, and Dahua.
Hytera, Hikvision, and Dahua each contend that the Secure Networks Act
requires that the Commission's Covered List now remove listing their
``video surveillance and telecommunications equipment'' as ``covered,''
and that in any event the Commission should now preclude their
equipment from being deemed ``covered'' and not prohibit authorization
of that equipment in the instant proceeding. Following review of the
extensive arguments presented by Hytera, Hikvision, and Dahua
representatives, the Commission rejects their contentions that the
equipment that they produce cannot constitute covered communications
equipment under the Secure Networks Act and section 889(f)(3) of the
2019 NDAA, and that it does not belong on the Commission's Covered
List. Accordingly, the Commission rejects arguments by these companies
that the Commission now should remove ``video surveillance and
telecommunications equipment'' produced by these entities (or their
subsidiaries or affiliates) from the Covered List.
First, in the Secure Networks Act section 2(c)(3) and section
889(f)(3) of the 2019 NDAA, Congress identified as covered
communications equipment ``video surveillance and telecommunications
equipment'' produced by these entities (and any of their subsidiaries
or affiliates). The Commission notes that in its 2020 decision in the
Supply Chain 2nd R&O, the Commission already concluded that, pursuant
to the Secure Networks Act and its incorporation of section 889(f)(3)
of the 2019 NDAA, ``telecommunications equipment'' and ``video
surveillance equipment'' produced by Hytera, Hikvision, and Dahua is
``covered'' communications equipment under the Secure Networks Act,
and, as a result, PSHSB properly placed this equipment on the Covered
List when it first published the list in March 2021. Accordingly, the
Commission rejects arguments by these companies that the Commission now
should remove inclusion of ``video surveillance and telecommunications
equipment'' produced by these entities (or their subsidiaries or
affiliates) from the Covered List.
The Secure Networks Act expressly provides in section 2(c) that the
Commission must place on the Covered List any communications equipment
that poses an unacceptable risk to the national security or the
security and safety of United States persons ``based solely on one or
more'' of the determinations made by four enumerated sources specified
in the Act. Specifically, one of those determinations, set forth in
section 2(c)(3) of the Secure Networks Act, provides the following
determination relating to communications equipment posing an
unacceptable risk: ``[t]he communications equipment or service being
covered telecommunications equipment or services, as defined in section
889(f)(3)'' of the 2019 NDAA. In turn, section 889(f)(3), which was
enacted prior to the Secure Networks Act, provides that ``[c]overed
telecommunications equipment or services'' includes
``telecommunications equipment'' and ``video surveillance equipment''
produced by Hytera, Hikvision, and Dahua, per section 889(f)(3)(B), as
well as ``[t]elecommunications or video surveillance services provided
by such entities or using such equipment,'' per section 889(f)(3)(C)
(emphasis added). Given these two subsections of section 889(f)(3),
Congress in the Secure Networks Act has identified as ``covered''
equipment both ``telecommunications equipment'' and ``video
surveillance equipment'' produced by these entities or used in the
provision of video surveillance or telecommunications services; prior
to inclusion of section 889(f)(3) in Secure Networks Act section
2(c)(3), this equipment was subject only to the executive branch's
prohibitions of procurement under section 889 of the earlier enacted
NDAA because such equipment can pose an unacceptable risk to national
security. To remove ``telecommunications equipment'' and ``video
surveillance equipment'' produced by Hytera, Hikvision, and Dahua from
the Covered List, as their representatives request, would ignore
Congressional intent regarding its recognition and determination that
use of such equipment can pose an unacceptable risk to national
security. In the Commission's view, Congress identified this equipment
as posing an unacceptable risk, and the Commission is not in a position
to question that or not include it on the Covered List. Furthermore,
Congress passed the Secure Equipment Act in response to the instant
Commission proceeding and the then-current Covered List, and Congress
expressly mandated that the Commission prohibit authorization of
equipment on the Covered List as it had proposed to do in the NPRM in
this proceeding. Congress therefore intended the prohibition that the
Secure Equipment Act requires the Commission to adopt to include the
telecommunications equipment and the video surveillance equipment that
already was on the Covered List. Given the Commission's conclusion here
that the arguments of Hytera, Hikvision, and Dahua representatives fail
on the merits, the Commission need not address Motorola's contention
that their arguments must be denied on the basis of the Hobbs Act.
The Commission disagrees with the assertions that
telecommunications and video surveillance equipment produced by Hytera,
Hikvision, and Dahua are not ``covered'' because their respective
equipment does not meet the ``capability'' requirements under section
2(b) of the Secure Networks Act either with respect to being capable of
routing or redirecting user data traffic or permitting visibility into
any user data or packets or causing the network to be disrupted
remotely. As discussed above, the Commission already has concluded in
both the Supply Chain 2nd R&O and the Supply Chain 3rd R&O that the
Commission need not make any Secure Networks Act section 2(b)(2)
``capability'' assessment regarding Hytera, Hikvision, or Dahua
equipment, under either section 2(b)(2)(A) or (B) of the Secure
Networks Act, since, in effect, Congress under section 889(f)(3) of the
2019 NDAA has made that capability determination pursuant to section
2(b)(2)(C), concluding that video surveillance and telecommunications
equipment produced by these entities is ``covered'' equipment insofar
as Congress has determined that it is capable of ``otherwise posing an
unacceptable risk'' to national security. This decision is further
supported by the Commission's discussion of a section 2(b)(2)(C)
determination in the Supply Chain 2nd R&O. It noted that if an
enumerated source in its determination indicates that a specific piece
of equipment or service poses an unacceptable risk to the national
security of the United States and the security and safety of United
States persons, the Commission need not conduct an analysis of the
capabilities of the equipment and instead will automatically include
this determination on the Covered List. Congress, the enumerated source
with regard to determinations about this equipment, has already
performed the analysis on whether the equipment--such as video
surveillance equipment specifically identified under section
[[Page 7608]]
889(f)(3)(B) and (C)--poses an unacceptable risk to the national
security of the United States or the security and safety of United
States persons as part of its determination. For these reasons as well,
the Commission also disagrees with PowerTrunk insofar as it opposes the
Commission's adoption of a prohibition on future authorizations of any
``covered'' equipment that it produces. Regardless of whether
PowerTrunk may have been permitted in 2018 for use by certain public
safety entities, the issue before us in this proceeding is whether to
permit future authorizations of PowerTrunk telecommunications and video
surveillance equipment. The Commission rejects the argument that any
such PowerTrunk equipment should be exempted from the prohibition that
the Commission proposed in the NPRM, based on a determination made
pursuant to the Secure Networks Act, and that Congress in the Secure
Equipment Act directed the Commission to adopt.
In addition, the Commission rejects the arguments that video
surveillance equipment is not ``covered'' under the Secure Networks Act
because it is not ``communications equipment'' or ``essential to the
provision of advanced communications service,'' as defined in section
9(4) of the Act. In its Supply Chain 2nd R&O, the Commission has
already interpreted ``communications equipment or service'' and what is
``essential,'' codifying that interpretation in Sec. 1.50001(c) of the
Commission's rules: ``The term `communications equipment or service'
means any equipment or service used in fixed and mobile networks that
provides advanced communications service, provided the equipment or
service includes or uses electronic components.'' The Commission also
rejects Hikvision USA's further contention that video surveillance
equipment is not ``used in'' fixed and mobile networks, and Hikvision's
and Dahua's assertions that such equipment is only ``peripheral''
equipment and not network equipment and hence not ``covered.'' In
identifying such equipment as covered communications equipment under
the Secure Networks Act, by reference to section 889(f)(3), Congress
intended to capture such video surveillance equipment as ``covered''
equipment, even if is not core network equipment since the equipment is
used (and indeed required) in the provision of a certain type of
advanced communications service, i.e., video surveillance services. In
addition, the Commission is not persuaded by arguments that because the
video surveillance and telecommunications equipment produced by the
entities does not have to be interconnected to a telecommunications or
broadband network, it is not ``covered'' equipment. As acknowledged,
Hikvision, Dahua, and Hytera equipment can be interconnected, and often
is. The Commission also notes that some of the video surveillance
equipment is part of a cloud-based system requiring interconnection.
In sum, ``covered'' equipment on the Commission's Covered List
includes ``telecommunications equipment'' as well as ``video
surveillance equipment'' produced by Hytera, Hikvision, and Dahua (and
their subsidiaries or affiliates), and was properly placed on the
Covered List first published by PSHSB in March 2021. The Commission's
existing rules rightfully prohibits the use of federal support to
purchase or obtain any ``covered'' equipment on the Covered List, which
appropriately includes a prohibition concerning this video surveillance
and telecommunications equipment. The Commission also notes that its
actions are consistent with the efforts of the Executive Branch in
identifying and implementing a prohibition on procurement with respect
to certain ``covered'' video surveillance and telecommunications
equipment produced by Hytera, Hikvision, and Dahua.
Prohibition concerning equipment authorization of ``video
surveillance and telecommunications equipment'' ``[f]or the purpose of
public safety, security of government facilities, physical security
surveillance of critical infrastructure, and other national security
purposes.'' In adopting the prohibition on authorizing ``covered''
equipment, the Commission is guided by the specific determination set
forth in section 889(f)(3)(B) of the 2019 NDAA regarding ``covered''
``telecommunications equipment'' and ``video surveillance equipment''
produced by Hytera, Hikvision, or Dahua (or their subsidiaries and
affiliates). In the NPRM, the Commission proposed to prohibit
authorizing any ``covered'' equipment on the Covered List. As discussed
in the NPRM, pursuant to the Secure Networks Act section 2(c), the
Commission must rely solely on the determinations made by the four
enumerated sources identified in that section. Section 889(f)(3)(B) by
its terms provides that ``covered'' equipment includes ``video
surveillance and telecommunications equipment'' produced by Hytera,
Hikvision, and Dahua ``[f]or the purpose of public safety, security of
government facilities, physical security surveillance of critical
infrastructure, and other national security purposes.'' Accordingly,
the Commission cannot and will not approve any application for
equipment authorization that would allow the marketing and selling of
such equipment for those specified uses. At the same time, this
determination only includes, as ``covered'' equipment, video
surveillance and telecommunications equipment produced by these
entities that is for those particular purposes. Thus, at this time, in
the absence of any other of the three identified and specific
determinations made by any of the Executive Branch agencies identified
in section 2(c) of the Secure Networks Act, the Commission cannot
expand ``covered'' beyond that determination by adopting a blanket or
categorical prohibition on authorizing equipment produced by these
entities for those other purposes. The Commission's approach regarding
this equipment is consistent with the Commission's previous
interpretations of section 889(f)(3)(B) in the 2020 Supply Chain 2nd
R&O and in the language specified in the Covered List, in which the
Commission stated that this equipment produced by Hytera, Hikvision,
and Dahua (and their subsidiaries and affiliates) is ``covered'' ``to
the extent used'' for these specified purposes. And, as discussed
above, federal agencies in implementing the federal agency procurement
prohibitions under section 889 have interpretated this statutory
language regarding the scope of ``covered'' equipment in a like manner.
Accordingly, the Commission is prohibiting authorization to market
and sell Hytera, Hikvision, and Dahua ``telecommunications equipment''
and ``video surveillance equipment'' (and that produced by their
subsidiaries and affiliates) ``[f]or the purpose of public safety,
security of government facilities, physical security surveillance of
critical infrastructure, and other national security purposes.'' For
any equipment authorization application for video surveillance and
telecommunications equipment produced by these entities, the Commission
will impose strict and appropriate conditions on any approved grant,
consistent with the Commission's equipment authorization rules.
Specifically, the Commission will only conditionally authorize the
marketing and sale of such equipment authorization subject to this
prohibition. The Commission also will require labeling requirements
that prominently state this prohibition. As a condition of
[[Page 7609]]
the equipment authorization, the Commission also will impose stringent
marketing and sale prohibitions associated with the equipment, which
will apply not only with respect to these entities (and their
subsidiaries and affiliates), but also to their equipment distributors,
dealers, or re-sellers, i.e., every entity down the supply chain that
markets or offers the equipment for sale or that markets or sells the
equipment to end-users.
Based on the record before us, the Commission is also concerned
that adopting conditions alone will not be sufficient to ensure that
``covered'' equipment is not over time marketed, or ultimately sold,
for the purposes prohibited under section 889(f)(3)(B) of the 2019
NDAA. Given that ``covered'' equipment poses an unacceptable risk if
used ``[f]or the purpose of public safety, security of government
facilities, physical security surveillance of critical infrastructure,
and other national security purposes,'' the Commission adopted
additional restrictions as described herein to prevent marketing and
sale of Hytera, Hikvision, or Dahua ``telecommunications equipment'' or
``video surveillance equipment'' for use for the purpose of public
safety, government security, critical infrastructure, or national
security.
Based on the record, which highlights the lack of oversight that
Hytera, Hikvision, and Dahua have over the marketing, distribution, and
sales of their respective equipment in the United States, the
Commission is not confident that, absent additional prescriptive
measures and Commission oversight, Hytera, Hikvision, and Dahua
``telecommunications equipment'' or ``video surveillance equipment''
will not be marketed and sold for those purposes that are prohibited
under section 889(f)(3)(B) of the 2019 NDAA. Accordingly, the
Commission will require that, before the Commission will permit an
equipment authorization of any ``telecommunications equipment'' or
``video surveillance equipment'' produced by Hytera, Hikvision, or
Dahua (or their subsidiaries or affiliates), these entities must each
seek and obtain Commission approval for its respective plan that will
ensure that such equipment will not be marketed or sold ``[f]or the
purpose of public safety, security of government facilities, physical
security surveillance of critical infrastructure, and other national
security purposes.'' Any such plan must demonstrate that effective
measures are in place that will ensure that equipment distributors,
equipment dealers, or others in the supply and distribution chains
associated with marketing or sale of such equipment are aware of this
restriction and do not market or sell such equipment to entities for
the purposes mentioned above. Such a plan must include well-articulated
and appropriate measures at the distributor and dealer levels to ensure
that the entity does not market or sell for prohibited purposes. Before
any Hytera, Hikvision, or Dahua ``telecommunication equipment'' or
``video surveillance equipment'' will be authorized for market or sale,
the applicant seeking approval of any ``covered'' equipment produced by
any of these entities (or their subsidiaries or affiliates) must submit
a specific plan associated with the equipment, which will be reviewed
by the full Commission and only approved if the measures that are and
will be taken are sufficient to prevent the marketing and sale of such
equipment for purposes prohibited under section 889(f)(3)(B) of the
2019 NDAA.
The Commission provides guidance on what constitutes
``telecommunications equipment'' and ``video surveillance equipment,''
as well as clarifying the scope of the prohibition under section
889(f)(3)(B) concerning ``[f]or the purpose of public safety, security
of government facilities, physical security surveillance of critical
infrastructure, and other national security purposes.'' Finally, the
Commission notes that the actions in this proceeding, including this
particular prohibition on authorization of ``telecommunications
equipment'' and ``video surveillance equipment'' produced by Hytera,
Hikvision, and Dahua, are among the several Commission and whole-of-
government approaches underway and that are continuing to evolve. As
discussed below, as future determinations are made under section 2(c)
of the Secure Networks Act regarding ``covered'' equipment that poses
an unacceptable risk to national security, and the Covered List is
updated accordingly, authorizations of such equipment will be
prohibited as well.
2. ``Covered'' Equipment Produced by Subsidiaries and Affiliates
On the current Covered List, ``covered'' equipment produced by
``subsidiaries and affiliates'' of the companies named on the Covered
List also are included within the scope of ``covered'' equipment, and
authorization of such equipment will be prohibited as ``covered''
equipment as a result of the Commission's revisions to the equipment
authorization program rules adopted in this proceeding. Applicants
seeking equipment authorizations will be required to attest (in the
form of a written and signed certification) that the equipment for
which they are seeking authorizations is not ``covered'' equipment
produced by any of the entities identified on the Covered List, which
thus could include equipment produced by the named entities on the
Covered List or produced or by any subsidiaries or affiliates of those
entities.
Definitions. The Commission addresses here the relevant definitions
that the Commission will apply in the rules implementing the
prohibition on authorization of ``covered'' equipment to the extent
such equipment includes equipment produced by subsidiaries and
affiliates of entities specifically named on the Covered List. The
Commission starts with ``affiliate,'' for which it adopted the
definition consistent with that adopted by the Commission in its Supply
Chain 2nd R&O. That order defined ``affiliate'' as ``a person that
(directly or indirectly) owns or controls, is owned or controlled by,
or is under common ownership or control with, another person,''
referencing the definition of ``affiliate'' contained in section 3 of
the Communications Act (47 U.S.C. 153(2)). The Commission notes that
the definition of affiliate in the Communications Act further states
that ``[f]or purposes of this paragraph, the term `own' means to own an
equity interest (or the equivalent thereof) of more than 10 percent,''
and the Commission adopted such further clarification in this
proceeding. For purposes of implementation in the Commission's
equipment authorization program, the Commission defines ``affiliate''
as an entity that (directly or indirectly) owns or controls, is owned
or controlled by, or is under common ownership or control with, another
entity, where the term ``own'' means to have, possess, or otherwise
control an equity interest (or the equivalent thereof) of more than 10
percent.
As for ``subsidiary,'' the Commission notes generally that a
subsidiary is an affiliate that is directly or indirectly controlled by
an entity (e.g., corporation) with at least a greater than 50% share.
In the context of reviewing foreign ownership under section 310(b) of
the Communications Act, the Commission's rule defines a ``subsidiary''
of a licensee as ``any entity in which a licensee owns or controls,
directly and/or indirectly, more than 50 percent of the total voting
power of the outstanding voting stock of the entity, where no other
individual or entity has de facto control.'' The Commission believes
that adopting a broader
[[Page 7610]]
definition of subsidiary than the one set forth in the Commission's
foreign ownership rules is appropriate here in light of the national
security purposes of the Secure Equipment Act. For purposes of
implementing the prohibition on ``covered'' equipment, the Commission
defines ``subsidiary'' of an entity named on the Covered List as any
entity in which such named entity directly or indirectly (1) holds de
facto control or (2) owns or controls more than 50% of the total voting
power of the entity's outstanding voting stock.
Names of entities identified on the Covered List that produce
``covered'' equipment, including subsidiaries and affiliates. The
Commission also adopted a requirement that, to the extent the Covered
List identifies named entities as well as certain unnamed associated
entities--such as subsidiaries or affiliates--as producing ``covered''
equipment, each such entity specifically named on the Covered List as
producing ``covered'' equipment must submit information to the
Commission regarding that named entity's associated entities. As
discussed above, the current Covered List identifies equipment produced
by certain named entities and their subsidiaries and affiliates as
``covered'' equipment. As Motorola notes, the entities on the Covered
List do not currently publicly disclose detailed information about
their corporate relationships, including the names of their
subsidiaries and affiliates, and it contends that it is ``imperative''
that the Commission have visibility into these relationships. In
implementing rules and procedures to prohibit authorization of such
``covered'' equipment produced by particular entities named on the
Covered List and their associated entities (e.g., their respective
subsidiaries and affiliates), the Commission finds that it is critical
that the Commission, as well as applicants for equipment
authorizations, TCBs, and other interested parties, have the requisite,
transparent, and readily available information of the particular
entities that in fact are such associated entities of the named
entities on the Covered List. The Commission finds that having this
information on the names of such associated entities promotes effective
implementation of and compliance with the prohibition, by providing the
Commission and TCBs in advance of reviewing any equipment authorization
applications with a list of all those entities to which the Covered
List applies. Requiring that this information be provided to the
Commission and made public aligns with the regulatory requirements that
the Commission proposed in the NPRM and that the Commission has
adopted, namely placing responsibilities on applicants to attest that
their equipment is not ``covered'' equipment produced by any of
entities identified on the Covered List. This also adds another
important informational element to the overall comprehensive regulatory
scheme and approach that the Commission is taking to ensure that
applications for authorization of ``covered'' equipment are not
submitted to the Commission and that no such equipment authorization is
granted. Requiring this information is both reasonable and justified in
keeping with the Commission's goal of effectively ensuring that
``covered'' equipment determined as posing an unacceptable risk to
national security under the Secure Networks Act, and prohibited from
authorization under the Secure Equipment Act, is not authorized, and
helps to ensure that the Commission meet the mandate in the Secure
Equipment Act that the Commission not approve grant of any ``covered''
equipment. Finally, it is also critical that such information be up-to-
date and maintained in a place for all interested parties to reference
for purposes of compliance with the Commission's rules, including the
applicants' attestation requirements.
Accordingly, if ``covered'' equipment on the Covered List includes
equipment produced by named entities as well as associated unnamed
entities (e.g., their subsidiaries and affiliates), the Commission will
require that each entity specifically named on the Covered List that
produces ``covered'' equipment submit a complete and accurate list to
the Commission, within 30 days of effective date of the rules,
identifying the names of such associated entities that produce
equipment that requires an equipment authorization under the rules the
Commission adopted in the Report and Order, and must provide up-to-date
information on any changes to the list with respect to any such
entities. For each such associated entity (e.g., subsidiary or
affiliate), the entity named on the Covered List must provide the
following information: full name, mailing address and physical address
(if different from the mailing address), email address, and telephone
number. If there are changes to a named entity's list of such
associated entities, that entity must submit such updated information
to the Commission within 30 days of the change(s), and indicate the
date on which the particular change(s) occurred. These submissions must
be supported by an affidavit or declaration under penalty of perjury,
signed and dated by an authorized officer of the named entity on the
Covered List with personal knowledge verifying the truth and accuracy
of the information provided about the entity's associated entities. The
affidavit or declaration must comply with Sec. 1.16 of the
Commission's rules. This information on these entities will be posted
on the Commission's website as an appendix to the guidance on
``covered'' equipment posted by OET and PSHSB, and will be updated with
any updated information that the Commission receives. Applicants
requesting equipment authorizations will be able to reference this
information when making attestations regarding the producer of
equipment for which they seek authorizations, as will TCBs, the
Commission, and other interested parties.
3. Re-Branded (``White Label'') Equipment
Particular equipment, including products approved through the
Commission's equipment authorization program, may be produced by
particular companies or manufacturers and subsequently re-branded by
other companies. The Commission notes, for instance, that Dahua USA
acknowledges that its video surveillance equipment may be re-branded
and sold under re-branded names. IPVM also notes that Hikvision and
Dahua video cameras often have been relabeled and sold under another
name.
As discussed above, the Commission is prohibiting authorizing
``covered'' equipment ``produced'' by any of the named entities (as
well as their subsidiaries or affiliates) on the Covered List. Under
the prohibition on authorizing equipment ``produced'' by entities on
the Covered List the Commission is also precluding any equipment
application by any other entity to the extent that the equipment for
which authorization is sought had been produced by entities identified
on the Covered List but has been re-branded or re-labeled with other
names or associated with other companies. Re-branding of equipment does
not change the status of whether the equipment itself is ``covered''
equipment prohibited from equipment authorization.
4. Guidance on Implementing the Prohibition on Authorizing ``Covered''
Equipment in the Equipment Authorization Program
The Commission affirms its earlier decisions and concludes that,
pursuant to the Secure Networks Act and section
[[Page 7611]]
889(f)(3) of the 2019 NDAA, ``covered'' equipment on the current
Covered List includes both ``telecommunications equipment'' and ``video
surveillance equipment'' produced by Huawei and ZTE (and their
subsidiaries and affiliates), as well as such equipment produced by
Hytera, Hikvision, and Dahua (and their subsidiaries and affiliates) to
the extent used ``[f]or the purpose of public safety, security of
government facilities, physical security surveillance of critical
infrastructure, and other national security purposes.'' Under the rules
that the Commission adopted in this proceeding, the Commission will no
longer permit the authorization to market or sell any such ``covered''
equipment in the Commission's equipment authorization program. As an
integral part of the Commission's implementation of this prohibition,
under the Commission's revised part 2 equipment authorization rules,
the Commission will require each applicant for equipment authorization
to provide in its application an attestation (in the form of a written
and signed certification) that the equipment in its application is not
``covered'' equipment. Below, the Commission provides additional
clarity on what constitutes ``covered'' equipment that will be
prohibited, as several have requested. As a general matter, given the
importance of preventing ``covered'' equipment from being made
available for uses that would pose an unacceptable risk to national
security or the security of U.S. persons, the terms of determinations
made by any of the four enumerated sources and incorporated into the
Covered List should be interpreted broadly.
In proposing in the NPRM to require applicants for equipment
certification to attest that the subject equipment is ``not'' covered,
the Commission recognized the importance of providing guidance to
applicants, TCBs, and other interested parties. In particular, the
Commission proposed to direct Commission staff (OET, working with
PSHSB, WCB, IB, and EB) to develop pre-approval guidance or other
guidance to assist in implementing the Commission's prohibition on
authorization of ``covered'' equipment. Here, the Commission provides
guidance to Commission staff as well as applicants, TCBs, and other
interested parties regarding the administration and implementation of
the prohibition of the authorization of ``covered'' equipment through
the attestation process, the TCBs' assessment, and the Commission in
its implementation and monitoring of the equipment authorization
process to ensure that ``covered'' equipment is not authorized for
marketing or sale.
For purposes of the implementation of the equipment authorization
program, the Commission interprets the terms ``telecommunications
equipment'' and ``video surveillance equipment'' broadly to ensure that
equipment that could pose an unacceptable risk is not authorized, in
keeping with the Commission's proposal and its acknowledgement in the
Secure Equipment Act of 2021. As discussed below, the Commission
delegates to OET and PSHSB, working with other bureaus/offices as
appropriate, the authority to provide additional clarity with regard to
the scope of covered equipment for purposes of the Commission's
equipment authorization program, to make such information on the
Commission's website, and to revise that information as appropriate.
The Commission underscores the importance for each applicant seeking
authorization of equipment to exercise due diligence in preparing and
submitting its attestation that the subject equipment for which it
seeks authorization for market or sale is not ``covered.'' At the time
of the filing of its application for certification of equipment, each
applicant must have reviewed the Commission rules and guidance set
forth on its web page, and have determined through due diligence that
the subject equipment in its application for certification is not
``covered.'' As discussed above, false statements or representations
that the subject equipment is ``not'' covered will result in denial of
an application or revocation of the equipment authorization and
potentially additional enforcement action.
As noted in the NPRM, the Commission authorizes a wide array of
equipment. Under existing rules for certification, such equipment
includes base stations, transmitters associated with various licensed
services (including mobile phones, land mobile radios), Wi-Fi access
points and routers, home cable set-top boxes with Wi-Fi, laptops,
intelligent home devices, and various wireless consumer equipment.
Equipment that is subject to authorization under existing SDoC
procedures includes certain microwave and broadcast transmitters,
certain private land mobile equipment, certain equipment for unlicensed
use (e.g., business routers, internet routers, firewalls, internet
appliances, surveillance cameras, business servers, and certain ISM
equipment).
In addition to providing guidance clarifying the nature of
``telecommunications equipment'' and ``video surveillance equipment,''
the Commission also discusses the scope of the prohibition with regard
to authorization of Hytera, Hikvision, and Dahua ``telecommunications
equipment'' and ``video surveillance equipment.'' Pursuant to the
determination made by Congress under section 889(f)(3)(B), and as
identified on the Covered List, such equipment produced by these
entities is ``covered'' ``for purposes of public safety, security of
government facilities, physical security surveillance of critical
infrastructure, and other national security purposes.''
Telecommunications equipment. Considering the importance of
prohibiting authorization of ``covered'' equipment that poses an
unacceptable risk to national security, the Commission interprets
``telecommunications equipment'' broadly for purposes of the
Commission's equipment authorization program. This approach is
consistent with the Commission's earlier decisions that broadly define
``communications equipment'' under the Secure Networks Act. It also
accords with congressional intent in the Secure Equipment Act of 2021.
In particular, the Commission interprets ``telecommunications
equipment'' as broadly as it previously defined ``communications
equipment.'' Under the approach adopted here, ``telecommunications
equipment'' means any equipment used in fixed or mobile networks that
provides advanced communications service, provided the equipment
includes or uses electronic components, as defined under Sec.
1.50001(c). Further, taking into consideration the definition of
``advanced communications service'' under Sec. 1.50001(a), this would
encompass any equipment that can be used in such a fixed or mobile
broadband network to enable users to originate and receive high quality
voice, data, graphics, and video telecommunications using technology
with connection speeds of at least 200 kbps in either direction. By
taking this broad approach, the Commission brings within the scope of
the prohibition a wide range of communications equipment that are used
within broadband networks. The Commission's goal in adopting this
definition is to provide clear guidance that promotes regulatory
compliance and administrability, as well as regulatory certainty.
The Commission rejects the contention that ``telecommunications
equipment'' under the Secure Networks Act must necessarily exclude all
CPE
[[Page 7612]]
equipment or IoT equipment, or that ``telecommunications equipment''
under the Secure Networks Act should be defined in the same manner as
the term ``telecommunications equipment'' is defined under the
Communications Act. In interpreting and broadly defining
``communications equipment'' under the Secure Networks Act, the
Commission indicated its concern, consistent with congressional intent,
that the Commission protects against the use of insecure equipment in
advanced communications services, and it did not indicate an intent to
exclude all CPE or IoT equipment from the scope of ``covered''
equipment under the Act. Nor was there any indication by Congress, when
adopting section 889(f)(3) as part of the NDAA of 2019 regarding
prohibitions on federal agencies' procurement of ``telecommunications
equipment'' (or ``video surveillance equipment'') that the term
``telecommunications equipment'' in the NDAA was to be narrowly defined
and limited to ``telecommunications equipment'' as defined in the
Communications Act or used by the Commission in certain Commission-
focused contexts. As Motorola points out, the NDAA involves a different
statutory scheme. As the courts have repeatedly recognized, Congress
may have intended to accord different scope to the same language used
in different statutes, depending upon the context and purpose of the
statutory scheme. Indeed, the Commission notes that the federal
agencies' own procurement rules, whose national security purposes are
much more relevant here, define ``telecommunications'' broadly as ``the
transmission, emission, or reception of signals, signs, writing,
images, sounds, or intelligence of any nature, by cable, satellite,
fiber optics, laser, radio, or other electronic, electric,
electromagnetic, or acoustically coupled means;'' those rules further
define ``telecommunications services'' as meaning ``the services
acquired, whether by lease or by contract, to meet the Government's
telecommunications needs,'' including ``the equipment necessary to
provide such services'' (emphasis added). Considering the Commission's
goal of eliminating future authorization of ``covered'' equipment that
poses an unacceptable risk to national security, the Commission does
not interpret the scope of ``covered'' equipment narrowly because a
limited view of what constitutes insecure equipment would potentially
result in an unacceptable risk to national security and would be
inconsistent with the broader definition used by federal agencies
implementing the section 889 prohibition on federal agency procurement
of ``telecommunications equipment.''
The Commission also notes, for instance, that pursuant to section 5
of the Secure Networks Act, the Commission requires that advanced
communications service providers submit annual reports certifying
whether they had purchased, leased, rented, or otherwise obtained
``covered'' equipment after August 18, 2018. The Commission directed
the Office of Economics and Analytics (OEA) to administer this data
collection, and in doing so it issued guidance (``Supply Chain Annual
Reporting 2022 Filing Instructions'') to define the information that
advanced service providers were required to file and to act as a guide
to assist filers with submitting the necessary information. Pursuant to
these instructions, advanced service providers are required to submit
information on ``covered'' equipment that is in different layers of
their networks, including in the ``access layer,'' the ``distribution
layer,'' and the ``core layer.'' ``Access layer'' equipment is
equipment associated with providing and controlling end-user access to
the network over the ``last mile,'' ``local loop,'' or ``to the home''
(e.g., optical terminal line equipment, optical distribution network
devices, customer premises equipment (to the extent owned by the
advanced services provider), coaxial media converters, wavelength-
division multiplexing (WDM) and optical transporting networking (OTN)
equipment, and wireless local area network (WLAN) equipment).
``Distribution equipment'' includes middle mile, backhaul, and radio
area network (RAN) equipment (e.g., routers, switches, network security
equipment, WDN and OTN equipment, and small cells). ``Core layer''
equipment is associated with the backbone infrastructure (e.g., optical
networking equipment, WDN and OTN, microwave equipment, antennas, RAN
core, Cloud core, fiber, and data transmission equipment). The
Commission affirms the broad approach taken by OEA in implementing the
annual reporting requirement on ``covered'' equipment--including its
specific inclusion of ``access layer,'' ``distribution layer,'' and
``core layer'' equipment in networks providing advanced communications
services as falling within the scope of what constitutes ``covered''
equipment under the Secure Networks Act.
Because of the wide array and variety of devices in the
marketplace, the Commission cannot in this document identify all of the
categories or types of equipment that would constitute
``telecommunications equipment.'' The Commission nonetheless proffers
some additional clarity consistent with the broad definition of
``telecommunications equipment'' for purposes of implementing the
prohibition on authorization of ``covered'' equipment in this
proceeding.
Huawei and ZTE each produce, among other things, different types of
equipment that requires certification, including base stations, cell
phone and smart phone handsets, tablets, and routers that operate under
particular rules for licensed services (e.g., part 22, 24, 27, 90, 96)
as well as various unlicensed devices, including Wi-Fi routers. Hytera
produces, among other things, base station units and repeaters, as well
as trunking systems PLMR/DLMR handsets and two-way radios, which
operate under various rules for licensed services (e.g., part 22, 24,
80, 90, 95). Hytera representatives assert not only that Hytera
equipment is not ``covered'' because it is ``peripheral'' equipment or
CPE, but also contend generally that Hytera equipment is not
``telecommunications equipment'' or ``covered communications
equipment'' because it is generally not interconnected to a fixed or
mobile broadband network (although its notes that a small subset of
handsets (e.g., PowerTrunk TETRA) is so designed). As noted above,
Hikvision and Dahua representatives also each generally assert the
company does not produce any ``telecommunications equipment,'' and
argue that no CPE and IoT can be deemed such equipment. Hikvision USA
further asserts that, while Hikvision does produce U-NII router
equipment for unlicensed use, such equipment is not ``covered'' because
it is CPE and is within an end-user's internal enterprise network on
the user's side of the gateway router and therefore not broadband
equipment.
Whether particular equipment is covered telecommunications
equipment will turn on applying the Commission's interpretation of what
constitutes such equipment. As discussed, the Commission believes that
Congress intended to take a broad view of what constitutes ``covered''
``telecommunications equipment'' for purposes of the prohibition on
future equipment authorizations. Accordingly, the Commission concludes
not only that the types of ``telecommunications equipment''
specifically identified in the Supply Chain Annual Reporting 2022
Filing Instructions are ``covered''
[[Page 7613]]
for the purposes of this proceeding, including equipment such as
cellular base stations, backhaul, and core network equipment, but the
Commission also clarifies that handsets designed for operation over
fixed or mobile networks providing advanced communications services
also are ``covered.'' The Commission makes this decision recognizing
that handsets generally, as well as many CPE and IoT devices, meet the
broad definition the Commission adopted insofar as these devices
incorporate electronic components, could enable users to originate and
receive high quality voice, data, graphics, and video
telecommunications with connection speeds of at least 200 kbps in
either direction, and may be the end points of most broadband networks
which makes them part of the network. The Commission disagrees with
Hikvision USA's suggestion that the Commission has already concluded in
the Supply Chain 3rd R&O that handsets, CPE, and IoT necessarily are
not ``covered'' equipment when it observed that handsets and other CPE
including IoT used by end users are different from cell sites, backhaul
and core network equipment and then declined to require that such
equipment be removed, replaced, and reimbursed under the Reimbursement
Program. That observation only addressed what equipment would be
eligible for reimbursement under the Reimbursement Program, and was not
intended to define the nature of what equipment should be considered
``covered.'' As Motorola rightly notes, and as the Commission point
about above, that proceeding limited the scope of the Reimbursement
Program to a subset of the Covered List, and the equipment and services
on the Covered List was not at issue. In the Commission's equipment
authorization program, the Commission is not concerned with the
Reimbursement Program but instead is focused on preventing future
authorization of equipment that could pose an unacceptable risk to
national security or the security and safety of U.S. persons. The
Commission concludes that handset equipment designed for operation over
broadband networks and that enable users to originate and receive high
quality voice, data, graphics, and video telecommunications with
connection speeds of at least 200 kbps in either direction fall within
the broad scope of the Commission's interpretation of
``telecommunications equipment'' and is ``covered.'' Accordingly, the
Commission notes that Huawei and ZTE handsets, and Hytera handsets to
the extent designed to operate over broadband networks, are
``covered.'' The Commission also notes that this approach fully accords
with congressional intent in the Secure Equipment Act, in which
Congress sought to ensure that the Commission not approve devices that
pose a national security risk and that equipment for which public
funding was prohibited because it poses an unacceptable risk also
should be addressed in the equipment authorization program. As for
other CPE or IoT devices, whether particular equipment is ``covered''
will depend on whether it meets the requirements for ``covered''
equipment discussed above. These terms have been defined by industry in
a variety of ways and contexts, and could include a wide range of
equipment and technologies that may connect to the internet or other
broadband networks without any specific regard as to whether the
equipment would meet the requirements of ``covered'' communications
equipment under the Secure Networks Act as interpreted by the
Commission (e.g., enable users to originate high quality voice, data,
graphics, and video telecommunications with connection speeds of at
least 200 kbps in either direction).
Because the Commission authorizes a wide range of equipment, and
because additional clarification on ``covered'' equipment may be
needed, the Commission delegates to OET and PSHSB, working with WTB,
IB, WCB, EB, and OGC, as appropriate, to develop and finalize
additional clarifications as needed to inform applicants for equipment
authorization, TCBs, and other interested parties with more specificity
and detail on the categories, types, and characteristics of equipment
that constitutes ``telecommunications equipment'' for purposes of the
prohibition on future authorization of ``covered'' equipment identified
on the Covered List. As the Commission notes above, federal agencies
are actively engaged in prohibiting procurement of ``covered''
equipment, including ``telecommunications equipment'' as defined by
section 889(f)(3) of the 2019 NDAA. As OET and PSHSB develop more
detailed guidance for purposes of the prohibition in the equipment
authorization program, they may also review efforts from other federal
agencies, such as the General Services Administration's efforts in its
implementation of the procurement prohibition and the types of
``telecommunications equipment'' that constitute such ``covered''
equipment, the Federal Acquisition Security Council, the Department of
Homeland Security's Information and Communications Supply Chain Risk
Management Task Force, or other federal efforts, if those efforts are
relevant to development of the guidance.
The Commission further directs OET and PSHSB to issue future
clarifications in a Public Notice, and to post these clarifications on
the Commission's website for ready access by all interested parties.
This guidance will serve as a reference for applicants and other
stakeholders to provide consistency and clarity for purposes of
complying with the Commission's rules prohibiting authorization of
``covered'' equipment. OET and PSHSB are further directed to provide
updated clarifications as appropriate, which could be further informed
by information provided by interested parties. The Commission is also
requiring that a Public Notice be issued with any updates to the
guidance, along with an updated website. This guidance also can be used
to assist TCBs in their assessments of equipment authorization
applications to help preclude authorization of any ``covered''
equipment.
Video surveillance equipment. As with ``telecommunications
equipment,'' considering the importance of prohibiting authorization of
``covered'' equipment that poses an unacceptable risk to national
security, the Commission broadly interprets ``video surveillance
equipment'' under the Secure Networks Act and section 889(f)(3) of the
2019 NDAA for purposes of the Commission's equipment authorization
program. As discussed above, taking a broad approach to defining
``covered'' equipment also is consistent with the Commission's earlier
decisions defining ``covered'' equipment broadly under the Secure
Networks Act, and is in accord with congressional intent set forth in
the Secure Equipment Act.
In particular, the Commission interprets ``video surveillance
equipment'' consistent with the definition in the Commission's rules
concerning ``communications equipment'' under the Secure Networks Act,
to include any equipment that is used in fixed and mobile networks that
provides advanced communications service in the form of a video
surveillance service, provided the equipment includes or uses
electronic components. In keeping with the definition of ``advanced
communications service,'' the Commission intends with this definition
[[Page 7614]]
to encompass all equipment that is designed and capable for use for
purposes of enabling users to originate and receive high-quality video
telecommunications service using any technology with connection speeds
of at least 200 kbps in either direction.
As discussed, Hikvision and Dahua each produce a wide range of
products that are associated with video surveillance capabilities,
including cameras, video recorders, and network storage devices.
Although Hytera asserts that it does not produce any video surveillance
equipment, the Commission notes that, among other things, it
manufactures ``body-worn camera'' equipment. In their submissions,
Hikvision and Dahua representatives each contend that its video
surveillance equipment is ``peripheral'' or CPE, and hence not
``covered.'' The Commission rejects that view altogether, particularly
given that section 889(f)(3) specifically discusses ``video
surveillance equipment'' as ``covered,'' which reflects Congress's
clear intent that video surveillance equipment can pose an unacceptable
risk to national security. Hikvision and Dahua representatives also
contend their respective video surveillance equipment is not
``covered'' because the equipment does not require connection to the
internet (an end user's choice); Hikvision USA does acknowledge,
however, that some of its video surveillance equipment (HikConnect)
does require internet connection, and that in any event its equipment
poses no danger because it is secure. Dahua USA contends, among other
things, that its digital video recorders, network video recorders, data
storage devices, and video surveillance servers should not be deemed
``covered.'' IPVM asserts that most video surveillance equipment today
has internet connectivity as a widely-demanded feature, and notes in
particular that Hikvision surveillance cameras are generally marketed
as internet-protocol (IP) cameras that are designed and marketed for
use connected to internet. IPVM also disagrees with Dahua USA's
contention that video recorders are not ``covered'' as ``video
surveillance equipment,'' and generally contends broadly that Hikvision
and Dahua equipment poses a threat to the American public. Given the
concerns Congress raised about the potential risks to national security
associated with such video surveillance capabilities, the Commission
believes it intended to take the broad view on what constitutes video
surveillance equipment, and concludes that it includes not only
surveillance cameras, but also video surveillance equipment associated
with video surveillance services that make use of broadband
capabilities, such as video recorders, video surveillance servers, and
video surveillance data storage devices. The Commission makes this
determination recognizing that these devices are capable of storing and
sharing their content over broadband networks and thus being connect to
the network, they become part of the network. The Commission also
concludes that Hytera equipment that includes capabilities associate
with video surveillance service, such as ``body cams,'' which are
generally designed to connect to the internet, also is ``video
surveillance equipment'' that is ``covered.''
As with ``telecommunications equipment,'' the Commission delegates
to OET and PSHSB, working with WTB, IB, WCB, EB, and OGC, as
appropriate, to develop and finalize additional guidance to inform
applicants for equipment authorization, TCBs, and other interested
parties in more specificity and detail, information on the categories,
types, and characteristics of equipment that constitutes ``video
surveillance equipment.'' As OET and PSHSB develop further
clarification, the Commission authorizes them also to review efforts
from other federal agencies, such as the General Services
Administration's efforts in its implementation of the procurement
prohibition and the types of ``video surveillance equipment'' that
constitute such ``covered'' equipment under section 889(f)(3), the
Federal Acquisition Security Council, the Department of Homeland
Security's Information and Communications Supply Chain Risk Management
Task Force, or other federal efforts, if those efforts are relevant to
development of further clarification on what constitutes ``covered''
equipment.
For the purpose of public safety, security of government
facilities, physical security surveillance of critical infrastructure,
and other national security purposes. Pursuant to the Secure Networks
Act and section 889(f)(3)(B) of the NDAA of 2019, the Commission is
prohibiting, as ``covered'' equipment, the authorization of any
``telecommunications equipment'' or ``video surveillance equipment''
produced by Hytera, Hikvision, and Dahua (or their subsidiaries and
affiliates) ``[f]or the purpose of public safety, security of
government facilities, physical security surveillance of critical
infrastructure, and other national security purposes.'' As with
``telecommunications equipment'' and ``video surveillance equipment,''
the Commission interprets the scope of this section 889(f)(3)(B)
prohibition broadly given the importance of preventing ``covered''
equipment from being made available for prohibited uses that would pose
an unacceptable risk to national security or the security of U.S.
persons.
In particular, the Commission construes the scope of elements
associated with these purposes--public safety, government facilities,
critical infrastructure, and national security--broadly with respect to
the implementation in the Commission's equipment authorization program
of the prohibition concerning ``covered'' Hytera, Hikvision, and Dahua
equipment pursuant to the Secure Networks Act and section 889(f)(3)(B)
of the 2019 NDAA. The Commission interprets the phrase ``[f]or the
purpose of public safety, security of government facilities, physical
security surveillance of critical infrastructure, and other national
security purposes'' broadly, i.e., as having broad scope with respect
to any prohibition relating to covered communications equipment. Terms
comprising this phrase--public safety, government facilities, critical
infrastructure, and national security--are each construed broadly in
order to prohibit authorization of equipment that poses an unacceptable
risk to national security of the United States or to the security or
safety of U.S. persons. The Commission discusses each of these terms
below, and how the Commission broadly construes them consistent with
the Secure Networks Act, section 889(f)(B) of the NDAA, and the
Commission's goals in this proceeding to protect national security and
the security and safety of U.S. persons.
With respect to ``public safety,'' the Commission finds that this
includes services provided by state or local government entities, or
services by non-governmental agencies authorized by a governmental
entity if their primary mission is the provision of services, that
protect the safety of life, health, and property, including but not
limited to police, fire, and emergency medical services. For purposes
of implementing the Secure Networks Act and the Secure Equipment Act,
the Commission interprets public safety broadly to encompass the
services provided by federal law enforcement and professional security
services, where the primary mission is the provision of services, that
protect the safety of life, health, and property. The Commission
believes that this best fulfills Congress' intent with respect to the
scope of public safety as that term is used in section 889(f)(3) in
connection with
[[Page 7615]]
``covered'' Hytera, Hikvision, and Dahua equipment and the other terms
in that section.
With respect to the term ``government facilities,'' the Commission
finds instructive the Cybersecurity and Infrastructure Security
Agency's (CISA) view of what constitutes the government facilities
sector. According to CISA, the government facilities sector includes
``a wide variety of buildings, located in the United States and
overseas, that are owned or leased by federal, state, local, and tribal
governments.'' In addition to facilities that are open to the public,
CISA notes that others ``are not open to the public [and] contain
highly sensitive information, materials, processes, and equipment,''
and that these facilities include and are not limited to ``general-use
office buildings and special-use military installations, embassies,
courthouses, national laboratories, and structures that may house
critical equipment, systems, networks, and functions.'' CISA also notes
that ``[i]n addition to physical structures, the sector includes cyber
elements that contribute to the protection of sector assets (e.g.,
access control systems and closed-circuit television systems) as well
as individuals who perform essential functions or possess tactical,
operational, or strategic knowledge.'' The Commission believes that
this description provides ample guidance for purposes of what
constitutes ``government facilities'' for implementation of the
prohibition that the Commission adopts in this proceeding.
With regard to scope of ``critical infrastructure'' and the
prohibition that the Commission is adopting in this proceeding, the
Commission applies the meaning provided in section 1016(e) of the USA
Patriot Act of 2001, namely, ``systems and assets, whether physical or
virtual, so vital to the United States that the incapacity or
destruction of such systems and assets would have a debilitating impact
on security, national economic security, national public health or
safety, or any combination of those matters.'' Presidential Policy
Directive 21 (PPD-21) identifies sixteen critical infrastructure
sectors: chemical, commercial facilities, communications, critical
manufacturing, dams, defense industrial base, emergency services,
energy, financial services, food and agriculture, government
facilities, health care and public health, information technology,
nuclear reactors/materials/waste, transportation systems, and water/
waste water systems. In this connection, CISA, through the National
Risk Management Center (NRMC), published a set of 55 National Critical
Functions (NCFs) to guide national risk management efforts. The CISA/
NRMC guide defines ``critical infrastructure'' similar to how that term
is defined in the USA Patriot Act. Specifically, it defines the NCFs as
``functions of government and the private sector so vital to the United
States that their disruption, corruption, or dysfunction would have a
debilitating effect on security, national economic security, national
public health or safety, or any combination thereof.'' For purposes of
implementing the rules the Commission adopted, the Commission finds
that any systems or assets, physical or virtual, connected to the
sixteen critical infrastructure sectors identified in PPD-21 or the 55
NCFs identified in CISA/NRMC could reasonably be considered ``critical
infrastructure.''
As for ``national security,'' for purposes of this proceeding, the
Commission interprets this term broadly as encompassing a variety of
high-profile assets involving government, commercial, and military
assets. In this connection, the Commission notes that section 709(6) of
the Intelligence Authorization Act for Fiscal Year 2001, provides that
``'national security' means the national defense or foreign relations
of the United States.'' Accordingly, the Commission will rely on this
definition for guidance.
The Commission delegates to OET and PSHSB, working with WTB, IB,
WCB, EB, and OGC, as appropriate, to develop further clarifications to
inform applicants for equipment authorization, TCBs, and other
interested parties with more specificity and detail. As the Commission
develops more detailed guidance, the Commission authorizes OET and
PSHSB also to review efforts from and coordinate as necessary with the
Commission's federal partners, such as but not limited to the
Department of Justice, Department of Commerce, Department of Homeland
Security, and Federal Bureau of Investigation.
Declaratory ruling. To the extent an interested party may seek to
clarify whether particular equipment is ``covered'' for purposes of the
equipment authorization prohibition, it can bring a request for
declaratory ruling before the Commission. The Commission, in its 2020
Supply Chain 2nd R&O, similarly noted that any interested party that
may seek to clarify whether a specific piece of equipment is included
as ``covered'' on the Covered List could seek a declaratory ruling. At
the same time, the Commission notes again that it has no discretion to
reverse or modify determinations from the four enumerated sources under
the Secure Networks Act that are responsible for those determinations,
which the Commission must accept and include on the Covered List as
provided, and that should a party seek to reverse or modify any such
determination, it should petition the source of the determination.
Moreover, the seeking of clarification by any party does not entitle
such party to any presumption, nor is it the basis for arguing, that
specific equipment is not ``covered,'' absent additional clarification
from the Commission. The Commission delegates to OET and PSHSB
authority to issue such declaratory rulings consistent with principle
of broad interpretation of terms given the importance of preventing
``covered'' equipment from being made available for prohibited uses
that would pose an unacceptable risk to national security or the
security of U.S. persons, as illustrated above.
5. Future Updates on ``Covered'' Equipment and the Covered List
As noted, the Commission anticipates that the Covered List, which
was most recently updated and published on September 20, 2022, will
continue to be revised in the future based on further determinations
about communications equipment made by any one of the four enumerated
sources that are identified in section 2(c) of the Secure Networks Act.
As discussed above, to date, the only determination that specifically
concerns communications equipment is that made under section 2(c)(3) of
the Secure Networks Act, specifically the determination made by
Congress in section 889(f) of the 2019 NDAA. Future determinations
concerning communications equipment could involve determinations by any
of the other three enumerated sources as specified under the Secure
Networks Act--per section 2(c)(1), ``[a] specific determination made by
any executive branch interagency body with appropriate national
security expertise, per including the Federal Acquisition Security
Council established under section 1322(a) of title 41, United States
Code; per section 2(c)(2), ``[a] specific determination made by the
Department of Commerce pursuant to Executive Order No. 13873 (84 FR
22689; relating to securing the information and communications
technology and services supply chain)''; and per section 2(c)(4), ``[a]
specific determination made by an appropriate national security
agency.''
As noted above, the Commission is required to monitor the status of
determinations in order to update the Covered List by modifying,
adding, or removing ``covered'' equipment on the Covered List, pursuant
to Sec. 1.50003.
[[Page 7616]]
Under the rules adopted in the Report and Order, the Commission will no
longer authorize for marketing or sale equipment that has been placed
on the Covered List, as that list evolves.
The Commission guidance provided in this document, along with the
delegation of authority directing OET and PSHSB to publish and maintain
information on the Commission's website concerning ``covered''
equipment should serve to enable implementation of updates concerning
equipment that are placed on the Covered List. The Commission notes,
for instance, that a new determination might modify the ``covered''
equipment on the Covered List only with regard to adding or removing
the named entities that produce equipment that poses an unacceptable
risk to national security. If so, then the guidance on the Commission's
website can readily by updated on delegated authority and the added
equipment will be prohibited in the Commission's equipment
authorization program. The Commission recognizes, however, that a
future determination by one of the four enumerated sources that results
in an updated Covered List with respect to new types of equipment that
pose an unacceptable risk potentially could require further
consideration on delegated authority, consistent with the approach
discussed above; if so, the Commission directs OET and PSHSB to so
indicate through Public Notice, including discussion of the process by
which the guidance will be developed and provided.
D. Other Issues
1. Cost-Effectiveness and Economic Impact
In the NPRM, the Commission stated that its proposed revisions to
the Commission's equipment authorization rules and processes to
prohibit authorization of ``covered'' equipment that had been
determined by any one of the four enumerated source outside of the
Commission as posing an unacceptable risk to national security would
not be subject to a conventional cost-benefit analysis. The Commission
stated that because it has no discretion to ignore these
determinations, a conventional cost-benefit analysis--which would seek
to determine whether the costs of the proposed actions would exceed the
benefits--is not directly called for. Instead, the Commission stated
that it would consider whether its actions would be ``a cost
effective'' means to prevent this dangerous equipment from being
introduced into the Commission's nation's communications networks, and
sought comment on the Commission's proposed revisions to the equipment
authorization rules and procedures.
The Commission recognizes that adopting a prohibition on the
authorization of ``covered'' equipment may result in economic impacts
on entities directly or indirectly associated with the ``covered''
equipment identified on the Covered List. However, as the Commission
notes above, the rules adopted in the Report and Order regarding future
authorizations of ``covered'' equipment are mandated by the Secure
Equipment Act, requiring that the Commission will not approve any
application for equipment authorization for equipment that is on the
Covered List. The equipment included on the Covered List was determined
by other expert agencies as posing an unacceptable risk to national
security. As noted in the NPRM, because the Commission has no
discretion to ignore the congressional mandates and other expert
agencies' determinations, the Commission finds that a full cost-benefit
analysis is not required with respect to the actions that the
Commission is taking in this proceeding. Moreover, as the Commission
explains below, it finds that the rules that the Commission adopted are
a cost-effective approach to carry out the requirements of the Secure
Equipment Act.
Certification rules and procedures. The Commission finds that the
revision of Sec. 2.911 requiring that applicants for equipment
authorizations in the certification process attest that their equipment
is not ``covered'' equipment on the Covered List while also indicating
whether they are any entity identified on the Covered List, coupled
with procedures for revocation for false statements or representations
made in the application for certification, is a reasonable and cost-
effective method to ensure that ``covered'' equipment is not certified.
Because the attestation requirement is general, rather than a specific
provision that directly relates to the equipment identified on the
current Covered List, the Commission believes that most applicants will
rely on boilerplate language that, once incorporated for a single
certification, will be of negligible cost for an applicant to include
in future applications. The Commission expects that the procedures for
revocation for false statements or misrepresentations will deter most
applicants from false attestations because of the cost that revocation
would impose on an applicant. Moreover, the Commission notes that the
attestation requirement that the Commission is adopting is more cost
effective than an alternative approach, such as a verification process
whereby a third party would confirm that equipment being certified is
not on the Covered List; that type of third party verification would be
substantially more costly to applicants and would likely slow
innovation. The Commission believes that the costs it's imposing are
reasonable in light of the national security goals.
Similarly, the Commission finds that requiring that each applicant
for equipment certification designate a contact in the United States to
act as an agent for service of process is reasonable and cost
effective. No commenters raised concerns about the cost-effectiveness
of this approach. As discussed above, the Commission has encountered
difficulties in achieving service of process for enforcement matters
involving foreign-based equipment manufacturers, and this helps ensure
that the attestation requirement and other requirements associated with
the prohibitions on ``covered'' equipment are enforceable.
SDoC rules. In light of the Commission's limited direct involvement
in the SDoC process, the Commission finds that the rule prohibiting any
of the entities (or their respective subsidiaries or affiliates)
specified on the Covered List from using the SDoC process to authorize
any equipment is a reasonable, cost-effective approach to safeguard
national security. Because these entities or their subsidiaries or
affiliates may produce ``covered'' equipment that poses an unacceptable
risk to national security, even if these entities provide assurance
that their equipment not included on the Covered List complies with
appropriate technical standards, the Commission cannot be confident
that such equipment does not pose a risk to national security.
Directing all equipment authorization applications produced by entities
named on the Covered List through the certification process, coupled
with the Commission's revisions to the SDoC attestation requirements,
will allow appropriate scrutiny and oversight by the Commission to
ensure consistent application of the Commission's prohibition on
further equipment authorization of ``covered'' equipment.
The Commission also concludes that adopting, as proposed, the
requirement that all responsible parties seeking to utilize the SDoC
process attest that the subject equipment is not produced by any
entities (or their respective subsidiaries or affiliates) identified on
the Covered List is a reasonable and
[[Page 7617]]
cost-effective means of ensuring that any equipment produced by those
entities, instead is processed through the equipment certification
process. The Commission finds this attestation requirement provides an
appropriate means to ensuring that the SDoC process cannot be used to
evade the Commission's restriction on use of the SDoC process (and
instead require certification) with regard to entities that produce
``covered'' equipment.
The adopted rules associated with the SDoC process are narrowly
tailored and a cost-effective means of achieving the Commission's
overarching national security goals in this proceeding. They also are
more cost-effective than other alternatives, such as changing the
general rules by, for instance, requiring a registry or a central
database specific to entities on the Covered List or setting up a novel
verification process for such entities. The Commission's existing
certification rules and procedures already encompass such means of
verification without creating the need to design a new system to
mitigate national security risk. Because the Commission's prohibition
applies to subsidiaries and affiliates, when combined with the
attestation requirement for responsible parties it will incentivize
domestic importers who serve as responsible parties to take the
straightforward steps to ensure that equipment produced by entities
that produce ``covered'' equipment are processed in a consistent
fashion pursuant to the certification process. This will substantially
reduce the cost of enforcing the Commission's prohibition on
importation and marketing of equipment on the Covered List.
2. Constitutional Claims
The Commission is unpersuaded by certain constitutional objections
raised by Huawei Cos., Hikvision USA, and Dahua USA. Consequently,
these arguments provide no basis for undercutting the Commission's
decision to adopt new equipment authorization rules in the Report and
Order.
a. Bill of Attainder
The Commission rejects the claims of Huawei Cos., Hikvision USA,
and Dahua USA that denying equipment authorizations for equipment on
the Covered List would represent an unconstitutional bill of attainder.
The Supreme Court has identified three elements of an unconstitutional
bill of attainder: (1) ``specification of the affected persons,'' (2)
``punishment,'' and (3) ``lack of a judicial trial.'' The Commission
finds the showings in the record regarding the first and second
elements inadequate here.
As a threshold matter, the Commission clarifies the framing of the
Commission's bill of attainder analysis in light of the different
formulations of those arguments employed by commenters. Depending in
part on whether commenters raised their bill of attainder concerns
before or after the enactment of the Secure Equipment Act, those
arguments focused variously on: section 889 of the 2019 NDAA (which
provided one of the four triggers for inclusion on the Covered List
under the Secure Networks Act); the Secure Equipment Act (which
directed the Commission to enact rules clarifying that it would not
issue equipment authorizations for equipment on the Covered List
published by the Commission under the Secure Networks Act); or the new
Commission rules themselves.
Because it is the Secure Equipment Act that ultimately directs the
Commission to enact rules yielding the results that are the focus of
commenters' bill of attainder concerns, the Commission frames the bill
of attainder analysis in terms of that statute. Nonetheless, the
Commission makes clear that the analysis below provides sufficient
grounds to reject commenters' bill of attainder arguments however they
are framed or viewed.
The Commission rejects claims that the Secure Equipment Act is an
unconstitutional bill of attainder for a number of independent reasons.
For one, it is not clear that the constitutional prohibition on bills
of attainder protects corporations, as opposed to individuals. To the
extent that it does not protect corporations, its protections would be
unavailable to the commenters that raised bill of attainder concerns
here. Even if the constitutional prohibition on bills of attainder does
protect corporations, however, courts have recognized that ``it is
obvious that there are differences between a corporation and an
individual under the law,'' and as a result ``any analogy between prior
[bill of attainder] cases that have involved individuals and [cases]
involv[ing] a corporation, must necessarily take into account this
difference.'' At a minimum, then, the distinction between corporations
and individuals informs the Commission's analysis below.
The ``specification'' criteria. In significant part, the Secure
Equipment Act also does not involve a specification of the affected
persons as necessary to constitute a bill of attainder. Although
initial iterations of the Covered List--identifying the equipment,
products, and services of certain specified companies--had been
published by the time the Secure Equipment Act was enacted, the Covered
List required by the Secure Networks Act was designed to evolve over
time, expanding or contracting based on the four statutory triggers for
inclusion on that list. Thus, the Commission is not persuaded that the
specificity prong would be satisfied by the existence of the Covered
List at the time of the Secure Equipment Act's enactment.
Nor do most of the Secure Networks Act's triggers for inclusion on
the Covered List represent a ``specification'' of affected persons for
bill of attainder purposes. The first, second, and fourth triggers
under the Secure Networks Act each turn on future ``specific
determination[s]'' by relevant executive agencies and neither
specifically identify companies or individuals by name, nor rely on a
framework where the potentially-covered class ultimately subject to
inclusion on the Covered List could be easily identified at the time
the Secure Equipment Act was enacted. Nor do those triggers turn on
past conduct defining the affected individual or group in terms of
``irrevocable acts committed by them.'' Consequently, the Commission
concludes that those triggers do not satisfy the ``specification''
prong of the bill of attainder analysis. Admittedly, aspects of the
trigger based on section 889(f)(3) of the 2019 NDAA do rely on certain
classes of products and services from specifically-identified
companies. But the Secure Network Act's triggers do not otherwise
identify the entities or individuals with products or services
potentially subject to inclusion on the Covered List by name or in a
manner that would render the covered class easily ascertainable when
the Secure Equipment Act was enacted.
Aspects of the section 889-based trigger also do not appear to
satisfy the ``specification'' criteria. For example, in addition to
applying to certain classes of equipment and services from
specifically-identified companies, section 889(f)(3) of the 2019 NDAA
also covers ``[t]elecommunications or video surveillance equipment or
services produced or provided by an entity that the Secretary of
Defense, in consultation with the Director of the National Intelligence
or the Director of the Federal Bureau of Investigation, reasonably
believes to be an entity owned or controlled by, or otherwise connected
to, the government of a covered foreign country.'' Whatever individual
companies might know or suspect about themselves, the Commission is not
persuaded that the
[[Page 7618]]
class of companies potentially covered by that criteria would have been
easily ascertainable to Congress at the time of the Secure Equipment
Act's enactment. Nor is the Commission persuaded that ownership by, or
connection with, the Chinese government, even if existing at a given
point in time, are irrevocable acts that could not be altered in the
future thereby affecting whether given companies were potentially
implicated by that trigger.
The ``punishment'' criteria. Even to the extent that the Secure
Equipment Act meets the ``specification'' prong, the Commission is not
persuaded that the denial of equipment certification represents a
``punishment'' under bill of attainder clause precedent. A
``punishment,'' in this context, is not merely a burden. To determine
whether a statute imposes punishment for purposes of the bill of
attainder clause, courts look to: ``(1) whether the challenged statute
falls within the historical meaning of legislative punishment; (2)
whether the statute, viewed in terms of the type and severity of
burdens imposed, reasonably can be said to further nonpunitive
legislative purposes; and (3) whether the legislative record evinces a
congressional intent to punish.'' While courts weigh these factors
together, ``the second factor--the so-called `functional test'--
invariably appears to be the most important.'' Even where a statute
imposes a sanction falling within the historical meaning of punishment
under the first factor, it is not a bill of attainder if it
``reasonably can be said to further nonpunitive legislative purposes''
under the second factor and the legislative record does not contain
```smoking gun' evidence of punitive intent'' under the third.
The party challenging a statute on attainder grounds bears the
burden to ``establish that the legislature's action constituted
punishment and not merely the legitimate regulation of conduct.'' And
because statutes are ``presumed constitutional,'' ``only the clearest
proof [will] suffice'' to invalidate a statute as a bill of attainder.
The record here falls far short of the required showing.
With respect to the historical test regarding punishment, Hikvision
USA and Dahua USA contend that denial of equipment authorization for
equipment on the Covered List resembles ``an employment bar,
banishment, and a badge of infamy.'' The Commission finds these
comparisons unpersuasive. For one, ``[b]ecause human beings and
corporate entities are so dissimilar,'' any analogy between the acts at
issue in the employment bar cases and the restriction on equipment
authorization under the Secure Equipment Act is ``strained at best.''
That distinction is important given the rationales underlying prior
employment bar decisions. The Supreme Court extended ``punishment'' to
include employment bars, in part, because the restrictions at issue
``violated the fundamental guarantees of political and religious
freedom.'' The record does not reveal such concerns here.
While there is some retrospective aspect of section 889--namely,
that there needed to be a basis to create the terms of the statute--
that is common. Generally, all statutes have prospective and
retrospective bases. But the focus of punishment in the bill of
attainder context is a determination of past wrongdoing and sanctioning
that conduct. That is what is missing from section 889 and that is what
distinguishes section 889 from functionally appearing punitive. Thus,
the fact that section 889 does not serve as a trial-like adjudication
with a retrospective focus supports the Government's assertion that
section 889 is a nonpunitive statute. But the analysis does not end
here.''
Rather than representing something akin to an employment bar, the
Commission finds the limitations much more analogous to line-of-
business restrictions, which precedent commonly does not treat as
imposing a punishment. Companies with equipment on the covered list
remain free to manufacture, import, and market equipment that does not
require equipment authorization from the Commission, for example, and
the Secure Equipment Act also does not prohibit companies' business
activities not involving the United States. Thus, unlike the statutes
at issue in the employment bar cases, the Secure Equipment Act does not
prevent companies with equipment on the Covered List from engaging in
their chosen businesses in those respects.
The Commission also rejects claims that the limitations on
Commission-issued equipment authorizations resemble banishment.
Banishment, or exile, is the ``[c]ompelled removal or banishment from
one's native country.'' It has ``traditionally been associated with
deprivation of citizenship, and does more than merely restrict one's
freedom to go or remain where others have the right to be: it often
works a destruction of one's social, cultural, and political
existence.'' Claims of banishment therefore typically arise in cases
involving denaturalization, denationalization, and deportation
proceedings. In light of this context, it is questionable whether
ba
[…truncated; see source link]Indexed from Federal Register on February 6, 2023.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.