Rule2025-14970
Promoting the Integrity and Security of Telecommunications Certification Bodies, Measurement Facilities, and the Equipment Authorization Program
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
August 7, 2025
Effective
September 8, 2025
Issuing agencies
Federal Communications Commission
Abstract
In this document, the Federal Communications Commission (Commission or FCC) requires all recognized telecommunication certification bodies (TCBs), test labs, and laboratory accreditation bodies to certify to the Commission that they are not owned by, controlled by, or subject to the direction of a prohibited entity and to report all equity or voting interests of 5% or greater by any entity. The FCC also amends it rules to state that it will not recognize--and will revoke any existing recognition of--any TCB, test lab, or laboratory accreditation body that fails to provide, or that provides a false or inaccurate, certification; or that fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater. The FCC prohibits recognition of any TCB, test lab, or laboratory accreditation body owned by, controlled by, or subject to the direction of a prohibited entity, and prohibits such TCBs, test labs, and laboratory accreditation bodies from participating in the Commission's equipment authorization program, not only with regard to the equipment certification process but also the Supplier's Declaration of Conformity (SDoC) process.
Full Text
<html>
<head>
<title>Federal Register, Volume 90 Issue 150 (Thursday, August 7, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 150 (Thursday, August 7, 2025)]
[Rules and Regulations]
[Pages 38045-38071]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-14970]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Parts 2 and 15
[ET Docket No. 24-136; FCC 25-27; FR ID 305703]
Promoting the Integrity and Security of Telecommunications
Certification Bodies, Measurement Facilities, and the Equipment
Authorization Program
AGENCY: Federal Communications Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Communications Commission
(Commission or FCC) requires all recognized telecommunication
certification bodies (TCBs), test labs, and laboratory accreditation
bodies to certify to the Commission that they are not owned by,
controlled by, or subject to the direction of a prohibited entity and
to report all equity or voting interests of 5% or greater by any
entity. The FCC also amends it rules to state that it will not
recognize--and will revoke any existing recognition of--any TCB, test
lab, or laboratory accreditation body that fails to provide, or that
provides a false or inaccurate, certification; or that fails to
provide, or provides false or inaccurate, information regarding equity
or voting interests of 5% or greater. The FCC prohibits recognition of
any TCB, test lab, or laboratory accreditation body owned by,
controlled by, or subject to the direction of a prohibited entity, and
prohibits such TCBs, test labs, and laboratory accreditation bodies
from participating in the Commission's equipment authorization program,
not only with regard to the equipment certification process but also
the Supplier's Declaration of Conformity (SDoC) process.
DATES: Effective September 8, 2025, except for amendatory instructions
4, 8, 9, 10, 12, 15, 16, 18, 20, 22, 23, and 24 which are delayed
indefinitely. The Federal Communications Commission will publish a
document in the Federal Register announcing the effective date. The
incorporation by reference of certain material listed in the rule is
approved by the Director of the Federal Register as of September 8,
2025. The incorporation by reference of certain other material listed
in the rule was approved by the Director of the Federal Register as of
October 30, 2023.
FOR FURTHER INFORMATION CONTACT: Jamie Coleman of the Office of
Engineering and Technology, at <a href="/cdn-cgi/l/email-protection#6b210a06020e452804070e060a052b0d0808450c041d"><span class="__cf_email__" data-cfemail="1c567d717579325f737079717d725c7a7f7f327b736a">[email protected]</span></a> or 202-418-2705.
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report
and Order (Report and Order), in ET Docket No. 24-136, FCC 25-27,
adopted on May 22, 2025, and released on May 27, 2025. The full text of
this document is available for public inspection and can be downloaded
at <a href="https://docs.fcc.gov/public/attachments/FCC-25-27A1.pdf">https://docs.fcc.gov/public/attachments/FCC-25-27A1.pdf</a>. Alternative
formats are available for people with disabilities (Braille, large
print, electronic files, audio format) by sending an email to
<a href="/cdn-cgi/l/email-protection#adcbcece989d99edcbcece83cac2db"><span class="__cf_email__" data-cfemail="d4b2b7b7e1e4e094b2b7b7fab3bba2">[email protected]</span></a> or calling the Commission's Consumer and Governmental
Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).
Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980,
as amended (RFA), requires that an agency prepare a regulatory
flexibility analysis for notice-and-comment rulemaking, unless the
agency certifies that ``the rule will not, if promulgated, have a
significant economic impact on a substantial number of small
entities.'' Accordingly, the Commission has prepared a Final Regulatory
Flexibility Analysis (FRFA) concerning the possible impact of the rule
and policy changes contained in the Report and Order on small entities.
The FRFA is set
[[Page 38046]]
forth in Appendix C of the Report and Order.
Paperwork Reduction Act. This document contains proposed new or
modified information collection requirements subject to the Paperwork
Reduction Act of 1995 (PRA), Public Law 104-13. The Commission, as part
of its continuing effort to reduce paperwork burdens, invites the
general public and the Office of Management and Budget (OMB) to comment
on any information collection requirements contained in this document.
In addition, pursuant to the Small Business Paperwork Relief Act of
2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), we seek specific
comment on how we might ``further reduce the information collection
burden for small business concerns with fewer than 25 employees.''
Congressional Review Act. The Commission has determined, and the
Administrator of the Office of Information and Regulatory Affairs,
Office of Management and Budget, concurs, that this rule is ``non-
major'' under the Congressional Review Act, 5 U.S.C. 804(2). The
Commission will send a copy of this Report and Order and Further Notice
of Proposed Rulemaking to Congress and the Government Accountability
Office pursuant to 5 U.S.C. 801(a)(1)(A).
Synopsis
Introduction
The Commission adopts new rules to help ensure that the
telecommunication certification bodies (TCBs), measurement facilities
(test labs), and laboratory accreditation bodies that participate in
the FCC's equipment authorization program are not subject to ownership,
direction, or control by untrustworthy actors that pose a risk to
national security. The Commission previously established new equipment
authorization program rules that prohibit authorization of specified
equipment determined to pose an unacceptable risk to the national
security of the United States or the security and safety of United
States persons. It is incumbent on TCBs and test labs, to which certain
functions of the certification process--including the receipt and
maintenance of sensitive and proprietary information regarding
communications equipment--have been entrusted, to be vigilant and to
promote the integrity of the FCC's authorization procedures to help
protect our nation's supply chain against such unacceptable risk. In
light of these responsibilities and ongoing security risks, the
Commission strengthens its oversight of TCBs, test labs, and laboratory
accreditation bodies by adopting new rules that will help ensure the
integrity of these entities for purposes of the FCC's equipment
authorization program, promote national security, and advance the
Commission's comprehensive strategy to build a more secure and
resilient communications supply chain. The Commission finds that it is
critical for national security and the integrity of the supply chain
that it prohibit from recognition or participation in the equipment
authorization program TCBs, test labs, and laboratory accreditation
bodies that are owned by, controlled by, or subject to the direction of
a prohibited entity.
In defining the scope of the term ``prohibited entity,'' the
Commission relies on federal government agency determinations
identifying entities that pose national security threats. For purposes
of the Order, the term ``prohibited entity'' means any of the
following:
<bullet> Entities identified on the FCC's Covered List;
<bullet> Entities identified by any of the following sources:
<bullet> Department of Commerce Bureau of Industry and Security
(BIS) Entity List;
<bullet> BIS Military End-User List;
<bullet> Department of Homeland Security (DHS) Uyghur Forced Labor
Prevention Act (UFLPA) Entity List;
<bullet> Section 5949 of the James M. Inhofe National Defense
Authorization Act (NDAA) for Fiscal Year 2023 (Section 5949 List of
Semiconductor Companies);
<bullet> Department of Defense (DOD) 1260H list of Chinese Military
Companies (1260H List);
<bullet> Department of Treasury NS-CMIC List of Chinese military
companies (NS-CMIC List); and
<bullet> Entities identified as ``foreign adversaries'' by the
Department of Commerce.
The Commission will deem a TCB, test lab, or laboratory
accreditation body as ``owned by'' a prohibited entity when any such
prohibited entity, has, possesses, or otherwise controls an equity or
voting interest of 10% or more in the relevant TCB, test lab, or
laboratory accreditation body. The Commission also provides further
clarity on what it means for a TCB, test lab, or laboratory
accreditation body to be controlled by or subject to the direction of a
prohibited entity.
To help ensure that the Commission has the necessary information to
enforce this prohibition, the FCC expands its current reporting and
certification requirements. The Commission adopts a requirement for all
recognized TCBs, test labs, and laboratory accreditation bodies to
certify to the FCC, within 30 days after the effective date of the
rules, and thereafter with the request for recognition, that they are
not owned by, controlled by, or subject to the direction of a
prohibited entity. The Commission also adopts a requirement for all
recognized TCBs, test labs, and laboratory accreditation bodies to
report, within 90 days after the effective date of the rules, and
thereafter with the request for recognition, all equity or voting
interests of 5% or greater by any entity. The Commission also amends
its rules to state that it will not recognize--and will revoke any
existing recognition of--any TCB, test lab, or laboratory accreditation
body that fails to provide, or that provides a false or inaccurate,
certification; or that fails to provide, or provides false or
inaccurate, information regarding equity or voting interests of 5% or
greater.
In keeping with the new reporting requirements, the Commission also
clarifies the requirement that every entity specifically named on the
Covered List must provide to the Commission, pursuant to Sec.
2.903(b), information regarding all of its subsidiaries and affiliates,
not merely those that produce ``covered'' equipment. Each relevant
entity must provide this information no later than 30 days after the
effective date of this rule and thereafter in accordance with the
provisions of Sec. 2.903(b). The Commission makes a minor rule change
clarifying its process for withdrawing recognition from test labs and
laboratory accreditation bodies. The Commission also adopts several
additional rules to strengthen the integrity of TCBs and test labs
associated with its equipment authorization program.
Background
In the EA Integrity NPRM, the Commission sought to strengthen its
requirements for and oversight of FCC-recognized TCBs and test labs by
proposing new rules that would help ensure the integrity of these
entities for purposes of the equipment authorization program, better
protect national security, and advance the Commission's comprehensive
strategy to build a more secure and resilient supply chain. As the
Commission stated, it is vital to ensure that these TCBs and test labs
are not subject to control by foreign adversaries or other
untrustworthy actors that pose a risk to national security.
[[Page 38047]]
The Equipment Authorization Program
The Commission's equipment authorization program, codified in its
part 2 rules, plays a critical role in enabling the Commission to carry
out its responsibilities under the Communications Act of 1934, as
amended (the Act). Under section 302 of the Act, the Commission is
authorized to make reasonable regulations governing the interference
potential of equipment that emits radiofrequency (RF) energy and that
can cause harmful interference to radio communications; such
regulations are implemented through the equipment authorization
program. In addition, the equipment authorization program helps ensure
that communications equipment complies with certain other policy
objectives--which include protecting the communications networks and
supply chain from equipment that poses an unacceptable risk to national
security.
Under section 302a(e) of the Act, certain important
responsibilities have been delegated to TCBs and test labs with regard
to implementing its equipment authorization program. Specifically, TCBs
and test labs each play a role in ensuring that RF equipment complies
with Commission rules, which is required for such equipment to be
marketed in or imported to the United States. Test labs gather
radiofrequency measurement data and develop technical reports to
demonstrate subject equipment compliance with the Commission's
applicable technical rules to minimize the risk of harmful
interference, promote efficient use of spectrum, and advance other
technical policy goals, such as ensuring hearing aid compatibility and
controlling the environmental effects of RF radiation.
TCBs perform evaluation and review of application data, including
test reports, and make decisional determinations for certifications.
For all granted certification applications, the TCBs must send to the
Commission any test lab data and other information relied upon by the
TCB. This information is made publicly available on the FCC's website
upon grant of the equipment authorization. Commission rules also impose
certain obligations on each TCB to perform post-market surveillance,
based on ``type testing a certain number of samples of the total number
of product types'' that the TCB has certified. Accreditation bodies
conduct assessments to ensure that TCBs and test labs are competent and
capable of providing accurate and reliable certification and testing
services.
To be recognized for participation in the FCC's equipment
certification process, TCBs, test labs, and laboratory accreditation
bodies must meet certain criteria specified in its rules. TCBs must be
designated to issue grants of certification and must be located in the
United States or in countries that have entered into applicable mutual
recognition agreements (MRAs) with the United States. Currently, there
are 39 FCC-recognized TCBs, 23 of which are located in the United
States while the remaining 16 are located in seven MRA-partnered
countries. The Commission will withdraw recognition of a TCB if the
TCB's designation or accreditation is withdrawn, if the Commission
determines that there is ``just cause,'' or if the TCB requests that it
no longer hold its designation or recognition. The Commission's rules
also set forth specific procedures, including notification
requirements, that the Commission will follow if the Commission intends
to withdraw its recognition of a TCB.
Test lab recognition occurs based on current Commission rules
stating that if a test lab has been accredited for the appropriate
scope for the types of equipment that it will test, then it ``shall be
deemed competent to test and submit test data for equipment subject to
certification.'' Based on such accreditation, the Commission--namely,
the Chief Engineer, to whom recognition authority has been delegated--
makes determinations regarding the continued acceptability of
individual test labs. Test labs must be reassessed for accreditation
and recognition at least every two years. Approximately 75% of
certified devices are tested in recognized labs located in China.
The Commission recognizes four laboratory accreditation bodies in
the U.S. that can accredit test labs in the United States. For test
labs in countries with which the U.S. has entered into an MRA, the
Commission will consider for recognition an accredited laboratory that
has been designated by a foreign designating authority. Currently there
are 24 such FCC-recognized laboratory accreditation bodies outside the
United States, located in 23 different MRA-partnered countries. All
other test labs must be accredited by an organization recognized by the
Commission to perform test lab accreditations in non-MRA countries.
Currently, the Commission recognizes three such accrediting bodies.
Current rules do not preclude a laboratory accreditation body that is
not in an MRA-partnered country from submitting a request to be
recognized, but, to date, the FCC has not recognized any laboratory
accreditation body outside of an MRA-partnered country.
Recent Related Commission Action
The EA Security R&O and FNPRM. On November 11, 2022, the Commission
adopted the EA Security Report and Order, Order, and Further Notice of
Proposed Rulemaking (88 FR 7592; February 6, 2023). Specifically, the
Commission established several new rules to prohibit authorization of
equipment identified on the Commission's Covered List (covered
equipment) maintained pursuant to the Secure and Trusted Communications
Networks Act of 2019 (Secure Networks Act). The Covered List identifies
certain types of communications equipment produced by particular
entities as well as information security products and certain services
provided by various entities. This list is derived from specific
determinations made by sources enumerated in the Secure Networks Act,
including certain federal agencies and Congress, that certain equipment
or services pose an unacceptable risk to national security. The EA
Security R&O adopted several revisions to part 2 of the Commission's
rules concerning equipment authorization requirements and processes.
These revisions include requirements that, to help implement the
prohibition on authorization of any covered equipment, applicants
seeking equipment certification must make certain attestations about
the relevant equipment. These include attesting that the equipment is
not prohibited from receiving authorization and whether the applicant
is an entity identified on the Covered List as an entity producing
covered communications equipment. TCBs, pursuant to their
responsibilities as part of the Commission's equipment authorization
program, review the applications and must ensure that only applications
that meet all of the Commission's applicable technical and non-
technical requirements are ultimately granted, and that none of these
grants are for covered equipment.
In the EA Security R&O, the Commission, in affirming its authority
to prohibit authorization of communications equipment that had been
placed on the Covered List, noted that it has broad statutory
authority, under sections 302 and 303(e) of the Communications Act and
other statutory provisions, to take into account national security
concerns when promoting the public interest, including in its equipment
authorization program.
Evolving Risks Order and NPRM (88 FR 50486; August 1, 2023). Since
adopting the EA Security R&O, the
[[Page 38048]]
Commission has taken several additional steps to address evolving
national security concerns to protect the security of America's
critical communications networks and supply chains. In April 2023, in
the Evolving Risks Order and NPRM, the Commission required all
international section 214 authorization holders to respond to a one-
time information collection to update the Commission's records
regarding their foreign ownership, noting that ``the information will
assist the Commission in developing a timely and effective process for
prioritizing the review of international section 214 authorizations
that are most likely to raise national security, law enforcement,
foreign policy, and/or trade policy concerns.'' The Commission also
sought comment on further actions it could take to protect the nation's
telecommunications infrastructure from threats in an evolving national
security and law enforcement landscape by proposing comprehensive
changes to the Commission's rules that allow carriers to provide
international telecommunications service. The Commission proposed,
among other things, to adopt a renewal framework or, in the
alternative, a formalized periodic review process for all international
section 214 authorization holders. The Commission stated that, due to
the evolving national security and law enforcement concerns identified
in its recent proceedings to revoke the section 214 authorizations of
certain providers controlled by the Chinese government, a formalized
system of periodically reassessing international section 214
authorizations would better ensure that international section 214
authorizations, once granted, continue to serve the public interest.
In addition, in the Evolving Risks NPRM, the Commission proposed,
among other things, to prioritize the renewal applications or any
periodic review filings and deadlines based on, for example,
``reportable foreign ownership, including any reportable foreign
interest holder that is a citizen of a foreign adversary country,'' as
defined in the Department of Commerce's rule, 15 CFR 791.4. The
Commission also sought comment on whether to revise its ownership
reporting threshold, currently set at 10% or greater direct and
indirect equity and/or voting interests, to 5%, noting that the current
10% threshold may not capture all of the foreign interests that may
present national security, law enforcement, foreign policy, and/or
trade policy concerns in today's national security and law enforcement
environment. The Commission also proposed, among other things, to
require applicants to certify in their application whether they use
equipment or services identified on the Commission's Covered List.
Cybersecurity IoT Labeling R&O (89 FR 61242; July 30, 2024). On
March 14, 2024, the Commission adopted the Cybersecurity IoT Labeling
R&O to strengthen the nation's cybersecurity protections by adopting a
voluntary cybersecurity labeling program for wireless Internet of
Things (IoT) products. In that R&O, the Commission determined that
entities that are owned by, controlled by, or affiliated with ``foreign
adversaries,'' as defined by the Department of Commerce, should be
ineligible for purposes of the Commission's voluntary IoT Labeling
Program. The Commission also generally prohibited entities that produce
equipment on the Covered List, as well as entities named on the DOD's
list of Chinese military companies or the Department of Commerce's
Entity List, and entities suspended or debarred from receiving federal
procurements or financial awards, including all entities and
individuals published as ineligible for award on the General Service
Administration's System for Award Management, from any participation in
the IoT Labeling Program. Also, the Commission specifically prohibited
any of these entities from serving as a Cybersecurity Label
Administrator or serving as a CyberLAB for testing products for
compliance with forthcoming cybersecurity technical standards. The
Commission concluded that these lists represent the determination of
relevant federal agencies that entities on these lists may pose a
national security threat within their respective areas, and that it is
not in the public interest to permit these entities to provide
assurance to the public that their IoT products meet the new
cybersecurity standards for obtaining the U.S. Cyber Trust Mark.
In the Submarine Cable Landing License NPRM (90 FR 12036; March 13,
2025), the Commission opened a proceeding to improve and streamline the
submarine landing license rules, seeking comment on how to facilitate
efficient deployment of submarine cables while ensuring the security,
resilience, and protection of this critical infrastructure. It noted
that, of the 84 licensed cables that currently are operating or planned
to enter service, three land in a ``foreign adversary'' country as
defined by the U.S. Department of Commerce rules and, according to the
Commission's records, nine licensees of submarine cables have direct or
indirect interest holders that include the Chinese government or an
entity with a place of organization in China.
The Commission, among other things, sought comment on whether to
preclude the grant of a cable landing license application filed by any
applicant that: (1) is directly and/or indirectly owned or controlled
by, or subject to the influence of a government organization of a
foreign adversary country, as defined under 15 CFR 791.4; (2) is
directly and/or indirectly owned or controlled by, or subject to the
influence of an individual or entity that has a citizenship(s) or
place(s) of organization in a foreign adversary country; (3) is
directly and/or indirectly owned or controlled by, or subject to the
influence of an individual or entity on the Commission's Covered List;
and/or (4) is using or will use equipment or services identified on the
Commission's Covered List in the proposed submarine cable
infrastructure.
The Commission also proposed, among other things, to prioritize the
filing and review of periodic ownership reports and related submarine
cable system information for submarine cable systems that: (1) have a
licensee that is directly or indirectly wholly or partially owned by a
government of, or other entities with a place of organization in, a
``foreign adversary'' country, as defined in the Department of
Commerce's rule, 15 CFR 791.4; (2) have a licensee with a place of
organization in a ``foreign adversary'' country; or (3) land in a
``foreign adversary'' country.
The Commission also sought comment on whether it should prohibit
cable landing licensees from entering into arrangements for
Indefeasible Rights of Use or leases for capacity on submarine cables
landing in the United States, with any entity that has a citizenship(s)
or place(s) of organization in a ``foreign adversary'' country, as
defined under 15 CFR 791.4. It sought comment on whether it should
prohibit cable landing licensees from entering into such arrangements
with any entity that is directly and/or indirectly owned or controlled
by, or subject to the influence of, (1) a government organization of a
foreign adversary country, and/or (2) any individual or entity that has
a citizenship(s) or place(s) of organization in a ``foreign adversary''
country, as defined under 15 CFR 791.4. Additionally, it sought comment
on whether to adopt rules that prohibit cable landing licensees from
landing a cable licensed by the Commission in certain locations, such
as landing points in a ``foreign
[[Page 38049]]
adversary'' country, as defined under 15 CFR 791.4.
The EA Integrity NPRM
On May 23, 2024, the Commission adopted the EA Integrity NPRM (89
FR 55530; July 5, 2024), in which it proposed measures to strengthen
the requirements for and oversight of TCBs and test labs to help ensure
the integrity of these entities for purposes of the equipment
authorization program, better protect national security, and help build
a more secure and resilient communications supply chain. The Commission
explained that, in light of the new national security-related
responsibilities on TCBs and test labs, and their ongoing
responsibilities to receive and maintain sensitive and proprietary
information regarding communications equipment, among other reasons, it
is vital to ensure that TCBs and test labs are not subject to influence
or control by untrustworthy actors that pose a risk to national
security.
First, the Commission proposed to prohibit any TCB or test lab in
which an entity identified on the Covered List has, possesses, or
otherwise controls an equity or voting interest of 10% or more from
being recognized by the FCC or participating in the FCC's equipment
authorization program. Second, the Commission proposed prohibiting the
use of, or reliance on, any TCB or test lab for equipment authorization
if any entity listed on the Covered List holds, possesses, or otherwise
controls an equity or voting interest of 10% or more. Third, the
Commission sought comment on prohibiting recognition of any TCB or test
lab owned or controlled by a foreign adversary or any other entity that
has been found to pose a risk to national security. To that end, the
Commission sought comment on whether and how the FCC should consider
national security determinations made in other federal agency lists in
establishing eligibility qualifications for Commission recognition of a
TCB or a test lab in the equipment authorization program. Fourth, to
help ensure that the Commission has the information required to enforce
any requirements adopted in the proceeding, the FCC proposed new
certification, recordkeeping, and reporting obligations for TCBs and
test labs, including requiring TCBs and test labs to certify that no
entity identified on the Covered List has, possesses, or otherwise
controls an equity or voting interest of 10% or more in the TCB or test
lab, and to produce documentation identifying any entity that has,
possesses, or otherwise controls an equity or voting interest of 5% or
more in the TCB or test lab. The Commission also sought comment on
other revisions or clarifications to its rules to implement this
requirement. Finally, the Commission sought comment on various related
matters regarding implementation of the proposed prohibition and the
equipment authorization program generally. Namely, the Commission
sought comment regarding whether to revise its rules, policies, or
guidance regarding post-market surveillance, accreditation and
reassessment of TCBs, recognition and withdrawal of recognition of
TCBs, transparency for test labs, accreditation of test labs,
recognition and withdrawal of recognition of test labs, and whether to
require the use of accredited, FCC-recognized test labs in the SDoC
process. In particular, in light of the goals of the proceeding, the
Commission sought comment on potential revisions to the rules governing
TCB and laboratory accrediting bodies.
In response to the NPRM, the Commission received 10 comments and
two reply comments. Some commenters generally supported the goal of the
Commission to ensure the integrity of entities that participate in its
equipment authorization program and found the Commission's proposals to
be reasonable and important to promoting national security, while
others generally supported the Commission's goals but expressed
concerns with certain aspects of its proposals or contended that no
changes to the equipment authorization program are needed. Some advised
that any action the Commission takes should be designed so as not to
cause disruption or delay in the equipment authorization process and to
the FCC's supply chains, and suggest alternative actions the Commission
could take that those commenters believe would be less disruptive.
Report and Order
In the Report and Order, the Commission adopts revisions to its
rules designed to promote the integrity of the FCC's equipment
authorization program and ensure that it serves the Commission's goal
of protecting its communications equipment supply chain from entities
posing unacceptable risks to national security. The Commission
recognizes that the benefits of protecting U.S. national security, law
enforcement, foreign policy, and trade policy interests are difficult
to quantify in monetary terms. The difficulty in quantifying these
benefits does not, however, diminish their importance. The Commission
previously has found that ``a foreign adversary's access to American
communications networks could result in hostile actions to disrupt and
surveil its communications networks, impacting the nation's economy
generally and online commerce specifically, and result in the breach of
confidential data.'' Given that the national gross domestic product was
over $29 trillion in 2024, the digital economy accounted for
approximately 16% of its economy, and the volume of international trade
for the United States (exports and imports) was $7.3 trillion in 2024,
even a temporary disruption in communications could cause millions of
dollars in economic losses. The harms by foreign adversaries or other
untrustworthy actors thus could be significant, causing disruption to
the U.S. economy, residential and government communications, and
critical infrastructure.
Through the Commission's equipment authorization process, third
party entities are tasked with various responsibilities to ensure that
RF devices comply with FCC rules. Specifically, equipment for which an
authorization is sought is provided to a test lab to gather
radiofrequency measurement data and develop technical reports to
demonstrate device compliance with the Commission's applicable rules.
For devices for which equipment certification is sought (as opposed to
SDoC), TCBs perform evaluation and review of those test reports along
with other application data, and make decisional determinations for
certifications. The Commission has a process, known as ``recognition,''
for ensuring that accredited TCBs and test labs, and the laboratory
accreditation bodies, meet the necessary qualifications for
participation in the FCC's equipment authorization program.
The Commission finds that excluding from participation in its
equipment authorization program entities that threaten to undermine
national security is necessary to effectively promote the integrity of
the FCC's equipment authorization program and to protect national
security interests. To implement this finding, the Commission takes
several actions to ensure the integrity of those entities the FCC
recognizes for participation in its equipment authorization program or
upon which entities seeking authorization may rely. First, the
Commission identifies, pursuant to federal agency or congressional
determinations, a class of ``prohibited entities'' that pose national
security threats and therefore could adversely affect the
trustworthiness of, or
[[Page 38050]]
otherwise undermine the public's confidence in, a TCB, test lab, or
laboratory accreditation body that is owned by, controlled by, or
subject to the direction of a prohibited entity. Second, the Commission
prohibits from participation in its equipment authorization process,
any TCB, test lab, or laboratory accreditation body that is owned by,
controlled by, or subject to the direction of a prohibited entity. This
includes a prohibition on the reliance on or use of, for purposes of
equipment authorization, any such TCB or test lab, for both
certification and supplier's declaration of conformity (SDoC). Third,
the Commission explains that it will consider a TCB, test lab, or
laboratory accreditation body as ``owned by'' a prohibited entity when
a prohibited entity has, possesses, or otherwise controls an equity or
voting interest of 10% or more in the TCB, test lab, or laboratory
accreditation body. The Commission also provides clarification on what
it means for a TCB, test lab, or laboratory accreditation body to be
controlled by, or subject to the direction of, a prohibited entity.
Fourth, the Commission adopts expanded reporting requirements to
require that all TCBs, test labs, and laboratory accreditation bodies
seeking Commission recognition certifies to the Commission that they
are not owned by, controlled by, or subject to the direction of a
prohibited entity and report all equity or voting interests of 5% or
greater by any entity. The Commission will not recognize, and will
revoke recognition of, any TCB, test lab, or laboratory accreditation
body that fails to provide or provides false or inaccurate information
or certification. Finally, the Commission adopts a minor rule change
clarifying its process for withdrawing recognition from test labs and
laboratory accreditation bodies, and the Commission adopts other
revisions to its rules including related recordkeeping and reporting
obligations associated with the FCC's equipment authorization program
and non-substantive changes to remove repetition of requirements.
Identifying ``Prohibited Entities''
In the EA Integrity NPRM, the Commission proposed to not recognize
or permit reliance on TCBs, test labs, or their accrediting bodies, or
permit them to have any role in the FCC's equipment authorization
program, if they have sufficiently close ties with Covered List
entities. The Commission also sought comment on whether, and to what
extent, the Commission should apply its measures to other entities
identified by federal agencies or Congress that reflect expert
determinations about entities that pose national security concerns.
Specifically, the Commission sought comment on extending the proposed
prohibition to the entities identified pursuant to the following:
<bullet> Department of Commerce list of ``foreign adversary''
countries that identifies any foreign government or foreign non-
government person that the Secretary of Commerce has determined to have
engaged in a ``long-term pattern or serious instances of conduct
significantly adverse to the national security interest of the United
States or security and safety of United States persons;''
<bullet> DOD 1260H list of Chinese Military Companies;
<bullet> Department of Commerce Entity List;
<bullet> Department of Commerce Military End-User List;
<bullet> Non-Specially Designated Nationals Chinese Military-
Industrial Complex Companies List;
<bullet> FY2023 NDAA section 5949 list of semiconductor companies;
<bullet> Foreign entities of concern as defined by the CHIPS Act;
and
<bullet> Uyghur Forced Labor Prevention Act Entity List.
The Commission concludes that the integrity of its equipment
authorization program is more effectively ensured not only through the
exclusion of participation by entities identified on the Covered List,
but also the other entities as described herein that federal government
agencies or Congress have determined pose national security risks.
Collectively, the Commission will refer to these as ``prohibited
entities'' with regard to participation in the Commission's equipment
authorization program.
Entities Identified on the Covered List
The Covered List is derived from specific determinations made by
certain sources (particular federal agencies with national security
expertise and Congress) designated by the Secure Networks Act that
certain equipment or services produced or provided by a specified
entity poses an unacceptable risk to national security. In light of
these determinations from expert federal agencies and Congress about
the serious national security risks posed by equipment or services
produced or provided by entities identified on the Covered List, the
Commission concludes that it should not permit TCBs, test labs, or
laboratory accreditation bodies to have any role in its equipment
authorization program, if they have sufficiently close ties with
entities identified on the Covered List. This exclusion will help to
promote the integrity of the equipment authorization program and
protect the equipment supply chain from pre-authorization exposure to
entities that present national security concerns.
Other Entities That Raise National Security Concerns
The Covered List is only one source that identifies entities
presenting national security concerns that have potential to compromise
the integrity of the equipment authorization program. Several federal
agencies with particular national security responsibilities--including
two agencies that also serve as sources of determinations for the
Covered List--develop or maintain lists that identify entities,
companies, persons, and other parties that they have determined raise
national security concerns. Congress has done similarly in legislation.
The Commission finds that to help ensure the integrity of entities that
play a role in its equipment authorization program, to promote national
security, and to advance the Commission's comprehensive strategy to
build a more secure and resilient communications supply chain, the
Commission should not limit its definition of ``prohibited entities''
to entities identified on the Covered List, but also address entities
that federal agencies have determined raise similar national security
concerns.
The Commission's conclusion to include entities identified by
federal agencies as posing unacceptable risks to national security in
addition to those on the Covered List is supported by the Heritage
Foundation and the Foundation for Defense of Democracies (FDD) (two
Washington, DC think tanks with national security expertise). Heritage
stated that ``it would be prudent for the Commission to consult other
agencies that maintain lists of known entities that present national
security risks to the U.S.'' In fact, Heritage encouraged the
Commission to go even further and consider extending the prohibition to
any foreign adversary-linked entity. FDD similarly encouraged the
Commission to extend its prohibition to ``entities not only listed on
the FCC's Covered List, but also those subject to the jurisdiction,
direction, or control of a foreign adversary, consistent with federal
definitions under the Committee on Foreign Investment in the United
States.'' According to FDD, ``[g]iven the PRC's current regulatory
environment, including national security laws that coerce corporate
cooperation with state intelligence objectives, firms operating under
PRC jurisdiction cannot credibly demonstrate operational independence
[[Page 38051]]
from the Chinese government. This presents a material compliance and
reputational risk to U.S. markets. Therefore, all PRC-based or PRC-
controlled entities must be assumed to be under state influence.''
Additionally, DOJ strongly supports ``the FCC considering eligibility
restrictions based on determinations made by Executive Branch agencies
regarding entities that pose national security risks. This whole-of-
government approach leverages specialized expertise across the federal
enterprise to identify and mitigate evolving threats. For example, it
is essential that the FCC utilizes other lists developed by Executive
Branch agencies that reflect expert determinations about entities that
pose national security concerns, rather than relying solely on the
FCC's Covered List.'' The Commission seeks comment on a similar
proposal in the Further Notice of Proposed Rulemaking (FNPRM) portion
of the proceeding, relying instead on the Department of Commerce's
definition of foreign adversary.
Conversely, the China-based Telecommunication Terminal Industry
Forum Association (TAF) argued that the Commission's current
regulations in this area are ``sufficiently strict,'' and that the
Commission should not rely on lists from other U.S. government
agencies, and instead, use these lists ``as background references for
the FCC when considering the covered list.'' The Commission disagrees
and finds unpersuasive TAF's argument that these other federal agency
lists ``are established for different regulatory purposes.'' The
Commission also rejects TAF's argument that referencing other lists and
determinations would ``contravene the spirit of the [World Trade
Organization Agreement on Technical Barriers to Trade]'' and ``increase
the costs for telecommunications equipment manufacturers, ultimately
driving up the final prices of electronic consumer products in the
U.S.'' The Commission finds that prohibiting entities that have been
determined to pose risks to U.S. national security is not an
unnecessary or arbitrary barrier to trade, but instead serves to
promote public confidence in the integrity of the FCC's equipment
authorization process and helps protect U.S. communications networks by
addressing these national security concerns. The Commission also finds
that any potential increased costs are outweighed by the substantial
benefit to enhancing national security.
Each of the entities on the lists that the Commission discusses in
the Order has been determined by either Congress or a federal agency to
raise national security concerns and has been blocked from accessing
certain aspects of the U.S. supply chain, thereby addressing concerns
similar to those that the FCC seeks to address today to protect the
integrity of its equipment authorization program. Moreover, many of the
same agencies that Congress directed to serve as sources of
determinations for inclusion on the Covered List are the sources of
determination for entities on these other lists. The Commission finds
that permitting such entities to participate in its equipment
authorization program as TCBs, test labs, or laboratory accreditation
bodies would adversely affect the trustworthiness of, or otherwise
undermine the public's confidence in, the equipment authorization
program, and would be inconsistent with U.S. national security
interests.
For these and the other reasons discussed in the Order, the
Commission finds that, in addition to the entities identified on the
Covered List, it is incumbent upon us to also address, with regard to
the equipment authorization program, other entities deemed by federal
agencies to pose risks to national security as follows:
<bullet> Entities identified by any of the following sources:
<bullet> Department of Commerce Bureau of Industry and Security
(BIS) Entity List (BIS Entity List);
<bullet> BIS Military End-User List;
<bullet> Department of Homeland Security (DHS) Uyghur Forced Labor
Prevention Act (UFLPA) Entity List;
<bullet> Section 5949 of the James M. Inhofe National Defense
Authorization Act (NDAA) for Fiscal Year 2023 (Section 5949 List of
Semiconductor Companies);
<bullet> Department of Defense (DOD) 1260H list of Chinese Military
Companies;
<bullet> Department of Treasury NS-CMIC List of Chinese military
companies; and
<bullet> Entities identified as ``foreign adversaries'' by the
Department of Commerce, including governments.
Department of Commerce BIS Entity List. ``The [BIS] Entity List . .
. identifies persons or addresses of persons reasonably believed to be
involved, or to pose a significant risk of being or becoming involved,
in activities contrary to the national security or foreign policy
interests of the United States'' as determined by an End-User Review
Committee consisting of various federal national security agencies. The
BIS Entity List in part seeks to ensure that sensitive technologies do
not fall into the hands of known threats. The Commission concludes that
these entities, which federal agencies found to, at the very least,
``pose a significant risk'' of activities threatening American national
security or foreign policy interests, present the same concerns with
regard to the integrity of the equipment authorization program. Seeing
as U.S. persons are generally prohibited from providing unlicensed
exports, re-exports, or transfers (in-country) of certain commodities,
software, and technology subject to BIS jurisdiction to entities on the
BIS Entity List, the Commission finds it particularly risky for such
entities to be closely associated with the review and approval of
communications devices (with all the components therein) for the U.S.
market--if these entities should not be allowed access to sensitive
technologies after they are on the market, they similarly should not be
allowed access before they are on the market through the equipment
authorization program. This conclusion is consistent with the
Commission's action in the Cybersecurity IoT Labeling R&O (89 FR 61242;
July, 30, 2024), which prohibited entities named on the BIS Entity List
from having their products receive a U.S. Cyber Trust Mark label or
from serving as Cybersecurity Label Administrator or other lab
participating in the labelling program.
Commerce Department BIS Military End-User List. The Military End-
User List consists of entities subject to heightened export controls
because the End-User Review Committee determined that ``exports,
reexports, or transfers . . . to that entity represent an unacceptable
risk of use in or diversion to a `military end use' in Belarus, Burma,
Cambodia, China, Nicaragua, the Russian Federation, or Venezuela, or
for a Belarusian, Burmese, Cambodian, Chinese, Nicaraguan, Russian, or
Venezuelan `military end user,' wherever located.'' The Commission
finds that the national security risks presented by these foreign
military-associated entities in terms of export activities are
applicable to the FCC's obligation to ensure the integrity of its
equipment authorization program, which is an integral step in the
importation and marketing of devices in the U.S.
DHS Uyghur Forced Labor Prevention Act Entity List. Section 2 of
the UFLPA requires reporting a list of entities found to be involved in
forced labor in the Xinjiang region of China, which the Department of
Homeland Security posts on its website. The Commission received no
comments on this specific list, but Heritage did urge the
[[Page 38052]]
Commission to consider forced labor practices in China and noted that
broadening the sources used to make determinations about recognition of
test labs might remove from recognition consideration labs using forced
labor or committing other human rights abuses. Federal agencies have
found the entities listed on the UFLPA Entity List to be involved in
forced labor, and goods that are manufactured wholly or in part by such
entities are prohibited from U.S. importation. Because goods
manufactured by these entities are prohibited from U.S. importation,
the Commission finds that it would not be in the public interest or
consistent with the integrity and security of the equipment
authorization testing program for these entities to play a role in the
equipment authorization program, particularly in such a way that
contributes to ensuring compliance to the FCC's rules of equipment that
must be authorized to be imported.
Section 5949 List of Semiconductor Companies. Section 5949 of the
James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal
Year 2023 prohibits Executive Branch agencies from procuring,
obtaining, or contracting with entities to obtain any electronic parts,
products, or services that include a semiconductor, a semiconductor
product, or a product that incorporates semiconductor products designed
or produced by Semiconductor Manufacturing International Corporation,
ChangXin Memory Technologies, Yangtze Memory Technologies Corp, or any
subsidiary, affiliate, or successor of such entities; or any such
product produced by an entity determined by designated sources. The FCC
finds that Congress's determination that these entities were not to be
trusted to provide semiconductor products and services to ``Federal
systems'' and were a threat in the ``supply chains of Federal
contractors and subcontractors'' is strong evidence that the Commission
should address the threat such entities present to ensuring the
integrity and security of the equipment authorization program.
DOD 1260H List of Chinese Military Companies. Under section 1260H
of the FY 2021 NDAA, the Secretary of Defense is required to publicly
list entities that the Secretary has determined to be a ``Chinese
military company'' that is ``operating directly or indirectly in the
United States'' and is ``engaged in providing commercial services,
manufacturing, producing, or exporting.'' Effective June 30, 2026, DOD
is prohibited from entering into, renewing, or extending contracts for
goods, services, or technology with entities on the 1260H List or their
affiliates. Contracts with companies controlled by these listed
entities are also prohibited. Further, in 2027, DOD is prohibited from
entering into, renewing, or extending a contract for the procurement of
goods or services that include goods or services produced or developed
by an entity, or controlled by an entity, on the Section 1260H List.
The prohibitions do not extend to existing contracts or to contracts
for goods, services, or technology that provide a service that connects
to the facilities of a third party, including backhaul, roaming, or
interconnection arrangements. The Secretary of Defense may waive the
prohibition under certain circumstances.
The FCC concludes that, for the same reasons that these entities
are identified on the 1260 List, such companies present an unacceptable
risk to ensuring the integrity and security of the equipment
authorization testing program. This is consistent with the Commission's
action in the Cybersecurity IoT Labeling R&O, which prohibited entities
named on the DOD 1260H List from having their products receive a U.S.
Cyber Trust Mark label or from serving as Cybersecurity Label
Administrator or other lab participating in the labelling program.
Department of Treasury NS-CMIC List of Chinese Military Companies.
The NS-CMIC List, maintained by the Department of Treasury, consists of
persons found to ``operate or have operated in the defense and related
materiel sector or the surveillance technology sector of the economy of
the PRC'' and was created as part of an Executive Order to address
``the threat posed by the military-industrial complex of the People's
Republic of China (PRC) and its involvement in military, intelligence,
and security research and development programs, and weapons and related
equipment production under the PRC's Military-Civil Fusion strategy.''
This list is almost identical to the 1260H List. The FCC concludes that
the threat presented by such entities as determined by federal agencies
would apply in terms of its efforts to ensuring the integrity and
security of the equipment authorization program.
Foreign Adversary Governments and Persons. The Department of
Commerce has developed a list of ``foreign adversary'' governments and
persons, which includes ``any foreign government or foreign non-
government person determined by the Secretary [of Commerce] to have
engaged in a long-term pattern or serious instances of conduct
significantly adverse to the national security of the United States or
security and safety of United States persons.'' Currently, the list of
foreign adversaries consists of the People's Republic of China
(including the Hong Kong Special Administrative Region and the Macau
Special Administrative Region), Republic of Cuba, Islamic Republic of
Iran, Democratic People's Republic of North Korea, Russian Federation,
and the Venezuelan politician Nicolas Maduro.
The rules establishing the process for these determinations were
made pursuant to Executive Order 13873 of May 15, 2019, ``Securing the
Information and Communications Technology and Services Supply Chain.''
President Trump issued Executive Order 13873 in response to the
national emergency caused by the threat of foreign adversaries
exploiting vulnerabilities in information and communications technology
and services (ICTS). The same concerns that the Department of
Commerce's ICTS rules seek to address are also a key component of the
Commission's equipment authorization program; namely, the equipment
authorization program seeks to ensure the Commission protects the U.S.
communications networks and the supply chain from equipment that poses
an unacceptable risk to national security.
Moreover, the Secure Networks Act's definition of ``foreign
adversary'' is identical to the definition of ``foreign adversary'' as
used by the Department of Commerce in producing its list of foreign
adversaries. National Telecommunications and Information Administration
(NTIA), in a notice and request for public comment implementing these
provisions of the Secure Networks Act, treated the Department of
Commerce's list of foreign adversaries as ``foreign adversaries'' for
purposes of determining who is a ``trusted . . . provider of advanced
communications service or a supplier of communications equipment or
service'' under the Secure Networks Act. If Congress and NTIA
determined that entities subject to foreign adversaries' ownership or
control are not to be trusted to provide or supply communications
equipment or services, the Commission does not believe they should be
trusted to participate in the equipment authorization program, which
tests and reviews communications equipment.
The FCC's proposal to address participation by foreign adversaries
in the equipment authorization program is generally supported by
Heritage and FDD. And the Commission does not
[[Page 38053]]
agree that application of the foreign adversary list is
``discriminatory,'' as TAF contends, given that the list reflects
determinations by an expert agency that the entities listed have
engaged in a ``long-term pattern or serious instances of conduct
significantly adverse to the national security interest of the United
States or security and safety of United States persons.''
The Commission finds that its efforts to ensure the integrity and
security of the equipment authorization program could be hindered by
the participation of entities determined to have engaged in a long-term
pattern or serious instances of conduct significantly adverse to the
national security of the United States or security and safety of United
States persons. These findings are consistent with the Commission's
actions in other proceedings. For example, in the Cybersecurity IoT
Labeling R&O, the Commission relied on the foreign adversary list as a
disqualifier from receiving a U.S. Cyber Trust Mark label or from
serving as Cybersecurity Label Administrator or other lab participating
in the labelling program. Additionally, in the Evolving Risks Order and
NPRM, the Commission proposed to rely on the Department of Commerce's
definition of foreign adversary in its proposal to prioritize the
renewal applications or any periodic review filings and deadlines based
on, for example, ``reportable foreign ownership, including any
reportable foreign interest holder that is a citizen of a foreign
adversary country.''
CHIPS Act. At this time, the FCC declines to extend the definition
of prohibited entity to any ``foreign entity of concern'' as defined by
the CHIPS Act, because this definition extends to entities subject to
the ``jurisdiction'' of specified countries. The FCC interprets this
definition as potentially applicable to a broader range of entities
than those owned by, controlled by, or subject to the direction of
certain entities, and thereby more broadly applicable than anticipated
in the EA Integrity NPRM. So, the FCC seeks further comment on adopting
this definition, as discussed in the FNPRM portion of the proceeding.
The FCC also declines at this time to extend the prohibition in this
R&O to several other federal agency-developed and statutory ``lists''
of entities of concern both because the record on these lists is not
developed and because the alignment between the policy goals underlying
those lists and the integrity and security of the equipment
authorization testing program is not as obvious, and seeks further
comment in the FNPRM.
Preventing Prohibited Entities From Participating in the Equipment
Authorization Program
Recognizing the importance of ensuring that the TCBs and test labs
that review equipment for importation and marketing in the U.S., and
the entities that accredit test labs, are themselves trustworthy
actors, and to complement the FCC's efforts to ensure the security of
the supply chain, the Commission takes steps to remove from
participation in its equipment authorization program entities that have
been determined to pose unacceptable risks to the national security of
the United States based on a number of sources (i.e., prohibited
entities). The Commission adopts its proposals in the EA Integrity NPRM
to: (1) prohibit from recognition by the Commission and participation
in the FCC's equipment authorization program any TCB, test lab, or
laboratory accreditation body owned by, controlled by, or subject to
the direction of a prohibited entity; and (2) prohibit reliance on or
use of, for purposes of equipment authorization, any TCB or test lab
owned by, controlled by, or subject to the direction of a prohibited
entity. By adopting these prohibitions, the FCC takes a significant
step in addressing the risks posed by these actors to U.S. national
security in the communications equipment supply chain.
The restriction on entities that present national security concerns
is rooted in longstanding legislative and regulatory efforts aimed at
safeguarding U.S. national security, economic interests, and
technological leadership, which have consistently recognized the risks
posed by foreign adversaries. These efforts have consistently targeted
the same foreign adversaries (or a subset thereof) designated as such
by the Department of Commerce and treated as ``prohibited entities'' in
the rules the FCC adopts today. These efforts include actions to
safeguard military operations, protect U.S. supply chains against
foreign adversaries exploiting vulnerabilities in key industries, and
federal restrictions on adversarial access to sensitive data and
emerging technologies that have been implemented to address
cybersecurity, research security, and otherwise protect national
security. In February of this year, President Trump issued a memorandum
announcing the America First Investment Policy which, among other
things, states that ``[e]conomic security is national security,''
discusses the need to limit certain investments in strategic sectors by
the same six foreign adversaries as identified in the Department of
Commerce's rules, and singles out China in particular for its nefarious
exploitation of U.S. open capital markets to gain access to U.S.
strategic technology and critical infrastructure. Taken together, these
measures reflect an ongoing, bipartisan effort to mitigate foreign
adversary involvement in U.S. economic and technological supply chains
across multiple fronts over multiple Congresses and multiple
Presidential Administrations.
Contrary to TAF's assertion that accreditation according to
relevant ISO standards alone is sufficient to allow test lab
participation in the Commission's equipment authorization program, the
FCC believes that compliance with ISO standards should be a floor, not
a ceiling, for all equipment authorization participants. And, while
such compliance with generally universally-applied standards may be
necessary to ensure technical competency, it may not be sufficient.
Furthermore, the Commission believes that implementation of Congress's
instruction that the Commission ``may . . . establish such
qualifications and standards as it deems appropriate for such private
organizations, testing, and certification'' requires us to address
other concerns, such as protecting the supply chain from entities that
present national security concerns. In light of ongoing security risks,
the Commission must take measures to ensure that entities entrusted
with access to equipment, and related data, prior to authorization for
importing and marketing, as well as entities that assess the competence
of such, are not acting on behalf of foreign adversaries but instead
are operating consistent with their responsibilities to help ensure
that equipment that poses an unacceptable risk to national security is
kept out of our nation's supply chain, in addition to being technically
competent. In fact, the Secure Networks Act demonstrates Congress's
view that participants in the communications equipment supply chain
that are ``owned by, controlled by, or subject to the influence of a
foreign adversary'' are not to be ``trusted.''
Additionally, one of the agencies upon which the FCC regularly
relies for national security expertise--the Department of Justice,
National Security Division (FIRS)--has noted several other national
security concerns arising from reliance on TCBs and test labs ``that
could be exploited by adversarial entities.'' Specifically, FIRS points
out that TCBs and test labs perform certain activities that create
technical vulnerabilities. The privileged access by TCBs and test labs
to highly sensitive
[[Page 38054]]
intellectual property and emerging technologies could lead to
systematic collection of information that represents a significant
counterintelligence concern and the aggregation of such data has the
potential to aid foreign adversaries in developing counterstrategies or
identifying asymmetric advantages. Also, compromised entities could
deliberately overlook or inadequately test devices, or manipulate test
results, which could result in compromised devices in the U.S. market
that have the potential to facilitate access by foreign intelligence
services or that do not meet compliance requirements and pose
interference risks.
The FCC finds that allowing entities that have been repeatedly
identified as foreign adversaries of the U.S. government, specifically
those identified in the Order as prohibited entities, to participate in
the equipment authorization program as TCBs, test labs, and laboratory
accreditation bodies could adversely affect a TCB's, test lab's, or
laboratory accreditation body's ``trustworthiness, or otherwise
undermine the public's confidence,'' especially their ``access to
proprietary, sometimes sensitive information about suppliers and their
devices.'' By enforcing stricter regulations on ownership and control
of TCBs, test labs, and laboratory accreditation bodies, the FCC
upholds core national security priorities, reinforcing the broader
strategy to protect U.S. interests from adversarial exploitation.
Prohibiting Recognition of TCBs, Test Labs, and Laboratory
Accreditation Bodies That Are Owned by, Controlled by, or Subject to
the Direction of Prohibited Entities
In the EA Integrity NPRM, the Commission proposed to prohibit from
recognition by the Commission and participation in the FCC's equipment
authorization program any TCB, test lab, or laboratory accreditation
body in which an entity identified on the Covered List has, possesses,
or otherwise controls an equity or voting interest of 10% or more,
either directly or indirectly, and sought comment on this proposal. The
Commission also proposed and sought comment on whether it should
decline to recognize laboratory accreditation bodies associated with
any foreign adversary, including as to how such association should be
determined.
The Commission adopts a modified version of these proposals to
include a prohibition on recognition of, or participation by, TCBs,
test labs, and laboratory accreditation bodies that are owned by,
controlled by, or subject to the direction of prohibited entities, as
defined in the Order. Several commenters were broadly supportive of the
proposal, stating, for example, that it is necessary to ensure
equipment is properly vetted against the Commission's rules intended to
address national security threats. The Covered List represents expert
determinations made by Congress and relevant federal agencies that the
specified equipment and services produced by certain named entities
represent an unacceptable threat to national security, and the risk of
their importation into the United States necessitates that the FCC take
measures to prevent such equipment from improperly obtaining FCC
equipment authorization. Congress believed so strongly that the
importation or marketing of certain equipment and services produced or
provided by specific entities posed a threat to the national security
and public safety that it passed the Secure Equipment Act to ensure
that such equipment and services would be unable to obtain equipment
authorizations from the Commission. The Commission takes seriously the
Congressional mandate to ensure that its equipment authorization system
excludes entities that have been determined to pose an unacceptable
risk to the national security of the United States or the security and
safety of United States persons. As such, the FCC finds it necessary to
expand its proposal beyond the Covered List to include all prohibited
entities as defined in the Order. The Commission finds it imperative
that it not allow prohibited entities to circumvent supply chain
protections or otherwise undermine the integrity of its supply chain.
Prohibiting recognition of TCBs, test labs, or laboratory accreditation
bodies that are owned by, controlled by, or subject to the direction of
prohibited entities will help to ensure that participants in the FCC's
equipment certification procedure, the most rigorous equipment
authorization process, are not subject to undue influence and support
the integrity and security of the program.
The Commission rejects TAF's arguments that there is no need to
make changes to the existing authorization system because it has
operated effectively to date without national security incidents, and
that restricting lab authorization based on national security lacks a
technical basis because labs do not modify products and so cannot
introduce national security issues, nor do they possess any information
that could threaten national security. A2LA also observed that as part
of ISO/IEC 17011, accreditation bodies must maintain impartiality and,
by that criteria, no accreditation body should have an ``affiliation''
with a foreign government, adversarial or not. The Commission
emphasizes that the measures it adopts today are both an important
corollary to the rules the FCC adopted in the EA Security R&O and
proactive measures against evolving risks reflected in the record
before us. As FDD noted, this action is just the latest Commission
effort in recognition of ``a growing vector of systemic risk:
adversarial control over the authorization process that safeguards the
U.S. communications technology ecosystem.'' Further, the Commission
agrees with FDD that ``TCBs and test labs handle highly sensitive,
proprietary manufacturing and development data, conduct testing
protocols, and produce compliance certifications upon which the FCC
relies,'' meaning ``their actions directly affect what devices are
legally imported into and offered for sale within the United States.''
The Commission further agrees with FDD that if U.S. adversaries are
participants in this layer of the supply chain, they can introduce
vulnerabilities at scale, long before devices reach consumers or
critical systems.''
Absent rules intended to ensure the impartiality of TCBs, test
labs, and laboratory accreditation bodies, prohibited entities could
pressure TCBs, test labs, or laboratory accreditation bodies to take
actions that are contrary to the FCC's efforts to protect the
communications equipment supply chain. For example, entities that own,
control, or direct TCBs, test labs, or laboratory accreditation bodies
could pressure the TCB, test lab, or laboratory accreditation body to
overlook requirements that could ultimately result in the authorization
of equipment identified on the Covered List. Furthermore, TCBs and test
labs have access to sensitive, proprietary information related to
equipment submitted for testing and certification and laboratory
accreditation bodies are tasked with assessing the competence of test
labs. Access to such information by entities who have been determined
to pose unacceptable risks to national security would provide further
opportunity for actions that would compromise the integrity of the
FCC's equipment authorization program.
Given the importance of ensuring the security of the FCC's supply
chain and limiting vulnerabilities from entities that present national
security concerns, the Commission declines to implement certain
alternatives proposed by commenters. For example, the
[[Page 38055]]
Commission finds inadequate TIC's suggestion that it would be
sufficient to simply adopt disclosure requirements, because such
disclosure requirements would not necessarily prevent entities
presenting national security concerns from, participating in the FCC's
equipment authorization program. Moreover, such a disclosure regime
would potentially require the Commission to engage in extensive,
individualized reviews of test lab and TCB ownership to determine
whether national security interests are implicated. Such a regime also
would result in uncertainty within the regulated community as to what
the Commission might do to address such instances. By adopting the
rules in the Order, the Commission is creating a transparent method of
addressing the threat of entities that present national security risks
within its equipment authorization program. The Commission is also not
persuaded that its proposed rules would meaningfully adversely impact
global supply chains, slow equipment approvals, or increase costs for
manufacturers. The transparency of these new requirements will not only
provide the Commission with the necessary information to ensure the
integrity of its equipment authorization program, it will also increase
awareness within industry as to the entities with whom they choose to
do business and lessen concern that prohibited entities could interfere
with their equipment authorizations or the process of obtaining such,
potentially speeding up equipment approvals and reducing costs.
Additionally, the Commission doesn't find it necessary to provide an
extended transition period for implementation of the rules in order to
allow sufficient time to identify and engage adequate replacement
facilities, as suggested. Considering the time needed for the rules
adopted here to take effect, in addition to the procedural timeframes
included in the rules for withdrawal of recognition, the Commission
believes that any concerns are speculative and outweighed by its goal
of ensuring the integrity of the equipment authorization program.
The role of laboratory accreditation bodies in the FCC's equipment
authorization program--namely, to provide impartial assessment of the
competence of the test labs that they accredit--requires that they be
free of and safeguarded from influence by actors that may pose a risk
to national security. The Commission also recognizes that the
activities and practices of laboratory accreditation bodies extend
internationally and include relationships with various foreign actors,
and so clarity is needed regarding how to determine which laboratory
accreditation bodies will be recognized by the Commission. In addition,
if the Commission were to adopt a prohibition on TCBs and test labs
owned by, controlled by, or subject to the direction of prohibited
entities without adopting a corresponding prohibition on laboratory
accreditation bodies, the Commission would leave open the possibility
that prohibited entities would simply move upstream to exercise
ownership, control, or direction within the equipment authorization
program. Acknowledging commenters' desire for clarity, the Commission
adopts a rule that it will not recognize a laboratory accreditation
body, and will revoke the recognition of any previously-recognized
laboratory accreditation body, that is owned by, controlled by, or
subject to the direction of a prohibited entity.
The Commission finds that this rule, along with the explanation
provided in the proceeding of what the FCC means by ``owned by,
controlled by, or subject to the direction of'' will provide clear
requirements for participation in the equipment authorization program.
With regard to A2LA's observation that laboratory accreditation bodies
are required to maintain impartiality pursuant ISO/IEC 17011, the
Commission finds it incumbent upon us to take proactive measures to
ensure the integrity and guarantee against equipment authorization
program participation by entities owned by, controlled by, or subject
to the direction of prohibited entities.
Prohibiting Reliance on, or Use of, for Purpose of Equipment
Authorization, and TCB or Test Lab Owned by, Controlled by, or Subject
to the Direction of a Prohibited Entity
In the EA Integrity NPRM, the Commission also proposed to prohibit
from recognition by the Commission and participation in its equipment
authorization program, any TCB or test lab in which an entity
identified on the Covered List has direct or indirect ownership or
control. The Commission tentatively concluded that, in light of the
determinations made from expert federal agencies and Congress about the
national security risks posed by entities with equipment identified on
the Covered List, the Commission should not permit such TCBs and test
labs to have any role in its equipment authorization program.
The Commission adopts the proposed rule to prohibit reliance on or
use of any TCB or test lab owned by, controlled by, or subject to the
direction of an entity (or its subsidiaries or affiliates) identified
on the Covered List, for purposes of equipment authorization. The
Commission expands this prohibition, however, to include all
``prohibited entities.'' This means that parties seeking equipment
authorization pursuant to the SDoC process may not rely on testing
performed at a test lab that is owned by, controlled by, or subject to
the direction of a prohibited entity.
By prohibiting, for purposes of SDoC authorization, the use of test
labs that are owned by, controlled by, or subject to the direction of a
prohibited entity, the Commission seeks to ensure that entities posing
national security risks cannot use the SDoC process as a loophole to
circumvent the FCC's restrictions. The Commission rejects the arguments
of commenters that extending the prohibition to the SDoC process will
not enhance national security, and that any security concerns are
mitigated by the existing prohibition on entities identified on the
Covered List from using SDoC. The Commission also disagrees with TIA
that we must provide specific evidence of abuse of the SDoC process to
warrant changes. In enacting the Secure Networks Act and Secure
Equipment Act, Congress recognized that it was imperative that those
entities determined to pose unacceptable risks to U.S. national
security be foreclosed from accessing U.S. communications networks and
supply chains, and nothing in the record would support excluding test
labs used as part of the SDoC process from this prohibition.
Information on equipment authorized via the SDoC process is less
readily transparent to the Commission than information on equipment
authorized via certification, meaning that equipment authorization
through the SDoC process may be at greater risk of potential
exploitation by prohibited entities, raising national security concerns
regarding the possible introduction of equipment that poses an
unacceptable risk to national security into the U.S. market. In
prohibiting entities identified on the Covered List from using SDoC to
obtain equipment authorization, the Commission sought to ensure
consistent application of the prohibition on further authorization of
covered equipment, while also providing for more active oversight. The
same rationale applies here--namely that, absent the clarification the
Commission adopts today, prohibited entities might use their influence
over labs, and take advantage of the more limited oversight the
Commission has
[[Page 38056]]
over the SDoC process, to allow for the introduction of equipment that
poses an unacceptable risk to U.S. national security and otherwise
undermine the integrity of its equipment authorization process. The
value of the SDoC process to many parties seeking equipment
authorization, and the importance of prohibiting equipment that poses
an unacceptable risk to national security, necessitates that the
Commission takes measures to prevent abuse of the SDoC process.
Defining ``Ownership'' and ``Direction or Control''
The FCC prohibitions in section III.B. of this document rely on
specific definitions of ``ownership'' and ``direction or control.'' As
the Commission discusses below, it has repeatedly used ownership limits
or attribution rules to identify entities presumed to be able to exert
effective direction or control even in the absence of a majority voting
interest. Here the Commission defines and adopts such a limit. The
Commission also recognizes that an entity may exert direction or
control when it has minority interests below the limits the Commission
sets or no ownership interests, so the Commission adopts and clarifies
qualitative indicia that entities, and the Commission, may use in
determining and attesting to the existence of direction or control.
Implementation of the 10% Ownership Threshold
The Commission adopts its proposals in the EA Integrity NPRM to
prohibit from recognition by the Commission and participation in its
equipment authorization program, any TCB, test lab, or laboratory
accreditation body in which a prohibited entity directly or indirectly
owns or controls 10% or more of the equity or voting rights. Consistent
with Commission precedent and the rules and precedent of other federal
regulatory agencies, the Commission finds that the 10% ownership
threshold provides a reasonable proxy or indication that a TCB, test
lab, or laboratory accreditation body is controlled by or subject to
the direction of a prohibited entity.
Some commenters oppose the proposed prohibition and recommended
alternative approaches. For instance, TIA proposed that the Commission
first ``target'' only TCBs and test labs that are wholly owned by
entities on the Covered List. TIA presented no evidence, however, to
support its implicit contention that a threat is only present when a
TCB or a test lab is wholly owned by a prohibited entity, nor does it
explain why a prohibited entity cannot exert direction or control even
though it may hold only a minority ownership interest or no ownership
interest in the TCB, test lab, or laboratory accreditation body.
Indeed, under TIA's proposal, a TCB 99.99% owned by an entity
identified on the Covered List would not be prohibited, but it would be
prohibited if such ownership rose to 100%. Based on the FCC's record,
such a limited prohibition would not adequately protect the integrity
of the equipment authorization program against participation by
prohibited entities. Therefore, the Commission rejects TIA's proposal
and concludes that prohibiting only those TCBs and test labs that are
wholly owned by prohibited entities would not sufficiently advance the
national security interests in the proceeding.
Some commenters question whether laboratory accreditation bodies
have the capability to ascertain ownership interests. In their view,
because laboratory accreditation is primarily a technical assessment
conducted by technical experts--and not a review of ownership interests
by financial analysts, accountants, or auditors--reliance on laboratory
accreditation bodies to prevent accreditation of test labs based on
ownership interests is not feasible. A preferable approach, according
to A2LA, would be for the Commission to assess all test labs, offer
accreditation if warranted, and then restrict the ability of labs to
conduct testing or participate in the equipment authorization if
accredited entities are found to be a national security risk. Another
proposed alternative was to create a ``self-reporting component'' for
ownership interests of TCBs and test labs that the Department of
Commerce might oversee. A2LA further stated that it was unclear how
ownership impacts national security risk.
In response to concerns of commenters that laboratory accreditation
bodies are not equipped to determine ownership interests, the
Commission clarifies that the rules it adopts today do not require
laboratory accreditation bodies to independently investigate and
establish ownership. Rather, the rules will require TCBs and test labs
themselves to certify that no prohibited entity has an equity or voting
interest of 10% or more in the TCB or test lab. And while the FCC's
rules do require that the laboratory accreditation body submit a test
lab's certification directly to the Commission in order for the test
lab to be included on the list of accredited test labs that the FCC has
recognized, this does not require the laboratory accreditation body to
undertake its own investigation of a test lab's ownership. Nor do the
Commission see that this requirement imposes an undue burden on
laboratory accreditation bodies, which must already submit to the
Commission various information regarding the test lab. That said, the
Commission do, however, expect a laboratory accreditation body to take
reasonable steps to not knowingly or negligently facilitate the
obfuscation of the ownership of a test lab. In other words, a
laboratory accreditation body could be held responsible for what it
knew or should reasonably have known concerning the ownership interests
in the TCB or test lab. Indeed, this is the same standard that TCBs
should already be applying in the equipment authorization context in
assessing whether an applicant's attestations regarding the equipment
for which authorization is sought--namely that the equipment is not
``covered,'' and providing a valid U.S. agent for service of process--
is accurate and true.
A2LA asked how ``affiliation'' would be defined, as used in the
NPRM, and asked whether participation by accreditation bodies in
countries with which the U.S. has MRA and accreditation of test labs in
foreign countries might be considered ``affiliation.'' A2LA said U.S.
accreditation bodies have accredited test labs in foreign countries
that ``may be'' on the adversary list and questioned whether those
accreditation bodies would be precluded for that reason. ANAB similarly
said that the FCC should clarify that ``affiliation'' does not include
participation in widely recognized international accreditation
cooperations through which ANAB accepts and promotes the results of
conformity assessment bodies accredited by other signatories, some of
which are government organizations in countries identified on the
foreign adversaries list. In the proposals the Commission provided in
the NPRM, we used the term ``affiliation'' very broadly throughout the
discussion and once in the proposed rules to convey a connection
between entities. The Commission did not specifically propose to tie
that term to its definition of ``affiliate'' nor did the Commission
propose a new definition. In finalizing the rules that the Commission
adopts today, we are adopting a defined relationship of ownership,
direction, or control in lieu of affiliation, for the reasons discussed
herein. As such, the Commission finds no reason to further expand upon
the discussion of ``affiliation'' as raised by A2LA and
[[Page 38057]]
ANAB. The Commission also clarifies here that its rules apply equally
to all TCBs, test labs, and laboratory accreditation bodies regardless
of the existence of MRAs or physical location of the relevant facility.
The Commission concludes that it is appropriate to prohibit any
TCB, test lab, laboratory accreditation body from participating in the
equipment authorization process if a prohibited entity directly or
indirectly owns 10% or more of the equity or voting stock. Consistent
with Commission precedent and that of other federal agencies, the
Commission finds that a third party could exert direction or control
over another entity even without holding a majority of the equity or
voting rights. Establishing the direct and indirect ownership rule at
10% aligns with Commission precedent and reflects a reasonable standard
for identifying potential direction or control. For example, applicants
for an international section 214 authorization are required to identify
any individual or entity that directly or indirectly owns 10% or more
of the equity interests and/or voting interests, or a controlling
interest, of the applicant. Also, applicants or licensees subject to
the ownership reporting requirements of Sec. 1.2112 of the FCC's rules
must identify any party holding 10% or more of stock, partnership
interest, or indirect ownership interest in the reporting entity.
This 10% threshold is also consistent with definitions of ownership
applied by other federal agencies with expertise in examining corporate
ownership and structure. For example, the Internal Revenue Code defines
the term ``United States shareholder'' with respect to any foreign
corporation, as ``a United States person . . . who owns . . . 10
percent or more of the total combined voting power of all classes of
stock entitled to vote of such foreign corporation, or 10 percent or
more of the total value of such shares of all classes of stock of such
foreign corporation.'' Under the Change in Bank Control Act, anyone,
including those ``acting in concert,'' must provide a written notice
before acquiring control of a bank or bank holding company, if they
acquire 10% or more of its voting shares. Similarly, a foreign entity
acquiring at least 10% of the voting interest (directly or indirectly
through a U.S. entity) in a U.S. business enterprise, either through
acquisition or establishment of a new entity, is required to file a BE-
13 Report with the Bureau of Economic Analysis (BEA). The Commission
concludes that adopting the 10% ownership threshold appropriately
identifies entities with sufficient direction or control as to pose a
risk.
Heritage asked the Commission to explain ``why entities with less
than 10% [ownership or control] pose a risk, but entities below 5% do
not.'' The Commission recognizes that a third party may exercise
direction or control over another entity even where it holds less than
a 10% ownership stake in that entity or holds no ownership stake.
Consistent with precedents discussed above of this document, the
Commission expands its current reporting requirement and adopts a
requirement that all TCBs, test labs, and laboratory accreditation
bodies report all equity or voting interests of 5% or greater by any
entity. This 5% reporting threshold balances the need to protect
national security while minimizing undue reporting burden by providing
the Commission with the necessary information to confirm compliance
with the ownership prohibitions and to more easily identify closely
associated entities. The Commission notes that the reporting
requirement is parallel to and not a substitute for its requirement
that all TCBs, test labs, and laboratory accreditation bodies,
regardless of ownership interests, certifies that they are not under
the ownership, or otherwise direction or control of prohibited entities
based on the indices of direction or control that the Commission
discusses next.
Definition of ``Direction or Control''
In addition to prohibiting any TCB, test lab, or laboratory
accreditation body in which a prohibited entity has direct or indirect
ownership or control of 10% or more equity or voting interest from
recognition or participation in the FCC's equipment authorization
process, the Commission also adopts that prohibition for any TCB, test
lab, or laboratory accreditation body that is subject to the direction
or control of a prohibited entity. The concept of direction and control
includes the control that is inherent when an entity is a part of the
governmental structure or hierarchy of a foreign adversary, including
subnational governments thereof. Recognizing that a prohibited entity
may exert direction or control over another entity even where it does
not own 10% or more of the equity or voting stock of that entity, the
Commission therefore requires TCBs, test labs, and laboratory
accreditation bodies to assess whether a prohibited entity directly or
indirectly possesses or has the power (whether or not exercised) to
determine, direct, or decide important matters affecting an entity.
Factors indicating direction or control could include the power to
decide matters pertaining to the entity's reorganization, merger, or
dissolution; the opening or closing of facilities or major expenditures
or to exercise authority over its operating budget; selection of new
lines of business; entering into, terminating, or otherwise affecting
the fulfillment of significant contracts; adopting policies relating to
treatment of non-public or proprietary information; appointing officers
or senior leadership; appointing or dismissing employees with access to
critical or sensitive technology; or amending the entity's
organizational documents. Such indicators would be relevant regardless
of whether the power was exercised, and could take the form of, for
example, ownership of securities or partnership or other ownership
interests, board representation, holding a special share, contractual
arrangements, or other formal or informal arrangements to act in
concert or to decide important matters affecting an entity.
Additionally, the Commission considers any applicant, wherever located,
to be under the direction or control of a prohibited entity if that
applicant acts as an agent or representative of a prohibited entity or
acts in any other capacity at the order or request of a prohibited
entity or whose activities are directly or indirectly supervised,
directed, controlled, financed, or subsidized in whole or in majority
part.
Reporting, Certification, and Recordkeeping Requirements
To help ensure that the Commission have the necessary information
to implement the measures it adopts to prohibit from participation in
the equipment authorization program entities that have been determined
to pose unacceptable risks to national security, the Commission expands
its current reporting and certification requirement for TCBs, test
labs, and laboratory accreditation bodies that seeks Commission
recognition. The Commission finds that requiring certification and
reporting of ownership is necessary to minimize vulnerabilities in the
telecommunications infrastructure and strengthen national security
through the equipment authorization process by ensuring that TCBs, test
labs, and laboratory accreditation bodies will not be owned by or under
the direction or control by prohibited entities. The Commission finds
that these adopted rules will yield significant benefits, including
improved consistency in the Commission's consideration of evolving
national security risks, completeness of the
[[Page 38058]]
Commission's information regarding equipment authorization, and timely
Commission attention to issues that warrant heightened scrutiny. The
Commission also finds that the adoption of the rules will better
protect U.S. telecommunications infrastructure from national security
risks posed by prohibited entities. These benefits cannot be achieved
with ad hoc reviews alone. Thus, adopting a systemized review of the
ownership certification and report by TCBs, test labs, and laboratory
accreditation bodies is necessary to help ensure that the Commission
and the Executive Branch agencies have the necessary information to
address evolving national security, law enforcement, foreign policy,
and/or trade policy risks on a continuing basis. While it is difficult
to quantify these economic benefits, the Commission believes the
benefits are far greater than the costs of the requirements.
The Commission adopts a requirement for all recognized TCBs, test
labs, and laboratory accreditation bodies to certify to the Commission,
within 30 days after the effective date of the relevant rules, and
thereafter with each request for recognition, that they are not owned
by, controlled by, or subject to the direction of a prohibited entity.
The Commission also adopts a requirement that all recognized TCBs, test
labs, and laboratory accreditation bodies report, within 90 days after
the effective date of the relevant rules and thereafter with each
request for recognition, all equity or voting interests of 5% or
greater by any entity. The Commission will not recognize--and will
revoke any existing recognition of--any TCB, test lab, or laboratory
accreditation body that fails to provide, or that provides a false or
inaccurate certification; or that fails to provide, or provides false
or inaccurate, information regarding equity or voting interests of 5%
or greater. If there is any change to any of the lists that make up the
prohibited entities resulting in the addition of an entity after the
effective date of these rules, the Commission will require compliance
with the relevant reporting, certification, and recordkeeping
requirements no later than 90 days after the effective date of such
change. In keeping with these reporting requirements, the FCC also
clarifies the requirement that every entity specifically named on the
Covered List must provide to the Commission, pursuant to Sec.
2.903(b), information regarding all of its subsidiaries and affiliates,
not merely those that produce ``covered'' equipment. The Commission
orders each relevant entity to provide this information no later than
30 days after the effective date of this rule and thereafter in
accordance with the provisions in Sec. 2.903(b).
In order to more effectively protect the FCC's equipment
authorization program from the direction or control of untrustworthy
entities and ensure the integrity of the program, the Commission
proposed and sought comment in the EA Integrity NPRM on new
recordkeeping, reporting, and certification obligations for TCBs and
test labs to enable the Commission to determine ownership or control,
as well as comment on any changes to its rules governing laboratory
accreditation bodies.
First, the Commission proposed that any entity seeking to become an
FCC-recognized TCB or test lab report to the Commission equity or
voting interests in the TCB or test lab of 5% or more. Second, the
Commission proposed to require that recognized TCBs and test labs: (1)
no later than 30 days after the effective date of any final rules
adopted in this proceeding, certify that no entity identified on the
Covered List (or otherwise specified in our final rules) has,
possesses, or otherwise controls an equity or voting interest of 10% or
more in the TCB or test lab, and (2) no later than 90 days after the
effective date of any final rules adopted in this proceeding identify
any entity (including the ultimate parent of such entities) that holds
such ownership or control interest as our final rules require, proposed
as 5% or more ownership, as discussed above. Third, the Commission
proposed that any test lab that takes measurements of equipment subject
to an equipment authorization, whether pursuant to certification or
SDoC, maintain in its records a certification that no entity identified
on the Covered List has, possesses, or otherwise controls an equity or
voting interest of 10% or more in the test lab and documentation
identifying any entity that has, possesses, or otherwise controls an
equity or voting interest of 5% or more in the test lab. Finally, the
Commission sought comment on precluding laboratory accreditation bodies
associated with foreign adversaries, including how such association
should be determined.
The Commission received comments directed at these reporting
requirements. The American Council of Independent Laboratories
commented that the Commission's reporting requirements are reasonable
and appropriate. Other commenters expressed concerns or suggested
changes to these proposals. For instance, TIC commented that the
proposed reporting requirements are not currently covered in MRAs
between the United States and participating countries, and asked that
any rules adopted be tailored to address supply chain security without
disrupting testing capacity or U.S. trade commitments. Heritage asked
the Commission to consider whether any level of ownership by an entity
on the Covered List needs to be disclosed. Other commenters made more
general observations that are relevant here. For example, TIA said that
any new rules should not overly burden trustworthy TCBs or test labs.
The Commission adopts the certification, reporting, and
recordkeeping requirements that the Commission proposed in the EA
Integrity NPRM with the modifications that these requirements will be
extended to laboratory accreditation bodies and broadened to include
ownership, control, or direction by any prohibited entity, as well as
the additional note that reported ownership information will be made
publicly available on the Commission's website. The Commission and all
parties seeking equipment authorization must have ready access to the
information necessary to determine which TCBs, test labs, and
laboratory accreditation bodies can be relied upon for purposes of the
FCC's equipment authorization program. In particular, stakeholders must
be able to evaluate any ownership interest concerns that may be raised
regarding an entity's impartiality or trustworthiness, particularly
with regard to potential influence by entities that raise national
security concerns. The Commission also finds that such ownership
information could be relevant going forward to establishing appropriate
``qualifications and standards'' under section 302(e) of the Act
regarding private entities to which the Commission has delegated and
entrusted certain responsibilities as part of its equipment
authorization program. Such data could also be instructive in other
efforts to bolster the integrity of the equipment authorization
program, such as ensuring that TCBs are complying with applicable
impartiality requirements and rules targeted at ensuring they are not
owned or controlled by a manufacturer whose equipment they must
examine.
Certification Requirement. To implement our prohibition on
recognition of TCBs, test labs, and laboratory accreditation bodies
that are subject to ownership or direction or control of a prohibited
entity, the Commission adopts the proposal that,
[[Page 38059]]
no later than 30 days after the effective date of the rules adopted in
the proceeding, recognized TCBs, test labs, and laboratory
accreditation bodies must certify that no prohibited entity has,
possesses, or otherwise controls an equity or voting interest of 10% or
more. The Commission also requires that recognized TCBs, test labs, and
laboratory accreditation bodies certify compliance with these rules and
submit the requested ownership information along with the request for
recognition and within 30 days after any relevant change. Because
ownership interests evolve over time, and the lists of prohibited
entities are subject to modification, the Commission believes that
change-dependent certification and reporting requirements, along with
regular confirmation, are critical to verifying the integrity of TCBs,
test labs, and laboratory accreditation bodies. The Commission
recognizes that relevant entities would need time to consider their
options when there is a change to any of the lists that make up the
prohibited entities resulting in the addition of an entity. To allow
TCBs, test labs, and laboratory accreditation bodies to fully assess
their ownership considerations, the Commission will require compliance
with the relevant certification requirements no later than 90 days
after the effective date of such changes to the prohibited entities.
Reporting Requirement. The Commission also adopts a requirement
that all recognized TCBs, test labs, and laboratory accreditation
bodies report, within 90 days after the effective date of the rules,
all equity or voting interests of 5% or greater by any entity. The
Commission further requires that recognized TCBs, test labs, and
laboratory accreditation bodies submit an updated report with the
request for recognition and within 30 days after any change to entities
that own 5% or more of its equity or voting interests. The Commission
recognizes that the current 10% ownership threshold may not capture all
of the information necessary to adequately assess whether a TCB, test
lab, or laboratory accreditation body is owned by, controlled by, or
subject to the direction of a prohibited entity. In certain instances,
an entity holding less than 10% of direct or indirect ownership may
nonetheless be able to exert direction or control over a TCB, a test
lab, or a laboratory accreditation body. For example, where enhanced
voting rights are present, such an entity may possess disproportionate
decision-making power relative to its ownership stake. To balance the
need to protect national security while minimizing undue reporting
burden, the Commission expands its current reporting requirement and
adopts a requirement that all recognized TCBs, test labs, and
laboratory accreditation bodies, or those seeking recognition, report
all equity or voting interests of 5% or greater by any entity. A
reporting threshold of 5% would be consistent with the ownership
threshold used by the Committee for the Assessment of Foreign
Participation in the United States Telecommunications Services Sector
(Committee) in its review of certain applications. For instance, in the
2021 Standard Questions Order, the Commission noted the views of
Committee staff that, ``5% threshold is appropriate because in some
instances a less-than-ten percent foreign ownership interest--or a
collection of such interests--may pose a national security or law
enforcement risk.'' The Commission, based on the views of Committee
staff, agreed that a 5% ownership reporting threshold is appropriate
with respect to the Standard Questions. Given the Committee's expertise
in assessing national security and law enforcement risks associated
with foreign ownership interests, the Commission finds its reliance on
a 5% threshold lends further support to its decision to adopt the same.
The Commission concludes that a 5% reporting threshold would position
the Commission to more easily identify foreign interests and their
possible control.
A reporting threshold of 5% would also be consistent with
requirements imposed by other agencies, such as the Securities and
Exchange Commission (SEC). The SEC Exchange Act Rule 13d-1 requires a
person or ``group'' that becomes, directly or indirectly, the
``beneficial owner'' of more than 5% of a class of equity securities
registered under section 12 of the Exchange Act to report the
acquisition to the SEC. The Commission further notes that various SEC
forms filed by issuers, including their annual reports (or proxy
statements) and quarterly reports, require the issuer to include a
beneficial ownership table that contains, inter alia, the name and
address of any individual or entity, or ``group,'' who is known to the
issuer to be the beneficial owner of more than 5% of any class of the
issuer's voting securities. Finally, a reporting threshold of 5% is
also consistent with the standards adopted by the Committee on Foreign
Investment in the United States (CFIUS), which reviews certain
transactions involving foreign acquisitions of U.S. businesses.
The Commission is mindful of the caution from commenters against
placing overly burdensome restrictions on TCBs or test labs. However,
the Commission considers this type of information collection to be
routine in many contexts and find that these obligations are an
appropriate and not unduly burdensome means of enabling the Commission
to confirm compliance with the ownership prohibitions and to more
easily identify closely associated entities of TCBs, test labs, and
laboratory accreditation bodies seeking to participate in the equipment
authorization program. As aforementioned, the Commission and other
government agencies commonly adopt rules to identify direct or indirect
ownership or control of entities by third parties to address various
concerns including national security. The Commission concludes that
ascertaining the holders of 5% or more of the direct or indirect
ownership should not present a substantial burden because it is
reasonable to conclude that a privately held company would be aware of
its investors and would maintain record of such information in the
ordinary course of business, while for publicly held companies, the
information on persons holding 5% or more of any class of equity
security should be generally available to the public. The Commission
recognizes that relevant entities would need time to consider their
options when there is a change to any of the lists that make up the
prohibited entities resulting in the addition of an entity. To allow
TCBs, test labs, and laboratory accreditation bodies to fully assess
their ownership considerations, the Commission will require compliance
with the relevant reporting requirements no later than 90 days after
the effective date of such an addition of prohibited entities.
Recordkeeping requirements. In order to implement the prohibition,
for purposes of SDoC authorization, on the use of test labs that are
owned by, controlled by, or subject to the direction of a prohibited
entity, the Commission adopts a requirement that parties seeking
equipment authorization pursuant to the SDoC process maintain a record
that the entity performing the testing conducted pursuant to the SDoC
process is not owned by, controlled by, or subject to the direction of
a prohibited entity. Specifically, parties availing themselves of the
SDoC process must maintain a record that no prohibited entity has,
possesses, or otherwise controls an equity or voting interest of 5% or
more in the test lab performing the testing conducted
[[Page 38060]]
pursuant to the SDoC process. This requirement will help to ensure that
responsible parties perform the due diligence necessary to compile the
required record and determine that the test lab is eligible to
participate in the FCC's equipment authorization program pursuant to
the rules the Commission adopts today. The Commission also finds, and
agrees with CTA, that this requirement will not meaningfully raise the
cost and complexity of the SDoC process. As with test labs seeking FCC
recognition, the Commission believes this type of ownership information
would be retained by the test lab in the ordinary course of business.
For these reasons, the Commission modifies Sec. 2.938(b)(2) of its
rules to adopt this requirement. The Commission recognizes that
relevant entities would need time to consider their options when there
is a change to any of the lists that make up the prohibited entities
resulting in the addition of an entity. To allow TCBs, test labs, and
laboratory accreditation bodies to fully assess their ownership
considerations, the Commission will require compliance with the
relevant recordkeeping requirements no later than 90 days after the
effective date of such changes to the prohibited entities. To make
determinations regarding the continued acceptability of TCBs, test
labs, and laboratory accreditation bodies, the Commission may also
request additional information regarding the test site, the test
equipment, or the qualifications of the company or individual
performing the tests for the SDoC process, including documentation
identifying any entity that holds a 5% or greater direct or indirect
equity or voting interest in the test lab, company, or individual
performing the testing.
Reporting subsidiaries and affiliates of Covered List entities. The
Commission proposed in the EA Integrity NPRM to require that every
entity specifically named on the Covered List must provide to the
Commission information regarding all of its subsidiaries and
affiliates, not just those subsidiaries and affiliates that produce
``covered'' equipment, pursuant to Sec. 2.903(b). The Commission
stated that this proposal would be in keeping with the certification
and reporting requirements for test labs and TCBs discussed above. The
Commission did not receive comment directed at this proposal.
The Commission adopts this proposal and requires that every entity
specifically named on the Covered List must provide to the Commission
information regarding all of its subsidiaries and affiliates. The
Commission has previously explained that in adopting rules and
procedures to prohibit authorization of ``covered'' equipment, it is
critical for the Commission, applicants for equipment authorizations,
TCBs, and other interested parties to have the requisite, transparent,
and readily available information of the particular entities that in
fact are associated with the named entities on the Covered List. In
light of the rules the Commission adopts today, it is now critical that
the Commission and all stakeholders have complete information regarding
all of the subsidiaries and affiliates of Covered List entities in
order for the Commission, applicants for equipment authorization, TCBs,
and others to make determinations about which entities may be relied
upon for purposes of the Commission's equipment authorization program.
Requiring this information is reasonable and justified in keeping with
its goal of effectively ensuring that ``covered'' equipment determined
as posing an unacceptable risk to national security under the Secure
Networks Act, and prohibited from authorization under the Secure
Equipment Act, is not authorized, and helps to ensure that the
Commission meet the mandate in the Secure Equipment Act that the
Commission not approve the grant of any ``covered'' equipment.
Accordingly, the Commission requires each entity specifically named
on the Covered List to submit a complete and accurate list to the
Commission, within 30 days after the effective date of the rules,
identifying all subsidiaries and affiliates. For each associated entity
(e.g., subsidiary or affiliate), the entity named on the Covered List
must provide the following information: the full name, mailing address
or physical address (if different from mailing address), email address,
and telephone number of each of that named entity's associated entities
(e.g., subsidiaries or affiliates). As before, named entities must
provide up-to-date information on any changes to the list, and if there
are changes, the named entity must submit such updated information to
the Commission within 30 days after the change(s), and indicate the
date on which the particular change(s) occurred. Furthermore, when the
Covered List is updated, any newly named entity must submit the
required information for associated entities within 30 days after its
inclusion on the Covered List. These submissions must be reported by an
affidavit or declaration under penalty of perjury, signed and dated by
an authorized officer of the named entity on the Covered List with
personal knowledge verifying the truth and accuracy of the information
provided about the entity's associated entities. The affidavit or
declaration must comply with Sec. 1.16 of the Commission's rules. The
Commission directs the OET to make the lists of affiliates and
subsidiaries available to the public for review and inspection.
Defining ``own'' for purposes of identifying affiliates. The
Commission also proposed in the EA Integrity NPRM to revise the term
``own,'' in the context of determining what is an ``affiliate'' of an
entity named on the Covered List, from ownership of more than 10
percent to ownership of 10 percent or more. The Commission received
only one comment relevant to this revision. A2LA observed that the
current definition of ``affiliate'' uses an ownership threshold of
``more than 10 percent,'' while the rule as proposed uses a threshold
of 10% or more, and asked for clarity as to the threshold.
The Commission adopts the revision as proposed. Specifically, the
Commission revises its rules such that the term ``own'' in the context
of determining what is an ``affiliate'' of an entity named on the
Covered List means to ``have, possess, or otherwise control an equity
or voting interest (or the equivalent thereof) of 10 percent or more.''
The Commission observes first that it's not bound, here, by a
particular statutory definition of the term ``affiliate.'' Rather,
while the Communications Act generally defines the terms ``affiliate''
and ``own,'' and there ``own'' means ``to own an equity interest (or
the equivalent thereof) of more than 10 percent,'' such definitions are
applied ``unless the context otherwise requires.'' The National Defense
Authorization Act for Fiscal Year 2019, which designated as ``covered
telecommunications equipment or services'' any telecommunications
equipment produced by Huawei or ZTE ``or any subsidiary or affiliate of
such entities,'' and, for certain purposes, video surveillance and
telecommunications equipment produced by Hytera, Hikvision, or Dahua
``or any subsidiary or affiliate of such entities,'' did not define the
term ``affiliate,'' but the Commission believes that the threshold of
10% or more, rather than more than 10%, is most consistent with
Congress's intent because of its use in several other statutory schemes
as well as other Commission information collections. The Commission
finds that the compelling interest in preventing authorization of
equipment that may pose an unacceptable risk to national security also
justifies using the
[[Page 38061]]
moderately more expansive definition the Commission adopts today.
Other Rule Revisions
TCB, test lab, and laboratory accreditation body recognition
withdrawal. The Commission proposed in the EA Integrity NPRM that, if a
relevant TCB or test lab does not make the certification required in
the proceeding, or provides a false or inaccurate certification, the
Commission would suspend the recognition of any such TCB or test lab
and commence action to withdraw FCC recognition under applicable
withdrawal procedures. The Commission also sought comment on whether
laboratory accreditation bodies should be subject to additional
requirements. With regard to withdrawal of recognition of test labs,
the Commission received one comment directly relevant to this proposal.
A2LA suggested that the Commission employ different levels of sanctions
for different violations, such as harsher penalties for intentional
violations of FCC requirements. Further, A2LA asked the Commission to
consider offering test labs the opportunity to remediate an otherwise
prohibited ownership threshold before withdrawing recognition.
Inherent in the authority to recognize a TCB, test lab, or
laboratory accreditation body is the authority to withdraw or cease
such recognition when a TCB, test lab, or laboratory accreditation body
does not comply with the FCC's requirements. Accordingly, the
Commission adopts rules specifying that its will to withdraw the FCC's
recognition of a TCB, test lab, or laboratory accreditation body, if
the TCB, test lab, or laboratory accreditation body is owned by,
controlled by, or subject to the direction of a prohibited entity;
fails to provide, or provides a false or inaccurate, certification that
it is not owned by, controlled by, or subject to the direction of a
prohibited entity or, similarly, fails to provide, or provides a false
or inaccurate, report regarding entities with more than 5% ownership.
Although the Commission believes that such ownership, control, or
direction, a failure to report, or providing a false or inaccurate
report, would constitute ``just cause'' that would permit revocation
under existing rules, the Commission takes the opportunity here to
codify it as an explicit basis for revocation and to provide a more
streamlined process for resolution. The Commission finds this is
necessary to adequately ensure the integrity of the equipment
authorization program. It is also consistent with existing obligations
on TCBs, test labs, and laboratory accreditation bodies and the
Commission's rules regarding withdrawal of recognition of a TCB for
just cause or if the TCB is not certifying equipment in accordance with
the Commission's rules and policies.
The FCC's rules already specifies the procedures the Commission
will follow when withdrawing recognition of a TCB. The Commission
adopts similar rules here, specific to withdrawal of recognition of a
TCB, test lab, or laboratory accreditation body, if the TCB, test lab,
or laboratory accreditation body is owned by, controlled by, or subject
to the direction of a prohibited entity pursuant to Sec. 2.902; fails
to provide, or provides a false or inaccurate, certification that it is
not owned by, controlled by, or subject to the direction of a
prohibited entity or, similarly, fails to provide, or provides a false
or inaccurate, report regarding entities with more than 5% ownership.
The procedure for such withdrawal is consistent with that explained in
the EA Integrity NPRM and already employed by OET in taking action to
suspend or deny the recognition of a test lab apparently owned by an
entity on the Covered List. In any instance in which the Commission or
OET, acting on delegated authority, has a reasonable basis for
determining that a TCB, test lab, or laboratory accreditation body is
owned by, controlled by, or subject to the direction of a prohibited
entity, or fails to provide or provides a false or inaccurate,
certification of such, the Commission directs OET to issue a letter to
the TCB, test lab, or laboratory accreditation body notifying it of the
FCC's intent to withdraw or deny recognition. The letter will request
explanation or correction of any apparent deficiencies, and for the
TCB, test lab, or laboratory accreditation body to show cause it should
be allowed recognition, within 30 days after the date of
correspondence. The Commission directs OET to withdraw or deny
recognition of any TCB, test lab, or laboratory accreditation body that
fails, in OET's determination, to timely reply, to adequately explain
or correct any deficiencies, or to show cause OET will issue a public
notice of withdrawal of recognition of any TCB, test lab, laboratory
accreditation body.
Other NPRM Proposals
TCB Post-market surveillance. In the EA Integrity NPRM, the
Commission invited comment on whether to revise the post-market
surveillance rules, policies, or guidance to require surveillance of
authorized equipment for compliance relating to the prohibition on
authorization of ``covered'' equipment. In particular, the Commission
sought comment on reasonable practices TCBs could implement to identify
erroneous authorizations of ``covered'' equipment, whether to change
the post-market surveillance requirements to require that TCBs review
grants by other TCBs, whether to require that any post-market
surveillance be done only by FCC-recognized labs in the United States
or MRA countries, and other measures the Commission might take to
strengthen the integrity of the post-market surveillance process.
The Commission received comments directed at this proposal from one
commenter. TIC ``fores[aw] challenges'' leveraging post-market
surveillance to identify erroneous authorizations--particularly if used
to monitor for authorized equipment that is discovered post-
authorization to be ineligible--because TCBs rely on attestations and
information from the Commission to assess whether a grantee is
ineligible based on the Covered List, and TCBs are unlikely to have
more information than the Commission. TIC also said that it is unlikely
that changes in eligibility would be discovered during the ``relatively
short'' post-market surveillance look-back period of 12 to 18 months.
Finally, TIC noted that TCBs have ``limited'' resources and skills to
perform the organizational and financial analysis necessary for
identifying manufacturers impermissibly connected to the Covered List,
and believes the Commission is in a superior position to request,
track, and review such information.
The purpose of post-market surveillance is to reassess compliance
of the product with the Commission's rules. While OET guidance provides
that evaluation against all of the Commission's rules is not required,
sufficient testing must be performed to allow the TCB to evaluate those
requirements most likely to be in non-compliance, and to provide a high
level of confidence that the sample complies with the Commission's
rules, including its rules on authorizations prohibited by virtue of
the Covered List. Accordingly, TCBs must consider compliance with the
rules the Commission adopts today when reviewing and deciding whether a
product subject to post-market surveillance complies with applicable
Commission rules. Consistent with our rules, should the TCB find that a
sample fails to comply with Commission requirements, the TCB is
required to immediately notify the grantee and the Commission in
writing of its findings. The Commission therefore expects that the
existing post-market surveillance
[[Page 38062]]
process, even absent any changes, will help ensure that prohibited
equipment is not authorized.
The Commission will not at this time revise its rules related to
post-market surveillance but seeks further comment on doing so in the
Further Notice portion of the proceeding. The Commission believes the
rules it adopts today will be a significant measure in ensuring the
integrity of test labs and TCBs that participate in the FCC's equipment
authorization program and preventing the authorization of equipment
that poses an unacceptable risk to national security. Nevertheless, the
Commission may revisit this decision as its rules are implemented and
learns more about the potential influence of untrustworthy actors in
the program.
Accreditation and reassessment of TCBs. The Commission sought
comment in the EA Integrity NPRM on whether the Commission should
clarify or revise its rules or procedures concerning the accreditation
of TCBs to ensure that the TCBs can meet their responsibilities. In
particular, the Commission sought comment on what particular steps or
procedures in the accreditation process could be implemented to examine
how TCBs are structured, owned, or managed to safeguard impartiality
and otherwise ensure that commercial, financial, or other pressures do
not compromise impartiality on certification activities concerning
prohibited equipment authorization. The Commission also proposed that,
if it were to revise any such rules or procedures, the changes would
also apply to reassessments required for continued accreditation, and
sought comment on whether to provide additional clarity on the
reassessment process. Further, the Commission sought comment on whether
any such changes may implicate U.S. international agreements such as
MRAs, and asked any commenters that proposed further clarification or
revisions to address any implications under the existing MRAs and
whether and how to implement any suggested changes.
The Commission received two comments relevant to TCB accreditation
procedures. As noted above, A2LA said that ownership assessments for
certification bodies should not be the responsibility of accreditation
bodies as they lack the necessary expertise in financial analysis or
auditing. TIA asked that the Commission provide notice and timelines
for accreditation and reassessments.
The Commission does not believe it necessary to clarify its rules
regarding accreditation and reassessment of TCBs at this time, for the
following reasons. First, the Commission notes that the standard to
which TCBs are accredited, ISO/IEC 17065, already requires that
certification activities by TCBs be ``undertaken impartially'' and
contains provisions intended to ensure impartiality, including
regarding the management, structure, and personnel of the TCB, and TCBs
are required to have a mechanism to ensure impartiality. Second,
insofar as the existing impartiality requirements are insufficient, the
rules the Commission adopts today will help to ensure the impartiality
of TCBs and prevent undue influence on them by entities that pose a
risk to national security and other untrustworthy actors. They will
also improve Commission oversight over the entities that participate in
its equipment authorization program and provide information that will
help in determining whether and what further changes to the FCC's
equipment authorization program may be necessary, including with regard
to accreditation and reassessment of TCBs. Third, while the Commission
has experience in recognizing TCBs, the Commission is not directly
involved in the accreditation of TCBs, so the Commission is better
positioned to effectuate its aims in the proceeding through amendments
and clarifications to recognition processes, as the Commission does
herein.
FCC recognition of TCBs. The Commission sought comment in the EA
Integrity NPRM on whether the Commission should consider revisions to
the rules or processes by which the Commission recognizes a TCB
following its initial accreditation, or the process by which
accreditation is subsequently extended on a periodic basis, including
any further review the FCC would do to continue to recognize an
accredited TCB. In particular, the Commission sought comment on whether
it should make any clarifications or changes to the FCC recognition
rules or procedures to better ensure that TCBs have the capacity and
procedures to meet their obligations under Commission rules, including
any requirements adopted in the proceeding. The Commission did not
receive comments directly responsive to these inquiries.
The Commission adopts the requirement proposed in the EA Integrity
NPRM that TCBs must have an organizational and management structure in
place, including personnel with specific training and expertise, to
verify that no authorization is granted for any equipment that is
listed on the Covered List. The Commission does not believe this
represents a substantial burden for TCBs, as TCBs are required to
certify equipment in accordance with the Commission's rules and
policies and equipment on the Covered List is already prohibited from
obtaining FCC equipment authorization. Therefore, TCBs should already
have the means, including the requisite organizational structure and
personnel, to determine when authorizations are prohibited under the
FCC's rules.
The Commission is otherwise confident that TCBs, which as noted
must already be capable of understanding and applying the Commission's
rules and policies in order to participate in its equipment
authorization program, will be capable of interpreting and implementing
the requirements the Commission adopts today, and that they will have
the requisite information to do so pursuant to the certification and
reporting requirements for test labs that the FCC have established. As
such, the Commission does not believe further revision of its rules
regarding recognition of TCBs is necessary at this time. The Commission
will monitor implementation of the rules it adopts today and may later
revisit this question.
Procedures for withdrawing FCC recognition of a TCB. In the EA
Integrity NPRM the Commission invited comment on the its rules and
policies regarding withdrawal of FCC recognition of a TCB, in
particular as to the procedures by which the Commission would withdraw
recognition of a TCB, and whether and to what extent any changes would
affect MRAs.
One commenter addressed the Commission's procedures for withdrawing
recognition of a TCB. Specifically, TIA commented that if the
Commission revokes the authority of a TCB, the FCC should provide clear
guidelines and procedures, including notice and timelines, to allow
manufacturers sufficient time to plan alternative testing arrangements.
Further, to prevent disruption to manufacturers and existing contracts,
such revocations should be prospective, not retroactive--that is, if a
manufacturer has engaged in certification with a recognized TCB, the
Commission should not retroactively revoke authorizations from a TCB
that were granted based on an existing recognition.
The Commission finds that, with the revisions it adopts today, the
FCC's rules are sufficiently clear regarding the procedures by which
the Commission will withdraw recognition of a TCB, and provide TCBs
with ample time to
[[Page 38063]]
respond to the Commission's concerns. Specifically, Sec. 2.962(e)(2)
of the FCC's existing rules states that the Commission will notify a
TCB in writing of its intention to withdraw the TCB's recognition. The
Commission maintains that procedure and adopts a withdrawal procedure
specific to instances where the TCB is found to be owned by, controlled
by, or subject to the direction of a prohibited entity pursuant to
Sec. 2.902; fails to provide, or provides a false or inaccurate,
certification, as required in this section; or that fails to provide,
or provides false or inaccurate, information regarding equity or voting
interests of 5% or greater, as required in this section. In such
instances, OET will notify a TCB in writing of its intention to
withdraw the TCB's recognition and provide at least 30 days for the TCB
to respond. The Commission finds that the potential harm posed by such
TCBs, as discussed throughout the proceeding, necessitates a more
streamlined process for withdrawal of recognition so as to ensure
timely removal from participation in our equipment authorization
process. Further, as discussed in the proceeding, the Commission
expects the relevant information would be maintained by the TCB in the
ordinary course of business thereby presenting minimal burden to
disclose whereas other reasons for withdrawal of recognition are likely
to be related to technical functions of the entity, which could require
more time for resolution. While the Commission is not in a position to
inform every equipment manufacturer that may be seeking authorization
through that TCB that the Commission may withdraw the TCB's
recognition, the Commission could request that the TCB so inform
parties seeking equipment authorizations, or otherwise make public that
the Commission intends to withdraw recognition of a TCB if the
Commission believes that withdrawing recognition might disrupt time to
market timelines for manufacturers. Further, the FCC's rules already
provides that if the Commission withdraws recognition of a TCB, all
certifications will remain valid unless specifically set aside or
revoked by the Commission, effectively addressing concerns of
commenters about broad, retroactive revocations of authorizations.
Test lab transparency. In the EA Integrity NPRM, the Commission
sought comment on whether additional transparency requirements for test
labs are necessary and appropriate in light of the proposals in the
NPRM. The Commission received one comment. Heritage commented that
while test labs are reassessed every two years, that is ``too lengthy''
a time period for change in ownership disclosures, noting that the
Securities and Exchange Commission requires quarterly and annual
earnings reports from publicly traded companies.
In response to Heritage's comment, the Commission notes that
recognized TCBs, test labs, and laboratory accreditation bodies will be
required to provide updated certifications or documentation regarding
their ownership within 30 days after the effective date of the rules,
within 30 days after any relevant change, and thereafter with the
request for recognition. Should these mechanisms prove insufficient to
protect the certification and SDoC equipment authorization procedures
under the rules the Commission adopts today, the Commission may
consider additional transparency measures in the future. The Commission
will, therefore, not at this time require additional transparency
measures.
Test labs in non-MRA countries. The Commission sought comment in
the EA Integrity NPRM on whether, in light of evolving national
security concerns, the Commission should revisit its rules and
procedures for recognizing test labs with regard to some or all of the
countries that do not have an MRA with the United States, and asked
specifically whether to no longer recognize any test lab that is
located in a ``foreign adversary'' country that does not have an MRA
with the United States.
TIA commented that changes in testing requirements, including as to
test labs in non-MRA countries, could negatively impact the global
information and communications technology market, interfere with
international trade agreements, and negatively affect U.S.
competitiveness. TIA recommended that the Commission should consult
with industry and U.S. trade officials to assess the impacts of
revoking authorizations from non-MRA countries.
While test labs in non-MRA countries may be impacted by the rules
the Commission adopts today, the Commission will not at this time take
additional action related to these inquiries and directed toward test
labs in non-MRA countries. The Commission believes that the rules
announced today will mitigate the potential for national security
threats arising from test labs in foreign countries. To the extent that
the location of the test lab indicates potential ownership of direction
or control over the test lab, the Commission observes again that it has
limited information at this time about the ownership and control of
test labs that participate in the FCC's equipment authorization
program, and accordingly a limited understanding of the entities that
may be under the ownership of, or direction or control over, the lab,
and limited ability to forecast the impact of additional prohibitions
on the FCC's equipment authorization program. Further, any action the
Commission takes should properly first look to sources and lists of
entities that pose a risk to national security compiled by agencies and
other bodies with appropriate national security expertise, and it is
unclear whether prohibiting test labs based on their location, rather
than on the identity of the entities that own, direct, or control the
test lab, will accomplish that aim. Nevertheless, the Commission
intends to revisit this decision after it has had time to review the
ownership information reported by test labs pursuant to the rules the
Commission adopts today and assess, in consultation with relevant
federal agencies and other sources, the necessity, benefits, and any
potential adverse impacts of precluding recognition of test labs on
bases other than the one the Commission adopts today.
Use of accredited, FCC-recognized test labs in SDoC process. The
Commission sought comment in the EA Integrity NPRM on whether to
require that all equipment authorized pursuant to the SDoC process be
tested by accredited and FCC-recognized test labs, which could serve to
promote the integrity of the program in precluding potentially
untrustworthy test labs from participating in the equipment
authorization program and serve the national security goals of the
proceeding.
Some commenters expressed concern about the potential ``rolling
back'' of the successful SDoC program. These commenters say that the
SDoC program has been a resounding success that has added efficiency to
the equipment authorization program without raising interference or
national security concerns, as evidenced by the few enforcement actions
related to SDoC devices, and that therefore it is unclear what national
security benefit would be derived from so revising the SDoC program.
The Consumer Technology Association (CTA) suggests that, alternatively,
the FCC could require parties seeking equipment authorization to
maintain a record that the equipment was not tested by a lab, company,
or individual owned by an entity named on the Covered List (or
otherwise
[[Page 38064]]
identified by the lists or processes determined by the outcome of the
proceeding). In CTA's view, doing so would preclude the use of such
labs for SDoC without raising the cost and complexity for all users of
the process.
The Commission acknowledges the concerns of commenters and
recognizes that any changes the Commission adopts herein must be
balanced with the significant interest in maintaining the ability of
its equipment authorization program to timely review new products and
allow compliant products to come to market. In light of the changes the
Commission adopts today to promote the integrity of test labs, and the
limited record the Commission currently possesses regarding whether and
how to amend the current SDoC process, the Commission have determined
that it will not at this time require the use of accredited, FCC-
recognized labs in the SDoC process. Nevertheless, in light of the
persistent and evolving threats posed by untrustworthy actors seeking,
among other things, to compromise the FCC's networks and supply chains,
the Commission will continue to consider whether and what reforms may
be necessary to ensure the integrity of the FCC's SDoC process and that
equipment authorized pursuant to that process does not pose a risk to
national security. The Commission further considers this issue in the
FNPRM portion of the proceeding.
Location of laboratory accreditation bodies. The Commission sought
comment on whether laboratory accreditation bodies should be located
only in the United States or other MRA-partnered countries. The
Commission received one relevant comment. A2LA commented that
accreditation bodies that meet the competency criteria should be
permitted to accredit test labs in the United States, no matter their
country of origin, and that this is and should be a reciprocal
arrangement among MRA-partners. The Commission will not require that
laboratory accreditation bodies be located only in the United States or
other MRA-partnered countries because the Commission believes that the
rules it adopts today are better suited to ensuring the integrity of
the laboratory accreditation bodies participating in the equipment
authorization process, and additional requirements are not necessary at
this time.
Accreditation and assessment of test labs. The Commission sought
comment in the EA Integrity NPRM on the responsibilities and procedures
by which FCC-recognized laboratory accreditation bodies conduct their
assessment of prospective test labs and determine whether to accredit
particular test labs. In part, the Commission asked whether to clarify
its recognition requirements with regard to any of the ISO/IEC 17025
standards to ensure that the test lab accreditation process guarantees
that test labs are competent and impartial, generate valid test
results, and ensure that effective procedures are in place to ensure
that test labs meet the ownership, direction, and control requirements
adopted in the proceeding. The Commission proposed that if it were to
adopt clarifications of any ISO/IEC 17025 principles, the Commission
would require that the laboratory accreditation bodies reassess test
labs under the new requirements or procedures. The Commission also
requested comment on whether to clarify or revise any of the
Commission's rules or policies concerning assessment of test lab
accreditation every two years in order to help ensure implementation of
the prohibitions on recognition adopted in the proceeding, and asked
whether OET should establish specific procedures for reassessment and
recognition of test labs and other potential revisions of its
procedures for reassessment, recognition, and revocation.
Commenters observed that laboratory accreditation is primarily an
assessment of the technical capabilities of the test lab and said that
the laboratory accreditation process is ``rigorous.'' A2LA said that
accreditation against the ISO/IEC 17025 standard is a technical
assessment ``limited to activities directly related to the tests on the
proposed scope of accreditation'' and that assessors are ``technical
experts in their fields,'' not financial analysts or other personnel
with expertise in examining ownership and financial records. TIC said
that the ``accreditation process is a thorough assessment of the
capacity and competency of the lab and its personnel to understand and
perform the testing, as well as to generate accurate test reports that
can be relied upon for equipment authorization.'' TIC also said that
the accreditation process is ``rigorous, requiring a demonstration of
technical competence, an understanding of program rules, and well-
established policies and procedures to safeguard objectivity,
confidentiality, and impartiality.''
Based on the record, in which commenters argue that the laboratory
accreditation process is adequate, the Commission will not at this time
adopt any rules related to these inquiries, but the Commission seeks
additional comment in the FNPRM portion of this proceeding on certain
proposals that were not substantially addressed by commenters.
Incorporation by Reference
The OFR has regulations concerning incorporation by reference.
These regulations require that, for a final rule, agencies must discuss
in the preamble to the final rule the way in which materials that the
agency incorporates by reference are reasonably available to interested
parties, and how interested parties can obtain the materials.
Additionally, the preamble to the final rule must summarize the
material.
Section 2.960 incorporates by reference ISO/IEC 17025:2005(E) and
ISO/IEC 17025:2017(E). Both of these standards are currently
incorporated by reference elsewhere within the Commission's rules. The
standards contain the requirements related to test laboratory
accreditation, including requirements for processes, procedures,
documented information, and organizational responsibilities. Interested
persons may obtain ISO/IEC 17025:2005(E) or ISO/IEC 17025:2017(E) from
the sources provided in 47 CFR 2.910. A copy of the standards may also
be inspected at the FCC's main office.
The following standards appear in the amendatory text of this
document and were previously approved for the locations in which they
appear: ISO/IEC 17011:2004(E) and ISO/IEC 17065:2012(E).
Cost-Benefit Analysis
In the Report and Order, the Commission strengthens its oversight
of TCBs, test labs, and laboratory accreditation bodies by adopting new
rules that help ensure the integrity of these entities to the extent
that they participate in the FCC's equipment authorization program. The
Commission finds that it is critical for national security and the
integrity of the supply chain that it prohibits from recognition, or
participation in the equipment authorization program by, TCBs, test
labs, and laboratory accreditation bodies that are owned by, controlled
by, or subject to the direction of a prohibited entity.
The Commission recognizes that the benefits of protecting U.S.
national security, law enforcement, foreign policy, and trade policy
interests are difficult to quantify in monetary terms. The difficulty
in quantifying these benefits does not, however, diminish their
importance. The Commission previously has found that ``a foreign
adversary's access to American communications networks could result in
hostile actions to disrupt and surveil the FCC's communications
networks,
[[Page 38065]]
impacting its nation's economy generally and online commerce
specifically, and result in the breach of confidential data. Given that
its national gross domestic product was over $29 trillion in 2024, the
digital economy accounted for approximately 16% of its economy, and the
volume of international trade for the United States (exports and
imports) was $7.3 trillion in 2024, even a temporary disruption in
communications could cause billions of dollars in economic losses. The
harms by foreign adversaries or other untrustworthy actors thus could
be significant, causing disruption to the U.S. economy, residential and
government communications, and critical infrastructure.
The Commission finds that requiring certification and reporting of
ownership is necessary to minimize vulnerabilities in the
telecommunications infrastructure and the communications and consumer
technology supply chain. Furthermore, it would strengthen national
security through the equipment authorization process by ensuring that
TCBs, test labs, and laboratory accreditation bodies are not owned by,
controlled by, or under the direction of prohibited entities. The
Commission finds that these adopted rules will yield significant
benefits, including improved consistency in the Commission's
consideration of evolving national security risks, completeness of the
Commission's information regarding equipment authorization, and timely
Commission attention to issues that warrant heightened scrutiny. The
Commission also finds that the adoption of the rules will better
protect U.S. telecommunications infrastructure and the communications
and consumer technology supply chain from national security risks posed
by prohibited entities. These benefits cannot be achieved with ad hoc
reviews alone. Thus, adopting a systemized review of the ownership
certification and reporting by TCBs, test labs, and laboratory
accreditation bodies is necessary to help ensure that the Commission
and the Executive Branch agencies have the necessary information to
address evolving national security, law enforcement, foreign policy,
and/or trade policy risks on a continuing basis. The benefits exceed
the requirements' costs as discussed in this section.
By adopting the proposed rules, the Commission requires TCBs, test
labs, and laboratory accreditation bodies to: (1) certify that they are
not owned by or subject to the direction or control of, a prohibited
entity; and (2) report all equity or voting interests of 5% or greater
by any entity. The Commission further adopts the proposal and requires
that every entity specifically named on the Covered List must provide
to the Commission information regarding all of its subsidiaries and
affiliates. The Commission concludes that requiring TCBs, test labs,
and laboratory accreditation bodies to ascertain their direct and
indirect ownership information or whether they are under direction of
or controlled by prohibited entities does not present a substantial
burden because a privately held company likely knows its investors and
stakeholders with significant control of the business directives, while
a publicly held company is required to identify its interest holders in
requisite filings with the U.S. Securities and Exchange Commission. For
similar reasons, the Commission finds that requiring entities on the
Covered List to provide information on its subsidiaries and affiliates
imposes only a minimal burden as these entities should retain this
information as part of their normal business operations.
The Commission estimates that the aggregate recurring annual costs
associated with the attestation and reporting requirements adopted in
the Report and Order will not exceed $800,000. Specifically, the
Commission estimates that each of the 706 FCC-recognized TCBs, test
labs, and laboratory accreditation bodies will require approximately
two hours of outside legal counsel time at a rate of $300 per hour and
eight hours of administrative staff time at a rate of $57 per hour to
complete the attestation and reporting process each year. For the 11
entities named on the Covered List, the Commission conservatively
doubles the estimated time to account for additional reporting
obligations regarding subsidiaries and affiliates. Based on these
assumptions, the Commission estimates the upper bound of the aggregate
annual compliance costs to be $768,768. The Commission finds that this
estimate likely substantially overestimates the actual attestation and
reporting burden for several reasons. First, many test labs operate
under common ownership and may therefore satisfy the attestation and
reporting requirements at the firm level, rather than on a per-
laboratory basis. Second, the Commission assumes that, for purposes of
this estimate, each TCB, test lab, and laboratory accreditation body
will report changes in ownership annually, whereas many entities are
unlikely to experience ownership changes each year. Third, the FCC's
estimate assumes reliance on outside counsel, whereas many entities may
utilize in-house resources or forego legal review altogether, thereby
potentially incurring lower compliance costs. Finally, as discussed
above, the Commission expects that many entities already maintain the
information required by the Report and Order as part of routine
business practices or to comply with obligations imposed by other
government agencies (e.g., the Securities and Exchange Commission, Team
Telecom). Accordingly, these entities are unlikely to incur material
additional costs in complying with the requirements set forth herein.
The Commission further requires parties seeking equipment
authorization pursuant to the SDoC process to maintain a record that no
prohibited entity has ownership in or direction or control of the test
lab, company, or individual performing the testing conducted pursuant
to the SDoC process. As the Commission clarifies in the section titled
``Reporting, Certification, and Recordkeeping Requirements,'' the
Commission believes this type of ownership information would be
retained by the test lab in the ordinary course of business. As a
result, the Commission finds the requirement imposes minimal burden,
and that any associated costs are negligible when weighed against the
substantial benefits to the security of the telecommunications
infrastructure and national interests.
The Commission finds that the requirements adopted in the Report
and Order are highly unlikely to impose substantial harms on U.S.
consumers, equipment manufacturers, or other stakeholders. The
Commission finds any direct costs stemming from the requirements in the
Report and Order will be minor; any indirect costs that may be borne by
domestic stakeholders are likely similarly minor but also highly
speculative in nature. First, the Commission did not receive
substantive comments or reply comments in its record outlining such
harms. Second, the Commission tentatively believes that most test labs
negatively affected by the Report and Order are owned by, controlled
by, or subject to the direction of China and that these test labs
disproportionately test equipment from Chinese companies. Harms to such
entities are not considered in a Cost-Benefit Analysis. Third, the vast
majority of TCBs, test labs, and laboratory accreditation bodies would
maintain their recognition under these rules, and the Commission have
no evidence that U.S. equipment producers or U.S. consumers would face
significant costs as a result of some producers switching to non-
prohibited
[[Page 38066]]
test labs. Therefore, the Commission finds the requirements to be
minimally harmful to U.S. stakeholders.
Ordering Clauses
Accordingly, it is ordered, pursuant to the authority found in
sections 1, 4(i), 229, 301, 302, 303, 309, 312, 403, and 503 of the
Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 229,
301, 302a, 303, 309, 312, 403, and 503, section 105 of the
Communications Assistance for Law Enforcement Act, 47 U.S.C. 1004; the
Secure and Trusted Communications Networks Act of 2019, 47 U.S.C. 1601-
1609; and the Secure Equipment Act of 2021, Public Law 117-55, 135
Stat. 423, 47 U.S.C. 1601 note, that this Report and Order and Further
Notice of Proposed Rulemaking is hereby adopted.
It is further ordered that the amendments of parts 2 and 15 of the
Commission's rules as set forth in Appendix A of the Report and Order
are adopted, effective 30 days after the date of publication in the
Federal Register, with the exception of Sec. Sec. 2.903(b);
2.911(d)(5)(ii); 2.929(c)(2), (d)(1)(ii); 2.932(e)(2); 2.938(b)(2);
2.949(b)(5)-(6), (d); 2.950(c) through (e); 2.951(a)(10) and (11), (c);
2.960(a)(2) and (3); 2.962(d)(9); 2.1033(b)(3), (c)(3), and
2.1043(b)(2)(i)(C), (b)(3)(i)(C) which contain new or modified
information collection requirements that require review by the Office
of Management and Budget (OMB) under the Paperwork Reduction Act. The
Commission directs the Office of Engineering and Technology to
establish and announce the effective date of these sections in a
document published in the Federal Register after completion of OMB
review.
It is further ordered that the Office of the Secretary, shall send
a copy of the Report and Order, including the Final Regulatory
Flexibility Analyses, to the Chief Counsel for Advocacy of the Small
Business Administration.
It is further ordered that the Office of the Managing Director,
Performance Program Management, shall send a copy of the Report and
Order in a report to be sent to Congress and the Government
Accountability Office pursuant to the Congressional Review Act, 5
U.S.C. 801(a)(1)(A).
List of Subjects
47 CFR Part 2
Administrative practice and procedures, Communications,
Communications equipment, Incorporation by reference, Reporting and
recordkeeping requirements, Telecommunications, Wiretapping and
electronic surveillance.
47 CFR Part 15
Communications equipment, Reporting and recordkeeping requirements,
Security measures, Wiretapping and electronic surveillance.
Federal Communications Commission.
Marlene Dortch,
Secretary.
Final Rules
For the reasons discussed in the preamble, the Federal
Communications Commission amends 47 CFR parts 2 and 15 as follows:
PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL
RULES AND REGULATIONS
0
1. The authority citation for part 2 continues to read as follows:
Authority: 47 U.S.C. 154, 302a, 303, and 336, unless otherwise
noted.
0
2. Add Sec. 2.902 to read as follows:
Sec. 2.902 Terms and definitions.
Owned by, controlled by, or subject to the direction of. Any
entity:
(1) In which any other entity has direct or indirect ownership or
control of 10% or more equity, voting interest, or stock;
(2) In which any other entity directly or indirectly possesses or
has the power (whether or not exercised) to determine, direct, or
decide important matters affecting the subject entity; or
(3) That acts as an agent or representative of another entity or
acts in any other capacity at the order or request of another entity or
whose activities are directly or indirectly supervised, directed,
controlled, financed, or subsidized in whole or in majority part,
including being part of a governmental structure or hierarchy.
Prohibited entities. (1) Each entity identified on the Covered List
pursuant to Sec. 1.50002 of this chapter.
(2) Entities identified by any of the following sources:
(i) Department of Commerce Bureau of Industry and Security Entity
List pursuant to 15 CFR part 744, supplement no. 4;
(ii) Department of Commerce Bureau of Industry and Security
Military End-User List pursuant to 15 CFR part 744, supplement no. 7;
(iii) Department of Homeland Security Uyghur Forced Labor
Prevention Act Entity List as published by the Forced Labor Enforcement
Task Force pursuant to 19 U.S.C. 4681;
(iv) Section 5949 of the James M. Inhofe National Defense
Authorization Act for Fiscal Year 2023 (Pub. L. 117-263);
(v) Section 1260H of the National Defense Authorization Act (NDAA)
for Fiscal Year 2021 (Pub. L. 116-283); and
(vi) Department of Treasury Non-Specially Designated Nationals
Chinese Military-Industrial Complex Companies List pursuant to 31 CFR
part 586.
(3) Entities identified as ``foreign adversaries'' by the
Department of Commerce pursuant to 15 CFR 791.4.
0
3. Amend Sec. 2.903 by revising the definition of ``Affiliate'' in
paragraph (c) to read as follows:
Sec. 2.903 Prohibition on authorization of equipment on the Covered
List.
* * * * *
(c) * * *
Affiliate. The term ``affiliate'' means an entity that (directly or
indirectly) owns or controls, is owned or controlled by, or is under
common ownership or control with, another entity; for purposes of this
definition, the term ``own'' means to have, possess, or otherwise
control an equity interest (or the equivalent thereof) of 10 percent or
more.
* * * * *
0
4. Delayed indefinitely, further amend Sec. 2.903 by revising
paragraph (b) to read as follows:
Sec. 2.903 Prohibition on authorization of equipment on the Covered
List.
* * * * *
(b) Each entity named on the Covered List, as established pursuant
to Sec. 1.50002 of this chapter, must provide to the Commission the
following information: the full name, mailing address or physical
address (if different from mailing address), email address, and
telephone number of each of that named entity's associated entities
(e.g., subsidiaries or affiliates).
(1) Each entity named on the Covered List must provide the
information described in this paragraph (b) no later than 30 days after
the effective date of each updated Covered List; and
(2) Each entity named on the Covered List must notify the
Commission of any changes to the information described in this
paragraph (b) no later than 30 days after such change occurs.
* * * * *
0
5. Amend Sec. 2.906 by revising paragraphs (a) and (d) to read as
follows:
Sec. 2.906 Supplier's Declaration of Conformity.
(a) Supplier's Declaration of Conformity (SDoC) is a procedure
where the responsible party, as defined in
[[Page 38067]]
Sec. 2.909, makes measurements or completes other procedures found
acceptable to the Commission to ensure that the equipment complies with
the appropriate technical standards and other applicable requirements.
(1) Equipment testing necessary to ensure compliance with the
appropriate technical standards and other applicable requirements must
not be performed at a measurement facility that is owned by, controlled
by, or under the direction of a prohibited entity, as defined in Sec.
2.902.
(2) Submittal to the Commission of a sample unit or representative
data demonstrating compliance is not required unless specifically
requested pursuant to Sec. 2.945.
* * * * *
(d) Notwithstanding other parts of this section, equipment
otherwise subject to the Supplier's Declaration of Conformity process
that is produced by any entity identified on the Covered List,
established pursuant to Sec. 1.50002 of this chapter, is prohibited
from obtaining equipment authorization through that process. The rules
in this chapter governing certification apply to authorization of such
equipment.
0
6. Amend Sec. 2.907 by revising paragraph (c) to read as follows:
Sec. 2.907 Certification.
* * * * *
(c) Any equipment otherwise eligible for authorization pursuant to
the Supplier's Declaration of Conformity, or exempt from equipment
authorization, produced by any entity identified on the Covered List,
established pursuant to Sec. 1.50002 of this chapter, must obtain
equipment authorization through the certification process.
0
7. Amend Sec. 2.910 by revising paragraphs (c)(1) through (4) to read
as follows:
Sec. 2.910 Incorporation by reference.
* * * * *
(c) * * *
(1) ISO/IEC 17011:2004(E), Conformity assessment--General
requirements for accreditation bodies accrediting conformity assessment
bodies, First Edition, 2004-09-01; IBR approved for Sec. Sec.
2.948(e); 2.949(b); 2.960(d).
(2) ISO/IEC 17025:2005(E), General requirements for the competence
of testing and calibration laboratories, Second Edition, 2005-05-15;
IBR approved for Sec. Sec. 2.948(e); 2.949(b); 2.950(a); 2.960(a);
2.962(c).
(3) ISO/IEC 17025:2017(E), General requirements for the competence
of testing and calibration laboratories, Third Edition, November 2017;
IBR approved for Sec. Sec. 2.948(e); 2.949(b); 2.950(a); 2.960(a);
2.962(c).
(4) ISO/IEC 17065:2012(E), Conformity assessment--Requirements for
bodies certifying products, processes and services, First Edition,
2012-09-15; IBR approved for Sec. Sec. 2.960(a) and (c); 2.962(a),
(c), (d), and (i).
* * * * *
0
8. Delayed indefinitely, amend Sec. 2.911 by revising paragraphs (b)
and (d)(5)(ii) to read as follows:
Sec. 2.911 Application requirements.
* * * * *
(b) A TCB shall submit an electronic copy of each equipment
authorization application to the Commission pursuant to Sec.
2.962(d)(6) on a form prescribed by the Commission at <a href="https://www.fcc.gov/eas">https://www.fcc.gov/eas</a>.
* * * * *
(d) * * *
(5) * * *
(ii) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter.
* * * * *
0
9. Delayed indefinitely, amend Sec. 2.929 by revising paragraphs
(c)(2) and (d)(1)(ii) to read as follows:
Sec. 2.929 Changes in name, address, ownership, or control of
grantee.
* * * * *
(c) * * *
(2) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter; and
* * * * *
(d) * * *
(1) * * *
(ii) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter; and
* * * * *
0
10. Delayed indefinitely, amend Sec. 2.932 by revising paragraph
(e)(2) to read as follows:
Sec. 2.932 Modification of equipment.
* * * * *
(e) * * *
(2) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter; and
* * * * *
0
11. Amend Sec. 2.938 by revising paragraph (b)(1)(ii) and adding
paragraph (h) to read as follows:
Sec. 2.938 Retention of records.
* * * * *
(b) * * *
(1) * * *
(ii) State the name of the test laboratory, company, or individual
performing the testing;
* * * * *
(h) The Commission may request additional information regarding the
test site, the test equipment, or the qualifications of the company or
individual performing the tests, including documentation identifying
any entity that has equity or voting interests of 5% or greater in the
test lab.
0
12. Delayed indefinitely, further amend Sec. 2.938 by revising
paragraph (b)(2) to read as follows:
Sec. 2.938 Retention of records.
* * * * *
(b) * * *
(2) A written and signed certification that:
(i) As of the date of first importation or marketing of the
equipment, the equipment for which the responsible party maintains
Supplier's Declaration of Conformity is not produced by any entity
identified on the Covered List, established pursuant to Sec. 1.50002
of this chapter; and
(ii) As of the date of testing, the test laboratory performing the
testing is not owned by, controlled by, or subject to the direction of
a prohibited entity pursuant to Sec. 2.902.
* * * * *
0
13. Amend Sec. 2.948 by:
0
a. Revising paragraph (a); and
0
b. Removing and reserving paragraph (c).
The revision reads as follows:
Sec. 2.948 Measurement facilities.
(a) Equipment authorized under the certification procedure must be
tested at a laboratory that is:
(1) Accredited in accordance with paragraph (e) of this section;
and
(2) Recognized by the Commission in accordance with Sec. 2.951.
* * * * *
0
14. Amend Sec. 2.949 by adding paragraphs (c) through (f) to read as
follows:
Sec. 2.949 Recognition of laboratory accreditation bodies.
* * * * *
(c) The Commission will not recognize a laboratory accreditation
body that:
[[Page 38068]]
(1) Is owned by, controlled by, or subject to the direction of a
prohibited entity pursuant to Sec. 2.902;
(2) Fails to provide, or provides a false or inaccurate,
certification as required in this section; or
(3) Fails to provide, or provides false or inaccurate, information
regarding equity or voting interests of 5% or greater as required in
this section.
(d) [Reserved]
(e) The Commission will withdraw recognition of any laboratory
accreditation body that:
(1) Is owned by, controlled by, or subject to the direction of a
prohibited entity pursuant to Sec. 2.902;
(2) Fails to provide, or provides a false or inaccurate,
certification, as required by this section; or
(3) Fails to provide, or provides false or inaccurate, information
regarding equity or voting interests of 5% or greater, as required by
this section.
(f) The Commission will notify a laboratory accreditation body in
writing of its intention to withdraw the laboratory accreditation
body's recognition and provide at least 30 days for the laboratory
accreditation body to respond.
0
15. Delayed indefinitely, further amend Sec. 2.949 by adding
paragraphs (b)(5) and (6) and (d) to read as follows:
Sec. 2.949 Recognition of laboratory accreditation bodies.
* * * * *
(b) * * *
(5) Certification to the Commission that the laboratory
accreditation body is not owned by, controlled by, or subject to the
direction of a prohibited entity pursuant to Sec. 2.902.
(6) Documentation to the Commission identifying any entity that has
equity or voting interests of 5% or greater in the laboratory
accreditation body.
* * * * *
(d) Each recognized laboratory accreditation body must provide to
the Commission, in accordance with Sec. 2.950 and no later than 30
days after any relevant change to the required information takes
effect:
(1) Certification to the Commission that the laboratory
accreditation body is not owned by, controlled by, or subject to the
direction of a prohibited entity pursuant to Sec. 2.902.
(2) Documentation to the Commission identifying any entity that has
equity or voting interests of 5% or greater in the laboratory
accreditation body.
* * * * *
0
16. Delayed indefinitely, amend Sec. 2.950 by adding paragraphs (c)
through (e) to read as follows:
Sec. 2.950 Transition periods.
* * * * *
(c) Each recognized laboratory accreditation body must provide to
the Commission:
(1) No later than October 6, 2025, certification to the Commission
that the laboratory accreditation body is not owned by, controlled by,
or subject to the direction of a prohibited entity pursuant to Sec.
2.902; and
(2) No later than December 5, 2025, documentation to the Commission
identifying any entity that has equity or voting interests of 5% or
greater in the laboratory accreditation body.
(d) Each recognized laboratory must provide to the Commission:
(1) No later than October 6, 2025, certification to the Commission
that the laboratory is not owned by, controlled by, or subject to the
direction of a prohibited entity pursuant to Sec. 2.902; and
(2) No later than December 5, 2025, documentation to the Commission
identifying any entity that has equity or voting interests of 5% or
greater in the laboratory.
(e) Each recognized TCB must provide to the Commission:
(1) No later than October 6, 2025, certification to the Commission
that the TCB is not owned by, controlled by, or subject to the
direction of a prohibited entity pursuant to Sec. 2.902; and
(2) No later than December 5, 2025, documentation to the Commission
identifying any entity that has equity or voting interests of 5% or
greater in the TCB.
0
17. Add Sec. 2.951 to read as follows:
Sec. 2.951 Recognition of measurement facilities.
(a) The Commission will consider for recognition a measurement
facility (i.e., testing laboratory) for which an FCC-recognized
accrediting organization submits a written request to the Chief of the
Office of Engineering and Technology (OET) requesting such recognition,
including the following information:
(1) Laboratory name, location of test site(s), mailing address, and
contact information.
(2) Name of accrediting organization.
(3) Scope of laboratory accreditation.
(4) Date of expiration of accreditation.
(5) Designation number.
(6) FCC Registration Number (FRN).
(7) A statement as to whether the laboratory performs testing on a
contract basis.
(8) For laboratories outside the United States, the name of the
mutual recognition agreement or arrangement under which the
accreditation of the laboratory is recognized.
(9) Other information as requested by the Commission.
(b) The Commission will not recognize a laboratory:
(1) In which a prohibited entity, as established pursuant to Sec.
2.902, has, possesses, or otherwise controls an equity or voting
interest of 10% or more;
(2) That fails to provide, or that provides a false or inaccurate,
certification as required in this section; or
(3) That fails to provide, or provides false or inaccurate,
information regarding equity or voting interests of 5% or greater as
required in this section.
(c) [Reserved]
(d) The Commission will withdraw recognition of any laboratory
that:
(1) Is owned by, controlled by, or subject to the direction of a
prohibited entity pursuant to Sec. 2.902;
(2) Fails to provide, or provides a false or inaccurate,
certification, as required in this section; or
(3) Fails to provide, or provides false or inaccurate, information
regarding equity or voting interests of 5% or greater, as required in
this section.
(e) The Commission will notify a laboratory in writing of its
intention to withdraw the laboratory's recognition and provide at least
30 days for the lab to respond.
0
18. Delayed indefinitely, amend Sec. 2.951 by adding paragraphs
(a)(10) and (11) and (c) to read as follows:
Sec. 2.951 Recognition of measurement facilities.
(a) * * *
(10) Certification to the Commission that the laboratory is not
owned by, controlled by, or subject to the direction of a prohibited
entity pursuant to Sec. 2.902.
(11) Documentation to the Commission identifying any entity that
has equity or voting interests of 5% or greater in the laboratory.
* * * * *
(c) Each recognized laboratory must provide to the Commission, in
accordance with Sec. 2.950 and no later than 30 days after any
relevant change to the required information takes effect:
(1) Certification to the Commission that the laboratory is not
owned by, controlled by, or subject to the direction of a prohibited
entity pursuant to Sec. 2.902.
(2) Documentation to the Commission identifying any entity that has
equity or voting interests of 5% or greater in the laboratory.
* * * * *
0
19. Revise Sec. 2.960 to read as follows:
[[Page 38069]]
Sec. 2.960 Recognition of Telecommunication Certification Bodies
(TCBs).
(a) The Commission will consider for recognition under the terms of
this section a Telecommunication Certification Body (TCB) that:
(1) Has been designated according to requirements of this section
to issue grants of certification as required under this part.
(2)-(3) [Reserved]
(4) By means of accreditation specifying the group of equipment to
be certified and the applicable regulations for product evaluation,
meets all appropriate specifications in ISO/IEC 17065 (incorporated by
reference, see Sec. 2.910) for the scope of equipment the TCB would
certify.
(5) Demonstrates expert knowledge of the regulations for each
product with respect to which the body seeks designation. Such
expertise must include familiarity with all applicable technical
regulations, administrative provisions or requirements, as well as the
policies and procedures used in the application thereof.
(6) Has the technical expertise and capability to test the
equipment it will certify and must also be accredited in accordance
with ISO/IEC 17025 (incorporated by reference, see Sec. 2.910) to
demonstrate it is competent to perform such tests.
(7) Demonstrates an ability to recognize situations where
interpretations of the regulations or test procedures may be necessary.
The appropriate key certification and laboratory personnel must
demonstrate knowledge of how to obtain current and correct technical
regulation interpretations.
(i) The competence of the TCB must be demonstrated by assessment.
The general competence, efficiency, experience, familiarity with
technical regulations and products covered by those technical
regulations, as well as compliance with applicable parts of ISO/IEC
17025 and ISO/IEC 17065 must be taken into consideration during
assessment; and
(ii) The TCB must be assessed for accreditation on intervals not
exceeding two years.
(iii) The Commission will provide public notice of the specific
methods that will be used to accredit TCBs, consistent with the
qualification criteria provided in this part.
(b) The Commission will not recognize a TCB:
(1) In which a prohibited entity, as established pursuant to Sec.
2.902, has, possesses, or otherwise controls an equity or voting
interest of 10% or more;
(2) That fails to provide, or provides a false or inaccurate,
certification as required in paragraph (a) of this section; or
(3) That fails to provide, or provides false or inaccurate,
information regarding equity or voting interests of 5% or greater.
(c) In the United States, TCBs must be accredited and designated by
the National Institute of Standards and Technology (NIST) under its
National Voluntary Conformity Assessment Evaluation (NVCASE) program,
or other recognized programs based on ISO/IEC 17065 (incorporated by
reference, see Sec. 2.910) to comply with the Commission's
qualification criteria for TCBs. NIST may, in accordance with its
procedures, allow other appropriately qualified accrediting bodies to
accredit TCBs.
(d) Outside the United States, a TCB must be designated in
accordance with the terms of an effective bilateral or multilateral
mutual recognition agreement or arrangement (MRA) to which the United
States is a party.
(1) The Commission will not recognize a TCB in an MRA partner
economy if that economy does not permit TCBs in the United States to
authorize equipment to its requirements.
(2) The organization accrediting the prospective telecommunication
certification body must be capable of meeting the requirements and
conditions of ISO/IEC 17011 (incorporated by reference, see Sec.
2.910).
(3) A team of qualified experts in, but not limited to,
electromagnetic compatibility and telecommunications equipment (wired
and wireless), must perform the accreditation assessment covering all
of the elements within the scope of accreditation.
(e) The Commission will notify a TCB in writing when it has
concerns or evidence that the TCB is not certifying equipment in
accordance with the Commission's rules in this chapter and policies and
request that it explain and correct any apparent deficiencies.
(1) The Commission may require that all applications for the TCB be
processed under the pre-approval guidance procedure in Sec. 2.964 for
at least 30 days, and will provide a TCB with 30 days' notice of its
intent to do so unless good cause exists for providing shorter notice.
(2) The Commission may request that a TCB's Designating Authority
or accreditation body investigate and take appropriate corrective
actions as required, and the Commission may initiate action to limit or
withdraw the recognition of the TCB.
(3) In the case of a TCB designated and recognized pursuant to a
bilateral or multilateral mutual recognition agreement or arrangement
(MRA), the Commission will consult with the Office of the United States
Trade Representative (USTR), as necessary, concerning any disputes
arising under an MRA for compliance with the Telecommunications Trade
Act of 1988 (section 1371-1382 of the Omnibus Trade and Competitiveness
Act of 1988).
(f) The Commission will limit the scope of equipment that can be
certified by a TCB if its accreditor limits the scope of its
accreditation or if the Commission determines there is good cause to do
so. The Commission will notify a TCB in writing of its intention to
limit the scope of the TCB's recognition and provide at least 60 days
for the TCB to respond.
(g) The Commission will notify a TCB in writing of its intention to
withdraw the TCB's recognition, and provide at least 60 days for the
TCB to respond, if:
(1) The TCB's designation or accreditation is withdrawn;
(2) The Commission determines there is just cause for withdrawing
the recognition; or
(3) The TCB requests that it no longer hold its designation or
recognition.
(h) The Commission will notify a TCB in writing of its intention to
withdraw the TCB's, and provide at least 30 days for the TCB to
respond, if the Commission determines that the TCB:
(1) Is owned by, controlled by, or subject to the direction of a
prohibited entity pursuant to Sec. 2.902;
(2) Fails to provide, or provides a false or inaccurate,
certification, as required in this section; or
(3) Fails to provide, or provides false or inaccurate, information
regarding equity or voting interests of 5% or greater, as required in
this section.
(i) If the Commission withdraws its recognition of a TCB, all
certifications issued by that TCB will remain valid unless specifically
set aside or revoked by the Commission.
(j) The Commission will publish a list of recognized TCBs.
0
20. Delayed indefinitely, further amend Sec. 2.960 by adding
paragraphs (a)(2) and (3) to read as follows:
Sec. 2.960 Recognition of Telecommunication Certification Bodies
(TCBs).
(a) * * *
(2) Has certified to the Commission that the TCB is not owned by,
controlled by, or subject to the direction of a prohibited entity
pursuant to Sec. 2.902.
(3) Has reported to the Commission documentation identifying any
entity
[[Page 38070]]
that has equity or voting interests of 5% or greater in the TCB.
* * * * *
0
21. Revise Sec. 2.962 to read as follows:
Sec. 2.962 Requirements for Telecommunication Certification Bodies.
(a) A TCB must review for compliance with the Commission's
requirements an application that includes all the information specified
in this part to determine whether to grant equipment certification in
accordance with Sec. 2.911.
(1) The certification system must be based on type testing as
identified in ISO/IEC 17065 (incorporated by reference, see Sec.
2.910).
(2) Certification determinations must typically be based on testing
of no more than one unmodified representative sample of each product
type for which certification is sought. A TCB may request additional
samples when clearly warranted, such as when certain tests are likely
to render a sample inoperative.
(b) A TCB must not outsource review and certification decision
activities.
(c) Evaluation may be performed using internal TCB resources or
external (outsourced) resources.
(1) Evaluation is the selection of applicable requirements and the
determination that those requirements are met.
(2) Bodies that meet the applicable requirements of ISO/IEC 17025
may perform the evaluation of a product in accordance with the
applicable provisions of ISO/IEC 17065 for external resources
(outsourcing) and other relevant standards.
(3) The TCB remains responsible for any evaluation function
provided by external resources, including the testing of equipment
subject to certification, and the TCB must maintain appropriate
oversight of the external resources used to ensure reliability of the
evaluation. Such oversight must include periodic audits of products
that have been tested and other activities as required in ISO/IEC
17065.
(d) A TCB must:
(1) Certify equipment in accordance with the Commission's rules in
this chapter and policies.
(2) Accept test data from any Commission-recognized accredited test
laboratory, subject to the requirements in ISO/IEC 17065, and must not
unnecessarily repeat tests.
(3) Only act on applications that it has received or for which it
has issued a grant of certification.
(4) Dismiss an application that is not in accordance with the
provisions of this subpart or when the applicant requests dismissal. A
TCB may dismiss an application if the applicant does not submit
additional information or test samples requested by the TCB.
(5) Follow the procedures in Sec. 2.964 for equipment on the pre-
approval guidance list.
(6) Supply an electronic copy of each certification application and
all necessary exhibits to the Commission prior to grant or dismissal of
the application. Where appropriate, the application must be accompanied
by a request for confidentiality of any material that may qualify for
confidential treatment under the Commission's rules in this chapter.
(7) Grant or dismiss each certification application through the
Commission's electronic filing system.
(8) Participate in any consultative activities, identified by the
Commission or NIST, to facilitate a common understanding and
interpretation of applicable regulations.
(e) A TCB may establish and assess fees for processing
certification applications and other Commission-required tasks.
(f) Within 30 days of the date of grant of certification, the
Commission or TCB issuing the grant may set aside a grant of
certification that does not comply with the applicable requirements or
upon the request of the applicant. A TCB must notify the applicant and
the Commission when a grant is set aside. After 30 days, the Commission
may revoke a grant of certification through the procedures in Sec.
2.939.
(g) A TCB must not:
(1) Grant a waiver of the rules in this chapter;
(2) Take enforcement actions; or
(3) Authorize a transfer of control of a grantee.
(h) All TCB actions are subject to Commission review.
(i) In accordance with ISO/IEC 17065 a TCB must perform appropriate
post-market surveillance activities. These activities must be based on
type testing a certain number of samples of the total number of product
types that the TCB has certified.
(1) The Chief of the Office of Engineering and Technology (OET) has
delegated authority under Sec. 0.241(g) of this chapter to develop
procedures that TCBs will use for performing post-market surveillance.
OET will publish a document on TCB post-market surveillance
requirements that provides specific information such as the number and
types of samples that a TCB must test.
(2) OET may request that a grantee of equipment certification
submit a sample for evaluation directly to OET, to the TCB that
performed the original certification, or to an entity designated by
OET. Any equipment samples requested by the Commission and properly
tested by a TCB may be counted toward the minimum number of samples
that the TCB must test.
(3) TCBs may request samples of equipment that they have certified
directly from the grantee of certification in accordance with Sec.
2.945.
(4) If during post market surveillance of a certified product, a
TCB determines that a product fails to comply with the technical
regulations for that product, the TCB must immediately notify the
grantee and the Commission in writing of its findings. The grantee must
provide a report to the TCB describing the actions taken to correct the
situation, and the TCB must provide a report of these actions to the
Commission within 30 days.
(5) TCBs must submit periodic reports to OET of their post-market
surveillance activities and findings in the format and by the date
specified by OET.
0
22. Delayed indefinitely, further amend Sec. 2.962 by adding paragraph
(d)(9) to read as follows:
Sec. 2.962 Requirements for Telecommunication Certification Bodies.
* * * * *
(d) * * *
(9) Provide to the Commission, in accordance with Sec. 2.950 and
no later than 30 days after any relevant change to the required
information takes effect:
(i) Certification to the Commission that the TCB is not owned by,
controlled by, or subject to the direction of a prohibited entity
pursuant to Sec. 2.902; and
(ii) Documentation to the Commission identifying any entity that
has equity or voting interests of 5% or greater in the TCB.
* * * * *
0
23. Delayed indefinitely, amend Sec. 2.1033 by revising paragraphs
(b)(3) and (c)(3) to read as follows:
Sec. 2.1033 Application for certification.
* * * * *
(b) * * *
(3) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter; and
* * * * *
(c) * * *
(3) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter.
* * * * *
[[Page 38071]]
0
24. Delayed indefinitely, amend Sec. 2.1043 by revising paragraphs
(b)(2)(i)(C) and (b)(3)(i)(C) to read as follows:
Sec. 2.1043 Changes in certificated equipment.
* * * * *
(b) * * *
(2) * * *
(i) * * *
(C) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter;
* * * * *
(3) * * *
(i) * * *
(C) An affirmative or negative statement as to whether the
applicant is identified on the Covered List, established pursuant to
Sec. 1.50002 of this chapter;
* * * * *
PART 15--RADIO FREQUENCY DEVICES
0
25. The authority citation for part 15 continues to read as follows:
Authority: 47 U.S.C. 154, 302a, 303, 304, 307, 336, 544a, and
549.
0
26. Amend Sec. 15.103 by revising paragraph (j) to read as follows:
Sec. 15.103 Exempted devices.
* * * * *
(j) Notwithstanding other provisions of this section, the rules in
this chapter governing certification apply to any equipment produced by
any entity identified on the Covered List, as established pursuant to
Sec. 1.50002 of this chapter.
[FR Doc. 2025-14970 Filed 8-6-25; 8:45 am]
BILLING CODE 6712-01-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on August 7, 2025.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.