[Federal Register Volume 73, Number 193 (Friday, October 3, 2008)]
[Proposed Rules]
[Pages 57554-57564]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-23506]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 73, No. 193 / Friday, October 3, 2008 /
Proposed Rules��
[[Page 57554]]
DEPARTMENT OF COMMERCE
Bureau of Industry and Security
15 CFR Parts 740 and 772
[Docket No. 071213838-81132-01]
RIN 0694-AE21
Export Administration Regulations: Establishment of License
Exception Intra-Company Transfer (ICT)
AGENCY: Bureau of Industry and Security, Commerce.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: This proposed rule would amend the Export Administration
Regulations (EAR) to establish a new license exception entitled
``Intra-Company Transfer (ICT).'' This license exception would allow an
approved parent company and its approved wholly-owned or controlled in
fact entities to export, reexport, or transfer (in-country) many items
on the Commerce Control List (CCL) among themselves for internal
company use. Prior authorization from the Bureau of Industry and
Security (BIS) would be required to use this license exception. This
rule describes the criteria pursuant to which entities would be
eligible to use License Exception ICT and the procedure by which they
must apply for such authorization. This proposed rule is one of the
initiatives in the export control directive announced by the President
on January 22, 2008.
DATES: Comments must be received by November 17, 2008.
ADDRESSES: You may submit comments, identified by RIN 0694-AE21, by any
of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
E-mail: [email protected]. Include ``RIN 0694-AE21'' in the
subject line of the message.
Fax: 202-482-3355
Mail/Hand Delivery: Steven Emme, U.S. Department of
Commerce, Bureau of Industry and Security, Regulatory Policy Division,
14th & Pennsylvania Avenue, NW., Room 2705, Washington, DC 20230, ATTN:
RIN 0694-AE21.
FOR FURTHER INFORMATION CONTACT: Steven Emme, Regulatory Policy
Division; Telephone: 202-482-2440; E-mail: [email protected].
SUPPLEMENTARY INFORMATION:
Background
Presidential Directives on U.S. Export Control Reform and Deemed Export
Advisory Committee
On January 22, 2008, the President announced a package of
directives to ensure that the export control policies and practices of
the United States support the National Security Strategy of 2006, while
facilitating the United States' continued international economic and
technological leadership. These directives focus the export control
system to meet the unprecedented security challenges as well as the
economic challenges faced by the United States, due to the increasing
worldwide diffusion of high technology and impact of global markets.
The directives recognize that the economic and technological
competitiveness of the United States is essential to meet long-term
national security interests. Export controls must, therefore, cover the
export and reexport of sensitive items without unduly burdening U.S.
economic competitiveness and innovation. This is particularly critical
in light of the current and increasing globalization of research,
development, and production, as well as the rise of new economic
competitors and the diffusion of global supply networks that challenge
U.S. economic and technological competitiveness.
Shortly before the President announced the package of directives on
U.S. export control reforms, the Deemed Export Advisory Committee
(DEAC) presented its findings to the Secretary of Commerce on deemed
export controls. The DEAC, a federal advisory committee established by
the Secretary, undertook a comprehensive examination of the national
security, technology, and competitiveness aspects of the deemed export
rule. A deemed export is the release of technology and source code
subject to the EAR to foreign nationals in the United States that is
``deemed'' to be an export to the home country or countries of the
foreign national. In its final report, which was issued in December
2007, the DEAC concluded that the deemed export rule ``no longer
effectively serves its intended purpose and should be replaced with an
approach that better reflects the realities of today's national
security needs and global economy.'' In order to address this concern,
the DEAC made several recommendations, including creating a category of
``Trusted Entities'' that voluntarily elect to qualify for streamlined
treatment after meeting certain criteria. Further, the DEAC recommended
that these ``Trusted Entities'' include subsidiaries abroad so that
individuals and ideas could move within the company structure without
the need for separate deemed export licenses.
It is in the context of the President's directives on U.S. export
control reforms and with respect to the DEAC's recommendations on
deemed export controls that BIS is proposing this rule creating a
license exception for intra-company transfers.
The Impact of U.S. Export Controls on Intra-Company Transfers
As global markets and manufacturing continue to evolve, many parent
companies have numerous operations in multiple countries for
distribution, service and repair, manufacturing and development,
product testing, and other uses. In this environment, parent companies
increasingly export commodities, software, and technology to their
foreign branches, subsidiaries, and/or ultimate foreign parent
companies around the world. Consequently, many companies may need
multiple export licenses from BIS under a variety of scenarios for
their own internal operations. For example, to conduct day-to-day
operations, many companies in the United States must export
commodities, software, and technology to their foreign branches and
subsidiaries, resulting in the need for export licenses. In addition,
companies may also require reexport licenses to transfer items among
their foreign branches, foreign subsidiaries, and/or their ultimate
foreign parent companies, located in multiple countries. On occasion, a
company will have several branches or subsidiaries within the same
foreign country and must then seek authorization to make in-country
[[Page 57555]]
transfers of technology and other items between those entities.
Finally, releasing technology and source code subject to the EAR to
foreign national employees at locations of the company in the United
States or at the location of another foreign branch or subsidiary could
generate the need for deemed export or deemed reexport licenses.
Generally, obtaining these licenses for intra-company transfers can
negatively impact transactions due to the delay involved in waiting for
a licensing decision. Moreover, obtaining licenses for intra-company
transfers can hinder more than just individual transactions; they can
also hinder product development and the ability to be first to market--
activities key to the competitiveness of U.S. companies. For many
companies, product development entails large capital investments,
compressed product cycles, and intensive coordination of research and
development. With the current licensing requirements in place, however,
many companies with U.S. operations may be forced to segregate their
research and development activities. For instance, while waiting for
the approval of a deemed export license, U.S. employees and certain
foreign national employees would be precluded from collaborating
together on projects. Furthermore, once the license is approved,
companies may still need to segregate their research and development
activities in the future because product breakthroughs could exceed the
licensing parameters and require a new round of export licensing.
Establishment of License Exception ICT
In order to facilitate secure exports, reexports, and in-country
transfers to, from, and among a parent company and its wholly-owned or
controlled in fact entities, the Bureau of Industry and Security is
proposing to amend the Export Administration Regulations (EAR) to
create License Exception Intra-Company Transfer (ICT). License
Exception ICT, which would be set forth in new Sec. 740.19 of the EAR,
would provide companies a process for intra-company exports, reexports,
and in-country transfers without individual licenses. This license
exception would allow parent companies and the entities that the parent
company wholly owns or controls in fact to export, reexport, and
transfer (in-country) many items on the Commerce Control List (CCL)
among themselves for internal company use. The grant of ICT would be
restricted to those approved companies and those Export Control
Classification Numbers (ECCNs) that are authorized by BIS.
Companies authorized to use License Exception ICT would benefit
because it would relieve them of some of the administrative
requirements of obtaining, tracking, and reporting on individual
licenses and would reduce the lag time, expense, and uncertainty in the
licensing process. This license exception would also improve research
and development and other internal company activities, thus leading to
improved competitiveness and innovation for companies with operations
in the United States.
In proposing this license exception for intra-company exports,
reexports, and in-country transfers, BIS recognizes that industry and
government share the goal of protecting controlled commodities,
software, and technology, since these often represent proprietary
information and property. Moreover, BIS also recognizes that many
companies devote considerable financial and workforce resources to
ensuring compliance with export controls. BIS would authorize License
Exception ICT for those companies that demonstrate effective internal
control plans, submit annual reports on their use of ICT, and agree to
audits by BIS officials as requested.
By authorizing this license exception for companies that have
effective internal control plans and have agreed to audits, BIS can
focus its resources on evaluating transactions involving lesser-known
items and entities to better prevent exports to persons who may act
contrary to U.S. national security and foreign policy interests.
Greater focus on such transactions would increase the national security
value of the remaining reviews of individual license applications.
Definitions
For purposes of this rule, BIS is defining multiple terms used with
respect to License Exception ICT. These terms are ``controlled in
fact,'' ``employee,'' and ``parent company.'' This rule would amend
Sec. 772.1 of the EAR to include these new definitions as described
below.
First, BIS is amending the definition of ``controlled in fact'' in
Sec. 772.1 by applying aspects of the definition of the same term set
forth in Sec. 760.1(c) of the EAR to specify the circumstances in
which one entity will be presumed to have control over another entity
for purposes of License Exception ICT. In order to include any entity
in its application to use License Exception ICT, the parent company
must either wholly own or control in fact that individual entity.
Next, BIS is amending Sec. 772.1 to add the term ``employee,'' for
purposes of License Exception ICT, to refer to persons who work, with
or without compensation, in the interest of an entity that is an
approved eligible user or an approved eligible recipient of ICT. Such
persons must work at the approved eligible entity's locations,
including overseas locations, or at locations assigned by the approved
eligible entity, such as at remote sites or on business trips. This
definition may include permanent employees, contractors, and interns.
Finally, BIS is amending Sec. 772.1 to add the term ``parent
company,'' which will be defined for purposes of License Exception ICT,
to mean any entity that wholly owns or controls in fact a different
entity, such as a subsidiary or branch. The parent company does not
have to be an ultimate parent company, as that term is referred to in
the definition of parent company; it may be wholly-owned or controlled
by another entity or other entities. Also, the parent company does not
need to be incorporated in or have its principal place of business in
the United States. However, in order to be eligible for and use License
Exception ICT, the parent company must be incorporated in or have its
principal place of business in a country listed in Supplement No. 4 to
part 740 (see new Sec. 740.19(b)(1)). This definition does not include
colleges and universities. Thus, the research conducted by colleges and
universities that is not fundamental research (see Sec. 734.8(a) of
the EAR) and that requires a license would not qualify for License
Exception ICT. However, a university professor who enters into a
contractual relationship with a company to conduct proprietary research
could qualify as an ``employee'' if all conditions in that definition
are met.
Information Required for Submission to BIS for Review to Use License
Exception ICT
In order to avail themselves of License Exception ICT, a ``parent
company'' and the entities that it wholly owns or ``controls in fact''
must maintain an internal control plan, hereinafter referred to as an
ICT control plan. Upon implementation of the ICT control plan, the
parent company, as the eligible applicant under new Sec. 740.19(b)(1),
must submit the plan to BIS for review pursuant to new Sec. 740.19(e).
Additionally, the eligible applicant must submit documentation showing
that the ICT control plan has been implemented. Such documentation
should include a representative sample of records showing effective
compliance with the screening, training, and self-evaluation elements
of the ICT control plan, as described below in further detail.
[[Page 57556]]
Along with the ICT control plan and supporting documentation, the
eligible applicant parent company must list the wholly-owned entities
and controlled in fact entities that the applicant parent company
intends to be eligible users (see new Sec. 740.19(b)(2)) or eligible
recipients (see new Sec. 740.19(b)(3)(i)) of this license exception.
It is possible for an entity to be both an eligible user and an
eligible recipient. For itself, and for each eligible user and eligible
recipient entity, the eligible applicant parent company must list any
individual or group that has at least a 10% ownership interest.
Finally, the eligible applicant parent company must list the ECCNs of
the items it plans to export, reexport, or transfer (in-country) under
ICT; provide a narrative describing the purpose for which the requested
ECCNs will be used and the anticipated resulting commodities, if
applicable; disclose its relationship with each entity that is intended
to be an eligible user and/or eligible recipient; and provide a signed
statement by a company officer of the eligible applicant parent company
stating that each entity will allow BIS to conduct audits on the use of
License Exception ICT.
ICT Control Plan
An ICT control plan seeks to ensure that items on the Commerce
Control List will not be exported, reexported, or transferred in
violation of this license exception. As this license exception may be
used for commodities, software, and technology, the ICT control plan
must address how the parent company and the entities that it wholly
owns or controls in fact, as eligible users and eligible recipients,
will maintain items authorized for export, reexport, or transfer by
this license exception within the company structure, as authorized by
BIS.
Within the ICT control plan, eligible applicants must describe how
certain mandatory elements will be met. These mandatory elements, which
are listed in new Sec. 740.19(d)(1), include corporate commitment to
export compliance, a physical security plan, an information security
plan, personnel screening procedures, a training and awareness program,
a self-evaluation program, a letter of assurance for software and
technology, non-disclosure agreements, and end-user list reviews. All
of these elements are aspects of export control compliance programs
that establish effective internal control plans. In turn, these
internal control plans generate an increased level of awareness of
export control compliance issues among employees and help secure a
company's proprietary information.
For the required ICT control plan elements in paragraphs (d)(1)(i)
through (d)(1)(vi) of new Sec. 740.19, BIS is not specifying how each
company must achieve them due to the varying characteristics of
companies. However, paragraphs (d)(1)(i) through (d)(1)(vi) do contain
illustrative examples of evidence that a company may use in its
descriptions detailing how it will implement those mandatory elements.
While companies may include additional elements in their ICT control
plan, they must, at a minimum, describe how the minimum mandatory
elements set forth in Sec. 740.19(d)(1) will be met. One mandatory
element--the self-evaluation program in paragraph (d)(1)(vi)--requires
the creation and performance of regular internal self-audits, creation
of a checklist of critical areas and items to review, and development
of corrective procedures or measures implemented to correct identified
deficiencies. If any identified deficiencies rise to the level of a
violation of the EAR, the company should make a voluntary self-
disclosure pursuant to Sec. 764.5.
If a company plans to use this license exception for commodities
only, then the company may state in the ICT control plan that the
mandatory elements of the ICT control plan set forth in paragraphs
(d)(1)(iii) (information security plan), (d)(1)(iv) (personnel
screening procedures), (d)(1)(vii) (letter of assurance for software
and technology), (d)(1)(viii) (signing of non-disclosure agreements),
and (d)(1)(ix) (review of end-user lists) are not applicable because
the license exception will be used for commodities only and not used
for software or technology. Similarly, if a company plans to use this
license exception for software (excluding source code) only, or if a
company plans to use this license exception for commodities and
software (excluding source code) only, then the company may state in
the ICT control plan that the mandatory elements found in paragraphs
(d)(1)(iv) (personnel screening procedures), (d)(1)(viii) (signing of
non-disclosure agreements), and (d)(1)(ix) (review of end-user lists)
are not applicable because the license exception will be used for
software (excluding source code) only, or, if appropriate, for software
(excluding source code) and commodities only, and not used for
technology or source code.
Mandatory Requirements for Technology and Source Code Under an ICT
Control Plan
Entities that seek to be approved eligible users and/or eligible
recipients of this license exception must ensure that non-U.S. national
employees, wherever located, sign non-disclosure agreements before
receiving technology or source code under this license exception. Such
non-disclosure agreements must state that the employee agrees not to
release any technology or source code in violation of the EAR, and such
agreements must be binding as long as the technology or source code
remains subject to export controls, regardless of the signatory's
employment relationship with the employer. In other words, even if the
signatory's employment relationship with the employer were severed, the
signatory would remain prohibited from releasing any technology or
source code received under License Exception ICT while employed. The
non-disclosure agreement must also specify that the prohibition would
remain in effect until the technology or source code no longer required
a license to any destination under the EAR.
In addition, entities that seek to be approved eligible users and/
or eligible recipients of ICT must screen non-U.S. national employees
who are also foreign national employees in the country in which they
are working against lists of end-user concern. This screening
requirement applies if such individuals are to receive technology or
source code under ICT. The lists of end-users of concern are compiled
by the U.S. government and may be accessed at the BIS Web site at
http://www.bis.doc.gov. Upon publication of a final rule, BIS plans to
provide guidance on its website with respect to screening such
employees for purposes of ICT.
Non-U.S. national employees are those employees who are not U.S.
citizens, U.S. permanent residents, or protected individuals under the
Immigration and Naturalization Act (8 U.S.C. 1324b(a)(3)). Foreign
national employees are those non-U.S. national employees, wherever
located, who are not citizens or legal permanent residents of the
country in which they work. For instance, a German national working in
the United States and a German national working in France are both
considered foreign national employees for purposes of this rule (and
more generally for purposes of the EAR). However, a French national
working in France is not a foreign national employee from the
perspective of BIS. Therefore, all foreign national employees are non-
U.S. national employees, but not all non-U.S. national employees are
foreign national employees. This distinction is important because the
non-disclosure agreement element in an ICT control plan applies to the
German national working in France as well as to the French national
[[Page 57557]]
working in France. Thus, it applies to non-U.S. national employees who
would otherwise be permitted to receive technology or source code
subject to the EAR, if not for the grant of ICT, under a deemed export
license, deemed reexport license, license to a facility where the
employee works, or other license exception.
Unlike the non-disclosure agreement requirement, the screening
element applies only to foreign national employees. Hence, it would
apply to a German national working in France but not to a French
national working in France. The release of technology or source code
subject to the EAR to a foreign national employee may occur under a
deemed export or deemed reexport license or by operation of a license
exception, but it may also occur under a license that has been issued
to a facility. For example, a technology license approved for a French
facility may have a condition allowing all EU nationals to receive the
technology as well as the French employees. The screening requirement
is intended to apply to all foreign national employees receiving
technology or source code under ICT that would otherwise require a
license, whether it be through a license for a deemed export or deemed
reexport, a license issued to a facility, or other license exception.
Additionally, foreign national employees of companies located in
the United States must comply with U.S. immigration laws and maintain
current and valid visa authorization.
Authorization From BIS to Use License Exception ICT
Following receipt of the ICT control plan and all information
required under new Sec. 740.19(e)(1), BIS will review and refer the
submission to the reviewing agencies consistent with Sec. Sec. 750.3
and 750.4 of the EAR and Executive Order 12981, as amended by Executive
Orders 13020, 13026, and 13117. In order to determine ICT eligibility,
BIS will consider prior licensing history of the eligible applicant
parent company and its wholly-owned or controlled in fact entities that
are part of the authorization request, demonstration of an effective
ICT control plan, need for this license exception within the company
structure as articulated by the applicant parent company, and
relationship of the wholly-owned or controlled in fact entities to the
eligible applicant parent company.
Upon reaching a decision, BIS will inform the eligible applicant
parent company in writing if it may use this license exception pursuant
to new Sec. 740.19(f). BIS will specify the terms of the ICT
authorization, including identifying the wholly-owned or controlled in
fact entities of the eligible applicant parent company that may use ICT
and the ECCNs of the items that may be exported, reexported, or
transferred (in-country) for internal company use under ICT. After
receiving authorization, approved parent companies and their approved
wholly-owned or controlled in fact entities, if covered under the ICT
control plan, may use this license exception to export, reexport, or
transfer (in-country) approved commodities, software, and/or technology
among themselves for internal company use only. Any entity that seeks
to become an eligible user and/or eligible recipient, as described in
new Sec. Sec. 740.19(b)(2) and 740.19(b)(3)(i), must be specifically
covered by the ICT control plan submitted to BIS and maintain the ICT
control plan of the eligible applicant parent company.
Exports, reexports, and in-country transfers for any purpose other
than internal company use are not authorized under License Exception
ICT. With respect to an item that has been exported, reexported, or
transferred (in-country) pursuant to License Exception ICT, the entity
must submit a license application if required under the EAR before
using the item for a purpose other than that covered by this license
exception. Also, should control of the approved eligible applicant
parent company change, then use of License Exception ICT is no longer
valid. The newly-controlled eligible applicant parent company must re-
submit the information required for ICT authorization, as described in
new Sec. 740.19(g)(3).
Annual Reporting Requirements
After submitting a request for authorization to use License
Exception ICT pursuant to new Sec. 740.19(e) and after receiving
approval from BIS, approved eligible applicant parent companies must
submit an annual report to BIS on the use of this license exception by
itself and by its approved wholly-owned or controlled in fact entities.
Specifically, approved eligible applicant parent companies must list
the name, nationality, and date of birth of each foreign national
employee, as described in note 2 to new Sec. 740.19(b)(3)(ii), who has
received technology or source code under this license exception. The
requirement is limited to those employees, who would have required a
license to receive technology or source code if not for ICT, and who
are not citizens or legal permanent residents of the country in which
they are employed. Therefore, it applies to foreign national employees
working in the United States and to foreign national employees working
outside of the United States.
Also, approved eligible applicant parent companies must submit the
names of those foreign national employees, as described in note 2 to
new Sec. 740.19(b)(3)(ii), who previously received technology or
source code under this license exception and have ended their
employment. This requirement does not apply to those who have merely
switched positions within the company structure of the parent company,
so long as the new employer is an approved eligible entity under the
same parent company. BIS is requesting this information in order to
examine the use of License Exception ICT and measure its effectiveness.
Further, a company officer must certify to BIS that the approved
eligible applicant parent company and its approved eligible users and
eligible recipient entities are in compliance with the terms and
conditions of ICT. This certification should include the results of the
self-evaluation described in paragraph (d)(1)(vi) of this section.
Auditing Use of License Exception ICT
BIS will conduct audits of approved eligible applicant parent
companies and their approved wholly-owned or controlled in fact
entities to ensure proper compliance with License Exception ICT. These
reviews will take place approximately once every two years. Generally,
BIS will give notice to the relevant parties before conducting an
audit. However, if BIS has reason to believe that an entity is
improperly using ICT, BIS may conduct an unannounced audit at its
discretion that is separate from the biennial audit.
Restrictions on the Use of License Exception ICT and the Direct Product
Rule
Consistent with other license exceptions, License Exception ICT is
subject to the restrictions on the use of all license exceptions, which
are set forth in Sec. 740.2 of the EAR. Therefore, ICT cannot be used
for certain items, such as items controlled for missile technology
reasons or certain items that are ``space qualified.'' Moreover, ICT is
subject to revision, suspension, or revocation, in whole or in part,
without notice.
Also, new Sec. 740.19(c) lists restrictions on using ICT. For
instance, items controlled for Encryption Items (EI) reasons and items
controlled for Significant Items (SI) reasons are ineligible for
export, reexport, or transfer (in-country) under ICT. At this
[[Page 57558]]
time, License Exception ENC will remain the primary resource for
providing the authorization necessary for many intra-company transfers
of encryption items. Further, no items exported, reexported, or
transferred within country under this license exception may be
subsequently exported, reexported, or transferred for purposes other
than internal company use, unless done so in accordance with the EAR.
However, items that have been exported, reexported, or transferred (in-
country) under License Exception ICT may not be subsequently exported,
reexported, or transferred (in-country) under License Exception APR
(see Sec. 740.16).
Finally, note that whether the foreign direct product of U.S.
software or technology exported from abroad, reexported, or transferred
under License Exception ICT is subject to the EAR is determined under
Sec. 736.2(b)(3) of the EAR, when the foreign direct product is
exported from abroad, reexported, or transferred (in-country) for other
than internal use within a Country Group D:1 country or Cuba.
Although the Export Administration Act expired on August 20, 2001,
the President, through Executive Order 13222 of August 17, 2001, 3 CFR,
2001 Comp., p. 783 (2002), as extended by the Notice of July 23, 2008,
73 FR 43603 (July 25, 2008), has continued the Export Administration
Regulations in effect under the International Emergency Economic Powers
Act.
Rulemaking Requirements
1. This proposed rule has been determined to be significant for
purposes of Executive Order 12866.
2. Notwithstanding any other provision of law, no person is
required to respond to nor be subject to a penalty for failure to
comply with a collection of information, subject to the requirements of
the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (PRA),
unless that collection of information displays a currently valid Office
of Management and Budget (OMB) Control Number. This proposed rule
contains a collection previously approved by the OMB under control
numbers 0694-0088, ``Multi-Purpose Application,'' which carries a
burden hour estimate of 58 minutes to prepare and submit form BIS-748.
Miscellaneous and recordkeeping activities account for 12 minutes per
submission. In addition, this proposed rule contains a new collection
for reporting, recordkeeping, and auditing requirements, which would be
submitted for approval to use License Exception ICT, carries an
estimated burden of 19.6 hours for companies having an existing
internal control plan and 265.6 hours for companies not having an
existing internal control plan in place. A request for new collection
authority will be submitted to OMB for approval. Public comment will be
sought regarding the burden of the collection of information associated
with preparation and submission of these proposed voluntary
requirements. BIS estimates that this rule will reduce the number of
multi-purpose application forms that must be filed by 582 annually.
Send comments regarding this burden estimate or any other aspect of
this collection information, including suggestions for reducing the
burden, to Jasmeet K. Seehra, Office of Management and Budget (OMB),
and to the Regulatory Policy Division, Bureau of Industry and Security,
Department of Commerce, as indicated in the Addresses section of this
proposed rule.
3. This rule does not contain policies with Federalism implications
as that term is defined in Executive Order 13132.
4. The Regulatory Flexibility Act (RFA), as amended by the Small
Business Regulatory Enforcement Fairness Act of 1996 (SBREFA), 5 U.S.C.
601 et seq., generally requires an agency to prepare a regulatory
flexibility analysis of any rule subject to the notice and comment
rulemaking requirements under the Administrative Procedure Act (5
U.S.C. 553) or any other statute, unless the agency certifies that the
rule will not have a significant economic impact on a substantial
number of small entities. Under section 605(b) of the RFA, however, if
the head of an agency certifies that a rule will not have a significant
economic impact on a substantial number of small entities, the statute
does not require the agency to prepare a regulatory flexibility
analysis. Pursuant to section 605(b), the Chief Counsel for
Regulations, Department of Commerce, certified to the Chief Counsel for
Advocacy, Small Business Administration, that this proposed rule, if
promulgated, will not have a significant economic impact on a
substantial number of small entities for the reasons explained below.
Consequently, BIS has not prepared a regulatory flexibility analysis.
The EAR applies to all entities that export, reexport, or transfer
commodities, software, and technology that are subject to the EAR. The
EAR potentially affects any entity in any sector that chooses to
export, reexport, or transfer items subject to the EAR. Thus, while
this proposed rule could potentially have a significant economic impact
on small entities, BIS believes that this proposed rule will not impact
a substantial number of small entities.
BIS does not have data on the total number of small entities that
are potentially impacted by the requirements of the EAR, but BIS does
maintain data on actual licenses applied for by entities of all sizes.
In order to examine the number of small entities that would be impacted
by this proposed rule, BIS examined the licensing data to find approved
licenses that would potentially qualify as an intra-company transfer.
Using this data as well as using estimated burden hours in gaining ICT
authorization, BIS conducted a cost-benefit analysis to see which
entities would likely choose to apply for authorization. BIS also
examined all approved licenses that could qualify as intra-company
transfers to determine whether any entities were small entities.
Upon initial examination of licensing data from 2004 to 2006, BIS
found that approximately 200 companies had licenses approved that could
potentially qualify as an intra-company transfer. Of those companies,
the vast majority consisted of large parent companies, medium-sized
companies, or companies that were owned by larger domestic or foreign
companies. This result supports the premise that entities that would
avail themselves of ICT must be large enough to have subsidiaries or
branches located in different countries that the entities control in
fact.
To look at which of those approximately 200 companies would most
likely choose to apply for ICT authorization, BIS conducted a cost-
benefit analysis by estimating the burden hours involved in gaining ICT
authorization as well as with complying with recordkeeping and
reporting requirements under ICT. BIS determined that over a three-year
period it would take 280.8 hours (or 16,848 minutes) for a company
without an internal control program to seek ICT authorization and 34.8
hours (or 2088 minutes) for a company with an existing internal control
program to seek ICT authorization. The threshold by which companies
would likely be inclined to apply for authorization to use ICT is the
point at which the burden of applying for licenses over a three-year
period (at 70 minutes per license) exceeds the total ICT burden hours
over three years (at 16,848 minutes for companies without an existing
internal control program or at 2088 minutes for companies with an
internal control program). In order to meet that threshold, companies
without an internal control program would have to apply for about 241
licenses over a three-year period, and companies with
[[Page 57559]]
an existing internal control program would have to apply for about 30
licenses per year over a three-year period. Only two companies meet the
241 license threshold, and those companies are not small entities under
the North American Industry Classification System (NAICS) standards.
Sixteen companies meet the 30 license threshold or come close (within
five licenses) of meeting the threshold, and none of those companies is
a small entity under the NAICS standards. In addition to burden hours,
companies without an existing internal compliance program may be less
likely to choose to seek ICT authorization because additional
investments would likely need to be made to implement an internal
control program. While these upfront investments could greatly vary
depending on company size as well as the type and number of items in
the company portfolio, it is likely that companies would need to invest
in physical and information security as well as incur travel expenses
to visit overseas facilities to ensure that the internal compliance
program is operating effectively. All of these additional costs would
likely increase the burden in any cost-benefit analysis and would
likely make an entity of any size that does not have an internal
compliance program less likely to seek ICT authorization and thus not
be impacted by this proposed rule.
Even if an entity without an internal compliance program utilizes a
different cost-benefit analysis and decides to apply for ICT
authorization, BIS licensing data shows that the potential ICT
candidate would not be a small entity. Only four companies, for which
public information was available, were found to qualify as small
entities under the NAICS. However, the potential intra-company licenses
approved for these four entities would all be ineligible under License
Exception ICT. The items approved for export were all items listed
under Sec. 740.2 that are restricted for export, reexport, or in-
country transfer under all license exceptions. Therefore, no small
entity was found to have licenses that were approved by BIS over a
three-year period that would qualify under ICT. Consequently, this
proposed rule would not affect a significant number of small entities.
This proposed rule was mandated by the President in National
Security Presidential Directive (NSPD) 55. While this proposed rule
will increase burden hours for those entities choosing to seek
authorization for License Exception ICT, BIS licensing data and
publicly available information show that no small entities in the
period of review received approved licenses for intra-company transfers
that would be eligible for License Exception ICT. Thus, a substantial
number of small entities will not be impacted by this proposed rule.
List of Subjects
15 CFR Part 740
Administrative practice and procedure, Exports, Reporting and
recordkeeping requirements.
15 CFR Part 772
Exports.
For the reasons set forth in the preamble, parts 740 and 772 of the
Export Administration Regulations (15 CFR 730-774) are amended as
follows:
PART 740--[AMENDED]
1. The authority citation for 15 CFR part 740 is revised to read as
follows:
Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.;
22 U.S.C. 7201 et seq.; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp.,
p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice
of July 23, 2008, 73 FR 43603 (July 25, 2008).
2. Section 740.19 is added to read as follows:
Sec. 740.19 Intra-Company Transfer (ICT).
(a) Scope. This license exception authorizes exports, reexports,
and in-country transfers of items on the Commerce Control List for
internal company use among approved eligible applicants, eligible
users, and eligible recipients, as described in paragraphs (b)(1),
(b)(2), and (b)(3) respectively, of this section. Use of License
Exception ICT is limited to those entities and those ECCNs that are
authorized by BIS, pursuant to paragraph (f) of this section.
(b) Eligibility.
(1) Eligible applicant. The eligible applicant is the ``parent
company,'' as that term is defined in section 772.1, that institutes an
ICT control plan, as described in paragraph (d) of this section, and
that applies for authorization from BIS to use this license exception.
The eligible applicant must be incorporated in or have its principal
place of business in any country listed in Supplement No. 4 to part
740. In addition, the eligible applicant may be, but is not required to
be, the ultimate parent company, as that term is referred to in the
definition of ``parent company'' set forth in section 772.1; hence the
eligible applicant may be owned or controlled by other entities.
However, the ultimate parent company cannot be an eligible user under
this license exception unless it is also the eligible applicant.
Application requirements are set forth in paragraph (e) of this
section.
(2) Eligible users. Eligible users may be eligible applicants, as
described in paragraph (b)(1) of this section, and their wholly-owned
or ``controlled in fact'' entities that implement and maintain the ICT
control plan of the eligible applicant and that are included in the
applications submitted by eligible applicants pursuant to paragraph (e)
of this section. Eligible applicants must ensure that each eligible
user implements the eligible applicant's ICT control plan, including
the use of non-disclosure agreements as described in paragraph
(d)(1)(viii) of this section.
(3) Eligible recipients.
(i) Entities. Eligible recipients of items under this license
exception may be eligible applicants as described in paragraph (b)(1)
of this section, eligible users as described in paragraph (b)(2) of
this section, and eligible applicants' other wholly-owned or controlled
in fact companies that implement and maintain the ICT control plan of
the eligible applicant and that are named in the applications submitted
by the eligible applicant pursuant to paragraph (e) of this section.
Eligible applicants must ensure that each eligible recipient, as
described in this paragraph, implements the eligible applicant's ICT
control plan, including the use of non-disclosure agreements as
described in paragraph (d)(1)(viii) of this section.
(ii) Non-U.S. national employees receiving technology or source
code. Non-U.S. national employees (wherever located) of entities that
are eligible applicants, eligible users, and/or eligible recipients of
this license exception may be eligible recipients of technology and
source code under this license exception provided the non-U.S. national
employees sign non-disclosure agreements with their employer in which
the non-U.S. national employees agree not to release any technology or
source code in violation of the EAR. Additionally, if non-U.S. national
employees are also foreign national employees in their country of
employment, then such non-U.S. national employees must also be screened
by the appropriate eligible user against end-user lists compiled by the
U.S. government. For further information on employees, non-disclosure
agreements, and screening requirements, see Sec. Sec. 772.1,
740.19(d)(1)(viii), and 740.19(d)(1)(ix) respectively.
Note 1 to Paragraph (B)(3)(II) of this Section: Non-U.S.
national employees are those employees who are not U.S. citizens,
lawful permanent residents of the United
[[Page 57560]]
States, or individuals protected under the Immigration and
Naturalization Act (8 U.S.C. 1324b(a)(3)). Non-U.S. national
employees include those working in the United States and outside of
the United States. Furthermore, non-U.S. national employees include
those employees who would otherwise be permitted to receive
technology or source code only under: (1) A deemed export or deemed
reexport license; (2) a license issued to a facility, and the
employee is a citizen or legal permanent resident of the same
country where the facility is located; and (3) a license issued to a
facility, but the employee is not a citizen or legal permanent
resident of the country where the facility is located; (4) another
authorization such as a license exception other than ICT.
Note 2 to Paragraph (B)(3)(II) of this Section: Foreign national
employees are those non-U.S. national employees who are not citizens
or legal permanent residents of the country in which they are
employed. Foreign national employees include those employees who
would otherwise receive technology or source code under: (1) A
deemed export or deemed reexport license; or (2) a license to a
facility, but the employee is not a citizen or legal permanent
resident of the country where the facility is located; or (3)
another authorization such as a license exception other than ICT.
(4) Eligible uses. Items exported, reexported, or transferred
within country under this license exception may be exported,
reexported, or transferred only for purposes of the internal company
use by approved eligible applicants and approved eligible users of this
license exception, as described in paragraphs (b)(1) and (b)(2)
respectively, of this section.
(c) Restrictions.
(1) No item may be exported, reexported, or transferred within
country under this license exception to destinations in or nationals of
Country Group E or North Korea.
(2) No item exported, reexported, or transferred within country
under this license exception may be subsequently exported, reexported,
or transferred for purposes other than the internal company use of
approved eligible applicants, eligible users, and eligible recipients,
as described in paragraphs (b)(1), (b)(2), and (b)(3)(i) respectively,
of this section, unless done so in accordance with the EAR. See
paragraph (c)(3) of this section for further restrictions.
(3) No items that have been exported, reexported, or transferred
(in-country) under License Exception ICT may be subsequently exported,
reexported, or transferred (in-country) under License Exception APR
(see Sec. 740.16).
(4) No release of technology or source code is authorized under
this license exception to foreign national employees whose visa or
authority to work has been revoked, denied, or is otherwise not valid.
It is the responsibility of the exporter to ensure that foreign
national employees working in the United States maintain a valid U.S.
visa if they are required to hold a visa from the United States.
(5) No release of technology or source code is authorized under
this license exception to a foreign national employee, as described in
note 2 to paragraph (b)(3)(ii), if that employee or a prior employer of
that employee is listed on any of the end-user lists of concern
compiled by the U.S. government. In such instances, eligible applicants
(or eligible users, as appropriate) should obtain the appropriate
authorization required under the EAR.
(6) No items controlled for Encryption Items (EI) reasons under
ECCNs 5A002, 5D002, or 5E002 may be exported, reexported, or
transferred (in-country) under this license exception.
(7) No items controlled for Significant Items (SI) reasons may be
exported, reexported, or transferred (in-country) under this license
exception.
(d) ICT control plan. Prior to submitting an application to BIS
under paragraph (e) of this section, and before making any exports,
reexports, or in-country transfers under this license exception,
eligible applicants must implement an ICT control plan that is designed
to ensure compliance with this license exception and the EAR. In
addition, eligible users and eligible recipient entities must implement
the ICT control plan of the eligible applicant. Under an ICT control
plan, which may be a component of a more comprehensive export
compliance program, all entities that seek to use this license
exception must ensure that commodities, software, and technology, where
applicable, will not be exported, reexported, or transferred in
violation of this license exception. With their application for
authorization (as described in paragraph (e) of this section) to use
this license exception, eligible applicants must submit a copy of the
ICT control plan and must specifically note which of their wholly-owned
or controlled in fact entities are covered by the plan. BIS may require
the eligible applicant to modify the ICT control plan before
authorizing use of this license exception. Paragraph (d)(1) of this
section lists the mandatory elements of an ICT control plan. Paragraph
(d)(2) of this section lists exceptions to addressing certain mandatory
elements in paragraph (d)(1) in the ICT control plan.
(1) Mandatory elements of an ICT control plan. The following
elements are mandatory, subject to the exceptions in paragraph (d)(2)
of this section. The ICT control plan must describe how each mandatory
element will be implemented. In order to provide guidance, the
mandatory elements described in paragraphs (d)(1)(i) through (d)(1)(v)
include illustrative examples of evidence demonstrating how the element
may be addressed. Note that these illustrative examples are guidelines
only; satisfying the five required elements in paragraphs (d)(1)(i)
through (d)(1)(v) of this section is dependent upon the nature and
complexity of company activities, the type of items that will be
exported, reexported, or transferred under this license exception
(i.e., commodities, software, and/or technology), the countries
involved, and the relationship between the eligible users and eligible
recipients of this license exception, as described in paragraphs (b)(2)
and (b)(3)(i) respectively of this section. With respect to the other
four elements of the ICT control plan, eligible applicants must fulfill
certain specified requirements. For paragraphs (d)(1)(vi), (d)(1)(vii),
(d)(1)(viii), and (d)(1)(ix) of this section, no illustrative examples
are included. Note, however, that to satisfy the self-evaluation
element in paragraph (d)(1)(vi) of this section, establishing self-
audits, creating a checklist, and developing corrective measures are
required, but the self-audits may be structured in a manner that works
best for the eligible applicant and its wholly-owned or controlled in
fact entities. In order to use this license exception for technology or
software, a letter of assurance, consistent with Sec. Sec. 740.19(c)
and 740.6, must be provided by a company officer of the eligible
applicant. Additionally, in order to use this license exception for
non-U.S. national employees, wherever located, to receive technology or
source code under this license exception, submitting a template or
sample of the non-disclosure agreement to be used is a mandatory
element. Also, in order to use this license exception for non-U.S.
national employees who are also foreign national employees, reviewing
lists of end-users of concern compiled by the U.S. government is a
mandatory element.
(i) Corporate commitment to export compliance. Evidence of a
corporate commitment to export compliance may include: An
organizational chain of command for export controls compliance issues
and related issues of concern; senior management member(s) responsible
for export controls compliance, who are able to
[[Page 57561]]
demonstrate how compliance issues are resolved; internal recordkeeping
requirements in accordance with the EAR; maintenance of a sound
commodity classification methodology; and commitment of resources to
implement and maintain an ICT control plan.
(ii) Physical security plan. Evidence of a physical security plan
may include: Methods of physical security that prevent the transfer of
commodities, software, and technology on the Commerce Control List
outside of the internal company structure; and organization and
maintenance of up-to-date building layouts, including a description of
physical security measures, such as secured doors and badges as well as
biometric, guard, and perimeter controls.
(iii) Information security plan. Evidence of an information
security plan may include: Organization and maintenance of up-to-date
virtual security layouts and descriptions of what information security
methods are in place, such as password protection, firewalls,
segregated servers, non-network computers, and intranet security.
(iv) Personnel screening procedures. Evidence of personnel
screening procedures may include: Thorough pre-screening analysis of
new foreign national employees, as described in note 2 to paragraph
(b)(3)(ii), which includes, but is not limited to, criminal background,
driver's license, and credit history, before allowing them to receive
technology or source code through a license or license exception.
(v) Training and awareness program. Evidence of a training and
awareness program may include: Creation, scheduling, and performance of
regular training programs (for all employees working in areas relevant
to export controls) to inform employees about export controls and
limits on their access to technology or source code.
(vi) Self-evaluation program. Evidence of a self-evaluation program
must include the following three components: Creation and performance
of regular internal self-audits, which may be conducted through the use
of internal and/or external resources depending upon the needs and
demands of the organization; creation of a checklist of critical areas
and items to review, including identification of any deficiencies; and
development of corrective procedures or measures implemented to correct
identified deficiencies. Note: Disclosure of identified deficiencies
and corrective actions will be considered when evaluating effective ICT
control plans under paragraph (f)(2). Failure to disclose this
information could result in revocation, as noted in paragraph (j). Any
violations of the EAR that are uncovered in the process of conducting
this self-evaluation should be disclosed to BIS in accordance with the
voluntary self-disclosure procedures found in section 764.5.
(vii) Letter of assurance for software and technology. A company
officer of the eligible applicant must submit a signed statement on
company letterhead stating that under this license exception, the
eligible applicant and each eligible user and/or eligible recipient
entity will not export, reexport, or transfer (in-country) software
(including the source code for the software) and technology, consistent
with paragraph (c)(1) of this section and consistent with paragraphs
(a)(1) and (a)(2) of Sec. 740.6.
(viii) Signing of non-disclosure agreements. Non-disclosure
agreements not to release any technology or source code must be binding
with respect to any technology or source code that has been released or
otherwise provided to any non-U.S. national employee, wherever located,
on the basis of this license exception, until such technology or source
code no longer requires a license to any destination under the EAR,
regardless of whether the non-U.S. national's employment relationship
with the company remains in effect. Non-disclosure agreements should be
completed in both English and the non-U.S. national employee's native
language.
(ix) Review of end-user lists. Foreign national employees, as
described in note 2 to paragraph (b)(3)(ii), who are eligible to
receive technology or source code under this license exception, must be
screened against all lists of end-users of concern compiled by the U.S.
government. In addition, prior employers of the foreign national
employees must also be screened. These lists can be accessed at http://www.bis.doc.gov. See paragraph (c)(5) of this section for specific
restrictions.
(2) Exceptions to certain mandatory elements of an ICT control
plan.
(i) If this license exception will be used only for commodities,
then the ICT control plan elements described in paragraphs (d)(1)(iii),
(d)(1)(iv), (d)(1)(vii), (d)(1)(viii), and (d)(1)(ix) are not
mandatory. In this situation, the ICT control plan must state that this
license exception will be used for commodities only and not used for
software or technology.
(ii) If this license exception will be used only for software
(excluding source code), or if this license exception will be used only
for commodities and software (excluding source code), then the ICT
control plan elements described in paragraphs (d)(1)(iv), (d)(1)(viii),
and (d)(1)(ix) are not mandatory. In this situation, the ICT control
plan must state that this license exception will be used for software
(excluding source code) only, or will be used for commodities and
software (excluding source code) only, and not used for technology or
source code.
(e) Information required for grant of ICT authorization.
(1) Prior to the export, reexport, or in-country transfer of items
on the Commerce Control List under this license exception, an eligible
applicant, as described in paragraph (b)(1) of this section, must
submit the following information to BIS:
(i) For the eligible applicant: Full name of company; location of
company headquarters; location of principal place of business; complete
physical addresses (listing a post office box is insufficient) of
company's headquarters and principal place of business; post office box
if used as an alternate address; location of registration or
incorporation; ownership of company, including listing all individuals
or groups that have at least a 10% ownership interest; and need for
License Exception ICT, including listing the ECCNs of the items that
will be exported, reexported, or transferred (in-country) under this
license exception and a detailed narrative describing the intended use
of the items covered by the listed ECCNs and the anticipated resulting
commodities, where relevant;
(ii) For each company, separate from the eligible applicant, that
is intended to be an eligible user or eligible recipient that will
export, reexport, transfer (in-country), or receive items under this
license exception: Full name of entity; location of entity's principal
place of business; complete physical address (listing a post office box
is insufficient) of entity's principal place of business; post office
box if used as an alternate address; location of entity's registration
or incorporation; relationship of the entity to the eligible applicant;
and ownership of company, including listing all individuals or groups
that have at least a 10% ownership interest, where relevant;
(iii) Name and contact information of the employee(s) responsible
for implementing the ICT control plan of the eligible applicant and its
wholly-owned or controlled in fact entities that are eligible users
and/or eligible recipients;
(iv) A full copy of the ICT control plan, as described in paragraph
(d) of this section, covering the eligible
[[Page 57562]]
applicant and its wholly-owned or controlled in fact entities that are
eligible users and/or eligible recipients;
(v) Documentation showing implementation of screening, training,
and self-evaluation elements in the ICT control plan, as described in
paragraphs (d)(1)(iv), (d)(1)(v), (d)(1)(vi), and (d)(1)(ix), where
applicable; and
(vi) A signed statement, on company letterhead, by a company
officer of the eligible applicant that states each eligible user and/or
eligible recipient entity will allow BIS, at the agency's discretion,
to conduct audits to ensure compliance with this license exception.
(2) Submit all required information to: Bureau of Industry and
Security, Attn: License Exception ICT, HCHB Room 2705, 14th Street &
Pennsylvania Ave., NW., Washington, DC 20230.
(f) Review of License Exception ICT submissions. Upon receipt of
completed information required under paragraph (e)(1) of this section,
BIS will conduct a review described in paragraph (f)(1) of this
section. During the review, BIS will use the factors described in
paragraph (f)(2) of this section to determine authorization. In
addition to informing the eligible applicant whether it may use this
license exception, BIS will provide the terms of the ICT authorization
including which wholly-owned or controlled in fact entities may use
this license exception and the ECCNs of the items that may be exported,
reexported, or transferred under this license exception. BIS will
respond in writing to the eligible applicant once a decision is
reached.
(1) Processing procedures. For purposes of review only, License
Exception ICT submissions will be reviewed in the manner that license
applications are reviewed pursuant to Sec. Sec. 750.3 and 750.4 of the
EAR and Executive Order 12981, as amended by Executive Orders 13020,
13026, and 13117.
(2) Review factors. The following factors will be considered in
determining License Exception ICT authorization: Prior licensing
history; demonstration of an effective ICT control plan; and need for
the license exception, as expressed in the submission for ICT
authorization, including the requested ECCNs and the relationship of
the wholly-owned or controlled in fact entities to the parent company
or other entities of national security or foreign policy concern. BIS
will also consider any deficiencies, including violations of the EAR,
that are uncovered as part of the self-evaluation element of the
eligible applicant's ICT control plan described in (d)(vi) of this
part, and, if appropriate, disclosed to BIS in accordance with section
764.5, as well as any corrective action that was subsequently taken.
(g) Changes to Submitted Information Following Receipt of
Authorization.
(1) Before an entity not previously identified in an approved
eligible applicant's initial submission under paragraph (e) of this
section may use this license exception, the approved eligible applicant
must submit the information regarding the new entity in accordance with
paragraph (e)(1)(ii) of this section to BIS at the address listed in
paragraph (e)(2) of this section. This submission will undergo the same
process of review as the initial submission, which is described in
paragraph (f)(1) of this section.
(2) After obtaining authorization to use this license exception, an
approved eligible applicant may request License Exception ICT
eligibility for additional ECCNs that were not previously identified in
its initial submission. To make such a request, the approved eligible
applicant must submit the necessary information required under
paragraph (e)(1)(i) regarding the additional ECCNs to BIS at the
address listed in paragraph (e)(2) of this section. This submission
will undergo the same process of review as the initial submission,
which is described in paragraph (f)(1) of this section.
(3) If control of an approved eligible applicant changes after
obtaining prior authorization to use this license exception (e.g.,
through change of ownership, acquisition, or merger), authorization to
use this license exception will no longer be valid. Under such
circumstances, the new eligible applicant must submit all information
required under paragraph (e)(1) of this section to obtain new
authorization to use this license exception. This submission will
undergo the same process of review described in paragraph (f)(1) of
this section. The new eligible applicant and its wholly-owned or
controlled in fact entities may export, reexport, or transfer within
country items under this license exception only upon receipt of written
authorization from BIS. See the definition of ``controlled in fact'' in
Sec. 772.1 for further information regarding changes in ownership.
(4) If an approved eligible applicant's control of an approved
eligible user or eligible recipient entity changes after obtaining
prior authorization to use this license exception (e.g., through a
different organization's acquisition or merger of the approved eligible
user or eligible recipient entity), the newly-controlled eligible user
or eligible recipient entity must immediately terminate use of this
license exception. In addition, the approved eligible applicant must
notify BIS in writing of the removal of the newly-controlled entity
from use of this license exception within fifteen (15) days after the
change in control. Notification letters should be submitted to the
address in paragraph (g)(5) of this section. Subject to paragraph
(g)(3) of this section, the approved eligible applicant and its other
approved eligible users and/or eligible recipient entities may continue
to use this license exception. See the definition of ``controlled in
fact'' in Sec. 772.1 for further information.
(5) After obtaining authorization to use this license exception, if
the legal name of an approved eligible applicant, eligible user, or
eligible recipient entity of this license exception, as described in
paragraphs (b)(1), (b)(2), and (b)(3)(i) of this section respectively,
changes, the approved eligible applicant must notify BIS of the name
change within fifteen (15) days after the name change. Subject to
paragraph (g)(3) of this section, the approved eligible applicant may
continue to use this license exception after the name change but must
submit a letter informing BIS of the name change to the Director of the
Office of Exporter Services at: Office of Exporter Services, HCHB Room
2705, 14th Street & Pennsylvania Ave., NW., Washington, DC 20230.
(h) Annual reporting requirement.
(1) After receiving authorization to use License Exception ICT
pursuant to paragraph (e) of this section, approved eligible applicants
must submit the following information to BIS on an annual basis:
(i) The name, nationality, and date of birth of foreign national
employees, as described in note 2 to paragraph (b)(3)(ii) of this
section, who have received technology or source code under License
Exception ICT during the prior reporting year.
(ii) The name, nationality, and date of birth of foreign national
employees, as described in note 2 to paragraph (b)(3)(ii), who are
subject to the reporting requirement in paragraph (h)(1)(i) of this
section and who have terminated their employment with the approved
eligible applicant, eligible user, or eligible recipient entity. This
requirement does not apply to employees subject to the reporting
requirement in paragraphs (h)(1)(i) and (h)(1)(ii) of this section who
have changed positions within the parent company's structure (i.e.,
among the approved eligible applicant parent company's wholly-owned or
controlled in fact entities that are approved eligible
[[Page 57563]]
users and/or eligible recipients of this license exception).
(iii) A certification signed by a company officer stating that the
approved eligible applicant and its approved eligible users and
eligible recipient entities are in compliance with the terms and
conditions of License Exception ICT. This certification should include
the results of the self-evaluations described in paragraph (d)(1)(vi)
of this section.
(2) Annual reports must be submitted to and received by BIS no
later than February 15 of each year, and must cover the period of
January 1 through December 31 of the prior year. Reports must be
submitted to the address listed in paragraph (e)(2) of this section.
(i) Auditing use of License Exception ICT.
(1) Biennial audit. BIS will review the use of License Exception
ICT by the approved eligible applicant and its approved eligible users
and/or eligible recipients approximately once every two years.
Generally, BIS will give reasonable notice to approved eligible
applicants in advance of an audit of their use of License Exception
ICT. As part of the biennial audit, BIS may request that an approved
eligible applicant and its approved eligible users and/or eligible
recipient entities submit all or part of their records described in
paragraph (h) of this section.
(2) Discretionary audit. BIS may conduct special unannounced system
reviews if BIS has reason to believe an approved eligible applicant or
one of its approved eligible users and/or eligible recipients has
improperly used or failed to comply with the terms and conditions of
License Exception ICT.
(j) Revision, Suspension, and Revocation of License Exception ICT.
Consistent with Sec. 740.2(b), BIS may revise, suspend, or revoke
authorization to use License Exception ICT in whole or in part, without
notice. Factors that might warrant such action may include, but are not
limited to, the following: use of ICT for other than internal company
use, release of controlled items to unauthorized entities or
destinations, failure to maintain the ICT control plan initially
submitted to BIS as part of the application, and failure to comply with
reporting and recordkeeping requirements.
(k) Recordkeeping requirements. In addition to the recordkeeping
requirements set forth in part 762 of the EAR, entities that are
approved eligible applicants, eligible users, and/or eligible
recipients of this license exception, as described in paragraphs
(b)(1), (b)(2), and (b)(3)(i) of this section respectively, must retain
copies of their ICT control plan and associated materials, including
signed non-disclosure agreements. Entities that are approved eligible
applicants, eligible users, and/or eligible recipients must also
maintain records, by ECCN, of the items on the Commerce Control List
that have been exported, reexported, or transferred within country
under the authority of this license exception. For foreign national
employees receiving technology or source code under ICT, approved
eligible applicants, eligible users, and eligible recipient entities
are required to record only the initial release of such technology or
source code to a given foreign national employee; subsequent release of
the same technology or source code to that same foreign national
employee does not require additional recordkeeping. However, if a
foreign national receives technology or source code under ICT that is
controlled under a different ECCN, then the initial receipt of the
different technology or source code must also be recorded. Such records
must be made available to BIS on request.
3. Supplement No. 4 to part 740 is added to read as follows:
Supplement No. 4 to Part 740--Countries in Which Eligible Applicants
Must Be Incorporated In or Have Their Principal Place of Business in
For License Exception Intra-Company Transfer (ICT) Eligibility
Argentina
Australia
Austria
Belgium
Bulgaria
Canada
Cyprus
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Iceland
Ireland
Italy
Japan
Korea, South
Latvia
Lithuania
Luxembourg
Malta
Netherlands
New Zealand
Norway
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Switzerland
Turkey
United Kingdom
United States
PART 772--[AMENDED]
4. The authority citation for part 772 is revised to read as
follows:
Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.;
E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of July
23, 2008, 73 FR 43603 (July 25, 2008).
5. Section 772.1 is amended:
a. By amending the definition of ``Controlled in fact'' as set
forth below; and
b. By adding, in alphabetical order, the definitions of
``Employee'' and ``Parent company'', as follows:
Sec. 772.1 Definitions of Terms as Used in the Export Administration
Regulations (EAR).
* * * * *
Controlled in fact. For purposes of License Exception ICT only (see
Sec. 740.19 of the EAR), the term ``controlled in fact'' means the
authority or ability of an entity, which has been routinely exercised
in the past, to establish the general policies or day-to-day operations
of a different organization, such as a subsidiary, branch, or office.
An entity will be presumed to have control over a different
organization when:
(a) The entity beneficially owns or controls (whether directly or
indirectly) more than 50 percent of the outstanding voting securities
of the different organization;
(b) The entity operates the different organization pursuant to the
provisions of an exclusive management contract; or
(c) Members of the entity's governing body (i.e., board of
directors) comprise a majority of the comparable governing body of the
different organization.
For purposes of the Special Comprehensive License (part 752 of the
EAR), controlled in fact is defined as it is under the Restrictive
Trade Practices or Boycotts (Sec. 760.1(c) of the EAR).
* * * * *
Employee. For purposes of License Exception ICT only (see Sec.
740.19 of the EAR), ``employee'' means any person who works, with or
without compensation, in the interest of an entity that is an approved
eligible user (see Sec. 740.19(b)(2)) or an entity that is an approved
eligible recipient (see Sec. 740.19(b)(3)(i)). The person must work at
the approved eligible entity's locations or at locations assigned by
the approved eligible entity, such as at remote sites or on business
trips. This definition may include permanent employees, contractors,
and interns.
* * * * *
[[Page 57564]]
Parent company. For purposes of License Exception ICT only (see
Sec. 740.19 of the EAR), ``parent company'' means any entity that
wholly-owns or controls in fact a different entity, such as a
subsidiary or branch. The parent company may be incorporated in and
conduct its principal place of business inside the United States or
outside of the United States, but certain location restrictions apply
(see Sec. 740.19(b)(1) and Supplement No. 4 to part 740). The parent
company itself may also have an ultimate parent company, meaning the
parent company is wholly-owned or controlled in fact by another entity
or other entities. See also the definition of ``controlled in fact'' in
this section for further information.
* * * * *
Dated: September 29, 2008.
Christopher R. Wall,
Assistant Secretary for Export Administration.
[FR Doc. E8-23506 Filed 10-2-08; 8:45 am]
BILLING CODE 3510-33-P