On May 15, 2019, President Trump issued an Executive Order entitled "Securing the Information and Communications Technology and Services Supply Chain." The Executive Order finds:
- foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services in order to commit malicious cyber-enabled actions, including economic and industrial espionage against the United States and its people.
- the unrestricted acquisition or use in the United States of information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in information and communications technology or services, with potentially catastrophic effects, and thereby constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.
As a result, the Executive Order broadly prohibits certain transactions involving information and communications technology or services. The Order defines "information and communications technology or services" as "any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including transmission, storage, and display."
The prohibition applies to any transaction that was initiated, is pending, or will be completed after the date of the Executive Order and where the Secretary of Commerce (Secretary), in consultation with the Secretary of the Treasury, the Secretary of State, the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, the United States Trade Representative, the Director of National Intelligence, the Administrator of General Services, the Chairman of the Federal Communications Commission, and, as appropriate, the heads of other executive departments and agencies, determines that:
(i) the transaction involves information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary and
(ii) the transaction:
(A) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States
(B) poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States or
(C) otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.
As such, even in advance of more formal regulations, the Commerce Department will begin to shape enforcement of the prohibitions by providing guidance on prohibited parties, services and transactions.
Who needs to comply?
Anyone engaged in transactions related to acquiring information and communications technology or services from a designated party. Depending on the actions taken by the Commerce Department in designating parties, suppliers of technology or services to such designated parties may also be prohibited.
Significantly, the Executive Order is issued pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA) and the National Emergencies Act (50 U.S.C. 1601 et seq.). IEEPA is the general authority for the issuance of economic sanctions and creates potential civil and criminal liability for persons and entities that violate Executive Orders and regulations issued under its authority. Regulations issued under IEEPA may also expand those liabilities beyond the parties directly involved in a prohibited transaction to include those who "facilitate" a violation (for example, lenders, brokers, insurers, lawyers, accountants or consultants).
We will continue to update this alert as more information becomes available.