Preparing for Compliance Risks Under the ICTS Rules, the Uyghur Forced Labor Prevention Act, and the National Critical Capabilities Defense Act
Stay up to date by subscribing to our blog. Add your e-mail address to the Subscribe box on the right to get our timely posts delivered directly to your inbox.
New York Law Journal, September 22, 2022
Supply chain security remains a key bipartisan policy goal and burgeoning compliance risk area. This article examines three recent initiatives that exemplify these trends: the regulations on securing the Information and Communications Technology and Services supply chain, the Uyghur Forced Labor Prevention Act, and the proposed National Critical Capabilities Defense Act.
Companies with cross-border supply chains should assess their exposure under these emerging regimes and prioritize their compliance efforts accordingly. The risk profile is greatest for companies developing technology and software across borders; companies importing items produced in (or incorporating components produced in) the Xinjiang region of China; parties seeking to invest in certain critical capabilities outside the United States; and government contractors that may be exposed to foreign adversaries in their supply chains.
Information and Communications Technology and Services Rules
One pillar of the U.S. government’s developing architecture for supply chain security is the U.S. Department of Commerce’s (Commerce’s) regulations on Securing the Information and Communications Technology and Services (ICTS) Supply Chain (ICTS Regulations), set out at 15 C.F.R. Part 7. Promulgated pursuant to Executive Order 13873, the rulemaking identifies the ICTS supply chain as critical to “nearly every aspect” of national security, acknowledging the degree to which American government, business, and the economy at large rely on ICTS. See Securing the Information and Communications Technology and Services Supply Chain, 86 Fed. Reg. 4909 (Jan. 19, 2021).
The ICTS Regulations empower Commerce to review, prohibit, or restrict specified “ICTS Transactions” that present national security risks. The term “ICTS Transactions” is defined broadly to include: “any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service, including ongoing activities, such as managed services, data transmission, software updates, repairs, or the platforming or data hosting of applications for consumer download.”
You can read more on our website.