The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.
The Commerce Department’s Bureau of Industry and Security drew praise from industry leaders for nixing a license requirement to release technology controlled by Export Administration Regulations—so long as it is for “standards-related activity.”
“This interim final rule … amends the Export Administration Regulations to authorize the release of specified items subject to the EAR without a license when that release occurs in the context of a ‘standards-related activity,’ as defined in this rule,” reads a notice set to publish in the Federal Register Friday.
The revised rules come as public and private-sector officials alike continue to bemoan lackluster involvement in standards development organizations for critical emerging technologies, which may threaten national security if they got into the wrong hands.
“International standards bodies are critically important when we talk about things like 5G, 6G, crypto standards, cloud security standards ... the U.S. needs to have more of an active presence in these standards bodies,” Morgan Adamski, chief of the National Security Agency’s Cybersecurity Collaboration Center, said during a panel at the Billington conference Wednesday. “We are currently outnumbered four to one by the Chinese.”
The original rule, issued toward the end of the Trump administration, followed Commerce’s addition of Chinese telecommunications giant Huawei and related entities to its list of those banned from receiving exports of U.S. technology without a special license.
Industry commenters and other leaders in the cybersecurity community—including from academia where broad early-stage collaboration is crucial—pushed back, saying it would undermine national security by chilling participation in international standards bodies where they must interact with Huawei and other banned entities.
BIS has since tried to allow for standards participation by issuing a temporary general license—now expired—and narrowly defining the kinds of technologies and organizations that wouldn’t require its authorization for engagement. The updated rule goes further, which industry leaders cheered.
“BIS agrees with the commenters that additional actions are needed to protect U.S. technological leadership without discouraging, and indeed supporting and promoting, the full participation of U.S. actors in international standards development efforts,” the notice reads. “The national security threat that results from ceding U.S. participation and leadership in standards development and promulgation outweighs the risks related to the limited release of certain low-level technology and software to parties on the Entity List in the context of a “standards-related activity.”
BIS is seeking comment over the next 60 days on the updated rule which defines “standards-related activity” as “activities required for the development, adoption or application of a standard, where there is an intent to publish the resulting standard.”
“As the United States seeks to enhance its technological leadership, ensuring globally-engaged companies maintain their seat in international standards setting bodies is essential to competing with foreign contenders like China,” Naomi Wilson, the Information Technology Industry Council’s vice president of policy for Asia, said in a press release Thursday. “We appreciate the department’s ongoing engagement and willingness to work with industry on this critical issue to ensure that national security is safeguarded without inhibiting U.S. industry’s competitiveness and global leadership.”