The EU has an extensive dual-use industry that brings together thousands of small, medium, and large-sized companies that provide highly valued jobs and know-how, including significant R&D work. According to the European Commission, dual-use items are often high-tech products and have ramifications across a wide range of key sectors of the EU economy; they include leading edge technologies that are crucial to the EU's drive towards innovation and competitiveness. In 2014, the total value of controlled dual-use exports reached EUR 59 billion, representing 3.4% of total EU exports to third countries. Few exports were actually denied, representing a negligible portion of total EU exports.
This week, the European Commission presented the proposal for a regulation to modernize EU export controls. The new proposal aims to:
- Ensure that EU export controls adjust to evolving security risks and threats.
- Ensure that controls adjust to rapid technological and scientific developments.
- Prevent the export of cyber-surveillance technology to be misused in violation of human rights.
- Reduce the distortions of competition and administrative burden associated with controls.
- Promote a global level playing field.
- Support effective and consistent application of dual-use export controls in the EU.
There are many elements in this proposal so some focus is needed: A key priority for the EU Commission in the “modern” dual-use regulation is the inclusion of control on “cyber-surveillance technologies” (e.g. certain spyware, malware, or telecommunications and internet surveillance technologies) that may pose as a threat to violations of human rights, as well as international humanitarian law. These could be used by repressive and authoritarian regimes to spy and intercept communication, which in turn could harm national security. Therefore, cyber-surveillance technologies must be monitored when exported.
If these proposals are approved and enter into force, EU companies trading in cyber-surveillance technologies may need to obtain an export license and follow new procedural requirements. As such, the proposal may also affect companies that trade software on the covert intrusion of information; in other words, software that deals with the secret extraction of information, or spyware. However, let’s make one thing clear: Contrary to populist media reports, this proposal does NOT affect mobile telecommunications companies as they are information providers rather than information extractors/interceptors. Your mobile phone is safe! A complete list of the items subject to security and custom controls is yet to be disclosed but will be contained in the new annex.
In addition to cyber surveillance technologies, the proposal also expands on the “catch-all” mechanisms implemented by the current regulation. The new provision will allow member states to ask any exporter to apply for an export license because of “human rights considerations,” differing from the current clause that allows member states to monitor additional items that have not been mentioned in the list of regulated dual-use items of the regulation (Annex 1). Current practice and legislation means that human rights implications are not uniformly or effectively assessed by EU member states when it comes to the export of surveillance technology.
Finally, concerning licensing, it is intended to introduce new EU General Export Authorizations (EUGEAS), such as cryptography and other dual-use items. Furthermore, there will be harmonization of the licensing process between global licenses and EUGEAS with the goal of reducing differences in licensing timelines between competent authorities.
Manually determining whether an export license is necessary can be a daunting task. Luckily, Amber Road’s Export Management solution automates the license determination and management process in order to ensure compliance with dual-use regulations worldwide. Download our Export Management brochure to learn more!