United States

June 18, 2024, Covington Alert

On June 12, 2024, the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”) and the U.S. Commerce Department, Bureau of Industry and Security (“BIS”) issued additional measures to counter Russia’s continued aggression in Ukraine. The measures, announced in advance of the G7 summit in Italy last week, are intended to “continue to drive up costs for the Russian war machine.”

The actions taken by OFAC and BIS include new prohibitions on providing certain information technology- and software-related services to persons located in Russia, establishing additional sanctions designed to target the Russian financial infrastructure, strengthening secondary sanctions that can be applied to non-U.S. persons (including in particular non-U.S. financial institutions), and expanding export controls restrictions on items destined for Russia and Belarus (including with respect to certain types of software). Along with the new rules, OFAC designated for property-blocking sanctions more than 300 individuals and entities (including parties identified for sanctions by the U.S. State Department), while BIS used its authority to make additions to the Entity List, issue Temporary Denial Orders, and notify U.S. distributors of additional restrictions on shipments to parties known to be supplying items to Russia. Significantly, BIS altered its Entity List rules to permit certain address-only designations to the Entity List and, among other designations, added to the Entity List eight addresses in Hong Kong with a high diversion risk. Exports, reexports, or transfers of certain items subject to the Export Administration Regulations (“EAR”) to purchasers, intermediate or ultimate consignees, and end ­users who use those addresses generally will require authorization from BIS.

Separately, on June 13, 2024, the UK Government imposed a new round of asset-freezing sanctions on a number of notable Russian entities. The European Union is also considering a 14th package of sanctions measures relating to Russia, although as of this writing the EU has not yet enacted the new package.

New U.S. Sanctions

Prohibition on Certain Information Technology and Software Services

As part of the joint actions, OFAC issued a determination pursuant to the authority of Executive Order 14071 (the “IT and Software Services Determination”) that prohibits the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a U.S. person, wherever located, of (i) information technology (“IT”) consultancy and design services, and (ii) IT support services and cloud-based services for enterprise management software and design and manufacturing software (collectively, “Covered Software”) to any person located in the Russian Federation, unless licensed or otherwise authorized by OFAC. The IT and Software Services Determination is effective beginning at 12:01 eastern daylight time on September 12, 2024. “U.S. persons” include U.S. legal entities and their non-U.S. branches; U.S. citizens and lawful permanent residents, no matter where located or employed; and persons present in the United States.Continue Reading U.S. Government Issues New U.S. Sanctions and Export Controls Targeting Russia and Belarus for Continued Aggression Against Ukraine; Update on European Sanctions Developments

On March 28, 2024, the U.S. Department of Justice and the Federal Trade Commission jointly filed a Statement of Interest on behalf of the United States in the case of Cornish-Adebiyi v. Caesars Entertainment, 1:23-CV-02536 (D.N.J. Mar. 28, 2024). 

In the Statement, the agencies express their disagreement with two legal arguments asserted by the 

This year’s Munich Security Conference reemphasized the need for Europe to invest in greater defense capabilities and foster a regulatory environment that is conducive to building a defense and technological industrial base. In Munich, President Ursula von der Leyen committed to appointing a European Commissioner for Defence, if she is reselected later this year by the European Council and European Parliament. And the EU is also due to publish shortly a new defense industrial strategy, mirroring in part, the first-ever U.S. National Defense Industrial Strategy (NDIS) released earlier this year by the Department of Defense.

The NDIS, in turn, recognizes the need for a strong defense industry in both the U.S. and the EU, as well as other allies and partners across the globe, in order to strengthen supply chain resilience and ensure the production and delivery of critical defense supplies. And global leaders generally see the imperative of working together over the long-term to advance integrated deterrence policies and to strengthen and modernize defense industrial base ecosystems. We will continue tracking these geopolitical trends, which are likely to persist regardless of electoral outcomes in Europe or the United States.

These developments across both sides of the Atlantic follow on a number of significant new funding streams in Europe over the past couple of years, for instance:

  • The 2021 revision of the European Defense Fund Regulation allocated €8 billion for common research and development projects, meant to be spent during the 2021-2027 multi-annual financial framework (MFF).
  • As a direct response to Ukraine’s request for assistance with the supply of 155 mm-caliber artillery rounds, the EU adopted the 2023 Act in Support of Ammunition Production (ASAP), with a €500 million fund to scale up production of ammunition and missiles.
  • Most recently, the EU adopted the 2023 European Defense Industry Reinforcement through Common Procurement Act (EDIRPA), introduced a joint procurement fund of €300 million to facilitate Member States’ collective acquisition of defense products.
  • The European Peace Facility (EPF), an off-budget instrument, with an overall financial ceiling exceeding €12 billion, is primarily destined toward procurement of military material and large-scale financing of weapon supplies to allied third countries (including €6.1 billion for Ukraine).

Continue Reading Insights from the Munich Security Conference: Towards an Expanding U.S.-EU Defense Taxonomy?

This quarterly update highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues.  These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity.  As noted below, some of these developments provide companies with the opportunity for participation and comment.

I. Artificial Intelligence

Federal Executive Developments on AI

The Executive Branch and U.S. federal agencies had an active quarter, which included the White House’s October 2023 release of the Executive Order (“EO”) on Safe, Secure, and Trustworthy Artificial Intelligence.  The EO declares a host of new actions for federal agencies designed to set standards for AI safety and security; protect Americans’ privacy; advance equity and civil rights; protect vulnerable groups such as consumers, patients, and students; support workers; promote innovation and competition; advance American leadership abroad; and effectively regulate the use of AI in government.  The EO builds on the White House’s prior work surrounding the development of responsible AI.  Concerning privacy, the EO sets forth a number of requirements for the use of personal data for AI systems, including the prioritization of federal support for privacy-preserving techniques and strengthening privacy-preserving research and technologies (e.g., cryptographic tools).  Regarding equity and civil rights, the EO calls for clear guidance to landlords, Federal benefits programs, and Federal contractors to keep AI systems from being used to exacerbate discrimination.  The EO also sets out requirements for developers of AI systems, including requiring companies developing any foundation model “that poses a serious risk to national security, national economic security, or national public health and safety” to notify the federal government when training the model and provide results of all red-team safety tests to the government.

Federal Legislative Activity on AI

Congress continued to evaluate AI legislation and proposed a number of AI bills, though none of these bills are expected to progress in the immediate future.  For example, members of Congress continued to hold meetings on AI and introduced bills related to deepfakes, AI research, and transparency for foundational models.

  • Deepfakes and Inauthentic Content:  In October 2023, a group of bipartisan senators released a discussion draft of the NO FAKES Act, which would prohibit persons or companies from producing an unauthorized digital replica of an individual in a performance or hosting unauthorized digital replicas if the platform has knowledge that the replica was not authorized by the individual depicted. 
  • Research:  In November 2023, Senator Thune (R-SD), along with five bipartisan co-sponsors, introduced the Artificial Intelligence Research, Innovation, and Accountability Act (S. 3312), which would require covered internet platforms that operate generative AI systems to provide their users with clear and conspicuous notice that the covered internet platform uses generative AI. 
  • Transparency for Foundational Models:  In December 2023, Representative Beyer (D-VA-8) introduced the AI Foundation Model Act (H.R. 6881), which would direct the Federal Trade Commission (“FTC”) to establish transparency standards for foundation model deployers in consultation with other agencies.  The standards would require companies to provide consumers and the FTC with information on a model’s training data and mechanisms, as well as information regarding whether user data is collected in inference.
  • Bipartisan Senate Forums:  Senator Schumer’s (D-NY) AI Insight Forums, which are a part of his SAFE Innovation Framework, continued to take place this quarter.  As part of these forums, bipartisan groups of senators met multiple times to learn more about key issues in AI policy, including privacy and liability, long-term risks of AI, and national security.

Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023

On October 17, 2023, the U.S. Government Accountability Office (“GAO”) published a report on mergers and acquisitions (“M&A”) in the defense industrial base. The report details the current M&A review process of the Department of Defense (“DOD”) and provides recommendations to proactively assess M&A competition risks.

Currently, DOD’s Industrial Base Policy (“IBP”) office, with input

Earlier this month the Biden Administration released its long-anticipated Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO”), which imposes (1) prohibitions on certain outbound investments in the semiconductors and microelectronics, quantum information technologies, and artificial intelligence sectors, and (2) mandatory notification requirements for a

Updated August 8, 2023.  Originally posted May 1, 2023.

Last week, comment deadlines were announced for a Federal Communications Commission (“FCC”) Order and Notice of Proposed Rulemaking (“NPRM”) that could have significant compliance implications for all holders of international Section 214 authority (i.e., authorization to provide telecommunications services from points in the U.S. to points abroad).  The rule changes on which the FCC seeks comment are far-reaching and, if adopted as written, could result in significant future compliance burdens, both for entities holding international Section 214 authority, as well as the parties holding ownership interests in these entities.  Comments on these rule changes are due Thursday, August 31, with reply comments due October 2.

Adopted in April, the FCC’s item proposing the new rules also includes an Order requiring all holders of international Section 214 authority to respond to a one-time information request concerning their foreign ownership. Although last week’s Federal Register publication sets a comment deadline for the proposed rules, the reporting deadline for the one-time information request has not yet been established.  However, because the FCC has fulfilled its statutory obligations regarding the new information collection presented by the one-time reporting requirement, carriers — as well as entities holding an ownership interest in these carriers — should prepare for the announcement of the reporting deadline.

The FCC’s latest actions underscore the agency’s ongoing desire to closely scrutinize foreign ownership and involvement in telecommunications carriers serving the U.S. market, as well as to play a more active role in cybersecurity policy. These developments should be of interest to any carrier that serves the U.S. market and any financial or strategic investor focused on the telecommunications space, as well as other parties interested in national security developments affecting telecommunications infrastructure.

Proposed Rule Changes for International Section 214 Authority

The FCC’s proposed changes to its regulation of international Section 214 authorizations generally concern additional compliance, disclosure, and reporting requirements. The FCC’s proposed rule changes are far-reaching, but the most notable of the proposals concern the following:Continue Reading Comments Due August 31 on FCC’s Proposal to Step Up Review of Foreign Ownership in Telecom Carriers and Establish Cybersecurity Requirements

On July 10, 2023, the European Commission adopted its adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The decision, which took effect on the day of its adoption, concludes that the United States ensures an adequate level of protection for personal data transferred from the EEA to companies certified to the DPF. This blog post summarizes the key findings of the decision, what organizations wishing to certify to the DPF need to do and the process for certifying, as well as the impact on other transfer mechanisms such as the standard contractual clauses (“SCCs”), and on transfers from the UK and Switzerland.

Background

The Commission’s adoption of the adequacy decision follows three key recent developments:

  1. the endorsement of the draft decision by a committee of EU Member State representatives;
  2. the designation by the U.S. Department of Justice of the European Union and Iceland, Liechtenstein, and Norway (which together with the EU form the EEA) as “qualifying states,” for the purposes of President Biden’s Executive Order 14086 on Enhancing Safeguards for U.S. Signals Intelligence Activities (“EO 14086”). This designation enables EU data subjects to submit complaints concerning alleged violations of U.S. law governing signals intelligence activities to the redress mechanism set forth in the Executive Order and implementing regulations (see our previous blog post here); and
  3. updates to the U.S. Intelligence Community’s policies and procedures to implement the safeguards established under EO 14086, announced by the U.S. Office of Director of National Intelligence on July 3, 2023.

The final adequacy decision, which largely corresponds to the Commission’s draft decision (see our prior blog post here), concludes “the United States … ensures a level of protection for personal data transferred from the Union to certified organisations in the United States under the EU-U.S. Data Privacy Framework that is essentially equivalent to the one guaranteed by [the GDPR]” (para. 201).

Key Findings of the Decision

In reaching the final decision, the Commission confirms a few key points:Continue Reading European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework

On April 27, 2023, US National Security Advisor Jake Sullivan delivered a lecture at the Brookings Institution on American economic policy in which he promoted a ‘new Washington consensus’. His speech resonated loudly within EU member states and its institutions. What he said fits very well in the current debate in Brussels on economic and trade policy – a debate which divides policy makers even inside the European Commission in Brussels.

The need for a ‘new’ consensus

Jake Sullivan’s presentation, indeed, reinforces the views of those in Europe who feel there is a need for some distance from globalization, free trade and an economic system based solely on liberalism, competition rules and the law of the market. This system was often presented as ‘the Washington consensus’; this term was first coined by a British economist in 1989 to describe a world of free markets, with the United States as guarantor and relying mainly on the World Bank and the IMF. This ‘consensus’ developed in Washington during the Clinton administration and extended to the other side of the Atlantic – until the turn of the new century.

But now, times have changed: the US is no longer hegemonic; the world has fractured; western values are openly challenged by China and others in the ‘global south’ – and the Trump administration renounced major multinational treaties like TTIP and the TPP. Sullivan describes superbly the reasons why a ‘new’ consensus is needed: ‘a financial crisis that shook the middle class, a pandemic which exposed the fragility of our supply chains, a changing climate that threatens lives and livelihoods, the invasion of Ukraine by Russia which underscores the risks of overdependence’ – and, on top of that, a China which continues to subsidize the growth of its industry and ‘becoming a leader in critical technologies which will define the future’.

This diagnosis, and what Sullivan suggests, match perfectly the thinking by those in Europe who promote an EU ‘industrial policy’ – a novelty for the European Union. Clearly, liberalism and free trade retain strong supporters in European countries and in the EU Commission. Recently the EU ratified an agreement with Chile, concluded a treaty with New Zealand, and persists in completing the ratification of agreements with the Mercosur and Mexico. But even the Commission has to admit that the time of TTIP and other comprehensive trade agreements has passed and that those who want to relax state aid rules and encourage subsidies to the industry are dominating the scene.Continue Reading Europe and the ‘new Washington consensus’

On 31 May 2023, at the close of the fourth meeting of the US-EU Trade & Tech Council (“TTC”), Margrethe Vestager – the European Union’s Executive Vice President, responsible for competition and digital strategy – announced that the EU and US are working together to develop a voluntary AI Code of Conduct in advance of