Report & Order Summary
The Covered List. The Covered List currently includes telecommunications equipment produced by Chinese manufacturing companies Huawei Technologies Company (Huawei) and ZTE Corporation (ZTE); video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company, to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes; and information security products and services supplied by the Russian company AO Kaspersky Lab.
Changes to the FCC’s Equipment Authorization Rules. The FCC adopts a new rule that “covered” equipment identified on the Covered List will no longer be eligible for equipment authorization. This prohibition includes equipment that would have been subject to the FCC’s certification or Supplier’s Declaration of Conformity (“SDoC”) procedures for equipment authorization. (¶¶ 45-47)
New Certification Requirements. All applicants using the certification process for equipment authorization must now 1) provide a written and signed attestation that, as of the date the applicant submits the information, the equipment is not prohibited from receiving an equipment authorization, and 2) indicate whether the applicant is an entity identified on the Covered List with respect to “covered” equipment. Applicants must also identify and provide contact information for an agent for service of process with a U.S. physical and mailing address. (¶¶ 48-71)
New SDoC Requirements. Any equipment produced by Covered List entities will be subject to the FCC’s certification process and can no longer be authorized under the SDoC process. All applicants using the SDoC process must now maintain record of a written and signed certification that, as of the date of first importation or marketing, the equipment at issue is not produced by any entity that is identified on the Covered List as producing “covered” equipment. (¶¶ 72-83)
Changes to Exempt Equipment. Certain unlicensed RF devices are currently exempt from demonstrating compliance under either the certification or SDoC procedures – this exemption will no longer apply to “covered” communications equipment. (¶¶ 97-100)
Applicability. The FCC specifies that covered equipment may include consumer premises equipment including handsets and Internet of Things devices, “insofar as these devices incorporate electronic components, could enable users to originate and receive high quality voice, data, graphics, and video telecommunications with connection speeds of at least 200 kbps in either direction, and may be the end points of most broadband networks which makes them part of the network.” (¶ 201). The FCC precludes white label or rebranded equipment from the Covered List companies from obtaining equipment authorizations. (¶ 188)
Effective Date. The FCC adopts an interim freeze, effective immediately and to be in place until the new rules become effective, on further processing or granting of equipment authorization applications for Covered List equipment. The revised FCC rules will take effect on the date of publication in the Federal Register, apart from those rules requiring new or modified information collection requirements that require review of the Office of Management and Budget.
Further Notice of Proposed Rulemaking (FNPRM) Summary
The FCC seeks further comment on additional proposed revisions to the FCC’s equipment authorization regime to address national security risk. Comments on the FNPRM will be due 30 days after Federal Register publication, with reply comments due 60 days after Federal Register publication.
Component Parts. The FCC asks how component parts should be treated in the equipment authorization process, including whether the application process would need to be changed to capture information about the source of components that make up the equipment, and how “components” should be defined. The FCC asks whether it should require parties to obtain a separate equipment certification for devices containing a module produced by a Covered list entity and how it should treat composite systems assembled by a third party and incorporating multiple devices. The FCC also seeks information about the security risks likely to be posed by component parts. The FCC acknowledges the other federal government efforts to address the national security risks stemming from vulnerabilities in information and communications technology hardware, software, and services and asks how these efforts should inform the FCC’s actions in this proceeding. Further, the FCC seeks comment and data on the quantity and market share of entities on the Covered List in supplying modules or other devices for products intended for sale in the U.S. market, including composite devices as well as component parts, and the feasibility and costs of replacing such component parts. (¶¶ 268-287)
Revocation of Existing Equipment Authorizations. The FCC asks for comment on issues concerning revocation of existing authorizations of “covered’ equipment. The FCC seeks comment on what the process should be for identifying and revoking existing authorizations, including whether a reimbursement program would need to be established. If revocation occurs, the FCC asks what transition period may be necessary. The FCC further asks about impacts on: the supply chain, international trade, and consumers. The FCC asks whether there could be alternatives to revocation, such as requiring replacement of components or implementing security patches. (¶¶ 288-308)
Supply Chain Considerations. The FCC notes that commenters on the proposed rules raised the concern that prohibitions of equipment could result in supply chain problems, such as when equipment used by a U.S. business is produced by only a few suppliers. The FCC seeks comment on whether it should take this factor into account, particularly with respect to whether bans should be implemented immediately or with advance notice. (¶¶ 309-310)
United States Point of Presence for Certified Equipment. The FCC proposes requiring that the party responsible for compliance with the Commission’s certified equipment rules have a party located within the United States that would be responsible for compliance. The FCC seeks comment on how to implement such a requirement, including whether to require that the importer, the retailer, the distributor, or some other entity be the U.S.-located responsible party. (¶¶ 311-318)
Other Issues. The FCC asks whether additional information such as a parts list should be required for applications, and whether there should be new procedures for a post-grant review process to inform whether equipment inadvertently received a grant and is in fact “covered” equipment. The FCC also seeks comment on whether Telecommunication Certification Bodies should conduct additional post-market surveillance activities and other ways to promote enforcement. (¶¶ 319-326)
Further Notice of Competitive Bidding. The FCC raises a concern about Covered List entities influencing the bidding in an auction for FCC spectrum licenses. The FCC seeks comment on the risk of distortionary auction financing and potentially addressing that risk through a required auction application certification. (¶¶ 327-332)
Hogan Lovells’ preeminent Communications, Internet, and Media practice has been closely tracking this and other governmental activity impacting the communications supply chain. Our experts are supported by top-tier regulatory teams in the firm’s International Trade and Investments, Privacy and Cybersecurity, and National Security spaces. We are pleased to offer clients strategic and practical advice and assistance with compliance with the FCC’s new rules and are happy to discuss engagement and advocacy with respect to the FNPRM.
Authored by Katy Milner.