Export Control Advisory - DDTC Proposes New Regulations Regarding Dual Nationals and Third Country Nationals

On August 11, 2010, the US Department of State, Directorate of Defense Trade Controls (“DDTC”) published a proposed rule, 75 Fed. Reg. 48,625-48,627 (Aug. 11, 2010), which would amend the International Traffic in Arms Regulations (“ITAR”), 22 C.F.R. Parts 120-130, to exempt certain export control approval requirements applicable to dual nationals and third country nationals employed by foreign end-users and consignees who are otherwise authorized by DDTC to receive defense articles and services. This action is not an interim final or final rule with the immediate force and effect of law. DDTC will be accepting public comments on the proposed exemption for 30 days until September 10, 2010.

As background, the President’s Task Force on Export Control Reform has been considering current ITAR compliance requirements regarding dual national and third country national personnel working for parties abroad under DDTC-issued authorizations, such as Technical Assistance Agreements (TAAs) and Manufacturing License Agreements (MLAs). Applicants for such authorizations currently are required to ensure that “defense articles,“ including “technical data,” and “defense services” controlled by the US Munitions List (USML), 22 C.F.R. Part 121, are not provided to unauthorized dual nationals or third country nationals who work for foreign parties to TAAs and MLAs. In some instances, to receive authorizations for such foreign personnel, the applicant must obtain from the foreign party(ies), and sometimes provide to DDTC, information regarding the nationalities and personal background of the foreign personnel who will have access to ITAR-controlled technical data under the TAA or MLA. However, obtaining and disclosing information about nationalities has led to conflict with foreign local laws on anti-discrimination, human rights, and personal data privacy grounds. For more information about this topic, please see our article published by the International Government Contractor.

According to the Supplementary Information in the proposed rule, the US government recognizes that the current approach “has created a tremendous administrative burden on approved end-users and has evolved into a human rights issue, which has become a focus of contention between the US and allies and friends without a commensurate gain in national security.” According to DDTC, intelligence and law enforcement information indicates that diversion of ITAR-controlled defense articles and technical data appears to occur outside the scope of approved licenses, not within foreign companies or organizations providing access to “properly screened” dual national and third country national employees. Despite these statements, DDTC proceeds to note that due diligence – based on security clearances or other screening procedures – continues to be a requirement under the proposed exemption’s conditions.

Under the proposed ITAR amendment, to be set forth at 22 C.F.R. § 126.18, an exemption would allow the transfer of ITAR-controlled defense articles, including technical data, to dual nationals or third country nationals who are “bona fide, regular employees, directly employed by” authorized foreign end-users and consignees, including a “foreign business entity, foreign governmental entity, or international organization.” To be covered under the proposed ITAR exemption, transfers to dual national and third country foreign national employees must (1) occur within the physical territories of the country where the end-user is located or the consignee operates, and (2) be within the scope of the approved export authorization or a license exemption applicable to the foreign end-user or consignee. Additionally, the mandatory clause required for TAAs and MLAs in 22 C.F.R. § 124.8(5) would be amended to directly reference that transfers are permitted under § 126.18. The authorization in 22 C.F.R. § 124.16 would be removed, presumably because it is no longer needed. This provision currently covers the transfer of unclassified technical data and defense services to nationals of NATO, the EU, Australia, Japan, New Zealand, and Switzerland employed by parties to an approved TAA or MLA.

To qualify for the new exemption regarding intra-company transfers, certain due diligence and internal screening measures appear to be required under § 126.18(b) to prevent diversion to countries, end-users, or end-uses other than those authorized by DDTC. Section 126.18(c) sets forth how foreign end-users and consignees can meet the exemption’s conditions.

First, under subsection (c)(1), before providing access to ITAR-controlled defense articles or technical data, foreign end-users or consignees can either require (1) obtaining a security clearance from the foreign nation government for employees, or (2) implementing a process to “screen” employees and obtaining non-disclosure agreements from such employees to assure that no transfers of ITAR-controlled defense articles or technical data are made to unauthorized foreign persons.

Second, under subsection (c)(2), foreign end-users or consignees must screen their employees for “substantive contacts” with countries that are proscribed under 22 C.F.R. § 126.1. As stated, substantive contacts include, but are not limited to, (1) “recent or regular travel to such countries,” (2) “recent or continuing contact with agents and nationals of such countries,” (3) “continued allegiance to such countries,” or (4) “acts otherwise indicating a risk of diversion.” The proposed rule indicates that nationality, standing alone, does not prohibit access to or transfer of ITAR-controlled defense articles or technical data. But if there are substantive contacts with persons from proscribed countries, a risk of diversion “shall be presumed” unless DDTC determines otherwise. Foreign end-users and consignees are required to maintain a “technology security/clearance plan” that describes screening processes and provides recordkeeping of such screening. The plan and screening records should be available to DDTC upon request.

The proposed rule, while welcome by industry, likely will lead to questions and comments. Specific issues should be clarified before the proposed rule is made final. For example:

• The proposed rule in § 126.18(a) does not specify whether the exemption will apply equally to the transfer of unclassified and classified defense articles, including technical data, or whether the exemption can only be used for unclassified transfers.

• Additionally, the proposed rule’s text in § 126.18(a) appears to exempt only transfers of ITAR-controlled defense articles and technical data, but not defense services. However, under the definition of defense services in 22 C.F.R. § 120.9(a)(2), the furnishing of ITAR-controlled technical data to any foreign person, wherever located, is considered a defense service. It is unclear whether providing ITAR-controlled technical data to a foreign person under the exemption will not be considered a defense service.
  
  
• The phrase “bona fide, regular employees” who are employed by authorized foreign end-users or consignees is not defined in the Supplementary Information or § 126.18(a) and further clarity may be warranted.
  
  
• It appears that only “direct” employees can qualify under the exemption, and that contract employees, temporary workers, or consultants paid by foreign end-users or consignees will not be eligible under the exemption, unless the scope of the proposed rule is changed. Therefore, the current authorization process for “indirect” employees of foreign parties will remain in force.
  
  
• The proposed rule apparently makes a distinction between where an end-user “is located,” as opposed to where a consignee “operates” in § 126.18(a). The supplementary information does not explain why these choice of words and the disjunctive “or” is used. The rule should apply equally to the territories where end-users and consignees are located and operate. Perhaps the nature of a consignee is different from the concept of an end-user – such as where a consignee might mean freight forwarders, customs agents, distributors, or resellers – but the rule is silent about the reason for the different approach for foreign end-users vs. foreign consignees.
  
  
• DDTC may need to clarify whether the exemption for non-proscribed nationals mandates or requires adoption of the § 126.18(c)(1) procedures, or simply that the foreign parties must assure that no proscribed country foreign nationals receive ITAR-controlled defense articles or technical data by any reasonable due diligence processes implemented, as suggested by § 126.18(b).
  
  
• It appears that if a security clearance is approved by a host country government for employees under § 126.18(c)(1)(i), the foreign end-user or consignee is still required to screen them for substantive contacts with proscribed countries pursuant to § 126.18(c)(2), which may continue to impose administrative burdens on foreign entities. This reading could imply that an approved foreign security clearance, by itself, is not sufficient due diligence for complying with DDTC’s dual national and third country national transfer concerns under the exemption.
  
  
• Country of birth is not referenced as a data point for nationality purposes in § 126.18(c)(2). In terms of regulations, country of birth was previously mentioned in the Supplementary Information (72 Fed. Reg. 71,785-87 [Dec. 19, 2007]) for ITAR section 124.16, which is being removed by the proposed amendment.
  
  
• It is not clear how a foreign party or an applicant is to decide whether a substantive contact with a proscribed country constitutes a risk of diversion, thereby presumably disqualifying an employee from the exemption, and conversely, when to contact DDTC for specific guidance. The factors cited in § 126.18(c)(2) are not dispositive. Are foreign persons permitted to ascertain information about employees, examine the factors, and even if one or more factors are applicable, determine that there is no risk of diversion and permit access? Or, if foreign persons find that even one substantive contact exists, then a risk of diversion is presumed, unless DDTC rules otherwise? This latter reading would imply that a person must contact DDTC and request some type of guidance or approval, but the exemption does not state so explicitly. (Given that there is bar to authorizing defense articles to proscribed countries, then DDTC presumably would be prohibited from issuing a license in instances where the connections were sufficient to deem the employee to be from a proscribed country. And according to § 126.1[a] of the ITAR, an exemption [other than that set forth at § 123.17] cannot be used to permit the transfer of USML defense articles to proscribed destinations, areas, or persons, including proscribed country dual nationals and third country nationals.)
  
  
• The technology security/clearance plan stipulated by § 126.18(c)(2) does not take into account practical difficulties under local law in collecting and recording data about employees’ substantive contacts with proscribed countries or persons, which could continue to raise human rights/privacy law concerns, particularly regarding questions of nationality and continued allegiance to proscribed countries, e.g., if a proscribed country national is only a permanent resident but not a citizen of a third country.
  
  
• Similarly, making screening records available to DDTC (or its agents) upon request, the final condition of § 126.18(c)(2), could prove to be problematic. If such records may reveal personal data to the US government about individuals, making this information available to DDTC could continue to raise local human rights/data privacy concerns, and lead to greater administrative and legal costs for applicants and foreign end-users or consignees.
  
  
• It is not clear to whom the compliance requirements and liability for an infraction applies. The foreign end-user or consignee will sign the TAA or MLA and agree with the mandatory 124.8(5) clause permitting transfers that meet the conditions of § 126.18. Presumably, a US applicant will need to rely on the foreign party to undertake the necessary compliance due diligence, and in the event of an error by the foreign party, the US applicant should not be held liable, assuming it did not contribute to any failure in the due diligence or screening in the first instance.

If you have any questions or comments, please contact Ed Krauland at 202.429.8083 or Jack Hayes at 202.429.6491 in our Washington office to discuss further.