Export Control Exemptions for Standards Development Activities
Summary
In this interim final rule, the Bureau of Industry and Security (BIS) amends the Export Administration Regulations (EAR) to revise the scope and the terms used in the EAR to describe "standards- related activities" that are subject to the EAR. BIS is making these revisions to ensure that export controls and associated compliance concerns do not impede the participation and leadership of U.S. companies in legitimate standards- related activities.
Compliance Requirements
- #1
Comments must be received by BIS no later than [INSERT DATE 60 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]; Anyone submitting business confidential information should clearly identify the business confidential portion at the time of submission, file a statement justifying nondisclosure and referring to the specific legal authority claimed, and also provide a non-confidential version of the submission; For comments submitted electronically containing business confidential information, the file name of the business confidential version should begin with the characters "BC." Any page containing business confidential information must be clearly marked "BUSINESS CONFIDENTIAL" on the top of that page; The corresponding non-confidential version of those comments must be clearly marked "PUBLIC." The file name of the non-confidential version should begin with the character "P."; When released for a "standards-related activity," "technology" or "software" is not subject to the EAR if it meets the item scope of 734.10(b)(1) and is released for a "published" standard and/or occurs with the intent that the resulting standard will be "published"; Specific "technology" or "software" is not subject to the EAR if the item is designated EAR99, controlled on the CCL for anti-terrorism (AT) reasons only, or the release is of specified "software" and "technology" when specifically for the "development," "production," and "use" of cryptographic functionality
Deadline: 2024-09-16(60 days after publication in Federal Register)
Market Impacts
Removes export control barriers for U.S. companies to participate in international standards development activities, enabling enhanced leadership and participation in global standards forums; Limits on technology and software sharing only apply to items not meeting the criteria in §734.10(b)(1) - specifically excluding items beyond EAR99, AT-controlled only items, and cryptographic functionality items; Previous export controls created uncertainty and chilling effect that led to U.S. companies withdrawing from international standards bodies, allowing foreign actors to develop competing standards without U.S. input; Enables two-way communication regarding security vulnerabilities discovered in hardware and software items, including with Entity List entities, preventing withholding of critical security information; Authorization now includes activities occurring after publication of standards, such as conformity assessments and compliance testing that are vital for commercialization of standards-compliant products
Validated Company Impacts
Apple Inc.
Apple designs and manufactures smartphones, computers, tablets, and wearables that incorporate critical technologies including communications, networking, and cryptographic functionality covered by this rule. The company participates in international standards development for hardware and software interoperability, security protocols, and technology standards that would be directly affected by the export control revisions. The rule primarily addresses export control compliance and international standards participation, which does not align with the company's disclosed risk factors. The company's cybersecurity risk is the only potential connection, but the rule focuses on enabling security vulnerability sharing rather than addressing cybersecurity threats as a risk area.
APPLIED MATERIALS INC /DE
Applied Materials operates extensively in semiconductor manufacturing technology development and global standards participation, directly aligning with the rule's focus on standards-related activities and technology sharing. The company's semiconductor systems and global services segments involve international technology collaboration and standards development that would be affected by export control regulations. The rule focuses on export control compliance and technology standards participation, while the company's disclosed risks are entirely financial and market-based (tax uncertainty, currency volatility, interest rates, debt valuation). There is no overlap with the rule's cybersecurity, technology sharing, or international standards development impacts.
ADVANCED MICRO DEVICES INC
AMD operates as a global semiconductor company that designs high-performance computing technologies and actively participates in international standards development for hardware interfaces, security protocols, and computing architectures. The rule directly facilitates AMD's standards-related activities by removing export control barriers for technology sharing in international standards bodies, which is core to their business model of collaborating with ecosystem partners. The rule primarily addresses export control compliance and standards participation risks, which are not reflected in the company's disclosed risk factors. The company's risks focus on competition, manufacturing reliance, and industry cyclicality, with minimal overlap in regulatory or technology sharing areas covered by this rule.
Arista Networks, Inc.
Arista Networks operates extensively in networking technologies and software development, which are explicitly mentioned in the rule's market impacts for communications and networking technologies. The company's participation in standards development for networking protocols and cybersecurity aligns directly with the rule's focus on removing export control barriers for standards-related activities involving technology and software. The rule focuses on export controls and standards participation in technology sectors, while the company's disclosed risks are purely financial (interest rates, currency exchange) and investment-related with no mention of technology operations, export compliance, or international standards development. There is minimal overlap as currency fluctuations could theoretically affect international operations, but this is indirect and not a core focus of the rule.
BRUKER CORP
Bruker develops and exports advanced scientific instruments and technologies including magnetic resonance, mass spectrometry, X-ray, and superconducting materials that likely involve controlled technology and software subject to EAR regulations. The company's participation in international standards development for scientific instrumentation and potential technology sharing aligns with the rule's focus on standards-related activities and export controls. The rule primarily addresses export control compliance and technology sharing barriers in international standards development, which does not directly align with the company's disclosed risk factors. The company's regulatory compliance risks are generic and not specifically tied to export controls or standards activities, while its technology cybersecurity risk is more focused on integration challenges rather than international standards participation.
Dell Technologies Inc.
Dell Technologies operates extensively in multiple technology sectors explicitly mentioned in the rule's market impacts, including communications and networking technologies, cybersecurity, and standards development. As a major hardware and software manufacturer, Dell participates in international standards bodies for product interoperability and security, and engages in technology sharing and conformity assessment activities that fall directly under this rule's revised export control provisions. The rule primarily addresses export control compliance and technology sharing risks in international standards development, which does not directly align with the company's disclosed risk factors. The company's regulatory compliance risks focus on general compliance obligations rather than specific export control or standards participation concerns, resulting in minimal risk factor overlap.
Credo Technology Group Holding Ltd
Credo Technology Group operates directly in the technology and standards development space, designing and marketing high-speed connectivity solutions for AI applications, which aligns with the rule's focus on standards-related activities in critical technologies. The company collaborates with standards bodies and develops software/IP solutions that would benefit from the reduced export control barriers for participation in international standards development. The rule focuses on export controls for standards-related activities and technology sharing, which does not align with the company's risk profile centered around consumer credit, lending practices, and financial regulations. The company operates in consumer finance with no mention of technology standards development, international standards participation, or export control compliance in its risk factors.
F5, INC.
F5 operates as a multicloud application security and delivery provider with significant international operations, developing and distributing software and technology that likely includes cryptographic functionality and communications/networking technologies covered by this rule. The company's global standards participation, technology sharing activities, and cybersecurity focus directly align with the rule's provisions for standards-related activities and export control exemptions. The rule primarily addresses export control compliance and technology sharing risks in international standards development, which does not align with the company's disclosed risk profile focused on financial stability, tax liabilities, and supply chain commitments. The company's single regulatory compliance risk relates to tax uncertainty, not export controls or technology standards participation.
CISCO SYSTEMS, INC.
Cisco Systems operates extensively in communications and networking technologies, which are explicitly mentioned markets impacted by this rule. As a major technology company developing hardware and software products, Cisco participates in international standards development activities and would benefit from reduced export control barriers for legitimate standards-related activities. The rule primarily addresses export control compliance and technology sharing barriers in standards development, which does not align with the company's disclosed risk factors. The company's regulatory compliance risk relates to taxation changes, not export controls or standards participation, resulting in minimal relevance.
Hewlett Packard Enterprise Co
HPE operates extensively in technology development and standards-related activities, particularly in networking, communications, and cybersecurity technologies that are explicitly mentioned in the rule's market impacts. As a major technology company, HPE participates in international standards bodies and develops products that would benefit from the reduced export control barriers for technology sharing and standards participation. The rule focuses on export control compliance for standards-related activities and technology sharing, which does not align with the company's disclosed risk factors that are primarily financial (merger financing, cash repatriation, share repurchases) and regulatory approval risks for a specific acquisition. The company's single regulatory compliance risk relates to acquisition approvals, not export controls or standards participation.
Keysight Technologies, Inc.
Keysight Technologies operates extensively in communications and networking technologies, quantum information technologies, and positioning/navigation services - all key markets explicitly mentioned in the rule's impact analysis. As a major provider of electronic design and test equipment, Keysight participates in international standards development for measurement and testing protocols, making its standards-related activities directly subject to these EAR amendments. The rule primarily addresses export control compliance and technology sharing barriers in standards development, which does not align with the company's disclosed risk factors focused on tax obligations, customer demand fluctuations, and R&D investment uncertainties. There is minimal overlap as the company's single regulatory compliance risk relates to tax rules, not export controls or standards participation.
NVIDIA CORP
NVIDIA operates extensively in critical technology sectors targeted by this rule, including AI, data analytics, networking technologies, and autonomous driving systems that require international standards participation. The company's full-stack computing infrastructure and technology sharing activities directly align with the rule's focus on removing export control barriers for standards-related activities in emerging technologies. The rule primarily addresses export control compliance and technology sharing barriers in standards development, which does not directly align with the company's identified risks of macroeconomic factors, accounting estimates, geopolitical conflict, demand fluctuations, or product development disruption. There is minimal overlap as the rule's focus on regulatory compliance for standards-related activities only weakly connects to the company's general regulatory compliance risk without specific export control or standards development context.
EXTREME NETWORKS INC
Extreme Networks operates in networking equipment and security technologies, which are explicitly mentioned in the rule's market impacts for communications/networking technologies and cybersecurity. The company's international operations and technology development activities align directly with the rule's focus on standards-related activities and export controls for technology sharing in global standards forums. The rule primarily addresses export control compliance and technology sharing barriers in standards development, which does not align with the company's disclosed risk factors focused on market competition, pricing pressure, and third-party dependencies. The only minimal connection is through the 'technological shifts' risk, as the rule could potentially affect how the company adapts to standards-related technological changes, but this is indirect and not a primary concern in their risk profile.
QUALCOMM INC/DE
QUALCOMM operates extensively in communications and networking technologies through its QCT semiconductor division and QTL licensing business, directly participating in international standards development for wireless technologies like 5G where export controls on technology sharing would significantly impact its operations. The rule's focus on removing barriers for U.S. companies in standards-related activities aligns perfectly with QUALCOMM's core business model of developing and licensing standardized wireless technologies. The rule focuses on export control compliance for standards-related activities and technology sharing, which does not align with the company's disclosed financial and operational risks such as goodwill impairment, tax estimation, revenue recognition, and inventory valuation. There is minimal overlap as the company's single regulatory compliance risk relates to tax matters rather than export controls or technology standards.
Qorvo, Inc.
Qorvo operates as a global technology developer in wireless, wired, and power markets, directly engaging in standards-related activities for connectivity and sensor solutions where export controls on technology sharing would apply. The rule's focus on enabling participation in international standards development and technology sharing aligns with Qorvo's business model of developing and commercializing technologies across high-performance analog, connectivity, and advanced cellular segments. The rule primarily addresses export control compliance and standards participation barriers, which do not align with the company's disclosed cybersecurity incident risk. The rule's cybersecurity information sharing provision is a minor secondary aspect that might provide some indirect benefit but does not directly address the company's cybersecurity incident risk profile.
RAMBUS INC
Rambus operates as a global semiconductor company with significant technology development and IP licensing activities that directly involve standards-related activities in memory and security technologies. The company's participation in international standards development for memory interfaces and security solutions aligns strongly with the rule's focus on removing export control barriers for U.S. companies in standards development. The rule primarily addresses export control compliance and standards participation barriers, which do not align with the company's disclosed cybersecurity threat risk. While the rule mentions enabling cybersecurity information sharing as a secondary benefit, this is not the core focus and does not directly mitigate the company's operational cybersecurity disruption risks.
TELEDYNE TECHNOLOGIES INC
Teledyne Technologies operates extensively in defense, aerospace, and advanced technology sectors that develop and export sophisticated electronic components, sensors, and systems subject to export controls. The company's participation in international standards development for high-reliability technologies aligns directly with the rule's focus on removing export barriers for standards-related activities involving controlled items. The rule primarily addresses export control compliance and technology sharing barriers, which does not directly align with the company's disclosed risk factors. The company's regulatory compliance risks focus on trade sanctions and tariffs rather than export administration regulations, and its cybersecurity threats concern information loss rather than standards participation barriers.
TRIMBLE INC.
Trimble operates extensively in positioning, navigation and timing services - a core market explicitly mentioned in the rule's impacts. The company develops and shares technology for standards-related activities in geospatial and construction industries, directly aligning with the rule's focus on removing export control barriers for U.S. companies participating in international standards development. The rule primarily addresses export control compliance and standards participation barriers, which do not align with the company's identified cybersecurity breach risks. The company's single risk factor focuses on operational disruptions and customer trust from cybersecurity incidents, while the rule facilitates technology sharing and standards participation with minimal direct cybersecurity risk mitigation.
TEXAS INSTRUMENTS INC
Texas Instruments designs and manufactures semiconductors, including analog and embedded processing products that are fundamental to critical technologies like communications, networking, and positioning/navigation services mentioned in the rule. As a major U.S. semiconductor company participating in international standards development for technology interoperability and security, they would benefit significantly from reduced export control barriers for standards-related activities. The rule primarily addresses export control compliance and standards participation risks, which are not reflected in the company's disclosed risk factors. The company's risks focus on operational, financial, and market competition issues rather than regulatory compliance with export administration or standards development activities.
HP INC
HP Inc. is a major technology company that develops and exports hardware, software, and technology solutions globally, including cryptographic functionality and communications/networking technologies explicitly mentioned in the rule's market impacts. The company participates in international standards development for computing, printing, and cybersecurity technologies, making it directly affected by the revised export control provisions for standards-related activities. The rule focuses on export control compliance and technology standards participation, which does not align with the company's disclosed financial and operational risks such as debt obligations, pension liabilities, and interest rate exposure. There is minimal overlap as the company's only regulatory risk relates to local government funding requirements, not export controls or international standards development.
LATTICE SEMICONDUCTOR CORP
Lattice Semiconductor develops programmable logic semiconductors and system solutions for communications, computing, industrial automation, and automotive markets, all involving technology development and standards participation. The rule facilitates U.S. company leadership in international standards development for critical technologies like communications, networking, and quantum information, directly aligning with Lattice's business operations in 5G infrastructure, IoT, and advanced computing systems. The rule primarily addresses export control compliance and standards participation risks, which are not reflected in the company's disclosed risk factors. The company's risks focus on operational, financial, and market competition issues rather than regulatory compliance with export administration or standards development activities.
MERCURY SYSTEMS INC
Mercury Systems operates extensively in defense technology with significant signal processing, digital data processing, and integrated solutions that involve technology development and international standards participation. The company's focus on cybersecurity, technology sharing, and international markets directly aligns with the rule's provisions for standards-related activities and export control exemptions for legitimate technology development and security information sharing. The rule primarily addresses export control compliance and technology sharing barriers, which do not align with the company's disclosed risk factors focused on financial constraints, cybersecurity threats, workforce reductions, and defense sector dependence. The only minimal connection is through the company's cybersecurity risk, as the rule enables security vulnerability sharing, but this is not a core focus of the company's stated cybersecurity concerns.
Motorola Solutions, Inc.
Motorola Solutions operates extensively in communications and networking technologies, which are explicitly mentioned markets impacted by this rule. The company's global technology design and advancement activities, including participation in standards development for public safety communications, directly align with the rule's focus on removing export control barriers for standards-related activities. The rule primarily addresses export control compliance and international standards participation risks, which are not reflected in the company's disclosed risk factors. The company's risks focus on financial obligations, legal claims, and goodwill impairment, with no mention of export regulations, technology sharing, or international standards development.
MACOM Technology Solutions Holdings, Inc.
MACOM Technology Solutions designs, develops, manufactures and markets semiconductors and modules across industrial & defense, data center, telecom, and RF markets, all involving technology and software that would be subject to export controls under the EAR. The company's participation in international standards development for semiconductors and communications technologies directly aligns with the rule's focus on standards-related activities and export control compliance. The rule primarily addresses export control compliance barriers for standards development activities, which only partially aligns with the company's general 'export control regulations' risk. The company's other major risks (supply chain, competition, cybersecurity, manufacturing) show minimal overlap with this specific standards-related export rule.
NXP Semiconductors N.V.
NXP Semiconductors operates as a global semiconductor company with extensive intellectual property and technology development activities that directly participate in international standards development for critical technologies like communications, networking, and security - all core markets addressed by this rule. The company's technology sharing, standards participation, and export activities align perfectly with the rule's focus on removing export control barriers for legitimate standards-related activities. The rule primarily addresses export control compliance and technology sharing risks in standards development, which does not align with the company's disclosed risk factors focused on market volatility, financial liquidity, inventory management, tax law changes, and supply chain security. There is minimal overlap as the rule's cybersecurity information sharing aspect only weakly connects to the company's general technology cybersecurity risk without specific export control or standards participation context.
ROCKWELL AUTOMATION, INC
Rockwell Automation operates extensively in industrial automation software and control systems, which involve technology development and standards participation that fall directly under this rule's scope for standards-related activities and export controls. The company's Software & Control segment develops control software, visualization tools, and cybersecurity infrastructure that would be subject to EAR regulations when shared in international standards development. The rule primarily addresses export control compliance and technology sharing barriers in international standards development, which does not align with the company's disclosed risk factors focusing on financial performance, employee retention, tax changes, and technology integration challenges. There is minimal overlap as the company's regulatory compliance risk category is generic and not specifically tied to export controls or standards participation.
RTX Corp
RTX Corp operates extensively in aerospace, defense, and communications technologies through its Collins Aerospace, Pratt & Whitney, and Raytheon segments, all of which involve standards-related activities in critical technologies covered by this rule. The company develops and exports technology and software for positioning, navigation, communications, and cybersecurity systems that would be subject to the EAR's standards-related provisions. The rule focuses on export controls for standards-related activities and technology sharing, which does not align with the company's disclosed risk factors related to cybersecurity, data privacy, regulatory compliance, and operational risks. The company's operations in financial services and healthcare do not involve significant international standards development or export-controlled technology sharing that would be affected by this rule.
SILICON LABORATORIES INC.
Silicon Laboratories operates directly in the technology and software development markets targeted by this rule, specifically in communications and networking technologies where standards participation is critical. The company's integrated hardware/software platform and development tools would benefit from reduced export control barriers for standards-related activities, enabling enhanced international collaboration and leadership in standards development. The rule primarily addresses export control compliance and international standards participation risks, which are not among the company's disclosed risk factors. The company's cybersecurity risk (threats and IT failures) has minimal overlap with the rule's focus on security vulnerability sharing with Entity List entities, but this is indirect and not a primary concern in their risk profile.
SEMTECH CORP
Semtech operates extensively in communications and networking technologies through its Signal Integrity and IoT Systems segments, developing products that would participate in standards-related activities for interoperability and compliance. The company's focus on design and development of technology products, including cryptographic functionality in IoT solutions, directly aligns with the rule's scope for export control exemptions in standards development. The rule primarily addresses export control compliance and standards participation barriers, which do not align with the company's disclosed risk of information system disruptions. The company's single cybersecurity risk focuses on operational disruptions rather than export controls or standards development participation.
VERIZON COMMUNICATIONS INC
Verizon operates extensively in communications and networking technologies, which are explicitly mentioned markets impacted by this rule. As a major telecommunications provider, Verizon participates in standards development activities for network protocols, cybersecurity, and emerging technologies, making it directly subject to the EAR revisions regarding technology sharing in standards-related activities. The rule primarily addresses export control barriers for technology standards participation and cybersecurity information sharing, which does not align with the company's disclosed risk factors focused on wireless revenue decline, Fios video pressure, and prepaid competition. The single technology cybersecurity risk mentioned is too vague to establish meaningful connection to the rule's specific standards-related export control provisions.
WESTERN DIGITAL CORP
Western Digital develops and manufactures storage technologies that involve cryptographic functionality and participates in international standards development for data storage and security protocols, directly aligning with the rule's focus on standards-related activities and technology sharing. The company operates in markets explicitly mentioned in the rule's impacts, including communications and networking technologies where standards participation is critical. The rule focuses on export control compliance for standards-related activities and technology sharing, which does not align with the company's disclosed risk factors. The company's risks are primarily financial (cash flow, foreign holdings, tax payments) and operational (vendor terms, data security), with no mention of export controls, international standards participation, or technology transfer regulations.