Foreign Technology Supply Chain Security Corrections
Summary
The Department of Commerce is correcting a final rule that appeared in the Federal Register on December 6, 2024. This final rule revises the regulations on the Department of Commerce's review of transactions involving information and communications technology and services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary that may pose undue or unacceptable risk to the United States or U.S. persons. That rule inadvertently omitted instructions to update certain regulatory language included in the rule. This document corrects the omissions in the December 6, 2024 rule.
Compliance Requirements
- #1
Amend § 791.3 by revising paragraphs (a) introductory text, (a)(2) and (4), and (b) and removing paragraph (c); Amend § 791.100 by: a. Revising paragraphs (a) introductory text and (a)(6) through (8); b. Adding paragraph (a)(9); and c. Revising paragraphs (c) introductory text, (d) introductory text, (d)(5), and (e)
Deadline: 2025-02-04(February 4, 2025)
Market Impacts
Enhanced regulatory review of ICTS transactions involving entities owned by, controlled by, or subject to the jurisdiction of foreign adversaries that may pose undue or unacceptable risk to the United States or U.S. persons
Action Items
Review and update § 791.3 regulatory language
Update the introductory text for paragraph (a) in § 791.3 as corrected in this document, ensuring compliance with the revised regulatory requirements for ICTS transactions
Review and update § 791.100 regulatory language
Update the introductory text for paragraph (a) and paragraphs (a)(6) through (8) in § 791.100, add new paragraph (a)(9), and revise paragraphs (c) introductory text, (d) introductory text, (d)(5), and (e) as specified in the correction
Implement corrections by February 4, 2025
Ensure all regulatory language corrections specified in this document are fully implemented and compliant by the effective date of February 4, 2025
Verify compliance with corrected § 791.3 and § 791.100
Conduct thorough review of current practices against the corrected regulatory text in §§ 791.3 and 791.100 to ensure all requirements are met, particularly regarding ICTS transactions involving foreign adversaries
Estimated Monetary Impact
Basis: This document is a correction notice that only addresses omitted instructions to update regulatory language in §§ 791.3 and 791.100. It contains no information about monetary impacts, costs, penalties, or benefits for any company size. The correction itself imposes no new requirements or changes that would create costs or benefits.; Action items: Based on industry standards for regulatory compliance updates involving ICTS transactions and foreign adversary requirementsConfidence: 70%
Small Companies
< $10M
Costs
Implementation: $12.5K
Ongoing/yr: $3.8K
Penalties: $0
Benefits
Efficiency: $0
New Revenue: $0
Risk Reduction: $0
Net Impact: $3.8K/yr
Medium Companies
$10M - $100M
Costs
Implementation: $22.5K
Ongoing/yr: $6K
Penalties: $0
Benefits
Efficiency: $0
New Revenue: $0
Risk Reduction: $0
Net Impact: $6K/yr
Large Companies
> $100M
Costs
Implementation: $45K
Ongoing/yr: $12K
Penalties: $0
Benefits
Efficiency: $0
New Revenue: $0
Risk Reduction: $0
Net Impact: $12K/yr
Validated Company Impacts
Liberty Broadband Corp
Liberty Broadband operates as a major broadband connectivity and cable operator providing information and communications technology services (ICTS) through its Spectrum brand across 41 states, directly aligning with the rule's focus on ICTS supply chain security. The company's extensive network infrastructure and service delivery would likely be subject to enhanced regulatory review of transactions involving foreign adversaries.
Liberty Global Ltd.
Liberty Global Ltd. operates as a major international telecommunications and broadband provider, directly engaging in information and communications technology services (ICTS) that fall under this rule's jurisdiction. The company's extensive supply chain and technology transactions involving foreign entities could be subject to enhanced regulatory review for potential national security risks.
Apple Inc.
Apple Inc. designs, manufactures, and markets information and communications technology products including smartphones, computers, tablets, and wearables, directly falling under the ICTS supply chain regulations. The company operates globally with significant manufacturing and supply chain relationships that could involve foreign entities subject to enhanced regulatory review under this rule.
Astera Labs, Inc.
Astera Labs operates in the semiconductor industry, which is a critical component of Information and Communications Technology and Services (ICTS) supply chains. As a fabless semiconductor company that relies on third-party manufacturing partners, its operations could be subject to enhanced regulatory review of ICTS transactions involving foreign entities that may pose supply chain risks.
APPLIED MATERIALS INC /DE
Applied Materials operates directly in the Information and Communications Technology and Services (ICTS) supply chain as a leading manufacturer of semiconductor fabrication equipment and display technology, which falls under the rule's jurisdiction for transactions involving foreign adversaries. The company's global operations and critical role in semiconductor production make it highly likely to be subject to enhanced regulatory review of ICTS transactions.
ADVANCED MICRO DEVICES INC
AMD operates directly in the Information and Communications Technology and Services (ICTS) sector as a global semiconductor company that designs and manufactures high-performance computing products, which are explicitly covered by this rule's scope. The company's international operations and technology supply chain activities involving foreign entities would subject it to enhanced regulatory review under these ICTS transaction regulations.
Arista Networks, Inc.
Arista Networks operates directly in the Information and Communications Technology and Services (ICTS) sector through its data center, cloud, and AI networking solutions, which fall under the rule's jurisdiction for transactions involving foreign adversaries. The company's business model of designing, developing, and supplying networking technology aligns with the rule's focus on ICTS supply chain security, indicating significant regulatory impact.
AST SpaceMobile, Inc.
AST SpaceMobile operates directly in the Information and Communications Technology and Services (ICTS) sector by providing satellite-based cellular broadband connectivity and developing communication services through satellites, which falls under the regulatory review scope for ICTS transactions involving potential foreign adversary risks. The company's agreements with major US carriers like AT&T and Verizon, along with its focus on US operations, make it subject to enhanced regulatory scrutiny under this rule.
Broadcom Inc.
Broadcom operates extensively in the semiconductor and ICTS supply chain, developing critical technology components that fall directly under the rule's jurisdiction for transactions involving information and communications technology. As a major supplier to global OEMs and distributors, Broadcom's business activities would be subject to enhanced regulatory review of ICTS transactions with potential foreign adversaries.
CALIX, INC
Calix operates directly in the Information and Communications Technology and Services (ICTS) sector by developing and selling appliance-based platforms, cloud services, and managed services to service providers. As a U.S.-based company with primary focus in North America, its transactions involving technology supply chains could fall under the enhanced regulatory review for ICTS transactions with foreign adversaries, making it clearly affected by this rule.
COGENT COMMUNICATIONS HOLDINGS, INC.
Cogent Communications is a major provider of Internet access and private network services, directly operating in the Information and Communications Technology and Services (ICTS) sector targeted by this rule. The company's extensive network operations, international connectivity services, and reliance on telecommunications infrastructure make it highly likely to be subject to enhanced regulatory review of ICTS transactions involving foreign entities.
CHARTER COMMUNICATIONS, INC. /MO/
Charter Communications operates as a major telecommunications and broadband provider, directly engaging in information and communications technology and services (ICTS) that fall under this rule's jurisdiction. The company's extensive network infrastructure, data services, and technology supply chain involving foreign vendors would subject it to enhanced regulatory review of transactions that may pose risks from foreign adversaries.
CIENA CORP
CIENA CORP operates directly in the Information and Communications Technology and Services (ICTS) sector, manufacturing and supplying networking equipment and services that fall under the jurisdiction of this rule. The company's business model involving sales and transactions with customers makes it subject to enhanced regulatory review of ICTS transactions involving potential foreign adversary risks.
CELESTICA INC
Celestica operates directly in the Information and Communications Technology and Services (ICTS) sector through its Connectivity and Cloud Solutions segment, which includes communications equipment, servers, and storage systems - all core ICTS components subject to supply chain security regulations. As a global electronics manufacturer with supply chain operations involving foreign-sourced components, the company would be significantly affected by enhanced regulatory reviews of ICTS transactions involving foreign adversaries.
Credo Technology Group Holding Ltd
Credo Technology designs and sells information and communications technology solutions including high-speed connectivity products and software for AI-driven applications, directly falling under the ICTS supply chain regulations. The company's business model involves designing technology solutions and collaborating with manufacturing partners, making it subject to enhanced regulatory review of transactions involving foreign entities that could pose security risks.
CISCO SYSTEMS, INC.
Cisco Systems operates directly in the Information and Communications Technology and Services (ICTS) market, designing, developing, and manufacturing networking hardware, software, and services that fall under this rule's jurisdiction. As a principal in transactions delivering hardware and software, Cisco's business model involves international supply chains and technology transfers that would be subject to enhanced regulatory review for potential foreign adversary risks.
Dell Technologies Inc.
Dell Technologies is a major global provider of information and communications technology (ICTS) products and services, including hardware, software, and cloud solutions, which directly falls under the rule's scope. As a company that designs, develops, manufactures, and supplies ICTS, and engages in international transactions, it would be significantly affected by enhanced regulatory reviews of such activities involving foreign adversaries.
EXTREME NETWORKS INC
Extreme Networks operates directly in the Information and Communications Technology and Services (ICTS) sector, providing networking equipment and security services that fall under the rule's jurisdiction. As a U.S.-based company with significant domestic operations, it would be subject to enhanced regulatory review of ICTS transactions involving foreign entities that could pose risks to U.S. national security.
F5, INC.
F5 operates as a multicloud application security and delivery provider with significant ICTS operations including software, SaaS, managed services, and hardware systems that fall directly under the rule's jurisdiction for securing information and communications technology supply chains. The company's global operations and technology infrastructure make it subject to enhanced regulatory review of transactions involving potential foreign adversary risks.
Fortinet, Inc.
Fortinet operates directly in the Information and Communications Technology and Services (ICTS) sector as a cybersecurity provider, designing and developing secure networking and communications technology that falls under the rule's jurisdiction. The company's global operations and technology supply chain would be subject to enhanced regulatory review for transactions involving foreign entities that could pose security risks.
Frontier Communications Parent, Inc.
Frontier Communications operates as a major provider of information and communications technology services through its fiber-optic and copper broadband networks, directly falling under the ICTS supply chain regulations. The company's critical infrastructure role in providing high-speed connectivity to 3.1 million customers across 25 states makes it subject to enhanced regulatory review of transactions involving foreign adversaries.
Gogo Inc.
The rule directly addresses cybersecurity threats in information and communications technology, which aligns perfectly with the company's top risk factors including cybersecurity threats, insufficient controls, and new technology risks. The enhanced regulatory review of ICTS transactions specifically targets the exact risk areas the company has identified as material to its business operations.
Globalstar, Inc.
Globalstar operates directly in the Information and Communications Technology and Services (ICTS) sector through its satellite-based wireless communications and terrestrial mobile broadband networks, which fall under the rule's jurisdiction for transactions involving foreign adversaries. The company's core business of providing communications services via satellite technology aligns with the enhanced regulatory review requirements for ICTS supply chain security.
Hewlett Packard Enterprise Co
HPE is a major global provider of information and communications technology (ICTS) products and services, including servers, storage, networking equipment, and cloud services, which directly falls under the rule's scope targeting ICTS supply chain security. As a U.S.-based company with extensive international operations and supply chains, HPE would be significantly affected by enhanced regulatory reviews of transactions involving foreign adversaries.
HP INC
HP Inc. operates extensively in the Information and Communications Technology and Services (ICTS) sector, manufacturing and supplying computing hardware, printers, and related services that fall directly under this rule's jurisdiction. As a major U.S. technology company with global supply chains, HP's transactions involving foreign-sourced components and services would be subject to enhanced regulatory review under these ICTS security regulations.
Lumentum Holdings Inc.
Lumentum operates directly in the Information and Communications Technology and Services (ICTS) sector through its Cloud & Networking segment, supplying optical and photonic components to network operators and equipment manufacturers, which falls under the rule's jurisdiction for reviewing ICTS transactions involving foreign adversaries. The company's business model of supplying critical technology components to communications infrastructure aligns with the rule's focus on securing the ICTS supply chain against potential risks from foreign entities.
LOGITECH INTERNATIONAL S.A.
Logitech designs, develops, and manufactures information and communications technology products including computer peripherals, video conferencing equipment, and software solutions that fall directly under the ICTS supply chain regulations. As a global technology company with significant U.S. market presence and supply chain operations involving foreign manufacturing, it would be subject to enhanced regulatory review of transactions involving potential foreign adversaries.
LATTICE SEMICONDUCTOR CORP
Lattice Semiconductor operates directly in the Information and Communications Technology and Services (ICTS) sector through its communications and computing market segment, developing semiconductor products for 5G wireless infrastructure, switches, routers, and computing systems. As a technology company designing and supplying ICTS components that could be subject to foreign supply chain risks, it clearly falls under the regulatory scope of enhanced review for ICTS transactions involving potential foreign adversary risks.
MERCURY SYSTEMS INC
Mercury Systems operates extensively in information and communications technology (ICTS) through its signal processing, digital data processing, and integrated processing solutions segments, which fall directly under the rule's jurisdiction. The company's focus on cybersecurity, supply chain management, and trusted microelectronics aligns with the rule's requirements for reviewing ICTS transactions involving foreign adversaries to mitigate undue risks.
Motorola Solutions, Inc.
Motorola Solutions operates directly in the Information and Communications Technology and Services (ICTS) sector through its LMR Communications, Video technologies, and Command Center software, which fall under the rule's jurisdiction for transactions involving foreign adversaries. The company's global operations and technology supply chain make it subject to enhanced regulatory review requirements for ICTS transactions that may pose national security risks.
MACOM Technology Solutions Holdings, Inc.
The rule's focus on securing ICTS supply chains and addressing foreign adversary risks directly aligns with the company's cybersecurity threats and export control regulations risk factors. The enhanced regulatory review requirements would materially impact the company's operations and compliance costs in these specific risk areas.
NVIDIA CORP
NVIDIA operates extensively in the Information and Communications Technology and Services (ICTS) sector through its data center, networking, and computing solutions, which directly fall under the rule's jurisdiction for transactions involving foreign adversaries. The company's hardware, software, and full-stack infrastructure are critical to ICTS supply chains, making it highly susceptible to enhanced regulatory reviews and compliance requirements under this rule.
NXP Semiconductors N.V.
NXP Semiconductors operates as a global semiconductor company, directly falling within the Information and Communications Technology and Services (ICTS) supply chain targeted by this rule. As a semiconductor manufacturer with international operations, the company's transactions involving foreign entities would be subject to enhanced regulatory review under these ICTS supply chain security regulations.
QUALCOMM INC/DE
QUALCOMM operates directly in the Information and Communications Technology and Services (ICTS) sector through its QCT segment, which involves designing, developing, and manufacturing integrated circuit products for wireless communications. The company's extensive international supply chain and technology transactions with global partners fall squarely under the rule's jurisdiction for enhanced regulatory review of ICTS transactions involving potential foreign adversary risks.
Qorvo, Inc.
Qorvo operates as a global leader in wireless, wired, and power markets, developing and commercializing information and communications technology (ICTS) products including connectivity, sensor, and cellular solutions. These activities directly fall under the rule's scope of ICTS transactions subject to enhanced regulatory review when involving foreign adversaries.
SANMINA CORP
Sanmina is a global provider of integrated manufacturing solutions and components for ICTS sectors including communications networks and cloud infrastructure, directly aligning with the rule's focus on information and communications technology and services supply chain security. The company's extensive manufacturing of printed circuit boards, backplanes, and optical/RF/microelectronic design services falls under ICTS transactions subject to enhanced regulatory review for foreign adversary risks.
SILICON LABORATORIES INC.
Silicon Laboratories Inc. operates directly in the Information and Communications Technology and Services (ICTS) sector by providing integrated hardware and software platforms for industrial, commercial, home, and life applications, which falls squarely under the rule's jurisdiction. The company's business model involving design, development, and supply of technology products could be subject to enhanced regulatory review for transactions involving foreign adversaries.
SEMTECH CORP
Semtech operates directly in the ICTS supply chain through its Signal Integrity and IoT Systems segments, designing and developing optical/copper communications products and IoT solutions that fall under the rule's jurisdiction. The company's outsourced manufacturing model and global operations create potential exposure to transactions involving foreign entities that would be subject to enhanced regulatory review under this rule.
SYNAPTICS Inc
Synaptics operates as a fabless semiconductor supplier developing mixed-signal solutions for IoT, enterprise, and automotive markets, directly aligning with the ICTS supply chain regulations. The company's focus on sensing, processing, and connecting technologies falls squarely within the scope of information and communications technology services subject to enhanced regulatory review for foreign adversary risks.
AT&T INC.
AT&T operates directly in the Information and Communications Technology and Services (ICTS) sector as a major telecommunications provider, making it clearly subject to regulations governing ICTS supply chain security. The company's wireless, broadband, and video services involve technology transactions that could fall under enhanced regulatory review for foreign adversary risks.
TELEPHONE & DATA SYSTEMS INC /DE/
TDS operates directly in the Information and Communications Technology and Services (ICTS) sector through its wireless telecommunications, broadband, and voice services, which are explicitly targeted by this rule. The company's business activities involving technology supply chains and potential foreign-sourced components fall squarely under the rule's jurisdiction for enhanced regulatory review of transactions that may pose risks to U.S. national security.
T-Mobile US, Inc.
The rule's focus on cybersecurity threats and foreign adversary risks in ICTS transactions directly aligns with the company's top risk of cybersecurity threats and its technology cybersecurity risks category. The enhanced regulatory review requirements would materially impact the company's operations and compliance obligations, matching its identified regulatory compliance risks.
VIAVI SOLUTIONS INC.
VIAVI Solutions operates directly in the Information and Communications Technology and Services (ICTS) sector as a global provider of network test, monitoring, and assurance solutions, which falls under the regulatory scope of ICTS supply chain security rules. The company's business model involving market leadership in 5G wireless, network equipment testing, and government/avionics communications aligns with transactions that could be subject to enhanced review for foreign adversary risks.
Vertiv Holdings Co
Vertiv designs, manufactures, and services critical digital infrastructure including information and communications technology systems for data centers and networks, directly falling under the ICTS supply chain regulations. As a global company with operations in multiple regions, it engages in transactions involving technology that could be subject to enhanced regulatory review for foreign adversary risks.
VISHAY INTERTECHNOLOGY INC
Vishay Intertechnology manufactures discrete semiconductors and passive electronic components including MOSFETs, diodes, and optoelectronic components that fall directly within the Information and Communications Technology and Services (ICTS) supply chain regulated by this rule. As a global manufacturer supplying components essential to telecommunications, computing, and military/aerospace markets, the company's operations would be subject to enhanced regulatory review of transactions involving potential foreign adversary risks.
VERIZON COMMUNICATIONS INC
Verizon Communications Inc operates as a major telecommunications provider in the information and communications technology sector, directly falling under the ICTS scope of this rule. The company's extensive network infrastructure, technology services, and supply chain operations involving foreign vendors would be subject to enhanced regulatory review for transactions that may pose risks from foreign adversaries.
WESTERN DIGITAL CORP
Western Digital is a major manufacturer of data storage devices and semiconductor technologies, which directly falls under the ICTS (Information and Communications Technology and Services) supply chain targeted by this rule. As a developer and supplier of critical storage solutions used by enterprises and public clouds, the company's operations involving foreign transactions would be subject to enhanced regulatory review for potential risks from foreign adversaries.