The U.S. Commerce Department has announced a proposed regulatory action to enhance security around the country’s information and communications technology and services supply chain.
The department’s proposed rule sets out to implement President Trump’s May 15 executive order that calls for increased protections against foreign adversaries that may use their information technology to carry out economic and industrial espionage against the U.S.
“These rules demonstrate our commitment to securing the digital economy while also delivering on President Trump’s commitment to our digital infrastructure,” said Commerce Secretary Wilbur Ross in a Nov. 26 statement.
The executive order authorized the commerce secretary, in consultation with other federal agencies such as the Department of Homeland Security and the Office of the Director of National Intelligence, to develop measures that prohibit transactions involving information and communications technologies “designed, developed, manufactured or supplied by persons owned by, controlled by or subject to the jurisdiction or direction of a foreign adversary,” the Commerce Department said.
The proposed rule may impact transactions involving managed services, software updates or repairs that were completed on or after the May 15 executive order, even if a contract was entered into prior to that date.
The department said the commerce secretary will “adopt a case-by-case, fact-specific approach to determine which transactions must be prohibited, or which can be mitigated, according to the requirements in the executive order.”
Under the proposed rule, if the Commerce Department determines that a technology transaction should be prohibited for security reasons, it will notify the parties to the transaction. These parties will have an opportunity to submit proposed measures to the department explaining how they would mitigate risks before a final determination is made.
“The [commerce] secretary will provide an unclassified, written final determination provided to the parties that, to the extent possible, explains how the decision is consistent with the terms of the executive order and, as appropriate, a summary of the final determination will also be made publicly available,” the Commerce Department said.
Public comments to the Federal Register notice announcing the proposed rule are due to the Commerce Department within the next 30 days.
The U.S. has imposed prohibitions on government procurement of information and communications technologies from certain Chinese companies, such as Huawei Technologies Ltd. Co. and ZTE Corp., due to national security concerns from their alleged connections to the Chinese government and business deals with foreign adversaries, such as Iran.