Compliance with export control regulations poses a growing challenge for participants in international trade in goods and providers of cross-border services. The size of the enterprise is irrelevant. Multinational corporations are subject to the same restrictions and consequences for infringement as small businesses or individuals. Every participant in trade must determine whether a planned export of goods, technologies or services requires a permit or completion of other formalities to avoid exposure to financial losses or criminal liability.
Control extends to more than just arms exports
While export control of arms and military equipment seems obvious, some businesses may not be aware that goods they produce with principally civilian applications may also be used for military purposes. And this means that they are subject to controls for exports of dual-use goods. The list of dual-use goods is an integral part of Council Regulation (EC) No 428/2009 of 5 May 2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items and includes over 2,000 descriptions of various types of equipment, measuring devices, materials, technology and software, such as certain carbon fibres, chemicals, steel products, telecommunications devices, navigation systems, encryption devices, and so on. The list of products and technologies subject to controls is regularly updated.
A comprehensive overhaul of the EU legislation in this area has just been adopted. A recast version of the regulation (Regulation (EU) 2021/821) was published in the Official Journal of the European Union on 11 June 2021 and enters into force on 9 September 2021. The key changes involve:
- Two new types of general export authorisations
- New requirements for internal compliance programmes and due diligence
- New controls for situations where an enterprise provides technical assistance related to dual-use items
- New means of control of end use of cyber-surveillance items
- Changes in the validity periods of authorisations and regulations governing storage of documentation.
Export controls cover export of products outside the EU, but certain high-risk goods referred to in Annex IV to Regulation 428/2009 are also subject to controls in the case of intra-EU transfers. And it should be mentioned that under national regulations, import or intra-EU transfer into Poland of dual-use items used in telecommunications or for information security are subject to notification of the monitoring body, i.e. the Internal Security Agency.
Apart from export restrictions due to the properties or intended use of goods, economic sanctions in force in the event of export of goods to certain countries and/or end users must also be borne in mind. The broad sectoral sanctions introduced last month against Belarus are the best example showing that sanctions apply not only to distant countries like Iran or North Korea.
Export controls apply not only to physical export of goods
A common error is to focus only on goods (or possibly components) which a company might send to customers abroad. But controls apply not only to goods, but also to certain services related to dual-use goods, such as forwarding of software and technology, technical assistance, and brokering services.
Thus export control regulations can apply for example to a company employee who uses conferencing software to conduct training on technologies subject to export controls for collaborators at a foreign office or a business partner outside the EU.
In the case of such “intangible transfers of technology,” the risk of non-compliance is increased because under the applicable regulations, it is not always clear whether or when an export within the meaning of the regulations has occurred. Under the current wording of Regulation 428/2009, controls apply when a technology is transmitted to a “destination” outside the EU, which creates room for differing interpretation of when an export is subject to control, for example if a technology is stored or made accessible in the cloud.
Export of a product not included in the list of controlled goods may nonetheless require authorisation
In light of their technical properties, some goods or components may not be included in the list of dual-use items subject to export controls, but in the future, after export, might be upgraded for use for example for production of chemical, biological or nuclear weapons. To prevent this, the regulation includes a catch-all clause allowing national authorities to control any product not included in the list when there is a suspicion that the export would violate non-proliferation regimes due to various factors, such as the identity of the importer, the country of destination, or the potential use of the goods.
The catch-all clause requires an exporter to notify the authorities of any transactions where the exporter is has grounds for suspecting that they may conflict with the regulations on dual-use goods. Businesses must apply due diligence, for example when engaging with entities that have been denied registration, screening end-users, and implementation of compliance procedures among their subcontractors.
Customs classifications don’t always coincide with export control classifications
Every dual-use item has a five-character alphanumeric designation known as an Export Control Number (ECN), which indicates the item’s category (e.g. computers), type (e.g. software), the system under which the item is subject to control (e.g. the Wassenaar Arrangement), and the specification.
Apart from the ECN, items also have an HS (Harmonized System) code, a standardised international system of names and numbers for classifying products for purposes of trade. The HS code is the basis for the Combined Nomenclature (CN) used for the EU’s Common Customs Tariff.
The European Commission has published a correlation table linking the customs codes (HS/CN) with the export control codes (ECN). But this tool must be used with caution, because the two systems have a different purpose, content and scope. Thus it is possible that one ECN might be linked with dozens of different HS/CN codes, while a single HS/CN code might correlate to several ECNs. Moreover, the HS/CN classification may not automatically relate to the ECCN classification, because the use (and the end user) of the item will also be a factor in determining whether the item is controlled.
American export control regulations apply not only to American entities
Many firms erroneously assume that because they do not have American capital or do not export to the US, they are not subject to American export controls or sanctions.
In reality, US law has such a broad scope that it regulates not only issues of export from US territory, but also the flow of goods and technologies originating in the US between third countries or between citizens of other countries.
Items will be subject to American export control regulations if they are goods, software or technology located in the US, produced in the US (wherever located), or produced outside the US with a value of American origin greater than de minimis. A similar regulation applies to certain foreign-made direct products of US-origin technology or software.
An even greater risk is posed by “secondary sanctions.” Primary sanctions, such as freezing of assets, ban citizens and firms from the country applying the sanctions from providing any forms of financial aid or intermediation with respect to financial institutions of the country covered by the sanctions. Import, export or transfer of certain categories of products may also be prohibited. Secondary sanctions, in turn, exert pressure on other participants in international trade to cease operations involving the country subject to the sanctions, at the risk of a ban on operating in the country imposing the primary sanctions. Secondary sanctions applied by the United States may also include imposition of the status of a “specially designated national”—a kind of black list of entities effectively cut off from the American market—as well as specific sanctions such as the inability to obtain a visa to travel to the US or a licence for items subject to US law.
To ensure the safety of business operations, it is essential first to objectively assess the risk, identifying suppliers, customers, brokers, goods or services that may raise concerns related to compliance with export regulations. Firms should introduce procedures to prevent exports in violation of applicable regulations, paying attention to all warning signals suggesting that a contracting party is attempting to evade sanctions or export control measures (e.g. a buyer unwilling to provide information on the end use or end user of an exported product). In their commercial contracts, suppliers and other parties should not only provide information about the country of origin and destination of products, but also undertake to ensure compliance with current regulations governing export controls and sanctions.
Anna Olejniczak-Michalska, attorney-at-law, Reprivatisation practice, Private Client practice, Wardyński & Partners