The German presidency of the Council and representatives from the European Parliament have recently agreed on an update to the EU Dual-Use Regulation.
The regulation controls items, software and technology that can be used for both civil and military purposes. Published last week, the update aims to:
- make the trade of dual-use goods more accountable, competitive and transparent; and
- promote human-rights compliance in an export-controls context.
Key take-aways and impact on exporters
Due diligence and specific monitoring will be required for exporters of cyber-surveillance technology to exclude items that could be used for internal repression, or violations of international human rights or humanitarian law.
New general authorisations
The introduction of two new general EU export authorisations will facilitate (and speed up) the export licensing process for certain software, technology and cryptographic goods.
Trade controls compliance programmes
The revised EU Dual-Use Regulation includes a general (non-binding) encouragement for exporters to implement internal export compliance programmes to strengthen EU-wide trade controls compliance.
Emphasis on cyber-surveillance items to mitigate human rights violations
Given the relatively high risk of cyber-surveillance technology being used in human rights violations, the new regime introduces stricter export controls for items that are 'specially designed to enable intrusion or deep packet inspection into information and telecommunications systems in order to conduct covert surveillance of persons by monitoring, extracting, collecting or analysing data, including biometrics data, from these systems. Items used for purely commercial applications such as billing, marketing, quality services, user satisfaction, network security etc. are considered to generally not entail such risks' (Recital 5 of the proposed regulation).
Even cyber-surveillance items that are not listed in Annex I of the updated regulation might be controlled (ie catch-all controls) if they are (or may be intended) for use in connection with internal repression and/or the commission of serious international human rights or humanitarian law violations.
Exporters would also have to notify the relevant EU member state's competent authority if they – after conducting due diligence – become aware that certain exports are intended for such purposes. We expect more detailed guidance to be published for exporters on the due diligence and reporting requirements.
The proposed regime also introduces an EU-wide co-ordination mechanism, allowing and obliging EU member state regulators to exchange information on national authorisation requirements for cyber-surveillance technology.
Two new general EU export authorisations
There will be two new EU general export authorisations, significantly facilitating the export licensing process for exports of certain goods to certain destinations:
- EU007 will facilitate intra-group exports of most software and technology listed in Annex I of the updated regulation to countries such as Argentina, India, Israel and South Africa.
- EU008 regulates the export of cryptographic goods to particular destinations, including Brazil, Mexico and South Korea.
Compliance management system obligation
According to the proposed regulation, exporters using global export authorisations would be obliged to implement an internal compliance management system unless the competent authority considers this unnecessary.
Greater co-operation between export licensing and customs authorities
The updated regulation provides for enhanced co-operation and information sharing between the export licensing and customs authorities.
Introduction of transmissible controls
Another novelty is the imposition of transmissible controls, allowing EU member states – under certain circumstances – to impose additional export-control requirements for items not listed in Annex I of the updated regulation that are subject to export-control authorisations in another EU member state.
New brokering provisions
In relation to the provision of brokering services, the definition of a broker will be expanded to also include non-EU persons who carry out brokering services from within the EU.
The amended draft EU Dual-Use Regulation will have to pass the EU parliamentary process. It is scheduled to come into force in the first half of 2021.