Published by The Lawfare Institute
in Cooperation With
In 2020, the U.S. Department of Commerce Bureau of Industry and Security (BIS) adopted new controls to target the Chinese government and Chinese entities such as Huawei. The new controls included the expansion of the Foreign Direct Product Rule (FDPR), which covers foreign-produced items that (a) are a direct product of certain U.S.-origin technology or software controlled for national security reasons or (b) are produced by plants, or major components of plants, that are a direct product of U.S.-origin technology. In May 2020, BIS amended the FDPR to “target Huawei’s acquisition of semiconductors that are the direct product of certain U.S. software and technology.” Despite credible reports of noncompliance by U.S. companies, BIS has not penalized any major company for violating the rules concerning Huawei. A Senate Committee on Commerce, Science, and Transportation minority committee report in October 2021, for example, confirmed that Seagate Technology, a leading global supplier of hard disk drives based in California, continued to ship hard disk drives to Huawei without a license after the Sept. 14, 2020, cutoff date set by the new FDPR. This post examines the FDPR within the broader context of U.S. export controls, documents the facts of the Seagate case and offers recommendations for tightening regulatory enforcement of the existing rules.
The Role of Export Control Laws
Export controls and sanctions help protect U.S. national security, promote U.S. foreign policy objectives, and mitigate against foreign adversaries’ military expansion by restricting transactions involving certain products or technology. The U.S. export control system is complex and involves several departments, laws and regulations. The three primary departments equipped with sets of regulations that control the export control system and sanctions are the departments of State, Treasury and Commerce. These powers include State’s U.S. Munitions List, which controls the distribution of defense and space-related articles and services; Treasury’s Office of Foreign Asset Control (OFAC) and Specially Designated Nationals List, which enforce economic and trade sanctions; and the Commerce’s BIS Export Administration Regulations (EAR) and Commerce Control List, which control the regulation of dual-use exports that have both military and civilian applications. The enforcement of export controls is a key part of fulfilling the U.S.’s foreign policy goals and national security objectives. Without adequate and consistent enforcement of these regulations, adversaries of the U.S. will acquire key technologies and weaponry.
BIS is responsible for the administration and enforcement of dual-use export controls and chairs an interagency process that includes the departments of Defense, State and Energy. Dual-use products refer to those technologies that have civil applications as well as applications related to terrorism, the military or weapons of mass destruction. BIS administers these controls through the EAR, which includes the Commerce Control List. A critical function of the export control laws is to prevent adverse actors from obtaining sensitive technology in areas where the United States has a strong technological advantage over other countries. In recent years, these regulations have increasingly been directed at Chinese entities as the Chinese government continues to expand its military-civilian fusion strategy, wherein technology used in private industry is co-opted by China’s military in furtherance of the country’s goal of developing the most technologically advanced military in the world. Chinese policies such as the Made in China 2025 plan create competitive advantages for China partly through the acquisition of emerging technologies from U.S. and other foreign firms. With the invasion of Ukraine, Russian firms now also face stricter controls under the EAR.
Violations of export control regulations are subject to strict liability, meaning an entity is liable regardless of whether it intended to violate the law or did so unintentionally. The rationale is that great harm can arise from such violations, regardless of intent. Larger criminal penalties can also be imposed for willful violations. Civil monetary penalties for violating the EAR can be approximately $300,000 per violation or twice the value of the underlying transaction, whichever is greater. Criminal penalties can include up to 20 years’ imprisonment, $1 million per violation, or both.
Export controls can be effective in curbing the transmission of technology and arms to adverse actors, but only when they are strictly enforced. Without an effective export control system that enacts strict penalties, more violations occur that damage U.S. interests. Violations of export controls also create an uneven playing field between companies that follow the law and those that bend the rules. For publicly traded companies that must maximize shareholder value, this uneven playing field means that complying companies are at a competitive disadvantage vis-à-vis noncompliant competitors and will lose revenue that helps to pay for research and development and product development; it can also lead to job losses. For some companies, noncompliance may be considered good business as violating the export controls may result in penalties that will be a fraction of the revenue the companies gained by violating the law.
Exporters’ Obligations and BIS Outreach
Companies that export, reexport or transfer goods subject to U.S. export control laws have a legal duty to keep themselves apprised of export control regulations and to understand their applicability to specific technologies and product lines. BIS regulations can be complex; recognizing that fact, BIS systematically engages in a variety of activities to clarify its regulations and their applicability. For example, BIS publishes FAQs on its website and engages in outreach efforts, such as site visits with companies, meetings with trade associations and individual exporters, and hotline advice. BIS also updates its rules to refine areas of particular complexity. Though companies typically do not seek to violate export control regulations, there have been instances where a company chooses to interpret export control regulations in a way that benefits the company, while not maintaining adherence to the spirit of the rules, despite the plethora of resources made available by BIS to enhance understanding of the rules. The responsibility of following and understanding the applicability of regulations lies with regulated entities. Exporters must pay attention to changes in the regulatory framework and seek guidance from BIS if they do not understand new rules.
BIS is aware that there is undercompliance with some of the rules it has implemented and has taken steps to address patterns of noncompliance. Most notably, BIS has focused on foreign parties that, when dealing with U.S. goods, are subject to the same rules as U.S. companies. Indeed, the single largest BIS enforcement fine arose from a settlement with a non-U.S. company. In 2017, ZTE Corporation, a Chinese partially state-owned technology company, agreed to pay over $1.19 billion in both criminal and civil penalties for conspiring to violate the International Emergency Economic Power Act (IEEPA) by illegally shipping U.S.-origin items to Iran, obstructing justice and making a false statement. Over the course of six years, ZTE Corporation had shipped more than $32 million of U.S.-origin items to Iran without obtaining export licenses and took steps to conceal the shipments. The criminal fine (over $286 million) is the largest criminal fine for an IEEPA violation. ZTE Corporation also reached settlement agreements with BIS ($661 million, with $300 million of that suspended) and OFAC. ZTE was punished for selling the items to Iran but also for masking its involvement in the exports and continuing illegal shipments during the investigation. ZTE Corporation’s plea agreement also required the company to submit to three years of corporate probation and corporate compliance monitoring.
Other foreign companies have been similarly penalized for illegally exporting controlled items to Iran. In August 2020, a $31.4 million civil monetary penalty was levied on the Singapore-based Nordic Maritime Pte. Ltd. and its chairman, Morten Innhaug, for using subsea survey equipment in Iranian waters, in violation of a BIS-issued reexport license. As well, in April 2021 SAP SE, a German software company, agreed to pay more than $8 million to resolve charges with the departments of Justice, Commerce and Treasury for violating the EAR and the Iranian Transactions and Sanctions Regulations. According to a Department of Justice press release, the company admitted to thousands of export violations spanning six years.
Huawei and the Entity List
The Entity List is a key regulatory tool in the export administration’s regulations for imposing targeted controls on malign actors. This includes entities believed to be involved in, or to pose a significant risk of being or becoming involved in, activities contrary to the national security or foreign policy interests of the United States. In May 2019, BIS added Huawei Technologies Co., Ltd. and many of its affiliates to the Entity List. Information that led to Huawei’s addition to the Entity List included alleged violations of the IEEPA and conspiracy to violate the IEEPA by providing prohibited financial services to Iran in addition to obstruction of justice in connection with the related investigation regarding those charges. In addition to flouting sanctions against Iran, Huawei was added to the list because under China’s military-civilian fusion strategy and its Belt and Road Initiative (BRI), “private” telecommunications companies such as Huawei were acting as a tool used by the Chinese Communist Party for influence and access. BIS anticipated that adding Huawei and its affiliates to the Entity List might also further obstruct Huawei’s goal of large-scale deployment of surveillance technologies through its “Safe Cities” project, which is funded by the BRI. This project aids governments in monitoring their citizens, and restricting Huawei’s import of U.S. technology has complicated Huawei’s global launch of its telecommunications infrastructure.
The addition of Huawei and its affiliates to the Entity List created a license requirement on the listed entities that supplemented those found elsewhere in the EAR. This means that under most circumstances the export, reexport, or transfer (in-country) of any item subject to the EAR to Huawei or any of its listed affiliates now requires a license. At the end of 2020, Huawei and its affiliates accounted for 153 entities on the Entity List.
Huawei’s CEO, Ren Zhengfei, told his staff in a memo to “dare to lead the world” in software to counter the financial hit the company has taken due to U.S. sanctions. Ren went on to say that the company needed to shift focus to software because the industry is “outside of U.S. control and we will have greater independence and autonomy.” The company has decided to invest more in businesses that do not use advanced process techniques, such as the company’s intelligent driving business.
Case Study: Foreign Direct Product Rule
Building upon the restrictions in the EAR described above, the FDPR further restricts the receipt of certain foreign-produced items (like those incorporating U.S. technology or software or produced by plants or major components of plants) by designated entities on the Commerce Department’s Entity List.
In May 2020, BIS amended the FDPR to “target Huawei’s acquisition of semiconductors that are the direct product of certain U.S. software and technology.” Specifically, this targeted rule change made the following foreign-produced items subject to the EAR:
- Items, such as semiconductor designs, when produced by Huawei and its affiliates on the Entity List (like HiSilicon) that are the direct product of certain Commerce Control List software and technology; and
- Items, such as chipsets, when produced from the design specifications of Huawei or an affiliate on the Entity List (such as HiSilicon) that are the direct product of certain Commerce Control List semiconductor manufacturing equipment located outside the United States.
Such foreign-produced items will require a license only when there is knowledge that they are destined for reexport, export from abroad, or transfer (in-country) to Huawei or any of its affiliates on the Entity List. BIS removed uncertainty by clarifying that any foreign-produced wafer, the circular substrate for integrated circuits, is unequivocally a foreign-produced item, whether the wafer is finished or unfinished.
In August 2020, Commerce amended the Huawei FDPR rule to clarify that the restrictions apply not only where Huawei is the end user of the item but also to any transaction where Huawei is the purchaser or otherwise serves as an intermediate consignee. The previous version of the rule restricted the transfer of items to Huawei only if Huawei had some input as to the design or specifications of the final item. The latest revision eliminates that proviso and places restrictions on any transactions involving the items identified where Huawei is involved in any way as an end user, purchaser, or intermediate or ultimate consignee, absent a license from BIS. (Applications for such licenses are usually denied.)
The rule even prohibits “commercial off the shelf” products from being delivered to Huawei if they are either the direct product of specified software or technology or produced by a plant or major component of a plant that is, itself, the direct product of specified U.S.-origin software or technology. This amendment effectively bars the sale of most high-tech devices to Huawei, as all high-tech devices use chips and most modern chips are designed using software developed in the U.S. and are fabricated using equipment partly made in the U.S.
The rule also clarified issues of intent for individuals involved in transactions. If a person has “knowledge” that such an item will be incorporated into or will be used in the “production” or “development of any “part,” “component,” or “equipment” produced, purchased, or ordered by Huawei, then a person cannot export, reexport, or transfer such an item to Huawei. Further, if a person has “knowledge” that Huawei is acting as a purchaser or intermediate consignee in a transaction—regardless of the ultimate end user of the item—the transfer of any such item is also prohibited. The BIS standard of “knowledge” includes not only actual knowledge but also reason to know, reason to believe, or “awareness of a high probability” that a circumstance is likely to occur.
This change to the FDPR as applied to Huawei had a substantial impact on the high-tech sector and Huawei—the company was the source of significant publicity both inside and outside of the industry and forced dramatic changes to trade flows. Despite that fact, there have been no regulatory actions against companies for violating the expanded Huawei FDPR, and only one relatively minor penalty of $80,000 against SP Industries Inc.—a small company in Pennsylvania that committed four violations of the EAR by exporting controlled items to Huawei and its subsidiaries. Moreover, the SP Industries Inc. settlement arose from a voluntary disclosure, rather than BIS investigative work.
Also striking about the SP Industries settlement (which involved only four shipments) was the length of time it took to resolve the matter. Though the violations occurred in mid-2019, it wasn’t until the end of 2021 that a civil penalty against the company was enforced.
BIS should be adopting a strategy of aggressive and consistent enforcement in the area of illegal diversion of exports to Huawei and China, as it has previously done with illegal diversion of exports to Iran. Many companies, including Taiwan Semiconductor Manufacturing Co., Samsung Electronics, Samsung Display and SK Hynix, indicated that they would follow the FDPR and apply for licenses to ship to Huawei shortly before the rule went into effect. However, as evidenced by the lack of investigations and prosecutions of FDPR violations in the two years since it was implemented against Huawei, the enthusiasm for enforcing the FDPR has not matched that of enforcement of other rules like export controls and sanctions aimed at Iran. (There are recent reports that the Commerce Department is examining potential violations of the EAR by Synopsys for unlicensed sales to Huawei and SMIC. Commerce has not acknowledged any investigation into Seagate’s publicly known unlicensed sales to Huawei for more than a year.)
This lack of enforcement signals that the threat of Huawei acquiring U.S. technology does not appear to be taken as seriously as other national security risks. The Seagate story is consistent with that signaling.
Seagate Continued Sales to Huawei
The American company Seagate Technology is a leading global supplier of hard disk drives (HDD), which contain multiple semiconductors. The California-based company has increased its market share in recent years and controlled around 43 percent of the world market as of mid-2021. Although HDDs use semiconductors, including dynamic random access memory, and as such fall within the scope of the FDPR, Seagate’s chief financial officer has pushed back against the company’s need for compliance. At the Deutsche Bank 2020 Virtual Technology Conference, Seagate’s CFO, Gianluca Romano, stated that the company did not believe it needed a license to continue to sell to Huawei and other Chinese customers and that he didn’t believe that Seagate should be restricted in its shipments to Huawei. This was in direct contradiction to the stance of Western Digital, another U.S.-based HDD and solid state drive (SSD) supplier to Huawei, and Toshiba, a Japan-based HDD supplier, both of which ceased shipments to Huawei after the rule went into effect. Western Digital’s then-CEO, Bob Eulau, further stated that the company was not shipping anything to Huawei at the time of the conference and would pause shipping HDDs to ensure compliance with regulations.
Evidence suggests that Seagate continued to ship hard drives to Huawei after the FDPR went into effect and after the Sept. 14, 2020, cutoff date set by the new FDPR. Wedbush Securities, an investment firm, stated that it “believe[s] it has been common knowledge within the storage industry that [Seagate] continued shipping parts to Huawei post the U.S. restrictions implemented in August. ... [Seagate’s] legal team likely interpreted U.S. restrictions differently than its peers.” Seagate’s recent filings with the Securities and Exchange Commission acknowledged that some of the company’s “products and services are subject to export control laws and other laws affecting the countries in which our products and services may be sold, distributed, or delivered.” The company also acknowledged that it could not ensure that its own interpretation of regulations would be accepted by regulatory and enforcement authorities, which further reflects that Seagate was not confident about its former interpretation of the FDPR. Seagate officials also told the Senate Committee on Commerce, Science, and Transportation minority committee staff in October 2021 that the company does not have a valid license to continue shipping HDDs to Huawei.
In Seagate’s case, several industry reports indicate that the company profited significantly from its sales to Huawei, and at the expense of its competitors. In February 2021, Deutsche Bank reported that Seagate held 51 percent of the HDD market share in the fourth quarter of 2020, which was up five points from the previous quarter, and attributed the increase in market share to Seagate’s decision to not cease shipping products to Huawei. Wells Fargo also indicated that Huawei was an 11 percent customer of Seagate’s high-cap HDDs. By shipping these prohibited products to Huawei, Seagate appears to have profited at the expense of its competitors who abided by the rules, and thereby potentially undermined U.S. national security. The Senate committee report concluded that “Seagate likely made the strategic calculation to continue violating national security regulations based on the prospect of earning significantly greater profits through market monopolization than the potential cost of regulatory penalties.”
The Commerce Department has yet to publicly take any sort of enforcement action against Seagate, despite the evidence outlined in the October 2021 investigation into Seagate’s compliance with the FDPR. Publicly available information, such as the Seagate CFO’s comments at the 2020 Deutsche Bank conference and the bank studies previously mentioned, indicated that Seagate continued to sell controlled items to Huawei after the FDPR came into effect. The Bureau of Industry and Security’s inaction not only allowed Seagate to continue shipping prohibited products for almost a year but also sent the message to other companies that the FDPR will not be enforced or may not be enforced consistently. This lack of effective and consistent enforcement and investigation in the face of ample evidence in effect incentivizes companies to continue to ship controlled exports to Huawei. Failure to enforce export controls and to do so aggressively with meaningful penalties undermines U.S. national security and foreign policy objectives by allowing foreign adversaries to obtain U.S. technology and products, access to which the U.S. should and may be obligated to control, and by incentivizing businesses to choose revenue over U.S. national security.
The author's opinions expressed in this article are solely his own and do not express the views of his employer.