Executive Order 13873 was issued on May 15 with the goal of “Securing the Information and Communications Technology and Services Supply Chain.” The order ultimately seeks to manage the national security risk that can exist in information and communications technology (ICT) transactions between those subject to US jurisdiction and those subject to the jurisdictions of foreign adversaries. The order defines “information and communications technology or services” as “any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including transmission, storage, and display.” A “foreign adversary” is defined in the order as “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.”
In response to potential threats to ICT, which the executive order identifies as “malicious cyber-enabled actions” and “economic and industrial espionage against the United States,” the Order declares a national emergency regarding the United States’ sensitive information, digital economy, critical infrastructure, and emergency services, among other important US interests. Such threats, according to the order, stem from “individual acquisitions or uses of [information and communications] technology or services.”
The order directs the secretary of Commerce, along with other agency executives, to determine whether US transactions with persons subject to the jurisdiction of a foreign adversary pose “undue” risks to the information and communications technology or services in the United States, or the security of US interests. If it is determined that they do, the secretary and other executives may “design or negotiate measures to mitigate concerns.” The order grants the secretary 150 days to “publish rules or regulations implementing the authorities delegated to the Secretary by this order.”
Accordingly, the regulations will be available by October 2019, and ICT companies should prepare for the implications to their transactions processes. Such implications include determining whether a particular transaction or entity falls under the scope of this order and what steps may be necessary to move forward with particular transactions. The order highlights the importance of “maintaining an open investment climate in information and communications technology” in the United States, and also notes that “such openness must be balanced by the need to protect our country against critical national security threats.”