LawFlash

US Further Tightens Grip with New Export Control Restrictions, Sanctions on Russia and Belarus

June 25, 2024

The US government recently announced additional significant export controls and sanctions related to Russia and Belarus, including new export restrictions on EAR99 software, certain consumer communication devices, and information technology services by US persons.

On June 12, 2024, and in anticipation of the G7 summit, the US Department of Commerce’s Bureau of Industry and Security (BIS), together with the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), announced significant new export control restrictions and sanctions to further address Russian operations in Ukraine.

These measures include restricting trade on additional goods destined to Russia and Belarus, tightening the availability of license exceptions for Russia and Belarus, cutting off trade to certain foreign companies, and prohibiting the provision of information technology services by US persons, each designed to address US government concerns regarding diversion of US-origin items.

While some of the new restrictions apply immediately, others have a delayed implementation date to allow parties time to adjust. We outline these changes and their applicable timelines below.

KEY BIS ACTIONS

The BIS actions were announced in a final rule published in the Federal Register on June 18, 2024. The changes implemented by the BIS rule were immediately effective on June 12, save for new restrictions on EAR99 software exports, which become effective September 16, 2024.

Entity List Changes

The BIS final rule adds four entities in China and one entity in Russia, as well as eight addresses in China, to the Entity List in Supplement No. 4 to Part 744 of the Export Administration Regulations (EAR).

The latter addition represents a departure from BIS’s previous practice of adding companies by name or alias to the list, such that the Entity List license requirement applied to the specific entity listed by name. Those entries also included locations—sometimes specific addresses. Instead, in the final rule, BIS has simply noted “Address 01” through “Address 08” as the entity name. BIS also amended Section 744.16 of the EAR so that going forward BIS may continue to identify by address an entity (or multiple entities) on the Entity List without an associated entity name.

BIS explained the change by noting that “these addresses are associated with a significant number of entities, whose activities risk violating the EAR.” BIS also explained that listing these addresses on the Entity List is intended to address the issue of international transshipment through shell companies, whereby easily dissolvable shell companies rely on service providers to enable them by providing addresses necessary to engage in trade activity. Effective immediately, licenses will be required for all entities at the specified addresses for all items on the Commerce Control List and Supplement No. 7 of the EAR and subject to the EAR. This change raises at least three challenging diligence concerns.

First, there is no indication whether new parties that may take office or facility space at these locations will automatically be covered by the restrictions simply because the address is listed. Second, having to screen addresses only creates difficulties in deciding what diligence to perform since traditional entity-specific tools that provide data on particular parties would be less effective in identifying risks. Third, depending on the country, parties conducting diligence or screening may not be able to assess what entities reside at each address and will need to rely on the party to whom they wish to sell to provide that data. There is little recourse to verify the accuracy of the information provided.

Going forward, exporters will have to adjust their diligence and screening practices to avoid triggering the new Entity List prohibitions.

Restrictions on EAR99 Software Exports

In conjunction with the OFAC prohibition on certain information technology and software services (see below), the BIS final rule imposes a new license requirement for exports, reexports, and in-country transfers of certain EAR99-designated software to Russia and Belarus, namely the following software:

  • enterprise resource planning (ERP)
  • customer relationship management (CRM)
  • business intelligence (BI)
  • supply chain management (SCM)
  • enterprise data warehouse (EDW)
  • computerized maintenance management system (CMMS)
  • project management software, product lifecycle management (PLM)
  • building information modelling (BIM)
  • computer-aided design (CAD)
  • computer-aided manufacturing (CAM)
  • engineer-to-order (ETO)

The BIS license requirement also includes exports, reexports, and transfers of any updates of previously provided software as listed above. Software providers must monitor the provision of automatic updates to avoid an unlicensed export prohibited under the new rules. This raises potential concerns over general screening and diligence, as customers may receive updates from various locations and it would be challenging to verify whether the updates were being provided to a specific address. Entities exclusively operating in the medical or agricultural sectors are excluded from the new license requirement.

Other Controls on EAR99 Items

The BIS final rule expands the list of items set forth in Supplement No. 4 to Part 746 of the EAR by adding 522 additional Harmonized Tariff Schedule (HTS) code entries to Supplement No. 4, including specified metallic materials and goods, hand tools, and vehicles. The BIS final rule also adds certain riot control agents to the industry sector sanctions in Supplement No. 6 to Part 746 of the EAR.

These items added to Supplements 4 and 6 will now require a license for export to, reexport to, or in-country transfer within Russia or Belarus.

Reduced License Exception Eligibility

Finally, the final rule revises License Exception Consumer Communication Devices (CCD) to limit the scope of telecommunications commodities and software that are authorized for export, reexport, or in-country transfer to and within Russia and Belarus. As a result of these changes, the following items are no longer eligible for Russia or Belarus under License Exception CCD and will require a license, with a general policy of denial:

  • Consumer disk drives and solid-state storage equipment classified under ECCN 5A992 or designated EAR99
  • Graphics accelerators and graphics co-processors designated EAR99
  • Modems, network interface cards, routers, switches, and Wi-Fi access points designated EAR99 or classified under ECCNs 5A992.c or 5A991
  • Drivers, communications, and connectivity software for such hardware designated EAR99 or classified under ECCN 5D992.c
  • Network access controllers and communications channel controllers classified under ECCN 5A991.b.4, 5A992.c, or designated EAR99
  • Memory devices classified under ECCN 5A992.c or designated EAR99
  • Digital cameras (including webcams) and memory cards classified under ECCN 5A992 or designated EAR99
  • Television and radio receivers, set-top boxes, video decoders, and antennas, classified under ECCNs 5A991, 5A992, or designated EAR99
  • Recording devices classified under ECCN 5A992 or designated EAR99
  • Commodities described under ECCNs 3A991.p or 4A994.l
  • Batteries, chargers, carrying cases, and accessories for the equipment described above

These restrictions will compel parties to review and update their commercial documents to identify where and under what circumstances agreements or purchases can be terminated without running afoul of blocking statutes, countersanctions requirements, or other countermeasures.

KEY OFAC ACTIONS

Treasury’s OFAC, together with the US Department of State and consistent with G7 commitments, also introduced a series of sanctions targeting more than 300 entities and individuals both within and outside of Russia, including in Asia, the Middle East, Europe, Africa, Central Asia, and the Caribbean. Specific sanctions were also implemented to target the provision of software and financial services to Russia, with the goal, according to Secretary of the Treasury Janet L. Yellen, to “strike at [Russia’s] remaining avenues for international materials and equipment, including their reliance on critical supplies from third countries.”

Sweeping Sanctions on Various Entities and Individuals

OFAC’s sanctions target individuals and entities in and outside of Russia that allow Russia to sustain its operations in Ukraine and evade sanctions. In particular, “foreign financial institutions that support Russia’s [military] economy face greater risk of sanctions.” Effective immediately, sanctioned entities have been added to the Specially Designated Nationals and Blocked Persons List (SDN List), including more than 50 entities and individuals from China (including Hong Kong). All entities and individuals were designated pursuant to Executive Order 14024, as amended, which authorizes sanctions with respect to specified harmful foreign activities of the government of Russia.

According to the announcements, the main objectives of these sweeping sanctions include:

  • Restricting the ability of Russia’s military-industrial base to obtain financial support, software, and information services
  • Cracking down on illegal product and service sales activities in Asia, the Middle East, Europe, Africa, and Central Asia
  • Targeting networks that sell defense-related materials and critical items to Russia, thereby enhancing its military capabilities
  • Limiting the participation of sanctioned entities in the production and export capacities of Russia’s energy, metals, and mining industries
  • Combatting sanctions evasion transactions and activities

Among the sanctioned enterprises, many companies are being penalized for providing “high-priority items” closely related to Russia’s military-industrial base, including laser diodes, fiber optics, integrated circuits, electronic components (including tantalum capacitors, transformers, converters, and inductors), machine tools, sensors, and unmanned aerial vehicles and components. These items are not necessarily cutting-edge technology products, but those that are deemed to be of use to Russia as part of its ongoing military efforts in Ukraine.

From the industry classification of the sanctioned Chinese enterprises, it is evident that companies related to defense and the military-industrial base, as well as companies that facilitate support such as transport companies, remain key targets of US sanctions. The sanctioned Chinese enterprises primarily cover industries such as defense technology, freight forwarding, electronic components, laser equipment, and industrial manufacturing. The sanctioned Russian entities primarily are Russian entities and individuals operating or having operated in the defense and related materiel sector of the Russian Federation economy.

Notably, the sanctions are part of OFAC’s ongoing efforts to target multinational procurement networks involved in sanctions evasion. For example, in the case of a PRC-based company providing advanced technological equipment, OFAC alleges that the company procured machine tools for Russian end users by disguising the ultimate end user, who was listed on the SDN List.

Additionally, a Turkish company, a Chinese electromechanical equipment company, and a logistics company in Hong Kong played intermediary roles in the transactions, assisting in the shipment of machine tools to a Russian supplier and producer of metal-working equipment and high-precision parts for the aerospace industry, and were also listed on the SDN List for “operating or having operated in the Russian manufacturing sector.”

The 100-plus entities and individuals targeted by the State Department were named due to their engagement in the development of Russia’s future energy, metals, and mining production and export capacity; sanctions evasion and circumvention; and furthering Russia’s operations against Ukraine.

These cases demonstrate that Chinese enterprises that participate in the transaction chain of sensitive industries and items with Russia, even only as intermediaries, shell companies, or logistics providers, face a high risk of becoming subject to US sanctions.

Restrictions on Russia’s Access to Specific Software Services

To support BIS’s export control restrictions on Russia, and to further the G7’s goal to “disrupt the Russian military-industrial base’s reliance on foreign IT systems,” OFAC also issued a new determination under EO 14071 to prohibit certain IT and software services. Effective September 12, 2024, this new determination prohibits the direct or indirect export, reexport, sale, or supply of the following software-related services from or by US persons to any person located in Russia:

  • IT consultancy and design services
  • IT support services and cloud-based services for enterprise management software and design and manufacturing software

The determination also provides certain exclusions, e.g., any service to an entity located in the Russian Federation that is owned or controlled, directly or indirectly, by a US person is excluded from the prohibition. The determination also excludes any service in connection with the winddown or divestiture of an entity located in the Russian Federation that is not owned or controlled, directly or indirectly, by a Russian person.

Additionally, it excludes any service for software that is subject to the EAR and for which the exportation, reexportation, or in-country transfer to the Russian Federation is licensed or otherwise authorized by BIS. It also excludes software that is not subject to the EAR but would be eligible for a license exception or otherwise authorized by BIS if it were subject to the EAR.

OFAC continues to exempt certain telecommunications and internet-related transactions and humanitarian transactions under General Licenses 6D and 25D to prevent ordinary Russians from losing access to communication technology services.

OFAC FAQ 1187 provides clarification of definitions pertaining to certain key concepts in the determination:

  • Enterprise management software includes ERP, CRM, BI, SCM, EDW, CMMS, project management, and PLM software
  • Design and manufacturing software encompasses BIM, CAD, CAM, and ETO software
  • Cloud-based services involve the delivery of software via the internet or cloud, including SaaS
  • Information technology support services, consistent with the UN’s Central Product Classification (CPC) Code 83132, involve providing technical expertise to solve client problems with software, hardware, or entire computer systems
    • This includes customer support, software upgrades and patches, hardware troubleshooting, IT equipment repair, technical assistance for system relocation, and other IT technical support services
  • Information technology consultancy and design services encompass both IT consulting and IT design and development for applications, defined by CPC Codes 83131 and 83141
    • Specifically, IT consultancy services provide advice or expert opinion on IT-related technical matters such as hardware and software requirements, systems integration, systems security, and expert testimony
    • IT design and development services for applications involve designing and writing code for software applications, web pages, databases, and custom software applications, as well as customizing and integrating existing applications to function within clients’ information systems

OFAC’s rules complement BIS’s new regulations by restricting Russia’s potential indirect access to the software through technical consulting and cloud services, while BIS limits Russia’s direct access to the controlled software itself.

Expanded Definition of ‘Russian Military-Industrial Base’; Increased Secondary Sanctions Risks for Financial Institutions

OFAC also updated FAQ 1151, further expanding the concept of “Russian military-industrial base” to include “all persons listed on the SDN List under E.O. 14024,” not just individuals and entities operating in the Russian technology, defense and related materials, construction, aerospace, and manufacturing sectors. The definitions of each of these sectors can be found in FAQ 1126.

Since most entities currently listed on the SDN List for Russia-related sanctions are sanctioned under EO 14024, this regulation significantly increases the risk of secondary sanctions for foreign financial institutions. This is because on December 22, 2023 US President Joseph Biden signed EO 14114, which amended EO 14024 to authorize OFAC, in consultation with relevant departments, to sanction non-US financial institutions that conduct or facilitate any “significant transaction or transactions” involving Russia’s military-industrial base.

In other words, foreign financial institutions providing services to any entities or individuals sanctioned under EO 14024 may be subject to secondary sanctions, regardless of whether those entities or individuals are directly involved in activities supporting the Russia-Ukraine conflict. To facilitate sanctions compliance and assist financial institutions in identifying sanctions risk and implementing corresponding controls, OFAC also updated its sanctions advisory with a revised definition of “Russia’s military-industrial base” to include all persons blocked under EO 14024, as amended.

This approach aligns with the publication of a compliance note, Department of Commerce, Department of the Treasury, and Department of Justice Tri-Seal Compliance Note: Obligations of Foreign-Based Persons to Comply with U.S. Sanctions and Export Control Laws, on March 6, 2024, highlighting the extraterritorial reach of US sanctions. OFAC, BIS, and the US Department of Justice remain focused on disrupting procurement networks and imposing obligations on those best suited to act as choke points in those networks. These policies, now reflected in a significant regulatory exercise, change the risk calculus for foreign parties managing compliance obligations.

TAKEAWAYS

The new export controls and sanctions significantly expand the US restrictions on Russia and Belarus in particular with respect to provision of IT services, software, and equipment. They also target a broader swath of third parties that may support Russia’s activities in Ukraine, including Chinese shell companies, multinational procurement networks supporting Russia’s military industry, and foreign financial institutions that engage with Russia’s military-industrial base. US exporters and other persons subject to US jurisdiction will need to adopt more rigorous compliance practices, including screening of addresses and intermediaries, to ensure they do not trigger the new restrictions.

Contacts

If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following: