[Federal Register Volume 89, Number 129 (Friday, July 5, 2024)]
[Proposed Rules]
[Pages 55530-55542]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-14491]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Part 2
[ET Docket No. 24-136; FR ID 228432]
Promoting the Integrity and Security of Telecommunications
Certification Bodies, Measurement Facilities, and the Equipment
Authorization Program
AGENCY: Federal Communications Commission.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Communications Commission
(Commission) proposes to strengthen requirements and oversight relating
to telecommunications certification bodies and measurement facilities
to help ensure the integrity of these entities for purposes of the
equipment authorization, to better protect national security, and to
advance the Commission's comprehensive strategy to build a more secure
and resilient communications supply chain.
DATES: Comments are due on or before September 3, 2024 and reply
comments are due on or before October 3, 2024.
ADDRESSES: You may submit comments, identified by ET Docket No. 24-136,
by any of the following methods:
Federal Communications Commission's Website: https://www.fcc.gov/ecfs/. Follow the instructions for submitting comments. See Electronic
Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1988).
Mail: Filings can be sent by hand or messenger delivery,
by commercial overnight courier, or by first-class or overnight U.S.
Postal Service mail (although the Commission continues to experience
delays in receiving U.S. Postal Service mail). All filings must be
addressed to the Commission's Secretary, Office of the Secretary,
Federal Communications Commission.
People with Disabilities: Contact the Commission to
request reasonable accommodations (accessible format documents, sign
language interpreters, CART, etc.) by email: [email protected] or phone:
202-418-0530 or TTY: 202-418-0432.
For detailed instructions for submitting comments and additional
information on the rulemaking process, see the SUPPLEMENTARY
INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT: Jamie Coleman of the Office of
Engineering and Technology, at [email protected] or 202-418-2705.
[[Page 55531]]
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Notice
of Proposed Rulemaking, ET Docket No. 24-136; FCC 24-58, adopted on May
23, 2024, and released on May 24, 2024. The full text of this document
is available for public inspection and can be downloaded at https://docs.fcc.gov/public/attachments/FCC-24-58A1.pdf. Alternative formats
are available for people with disabilities (Braille, large print,
electronic files, audio format) by sending an email to [email protected]
or calling the Commission's Consumer and Governmental Affairs Bureau at
(202) 418-0530 (voice), (202) 418-0432 (TTY).
Comment Period and Filing Procedures. Pursuant to sections 1.415
and 1.419 of the Commission's rules, 47 CFR 1.415, 1.419, interested
parties may file comments and reply comments on or before the dates
provided in the DATES section of this document. Comments must be filed
in ET Docket No. 24-136. Comments may be filed using the Commission's
Electronic Comment Filing System (ECFS). See Electronic Filing of
Documents in Rulemaking Proceedings, 63 FR 24121 (1998).
All filings must be addressed to the Commission's
Secretary, Office of the Secretary, Federal Communications Commission.
Electronic Filers: Comments may be filed electronically
using the internet by accessing the ECFS: https://www.fcc.gov/ecfs/.
[ssquf] Paper Filers: Parties who choose to file by paper must file
an original and one copy of each filing. If more than one docket or
rulemaking number appears in the caption of this proceeding, filers
must submit two additional copies for each additional docket or
rulemaking number.
[cir] Commercial overnight mail (other than U.S. Postal Service
Express Mail and Priority Mail) must be sent to 9050 Junction Drive,
Annapolis Junction, MD 20701.
[cir] U.S. Postal Service first-class, Express, and Priority mail
must be addressed to 45 L Street NE, Washington, DC 20554.
Ex Parte Presentations. These proceedings shall be treated as
``permit-but-disclose'' proceedings in accordance with the Commission's
ex parte rules. Persons making ex parte presentations must file a copy
of any written presentation or a memorandum summarizing any oral
presentation within two business days after the presentation (unless a
different deadline applicable to the Sunshine period applies). Persons
making oral ex parte presentations are reminded that memoranda
summarizing the presentation must (1) list all persons attending or
otherwise participating in the meeting at which the ex parte
presentation was made, and (2) summarize all data presented and
arguments made during the presentation. If the presentation consisted
in whole or in part of the presentation of data or arguments already
reflected in the presenter's written comments, memoranda or other
filings in the proceeding, the presenter may provide citations to such
data or arguments in his or her prior comments, memoranda, or other
filings (specifying the relevant page and/or paragraph numbers where
such data or arguments can be found) in lieu of summarizing them in the
memorandum. Documents shown or given to Commission staff during ex
parte meetings are deemed to be written ex parte presentations and must
be filed consistent with rule 1.1206(b). In proceedings governed by
rule 1.49(f) or for which the Commission has made available a method of
electronic filing, written ex parte presentations and memoranda
summarizing oral ex parte presentations, and all attachments thereto,
must be filed through the electronic comment filing system available
for that proceeding, and must be filed in their native format (e.g.,
.doc, .xml, .ppt, searchable .pdf). Participants in this proceeding
should familiarize themselves with the Commission's ex parte rules.
Procedural Matters
Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980,
as amended (RFA), requires that an agency prepare a regulatory
flexibility analysis for notice and comment rulemakings, unless the
agency certifies that ``the rule will not, if promulgated, have a
significant economic impact on a substantial number of small
entities.'' 5 U.S.C. 603, 605(b). The RFA, 5 U.S.C. 601-612, was
amended by the Small Business Regulatory Enforcement Fairness Act of
1996 (SBREFA), Public Law 104-121, Title II, 110 Stat. 857 (1996).
Accordingly, the Commission has prepared an Initial Regulatory
Flexibility Analysis (IRFA) concerning the possible/potential impact of
the rule and policy changes contained in this document. The IRFA is
found in Appendix B of the FCC document, https://docs.fcc.gov/public/attachments/FCC-24-58A1.pdf. The Commission invites the general public,
in particular small businesses, to comment on the IRFA. Comments must
have a separate and distinct heading designating them as responses to
the IRFA and must be filed by the deadlines for comments on the Notice
of Proposed Rulemaking indicated in the DATES section of this document.
Paperwork Reduction Act: This document may contain proposed or
modified information collection requirements. Therefore, the Commission
seeks comment on potential new or revised information collections
subject to the Paperwork Reduction Act of 1995. If the Commission
adopts any new or revised information collection requirements, the
Commission will publish a notice in the Federal Register inviting the
general public and the Office of Management and Budget to comment on
the information collection requirements, as required by the Paperwork
Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the
Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44
U.S.C. 3506(c)(4), the Commission seeks specific comments on how it
might further reduce the information collection burden for small
business concerns with fewer than 25 employees.
Accessing Materials
Providing Accountability Through Transparency Act: Consistent with
the Providing Accountability Through Transparency Act, Public Law 1189-
9, a summary of the Notice of Proposed Rulemaking will be available at
https://www.fcc.gov/proposed-rulemakings.
OPEN Government Data Act. The OPEN Government Data Act, requires
agencies to make ``public data assets'' available under an open license
and as ``open Government data assets,'' i.e., in machine-readable, open
format, unencumbered by use restrictions other than intellectual
property rights, and based on an open standard that is maintained by a
standards organization. 44 U.S.C. 3502(20), (22), 3506(b)(6)(B). This
requirement is to be implemented ``in accordance with guidance by the
Director'' of the OMB. (OMB has not yet issued final guidance. The term
``public data asset'' means ``a data asset, or part thereof, maintained
by the Federal Government that has been, or may be, released to the
public, including any data asset, or part thereof, subject to
disclosure under [the Freedom of Information Act (FOIA)].'' 44 U.S.C.
3502(22). A ``data asset'' is ``a collection of data elements or data
sets that may be grouped together,'' and ``data'' is ``recorded
information, regardless of form or the media on which the data is
recorded.'' 44 U.S.C. 3502(17), (16).
[[Page 55532]]
Synopsis
I. Introduction
1. From 5G networks and Wi-Fi routers to baby monitors and fitness
trackers, a wide array of radio-frequency (RF) devices are ubiquitous
in Americans' daily lives and across our economy. The FCC's equipment
authorization program is tasked with ensuring that all of these devices
available to American businesses and consumers comply with our rules
regarding, among other things, interference, radio-frequency (RF)
emissions, and hearing aid compatibility. To ensure the efficient and
effective review of tens of thousands of equipment authorizations
annually, the Commission delegates certain important responsibilities
to telecommunications certification bodies (TCBs) and measurement
facilities (test labs) with regard to implementing our equipment
authorization program. Now, as part of ongoing efforts to promote
national security and protect our nation's communications equipment
supply chain, the Commission has placed significant new national
security related responsibilities on TCBs and test labs. By
establishing new equipment authorization program rules that prohibit
authorization of communications equipment that has been determined to
pose an unacceptable risk to the national security of the United States
or the security and safety of United States persons, these entities now
must help ensure that such prohibited equipment is kept out of our
nation's supply chain. Further, these entities are entrusted with
receiving and maintaining sensitive and proprietary information
regarding communications equipment. In light of these new and ongoing
responsibilities and the persistent and evolving threats posed by
untrustworthy actors seeking, among other things, to compromise our
networks and supply chains, today the Commission seeks to strengthen
its requirements for and oversight of TCBs and test labs by proposing
new rules that would help ensure the integrity of these entities for
purposes of the equipment authorization program, better protect
national security, and advance the Commission's comprehensive strategy
to build a more secure and resilient communications supply chain. It is
vital for the Commission to ensure that these entities are not subject
to influence or control by foreign adversaries or other untrustworthy
actors that pose a risk to national security.
2. Specifically, the Commission proposes to prohibit from
recognition by the FCC and participation in its equipment authorization
program, any TCB or test lab in which an entity identified on the
Covered List has direct or indirect ownership or control, and prohibit
reliance on or use of, for purposes of equipment authorization, any TCB
or test lab that is directly or indirectly owned or controlled by any
entity on the Covered List or by any third party in which an entity
identified on the Covered List has any direct or indirect ownership or
control. Considering the national security concerns about entities
identified on the Covered List, the Commission also directs the Office
of Engineering and Technology (OET) to take swift action to suspend the
recognition of any TCB or test lab directly or indirectly owned or
controlled by entities identified on the Covered List, thereby
preventing such entities from using their owned or controlled labs to
undermine its current prohibition on Covered Equipment. Next, the
Commission seeks comment on prohibiting recognition of any TCB or test
lab directly or indirectly owned or controlled by a foreign adversary
or any other entity that has been found to pose a risk to national
security. To that end, and consistent with Commission action in other
recent national security proceedings, the Commission seeks comment on
whether and how it should consider national security determinations
made in other Executive Branch agency lists in establishing eligibility
qualifications for FCC recognition of a TCB or a test lab in its
equipment authorization program. In addition, the Commission proposes
that the prohibition would be triggered by direct or indirect ownership
or control of 10% or more and, to help ensure that it has the
information to enforce this requirement, TCBs and test labs would be
required to report direct or indirect equity and/or voting interest of
5% or greater by any entity. Further, to implement the proposed
national security prohibition, to ensure the integrity of the equipment
authorization program and the impartiality of the TCBs and test labs
within it, the Commission proposes to collect additional ownership and
control information from TCBs and test labs. The Commission also seeks
comment on other revisions concerning TCBs and test labs as the
Commission seeks to address these issues.
II. Background
3. The Commission's equipment authorization program, codified in
the Commission's part 2 rules, plays a critical role in enabling the
Commission to carry out its responsibilities under the Communications
Act. Under section 302 of the Communications Act, the Commission is
authorized to make reasonable regulations governing the interference
potential of equipment that emit radiofrequency (RF) energy and that
can cause harmful interference to radio communications, which are
implemented through the equipment authorization program. In addition,
the equipment authorization program helps ensure that communications
equipment comply with certain other policy objectives--which include
protecting the communications networks and supply chain from equipment
that poses an unacceptable risk to national security.
4. Communications equipment must comply with the requirements under
part 2 before they can be marketed in or imported to the United States.
Under 47 U.S.C. 302a(e), the Commission has delegated certain important
responsibilities to TCBs and test labs with regard to implementing the
Commission's equipment authorization program.
A. Telecommunications Certification Bodies and Test Labs
5. Telecommunications Certification Bodies (TCBs). The Commission's
rules specify the qualification criteria for TCBs and assign TCBs
responsibility for issuing equipment certifications under Commission
direction and oversight. In authorizing the use of TCBs, the Commission
sought to speed the process for bringing new technologies to market
while also adopting an oversight framework to ensure that the TCBs act
impartially and consistent with their responsibilities. The creation
and use of TCBs in the equipment authorization process allowed the
Commission to implement Mutual Recognition Agreements (MRAs) with the
European Union, the Asia-Pacific Economic Cooperation, and other
foreign trade partners.
6. TCBs are responsible for reviewing and evaluating applications
for equipment certification for compliance with the Commission's
applicable requirements (including technical compliance testing and
other requirements) and determining whether to grant or to dismiss the
application based on whether it is in accord with Commission
requirements. TCBs must meet all the appropriate specifications in the
ISO/IEC 17065 standard, which include requirements to ensure that TCBs
carry out their responsibilities in a ``competent, consistent, and
impartial manner.'' Commission rules also impose certain obligations on
each TCB to perform post-market surveillance, based
[[Page 55533]]
on ``type testing a certain number of samples of the total number of
product types'' that the TCB has certified.
7. To carry out their prescribed equipment certification
responsibilities, under current rules TCBs must be accredited based on
determinations made by a Commission-recognized accreditation body and
recognized by the Commission before they are authorized to evaluate
applications for equipment authorization. Under Commission rules, TCBs
must be located in the United States or in countries that have entered
into applicable Mutual Recognition Agreements (MRAs) with the United
States.
8. For TCBs located outside of the United States, designation is
authorized in accordance with the terms of an effective bilateral or
multilateral MRA to which the United States is a party. Pursuant to
each MRA, participating countries agree to accept the equipment
authorizations performed by the TCB-equivalent conformity assessment
body of the other country. There are 15 FCC-recognized Designating
Authorities in MRA-partnered countries. These Designating Authorities
are governmental organizations associated with MRA-partnered economies.
Currently there are 40 FCC-recognized TCBs, the majority of which are
located in the United States and the rest are located in nine MRA-
partnered countries.
9. Finally, the Commission will withdraw recognition of a TCB if
the TCB's designation or accreditation is withdrawn, the Commission
determines that there is ``just cause,'' or the TCB requests that it no
longer hold a recognition. The Commission's rules also set forth
specific procedures, including notification requirements, that the
Commission will follow if it intends to withdraw its recognition of a
TCB.
10. Test labs. Test labs ensure that subject equipment complies
with the Commission's applicable technical rules to minimize the risk
of harmful interference, promote efficient use of spectrum, and advance
other policy goals, such as ensuring hearing aid compatibility and
controlling the environmental effects of RF radiation. The role and
responsibilities of test labs specifically concern the development of
technical reports on testing equipment for which authorization is
sought for compliance with the Commission's applicable technical
requirements. Applicants for equipment certification provide the
testing data to a TCB to show compliance with the FCC requirements.
11. For all granted applications, the TCBs must send to the FCC any
test lab data and other information relied upon by the TCB. This
information is made publicly available on the FCC website upon grant of
the equipment authorization. Under the Commission's rules, test labs do
not have any role or responsibility for making any certification
decision on whether the equipment would be in compliance, nor do they
have any role with respect to any other certification determination,
including on whether the equipment constitutes ``covered'' equipment;
all certification activities (evaluation, review, and decisional
determinations) are reserved for TCBs.
12. Under Commission rules, testing for equipment certification can
only be performed by a test lab that has been accredited by an FCC-
recognized accreditation body and recognized by the Commission.
Applicable rules require that these test labs be accredited based on
ISO/IEC 17025. The Commission's rules require that entities wishing to
become a recognized laboratory accreditation body must submit a written
request to the Chief of OET and submit evidence concerning their
credentials and qualifications to perform accreditation of laboratories
that test equipment to Commission requirements, consistent with the
technical requirements set forth under section 2.948(e). Applicants
must successfully complete and submit a peer review. Under the ISO/IEC
17011 standard, accreditation body applicants must meet specified
impartiality, management, and accreditation requirements, and otherwise
meet accreditation body responsibilities. OET publishes its findings
and maintains a web page on FCC-recognized accreditation bodies.
13. The Commission notes, however, that its rules do not currently
require accreditation and FCC recognition of test labs that are relied
upon as part of the Supplier's Declaration of Conformity (SDoC) process
for obtaining an equipment authorization. In 2017, the Commission
revised its rules to no longer require testing by accredited and FCC-
recognized test labs for equipment with a reduced potential to cause
harmful interference authorized in the SDoC process. The SDOC process
applies, generally, to equipment that does not contain a radio
transmitter and contains only digital circuitry--such as computer
peripherals, microwave ovens, ISM equipment, switching power supplies,
LED light bulbs, radio receivers, and TV interface devices.
14. The Commission recognizes four accreditation bodies in the U.S.
that can designate test labs that operate in the United States. As for
accreditation of test labs outside of the United States in countries
that have entered into an MRA, Sec. 2.948(f)(1) provides that test lab
accreditation will be acceptable if the accredited laboratory has been
designated by a foreign designating authority and recognized by the
Commission under the terms of an MRA. Currently there are 24 such FCC-
recognized test lab accreditation bodies outside the United States,
located in 23 different MRA-partnered countries.
15. The Commission has a separate rule provision concerning the
accreditation bodies that are permitted to accredit test labs in
countries that do not have an MRA with the United States. If the test
lab is located in a country that does not have an MRA with the United
States, then the test lab must be accredited by an organization
recognized by the Commission to perform accreditations in non-MRA
countries. Currently, the Commission has recognized three such
accrediting bodies. In response to requests from industry for
clarifying the process by which test labs are accredited in non-MRA
countries, the Commission in 2016 directed OET to provided clearer
guidance on accreditation of test labs in non-MRA-partnered countries.
Current rules do not preclude an accreditation body that is not in an
MRA-partnered country from submitting a request to be recognized, but,
to date, no accreditation body outside of an MRA-partnered economy has
submitted a request for FCC recognition.
16. Under the Commission rules, if a test lab has been accredited
for the appropriate scope for the types of equipment that it will test,
then it ``shall be deemed competent to test and submit test data for
equipment subject to certification.'' Test labs must be reassessed at
least every two years. Under current procedures, if the accreditation
body re-assesses the test lab and concludes that it continues to meet
the requirements set forth under ISO/IEC 17025, the accreditation body
will update the expiration date for the test lab's accreditation in the
FCC's Equipment Authorization Electronic System (EAS) for a period of
up to two years. While the Commission's rules currently provide
procedures for FCC recognition of test lab accreditation bodies, its
rules do not currently include specific Commission rules or procedures
for withdrawing recognition of a test lab accreditation body.
17. The Commission maintains a list of FCC-recognized accredited
test labs on its website, which currently lists nearly 640 test labs.
Currently, MRA-
[[Page 55534]]
partnered economies have the most FCC-recognized test labs, while there
are also are many test labs in countries in economies that have not
entered an MRA with the United States.
B. Recent Commission Actions
18. The EA Security R&O and FNPRM. On November 11, 2022, the
Commission adopted the EA Security Report and Order, Order, and Further
Notice of Proposed Rulemaking. (Final Rule, 88 FR 7592 (February 6,
2023); Notice of Proposed Rulemaking, 88 FR 14312 (March 8, 2023)).
Specifically, the Commission established several new rules to prohibit
authorization of communications equipment identified on the
Commission's Covered List (``covered'' equipment) developed pursuant to
the Secure Networks Act. The Covered List identifies certain types of
communications equipment produced by particular entities--currently,
Huawei, ZTE, Hytera, Hikvision, and Dahua (and their respective
subsidiaries and affiliates), as well as certain services provided by
particular entities. This list is derived from specific determinations
made by enumerated sources, including certain Executive Branch agencies
and Congress, under the Secure Network Act, that certain equipment
poses an unacceptable risk to national security. The EA Security R&O
revised part 2 of the Commission's rules concerning equipment
authorization requirements and processes. To help implement the
prohibition on authorization of any ``covered'' equipment, applicants
seeking equipment authorization are required to make certain
attestations (in the form of certifications) about the equipment for
which they seek authorization. These include attesting that the
equipment is not prohibited from receiving authorization and whether
the applicant is an entity identified on the Covered List as an entity
producing ``covered'' communications equipment. TCBs, pursuant to their
responsibilities as part of the Commission's equipment authorization
program, review the applications and must ensure that only applications
that meet all of the Commission's applicable technical and non-
technical requirements are ultimately granted, and that none of these
grants are for prohibited equipment.
19. In affirming in the EA Security R&O its authority to prohibit
authorization of communications equipment that had been placed on the
Covered List, the Commission also noted that it has broad statutory
authority, predating the Secure Networks Act and the Secure Equipment
Act, under sections 302 and 303(e) of the Communications Act and other
statutory provisions, to take into account national security concerns
when promoting the public interest.
20. Other Recent Commission Actions. Since adoption of the EA
Security R&O, Order, and FNPRM in November 2022, the Commission has
taken several additional steps to address evolving national security
concerns to protect the security of America's critical communications
networks and supply chains. In April 2023, in the Evolving Risks Order
and NPRM (Final Rule, 88 FR 85514 (December 8. 2023), Proposed Rule, 88
FR 50486 (August 1, 2023)), the Commission took additional steps to
protect the nation's telecommunications infrastructure from threats in
an evolving national security and law enforcement landscape by
proposing comprehensive changes to the Commission's rules that allow
carriers to provide international telecommunications service pursuant
to section 214 of the Communications Act. The Commission proposed,
among other things, to adopt a renewal framework or, in the
alternative, a formalized periodic review process for all international
section 214 authorization holders. The Commission stated that, in view
of the evolving national security and law enforcement concerns
identified in its recent proceedings revoking the section 214
authorizations of certain providers controlled by the Chinese
government, it believes that a formalized system of periodically
reassessing international section 214 authorizations would better
ensure that international section 214 authorizations, once granted,
continue to serve the public interest. In the Evolving Risks Order, the
Commission required all international section 214 authorization holders
to respond to a one-time collection to update the Commission's records
regarding their foreign ownership, noting that ``the information will
assist the Commission in developing a timely and effective process for
prioritizing the review of international section 214 authorizations
that are most likely to raise national security, law enforcement,
foreign policy, and/or trade policy concerns.'' In the Evolving Risks
NPRM, the Commission proposed, among other things, to prioritize the
renewal applications or any periodic review filings and deadlines based
on, for example, ``reportable foreign ownership, including any
reportable foreign interest holder that is a citizen of a foreign
adversary country,'' as defined in the Commerce Department's rule, 15
CFR 7.4. The Commission also sought comment on whether to revise its
ownership reporting threshold, currently set at 10% or greater direct
and indirect equity and/or voting interests, to 5%, noting that the
current 10% threshold may not capture all of the foreign interests that
may present national security, law enforcement foreign policy, and/or
trade policy concerns in today's national security and law enforcement
environment. The Commission also proposed, among other things, to
require applicants to certify in their application whether or not they
use equipment or services identified in the Commission's Covered List.
The Commission stated that it intends to continue to collaborate with
the relevant Executive Branch agencies and refer matters to the
Executive Branch agencies where warranted.
21. On March 14, 2024, the Commission adopted the Cybersecurity IoT
Labeling R&O to strengthen the nation's cybersecurity protections by
adopting a voluntary cybersecurity labeling program for wireless
Internet of Things (IoT) products. Through this IoT Labeling Program,
the Commission will provide consumers with an FCC IoT label that
includes the U.S. government certification mark (referred to as the
Cyber Trust Mark) that provides assurances that an IoT product that
bears the FCC IoT Label meets certain minimum cybersecurity standards
and strengthens the chain of connected IoT products in their own homes
and as part of a larger national IoT ecosystem. The Order established a
new administrative framework and regulatory structure to implement this
voluntary program, with the Commission having program oversight while
delegating certain responsibilities to new Cybersecurity Labeling
Administrators and FCC-recognized testing labs (e.g., Cybersecurity
Testing Labs) to evaluate whether particular IoT devices and products
meet the prescribed criteria for obtaining the Cyber Trust Mark. Among
other things, the Commission also determined that entities that are
owned, controlled by, or affiliated with ``foreign adversaries,'' as
defined by the Department of Commerce, should be ineligible for
purposes of the Commission's voluntary IoT Labeling Program. The
Commission also generally prohibited entities that produce equipment on
the Covered List, as well as entities named on the DOD's list of
Chinese military companies or the Department of Commerce's Entity List,
from any participation in the IoT Labeling Program. Also, the
Commission specifically prohibited any
[[Page 55535]]
of these entities from serving as a Cybersecurity Label Administrator
or serving as an FCC-recognized test lab for testing products for
compliance with forthcoming cybersecurity technical standards. The
Commission concluded that these lists represent the determination of
relevant Federal agencies that entities on these lists may pose a
national security threat within their respective areas, and that it is
not in the public interest to permit these entities to provide
assurance to the public that their products meet the new cybersecurity
standards for obtaining a Cyber Trust Mark.
III. Discussion
22. In this NPRM, the Commission proposes and seeks comment on
potential revisions to the Commission's rules designed to promote the
integrity of its equipment authorization program and ensure that it
serves the Commission's goals in protecting the communications
equipment supply chain from entities posing unacceptable national
security concerns. First, the Commission proposes to prohibit from
recognition by the FCC and participation in the equipment authorization
program, any TCB or test lab in which an entity identified on the
Covered List (i.e., any named entity or any of its subsidiaries or
affiliates) has direct or indirect ownership or control. Second, the
Commission seeks comment on the extent to which it should impose
eligibility restrictions for TCBs and test labs based on lists
developed by Executive Branch agencies that reflect expert
determinations about entities that pose national security risks. Third,
the Commission proposes and seeks comment on collecting various
ownership information from TCBs and test labs to strengthen our
oversight and implement any affiliation prohibitions that may be
adopted. Fourth, the Commission seeks comment on other aspects
associated with implementation of its proposals as well as other
considerations to strengthen the Commission's oversight of TCBs and
test labs. These include clarification of current rules and applicable
standards to ensure the impartiality and integrity of TCBs.
A. Prohibiting Recognition of TCBs and Test Labs in Which Entities
Identified on the Covered List Have Direct or Indirect Ownership or
Control
23. In 2022 in the EA Security R&O the Commission adopted rules to
prohibit authorization of certain equipment produced by entities named
on the Covered List and adopted supply chain protections that include
new informational requirements that seek to ensure that these
untrustworthy entities do not adversely influence certification of
equipment that poses unacceptable national security risks. The Covered
List is derived from specific determinations made by certain enumerated
sources (particular Executive Branch agencies with national security
expertise and Congress) under the Secure Networks Act that certain
equipment poses an unacceptable risk to national security. Congress has
also made determinations in the Secure Networks Act that certain of
these entities and their equipment pose an unacceptable risk to
national security. In the future, Executive Branch agencies may add to
the Covered List. Even before the Secure Networks Act, the Commission
designated Huawei and ZTE (along with their parents, affiliates, and
subsidiaries) as ``covered companies'' that pose a unique threat to the
security and integrity of the nation's communications networks and
supply chains because of their close ties to the Chinese government and
military, and the security flaws in their equipment.
24. In light of these determinations from expert Executive Branch
agencies and Congress about the serious national security risks posed
by entities with equipment on the Covered List, the Commission
tentatively conclude that the Commission should not recognize or permit
reliance on TCBs, test labs, or their accrediting bodies, or permit
them to have any role in the Commission's equipment authorization
program, if they have sufficiently close ties with Covered List
entities. Accordingly, the Commission proposes to restrict the
eligibility of entities that may serve as TCBs or test labs based on,
at a minimum, the Covered List. Specifically, the Commission proposes
to prohibit from recognition by the Commission and participation in its
equipment authorization program, any TCB or test lab in which an entity
identified on the Covered List (i.e., any named entity or any of its
subsidiaries or affiliates) has direct or indirect ownership or
control. The Commission's proposed prohibition would preclude the use
of such TCBs and test labs, as part of any equipment authorization-
related reliance or testing, not only with regard to certification of
equipment, but also authorization of equipment pursuant to SDoC
procedures. The Commission seeks comment on this proposal.
25. Further, in the interest of national security, and out of an
abundance of caution, the Commission finds that it is imperative that
it not allow entities identified on its Covered List to use test labs
they own or control to circumvent or otherwise undermine the
Commission's prohibition on authorization of equipment identified on
the Covered List or undermine the integrity of its supply chain. To
that end, the Commission notes that OET has taken action to deny the
re-recognition of a test lab apparently owned by an entity on the
Covered List--Global Compliance and Testing Center of Huawei
Technologies--while allowing this test lab to provide additional
information on whether it is owned or controlled by Huawei Technologies
Company or any other entity on the Covered List, and to show cause why
it should be allowed re-recognition. Accordingly, the Commission
directs OET to suspend, pending the outcome of this proceeding,
recognition of any TCB or test lab for which there is sufficient
evidence to conclude such TCB or test lab is owned or controlled by an
entity identified on the Covered List, while allowing such TCB or test
lab thirty days from the date of such suspension to certify, and
provide supporting documentation, that no entity identified on the
Covered List holds a 10% or more direct or indirect ownership interest
or controlling interest in the TCB or test lab. The Commission believes
this action is necessary to protect against additional national
security risks to its equipment authorization program and supply chain,
including protecting existing manufacturers from unknowing reliance on
untrustworthy entities, pending the implementation of the additional
ownership disclosures and transparency requirements the Commission
proposes in this proceeding. Any burden on existing recognized TCBs or
test labs should be minimal, as only those entities for whom OET has
reason to question their ownership or control by an entity or entities
identified on the Covered List will be impacted, and those TCBs or test
labs will be given an opportunity to show cause why their FCC
recognition should not be revoked for just cause. As the Commission
weighs the importance of its national security against these minimal
measures to prevent entities on the Covered List from owning or
controlling FCC-recognized TCBs or test labs, the Commission finds that
the compelling interest outweighs any burden imposed by such temporary
suspension.
B. Prohibiting Recognition of TCBs and Test Labs in Which Other
Entities That Raise National Security Concerns Have Direct or Indirect
Ownership or Control
26. The Commission also seeks comment on whether there are other
types of direct or indirect ownership or
[[Page 55536]]
control, or other types of influences beyond the Covered List
determinations that potentially could adversely affect a TCB's or test
lab's trustworthiness, or otherwise undermine the public's confidence.
In recognition that TCBs and test labs have access to proprietary,
sometimes sensitive information about suppliers and their devices, the
Commission seeks comment on whether, and to what extent, the Commission
should apply other lists developed by Executive Branch agencies that
reflect expert determinations about entities that pose national
security concerns.
27. The Covered List is only one source that identifies entities
that raise national security concerns that potentially affect the
communications equipment supply chain. Several Executive Branch
agencies with particular national security responsibilities, and based
upon specific statutory authorities, have recently developed or updated
lists that identify entities, technologies, or services that they have
determined raise national security concerns.
28. For example, the Department of Commerce maintains a list of
``foreign adversary'' countries that identifies any foreign government
or foreign non-government person that the Secretary of Commerce has
determined to have engaged in a ``long-term pattern or serious
instances of conduct significantly adverse to the national security
interest of the United States or security and safety of United States
persons.'' The Department of Commerce's list of foreign adversaries
currently includes several foreign governments and foreign non-
government persons, including China (including Hong Kong), Cuba, Iran,
and Russia. As discussed above, the Commission has recently relied in
part on this foreign adversary list (as well as the Covered List) in
both the Evolving Risks Order and NPRM and the Cybersecurity IoT
Labeling R&O, when making proposals and taking particular actions,
respectively, that serve to promote the Commission's national security
goals in those proceedings.
29. The Department of Defense (DOD), pursuant to section 1260H of
the NDAA of 2021, has identified each entity that the Secretary of
Defense has determined is a ``Chinese military company'' that is
``operating directly or indirectly in the United States'' and is
``engaged in providing commercial services, manufacturing, producing,
or exporting.'' This DOD list (1260H List) currently includes 73
entities, including three of the five equipment manufacturers listed on
the Covered List. Beginning in 2026, pursuant to other statutes, the
DOD is prohibited from procurement from companies identified on the
1260H list.
30. Meanwhile, the Department of Commerce's Entity List identifies
entities that are reasonably believed to be involved in, or to pose a
significant risk of being or becoming involved in, activities contrary
to U.S. national security or foreign policy interests. Among other
things, the Entity List seeks to ensure that sensitive technologies do
not fall into the hands of known threats. As discussed above, in its
Cybersecurity IoT Labeling R&O the Commission prohibited entities named
on DOD's 1260H List or the Department of Commerce's Entity List (as
well as entities producing equipment on the Covered List) from any
participation in the Commission's IoT Labeling Program.
31. Further, there are various other Executive Branch agency lists
that address national security concerns in addition to those above. For
instance, the Commerce Department also publishes a Military End User
List, which identifies foreign parties that pursuant to the Export
Administration Regulations (EAR) are prohibited from receiving
particular items, including certain telecommunications equipment and
software, unless the exporter secures a license. These parties have
been determined by the U.S. Government to be ``military end users,''
and represent an unacceptable risk of use in or diversion to a
``military end use'' or ``military end user'' in China, Russia, or
Venezuela. The Department of Treasury's Office of Foreign Assets
Control, in coordination with the Department of State and DOD,
administers various sanctions programs, including the Non-Specially
Designated Nationals Chinese Military-Industrial Complex Companies List
(CMIC List), which identifies individuals and companies as operating or
having operated in the defense or surveillance technology sector of the
People's Republic of China and from which U.S. persons are generally
prohibited from purchasing or selling publicly traded securities. In
section 5949 of the NDAA for FY 2023, Congress prohibited executive
agencies from procuring, obtaining, or contracting with entities to
obtain any electronic parts, products, or services that include
``covered semiconductor chips'' produced by three Chinese companies
(and their subsidiaries or affiliates). The legislation authorizes DOD
and the Commerce Department to designate other ``covered products or
services'' if they determine them to be owned, controlled by, or
connected to the government of a foreign country of concern, including
China, Russia, North Korea, and Iran.
32. The Commission seeks comment on whether, and if so, the extent
to which, the Commission should rely upon any of the various lists
developed by the Executive Branch agencies that involve particular
determinations relating to national security as a source to identify
entities that raise national security concerns warranting a prohibition
on participation in the Commission's equipment authorization program.
While each list is designed to support specific prohibitions or agency
objectives, the national security objectives common throughout each may
warrant that the Commission take a cautious approach, especially with
respect to those products for which relevant Federal agencies have
expressed other security concerns. Are any such lists particularly
suitable, or ill-fitting, for the equipment authorization context? The
Commission also seeks comment on whether it should consider any other
Executive Branch agency lists to rely upon as a source to identify
entities that raise national security concerns and to restrict
participation of those entities in the Commission's equipment
authorization program. What other lists or sources of information
should the Commission consider?
33. The Commission notes that it has a longstanding policy of
according deference to the Executive Branch agencies' expertise in
identifying risks to national security and law enforcement interests.
With regard to each of these lists, to the extent that commenters
recommend consideration of any of these lists with regard to
eligibility for recognition of a TCB or test lab, the Commission asks
that commenters explain why such eligibility should be restricted based
on the list, as well as any other considerations the Commission should
take into account in implementing such a restriction. The Commission
invites comment on any other issues concerning consideration of any of
these lists of Executive Branch determinations.
34. Further, the Commission seeks comment on other determinations
on which it should rely to prohibit participation in its equipment
authorization program. Specifically, should any ``foreign entity of
concern'' as defined by the CHIPS Act be prohibited from participation?
What about entities subject to exploitation, influence, or control by
the government of a foreign adversary, such as foreign adversary state-
owned enterprises,
[[Page 55537]]
including their U.S.-based subsidiaries, or entities that conduct
research, development, testing, and evaluation in support of the
military or intelligence apparatus of a foreign adversary (i.e. defense
contractors)? What about entities with ownership interests by
municipal, state, or other governmental entities within a foreign
adversarial country? Are there any other determinations reflecting
national security risks and/or practices contrary to U.S. interests,
such as entities with documented evidence of human rights abuses,
forced labor, and similar practices, including entities who meet the
criteria established by the Uyghur Forced Labor Prevention Act? Are
there any other determinations the Commission should consider that
would indicate the untrustworthiness of an entity in terms of its
equipment authorization program?
C. Ownership, Control, or Influence by Entities That Pose an
Unacceptable Risk to National Security
35. To further protect the nation's telecommunications
infrastructure and communications equipment supply chain from threats
in an evolving national security landscape and to ensure the integrity
of the equipment authorization program, the Commission proposes and
seeks comment on collecting various ownership and control information
from TCBs and test labs.
36. The Commission notes that, outside the context of the equipment
authorization program, the Commission and other government agencies
have routinely adopted rules to identify direct or indirect ownership
or control of entities by third parties in order to address national
security, competition, or other concerns. The Commission in many cases
has required regulated entities to disclose information regarding
related parties, whether those other parties control the entity, or
have an ownership interest in it, or have some other relationship with
the entity that is relevant to the public interest. For example,
applicants seeking a new FCC satellite license, a modification of a
satellite license, or the assignment or transfer of a satellite
license, must disclose certain information both about foreign ownership
and corporate ownership. The Commission's rules also require the
disclosure of ownership information and corporate ownership information
that would assist the Commission's public interest review of
applications for international section 214 authority. The Commission
notes that in the recent Evolving Risks Order and NPRM, the Commission
sought comment on revising its ownership reporting threshold, currently
set at 10% or greater direct and indirect equity and/or voting
interests, to 5%, noting that the current 10% threshold may not capture
all of the foreign interests that may present national security, law
enforcement foreign policy, and/or trade policy concerns in today's
national security and law enforcement environment. With respect to
wireless licenses, there are a number of rules requiring applicants
and/or licensees to disclose certain information on ownership and
control. Similarly, with respect to radio and local television
licenses, the Commission's media ownership rules require extensive
disclosure of information. The Commission likewise requires that
entities seeking small business bidding credits in Commission spectrum
license auctions have attributed to them revenues of parties with
controlling interests in the entity, as well as other entities that
those parties control and other entities within its own control. In
addition, such entities will have the revenues of parties with an
interest in their spectrum licenses beyond a specified threshold
attributed to them as well, to assure that those other parties are not
using the entities as a conduit for spectrum access obtained with a
bidding credit. In order to enforce these ownership rules, the
Commission requires applicants for such licenses to supply certain
information.
37. Additionally, the Commission notes that other Executive Branch
agencies also require entities to supply information on ownership and
control so that the agencies can carry out their statutory
responsibilities. For example, in the 2021 Standard Questions Order, 86
FR 68428 (December 2, 2021), the Commission adopted a set of
standardized national security and law enforcement questions (Standard
Questions) that certain applicants and petitioners with reportable
foreign ownership will be required to answer as part of the Executive
Branch review process of their applications and petitions. With respect
to such applications or petitions that the Commission accepts for
filing and refers to the relevant Executive Branch agencies for their
review of any national security, law enforcement, and other concerns
related to the foreign ownership, as part of the Commission's public
interest review of the application or petition, the applicants and
petitioners will be required to provide to the Committee information
regarding all entities that hold or will hold an ownership interest of
five percent or more in the applicant or petitioner in question. The
Commission has noted that this information is important to the
Committee's review of applications and petitions referred by the
Commission for national security and law enforcement concerns and will
assist the Committee's determination whether to recommend to the
Commission that grant of the application or petition is consistent with
U.S. national security and law enforcement interests. Similarly, the
Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR) requires
certain companies to file premerger notifications with the Federal
Trade Commission and the Antitrust Division of the Department of
Justice. Companies required to submit a HSR pre-merger notification
must supply certain information, including, inter alia, information on
subsidiaries of the filing entity and minority shareholders of the
filing entity and its ultimate parent entity.
38. TCB and test lab ownership and control reporting requirements.
In order to more effectively protect the Commission's equipment
authorization program from the direction or influence of untrustworthy
entities and ensure the integrity of the program, the Commission
proposes to require any entity seeking to become an FCC-recognized TCB
or test lab to submit to the Commission sufficient information for the
Commission to determine the TCB's or test lab's ownership and control,
consistent with any threshold determinations the Commission may adopt,
as proposed in this proceeding.
39. The Commission believes that collection of certain general
ownership and control information places the Commission in the best
position to evaluate any ownership interest concerns that potentially
may be raised regarding an entity's impartiality or trustworthiness,
particularly with regard to potential influence by entities that raise
national security concerns. Further, the Commission also believes that
such ownership information could be relevant to establishing
appropriate ``qualifications and standards'' under section 302(e)
regarding private entities to which the Commission has delegated and
entrusted certain responsibilities as part of its equipment
authorization program. The Commission has broad authority under section
302, when delegating certification responsibilities to private
organizations such as TCBs and test labs, to ``establish such
qualifications and standards as it deems appropriate'' for
certification and testing activities. In particular, such data can be
instructive in efforts to bolster the integrity of the equipment
authorization
[[Page 55538]]
program, such as ensuring that TCBs are complying with applicable
impartiality requirements and rules targeted at ensuring they are not
owned or controlled by a manufacturer whose equipment they must
examine.
40. The Commission proposes that each TCB or test lab be required
to report direct or indirect equity and/or voting interest in the TCB
or test lab of 5% or greater. In other similar information collections,
the Commission has agreed with Executive Branch determinations that a
5% threshold is appropriate because in some instances less-than-ten
percent foreign ownership interest--or a collection of such interests--
may pose a national security or law enforcement risk. The Commission
seeks comment on this proposal. Alternatively, the Commission seeks
comment on other levels and on whether it should raise or lower the
ownership threshold for purposes of disclosure. If the Commission were
to require submission of any such ownership information, how should
such information be collected (e.g., what particular information in
what kind of submissions) and how frequently should this information be
reported to the Commission? Should there be a distinction between
foreign private ownership vs. foreign governmental ownership? The
Commission also seeks comment on evolving ownership and how to ensure
that the Commission is timely informed of changes in ownership of TCBs
and test labs. Should additional reporting requirements apply to
changes in ownership? If so, what thresholds of change should trigger
such reporting? The Commission seeks comment on relevant aspects to the
information that should be collected.
41. Further, to implement the proposed prohibition of Covered List
entities discussed above and align the prohibition with the
Commission's equipment authorization program rules regarding prohibited
equipment, the Commission proposes to prohibit from recognition by the
FCC and participation in its equipment authorization program any TCB or
test lab in which an entity identified on the Covered List controls or
holds a 10% or more direct or indirect ownership interest. The
Commission seeks comment on this proposal. The Commission also invites
comment on any other threshold interest level that commenters may
believe appropriate, and requests that they provide support for their
views. The Commission makes this proposal while noting that, in the EA
Security R&O, the Commission prohibited authorization of equipment
produced by ``affiliates'' of entities named on the Covered List and
defined an ``affiliate'' as ``an entity that (directly or indirectly)
own or controls, is owned or controlled by, or is under common
ownership or control with another entity,'' and defined the term `own'
in this context as to ``have, possess, or otherwise control an equity
interest (or the equivalent thereof) of more than 10 percent.'' The
Commission therefore proposes to revise the term ``own'' in this
context to reflect ten percent or more, rather than more than 10
percent. The Commission seeks comment on this proposal. The Commission
further proposes to require that TCBs and test labs that are currently
recognized by the FCC must: (1) no later than 30 days after the
effective date of any final rules adopted in this proceeding, certify
that no entity identified on the Covered List or otherwise specified in
the Commission's final rules has direct or indirect ownership or
control of the relevant TCB or test lab, and (2) no later than 90 days
after the effective date of any final rules adopted in this proceeding
identify any entity (including the ultimate parent of such entities)
that holds such ownership or control interest as the Commission's final
rules require, currently proposed as 5% or more ownership, as discussed
above. The Commission proposes to adopt the definition of ``ultimate
parent entity'' used in the rules governing pre-merger notifications
under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, which
defines the ultimate parent entity as ``an entity which is not
controlled by any other entity.'' The Commission seeks comment on this
proposal. In keeping with this proposal, the Commission also proposes
to clarify the requirement that every entity specifically named on the
Covered List must provide to the Commission, pursuant to Sec.
2.903(b), information regarding all of its subsidiaries and affiliates,
not merely those that produce ``covered'' equipment. Further, the
Commission proposes that, if a relevant TCB or test lab does not so
certify, or provides a false or inaccurate certification, the
Commission would suspend the recognition of any such TCB or test lab
and commence action to withdraw FCC recognition under applicable
withdrawal procedures, as discussed further below. The Commission seeks
any additional comment on these proposals and their implementation.
D. Rule Revisions Concerning TCBs and Test Labs
1. Telecommunications Certification Bodies
42. As discussed above, the Commission proposes to prohibit from
recognition by the FCC and participation in its equipment authorization
program, any TCB or test lab in which an entity identified on the
Covered List controls or holds a 10% or more direct or indirect
ownership interest and seeks comment on a similar prohibition with
regard to other entities that raise national security concerns. The
Commission also proposes to collect certain ownership information from
TCBs and test labs. In this section, the Commission proposes and seeks
comment on additional issues regarding implementation of its proposed
prohibition as well as any other revisions the Commission may adopt in
this rulemaking.
43. Post-market surveillance. The Commission invites comment on
whether it should revise the post-market surveillance rules, policies,
or guidance to expressly require such surveillance of granted
authorizations, not only with respect to compliance with technical and
attestation requirements, but also regarding compliance relating to the
prohibition on authorization of ``covered'' equipment. The Commission
seeks comment on reasonable practices TCBs could implement to identify
erroneous authorizations of ``covered'' equipment. Are there best
practices or analogous legal frameworks that could be leveraged here?
Should the Commission change the post-market surveillance requirements
to require that TCBs review certification grants by other TCBs? Should
the Commission require that any post-market surveillance testing be
done only by FCC-recognized labs in the United States and/or MRA
countries? What other measures should the Commission take to strengthen
the integrity of the post-market surveillance process to ensure that
prohibited equipment has not been erroneously authorized? The
Commission also invites comment on any other revisions that it should
consider in light of any revisions that the Commission adopts in this
proceeding.
44. TCB accrediting bodies. In order for a TCB that is recognized
by the FCC to remain so recognized, the TCB's accreditation body must
perform an assessment at least every two years to determine that the
TCB remains competent to perform the work for the scopes for which it
has been recognized. Upon successful completion of the re-
[[Page 55539]]
assessment by the accreditation body, the information is sent to the
TCB's designating authority, which then updates this continued
accreditation in the FCC's EAS database. Neither the ISO/IEC standards
nor Commission rules include any specific restrictions on the ownership
or control of an accreditation body. MRAs generally focus on the
capability of accreditation bodies, and do not include specific
provisions or restrictions on ownership other than impartiality.
45. The Commission seeks comment on potential revisions concerning
its rules and procedures for recognition and re-recognition of TCB
accrediting bodies in light of any revisions that the Commission may
adopt in this proceeding. What revisions are needed, if any, to ensure
that the accreditation body's assessment of entities seeking to become
TCBs includes a review of the TCB's ownership and compliance with any
requirements the Commission may adopt in this proceeding?
46. Accreditation and reassessment of TCBs. The Commission seeks
comment on whether it should clarify or revise its rules or procedures
concerning the accreditation of TCBs to ensure that the TCBs can meet
their responsibilities. The Commission seeks comment on what particular
steps or procedures in the accreditation process could be implemented
to examine how TCBs are structured, owned, or managed to safeguard
impartiality and otherwise ensure that commercial, financial, or other
pressures do not compromise impartiality on certification activities
concerning prohibited equipment authorization. Under the Commission's
rules, each TCB must be reassessed for continued accreditation at least
every two years. If the Commission were to decide to revise any rules
or procedures to address impartiality or untrustworthiness concerns
along the lines indicated above, the Commission similarly proposes to
require any reassessment for continued accreditation to take those
issues into account. Accordingly, the Commission seeks comment on the
potential clarifications or revisions to the process for the periodic
reassessment of TCBs for continued recognition by the Commission.
Should, for instance, the Commission provide additional clarity on the
reassessment process for submitting the request for reassessment or the
review by the accrediting body? Are there other requirements that the
Commission should adopt consistent with the issues raised above and the
Commission goals in this proceeding?
47. The Commission also seeks comment on whether any clarifications
or revision of rules or procedures, either for a new accreditation or a
continued accreditation, may implicate or affect U.S. international
agreements such as MRAs concerning TCBs and TCB accreditation. Finally,
to the extent any commenter proposes further clarification or
revisions, the Commission asks that they address any implications under
the existing MRAs and whether and how to implement any suggested
changes.
48. FCC recognition of TCBs. Considering the proposals and
approaches the Commission discusses above, the Commission seeks comment
on whether it should consider potential revisions to the rules or
processes by which the Commission recognizes a TCB following its
initial accreditation, and/or the process by which accreditation is
subsequently extended on a periodic basis, including any further review
the FCC would do to continue to recognize an accredited TCB. Under the
Commission's current rules, it will recognize as a TCB any organization
in the United States that meets the qualification criteria and is
accredited and designated by NIST or NIST's recognized accreditor.
Additionally, the Commission will recognize as a TCB any organization
outside the United States that meets the qualification criteria and is
designated pursuant to the applicable bilateral or multilateral MRA.
The Commission seeks comment on whether it should consider making any
clarifications or changes to the FCC recognition process to better
ensure that TCBs have the capacity and procedures to meet their
obligations under Commission rules, including any requirements the
Commission adopts in this proceeding. The Commission invites comment on
its rules and procedures regarding recognition of TCBs as qualified for
authorizing equipment. Are there any changes that should be considered,
either to the rules or procedures concerning the FCC's initial
recognition of a TCB, or its continued recognition following any
periodic reassessment or reaccreditation of TCBs? To the extent that
commenters suggest any changes to the rules or procedures, the
Commission asks that they address any implications for MRAs applicable
to equipment certification.
49. Withdrawal of FCC recognition. In addition, the Commission
seeks comment on tits rules and policies regarding withdrawal of FCC
recognition of a TCB. Under the Commission's rules it will withdraw
recognition of a TCB if its designation or accreditation is withdrawn,
if the Commission determines that there is ``just cause'' for
withdrawing the recognition, or if the TCB requests that it no longer
be designated or recognized.
50. The Commission invites comment on the procedures by which it
would withdraw recognition of a TCB. The Commission's rules require
that it notify a TCB in writing when it has concerns or evidence that
the TCB is not certifying equipment in accordance with the Commission
rules and policies, and request that the TCB explain and correct any
deficiencies. The rules also provide particular procedures for
withdrawal, including notification requirements such as providing TCBs
at least 60 days to respond. To the extent the TCB was designated and
recognized pursuant to an MRA, the Commission must consult with the
U.S. Trade Representative, as necessary, concerning any disputes
involving the Telecommunications Trade Act of 1988. In light of the
Commission's proposals and issues raised above, the Commission invites
comment on whether it should consider clarifications or revisions to
the Commission's rules or policies, including the current notification
requirements and procedures, and if so whether and to what extent such
changes would affect the MRAs.
2. Measurement Facilities (Test Labs)
51. In this section, the Commission proposes and seeks comment on
additional issues regarding implementation of its proposed prohibition,
as well as any other revisions the Commission may adopt in this
rulemaking, concerning test labs.
52. Transparency. With the existing transparency requirements and
public availability requirements regarding any test lab data and
information that TCBs rely upon, are there additional transparency
requirements that would be necessary or appropriate in light of the
proposal above? The Commission asks that commenters recommending any
particular changes address the implications of such changes for
existing Commission rules and policies, including the consistency of
such changes with ISO/IEC 17025, as well as any potential MRA-related
implications.
53. Test lab accrediting bodies. The Commission also invites
comment on whether additional clarifications or modifications to the
current processes regarding the accreditation of test labs are
appropriate in light of the Commission proposals and discussion above
and its goals in this proceeding. The Commission asks that commenters
discuss what changes may be needed with regard to the accreditation
body's expertise were the Commission to adopt its proposals to preclude
the
[[Page 55540]]
accreditation of any test labs associated with entities identified on
the Covered List, as well as what changes may be needed in the event
that the Commission concludes that other indicia about test labs affect
their eligibility. Commenters should address the specific reasons for
making changes that are not already addressed by Commission rules and
policies. Finally, the Commission asks that commenters address any
other implications of their suggestions, including the extent to which
MRAs may be affected.
54. Also, in light of evolving national security risks, such as
those that may be reflected in the Commerce Department's ``foreign
adversaries'' list, the Commission proposes to preclude accreditation
bodies associated with any such foreign adversary and seeks comment.
How would such association be determined? The Commission also seeks
comment on whether test lab accreditation bodies should be located only
in the United States or other MRA-partnered countries.
55. Accreditation of test labs. The Commission also seeks comment
on the responsibilities and procedures by which FCC-recognized
accreditation bodies conduct their assessment of prospective test labs
and determine whether to accredit particular test labs. Should the
Commission clarify its recognition requirements with regard to any of
the ISO/IEC 17025 standards into its rules and procedures to ensure
that the accreditation process for test labs is sufficiently robust to
ensure that the requirements that labs be competent and impartial, are
managed to safeguard impartiality, and generate valid test results, and
that effective procedures are in place include ensuring that labs meet
the ownership and control requirements adopted in the proceeding?
56. The Commission also requests comment on whether any of these
Commission rules or policies concerning reassessment of test lab
accreditation every two years should be clarified or revised in order
to help ensure that untrustworthy labs are not recognized and do not be
continued to be recognized by the Commission. The Commission notes that
if it were to adopt clarifications of any ISO/IEC 17025 principles
(e.g., on personnel, training, or effective management) to ensure that
test labs conduct testing in a competent and impartial manner, the
Commission proposes to require that the accreditation bodies reassess
test labs under the new requirements or procedures. Should OET
establish additional specific procedures for reassessment and FCC re-
recognition of test labs? The Commission seeks comment on other
potential revisions of its procedures for reassessment of test labs
every two years, as well as potential revisions of the Commission's
procedures for recognition and revocation of recognition. The
Commission also seeks comment on any MRA-related issues/concerns that
could arise from adoption of any of these possible rule revisions.
57. Finally, the Commission seeks comment on whether, in light of
evolving national security concerns, the Commission should revisit its
rules and procedures for recognizing test labs with regard to some or
all of the countries in economies that do not have an MRA with the
United States. For instance, should the Commission no longer recognize
any test lab that is located within a ``foreign adversary'' country
that does not have an MRA with the United States? To date, the
Commission has recognized three accreditation bodies, all located in
the United States, to designate test labs that are located in non-MRA
countries. Under the Commission's current rules, these bodies accredit
test labs based on ISO/IEC 17025, the same standard by which test labs
located in the United States and other MRA-partnered countries are
accredited. The Commission has recognized numerous test labs located in
economies that do not have an MRA with the United States. The
Commission also notes that a number of these test labs also are owned
and controlled by TCBs, which must be located in economies that have
entered into MRAs with the United States.
58. FCC recognition. The Commission seeks comment on revisions to
its rules concerning eligibility restrictions on entities that will be
recognized by the Commission as a test lab in its equipment
authorization program. The Commission invites comment on whether any
other clarifications or revisions to these Commission rules, policies,
or guidance would be appropriate. For example, the Commission seeks
comment on any necessary clarifications or revisions to the
Commission's process for its initial recognition of test labs and to
continued Commission recognition following any re-accreditation that
occurs on a periodic basis at least every 2 years. The Commission also
invites comment on whether it should adopt a more formal FCC review
process before initially recognizing a test lab or continued
recognition of test labs, and, if so, ask that commenters provide any
suggestions they may have as to what such new procedures should look
like. The Commission also seeks comment on any MRA-related issues or
concerns that may arise from any changes to the current TCB recognition
process.
59. Withdrawal of recognition. The Commission proposes and seeks
comment on clarifying or modifying the steps that the Commission should
take when it determines whether to withdraw recognition of a test lab
if the Commission were to adopt changes regarding the type of entities
that it will recognize as test labs, or continue to recognize, under
the equipment authorization program.
60. To the extent that the Commission ultimately adopts any of the
proposals discussed above (e.g., making test labs associated with
entities identified on the Covered List ineligible) or takes other
actions to restrict eligibility on entities (e.g., based on other
ownership interests or controlling issues that the Commission may
prohibit), the Commission proposes that it withdraw recognition of any
test lab that cannot meet the revised requirements for an FCC-
recognized test lab. The Commission seeks comment on this proposal, and
on the procedures that the Commission should employ with regard to
withdrawing continued recognition of such test labs.
61. As with the Commission's discussion of TCBs above, the
Commission also believes that repeated failure of a test lab to provide
accurate test results, or a test lab's lack candor with regard to
interactions with the Commission, would constitute sufficient basis for
withdrawal of recognition, and propose that were such circumstances to
be presented, the Commission would move forward with withdrawing any
existing FCC recognition of such a test lab. The Commission seeks
comment on this proposal. The Commission also invites comment on other
bases that would merit the Commission proceeding with withdrawing
recognition of any existing test lab.
62. Use of accredited, FCC-recognized test labs in SDoC process. As
discussed above, the Commission's current rules on authorization of
equipment through the SDoC process do not require that any requisite
testing of equipment be conducted by an accredited, FCC-recognized test
lab. As the Commission seeks to ensure the integrity of its equipment
authorization program, including ensuring test labs in which entities
identified on the Covered List have certain direct or indirect
ownership interests or control do not participate in the Commission's
equipment authorization program, the Commission seeks comment on
whether it also should require that all equipment authorized pursuant
to the SDoC process be tested by accredited and
[[Page 55541]]
FCC-recognized test labs. Such action could serve to further promote
the integrity of the program in precluding untrustworthy test labs from
participation and the Commission's national security goals addressed in
the proceeding. The Commission seeks comment on this approach.
63. Other issues. Finally, to the extent not specifically asked
above, the Commission asks that commenters address whether and, if so,
how any of the Commission's proposals herein might affect existing MRAs
and/or necessitate further action regarding existing or potential MRAs.
Commenters should address any legal authority issues that may arise and
the extent to which MRAs or other trade policies may be affected by
these proposals.
IV. Ordering Clauses
64. Accordingly, it is ordered, pursuant to the authority found in
sections 1, 4(i), 229, 301, 302, 303, 309, 312, 403, and 503 of the
Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 229,
301, 302a, 303, 309, 312, 403, and 503, section 105 of the
Communications Assistance for Law Enforcement Act, 47 U.S.C. 1004; the
Secure and Trusted Communications Networks Act of 2019, 47 U.S.C. 1601-
1609; and the Secure Equipment Act of 2021, Public Law 117-55, 135
Stat. 423, 47 U.S.C. 1601 note, that this Notice of Proposed Rulemaking
is hereby adopted.
65. It is further ordered that the Commission's Office of the
Secretary, shall send a copy of this Notice of Proposed Rulemaking,
including the Initial Regulatory Flexibility Analysis, to the Chief
Counsel for Advocacy of the Small Business Administration.
List of Subjects in 47 CFR Part 2
Administrative practice and procedures, Communications,
Communications equipment, Disaster assistance, Radio, Reporting and
recordkeeping requirements, and Telecommunications.
Federal Communications Commission.
Marlene Dortch,
Secretary.
Proposed Rules
For the reasons discussed in the document, the Federal
Communications Commission proposes to amend 47 CFR part 2 as follows:
PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL
RULES AND REGULATIONS
0
1. The authority citation for part 2 continues to read as follows:
Authority: 47 U.S.C. 154, 302a, 303, and 336, unless otherwise
noted.
0
2. Section 2.903 is amended by revising paragraph (b), and the
definition of ``Affiliate'' in paragraph (c) to read as follows:
Sec. 2.903 Prohibition on authorization of equipment on the Covered
List.
* * * * *
(b) Each entity named on the Covered List, as established pursuant
to Sec. 1.50002 of this chapter, must provide to the Commission the
following information: the full name, mailing address or physical
address (if different from mailing address), email address, and
telephone number of each of that named entity's associated entities
(e.g., subsidiaries or affiliates).
(1) Each entity named on the Covered List must provide the
information described in paragraph (b) of this section no later than
[30 DAYS AFTER PUBLICATION OF FINAL RULES IN THE FEDERAL REGISTER];
(2) Each entity named on the Covered List must provide the
information described in paragraph (b) of this section no later than 30
days after the effective date of each updated Covered List; and
(3) Each entity named on the Covered List must notify the
Commission of any changes to the information described in paragraph (b)
of this section no later than 30 days after such change occurs.
(c) * * *
Affiliate. The term ``affiliate'' means an entity that (directly or
indirectly) owns or controls, is owned or controlled by, or is under
common ownership or control with, another entity; for purposes of this
paragraph, the term `own' means to have, possess, or otherwise control
an equity or voting interest (or the equivalent thereof) of 10 percent
or more.
* * * * *
0
3. Section 2.938 is amended by revising paragraph (b)(1)(ii) to read as
follows:
Sec. 2.938 Retention of Records.
* * * * *
(b) * * *
(1) * * *
(ii) State the name of the test laboratory, company, or individual
performing the testing. The Commission may request additional
information regarding the test site, the test equipment, or the
qualifications of the company or individual performing the tests,
including documentation identifying any entity that holds a 5% or
greater direct or indirect equity or voting interest in the test
laboratory, company, or individual performing the testing;
* * * * *
0
4. Section 2.948 is amended by:
0
a. Adding paragraphs (b)(1)(viii) and (b)(1)(ix);
0
b. Redesignating paragraph (c)(9) as paragraph (c)(10), and adding new
paragraph (c)(9);
0
c. Adding paragraphs (g), and (h).
The revisions and additions read as follows:
Sec. 2.948 Measurement facilities.
* * * * *
(b) * * *
(1) * * *
(viii) Certification from each measurement facility that no entity
identified on the Covered List has, possesses, or otherwise controls an
equity or voting interest of 10% or more in the measurement facility;
and
(ix) Documentation identifying any entity that holds a 5% or
greater direct or indirect equity or voting interest in the measurement
facility.
* * * * *
(c) * * *
* * * * *
(9) Each recognized laboratory must certify to the Commission, no
later than [30 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no
later than 30 days after any relevant change in the required
information takes effect, that no entity identified on the Covered List
has, possesses, or otherwise controls an equity or voting interest of
10% or more in the laboratory;
* * * * *
(g) No equipment will be authorized under either the certification
procedure or the Supplier's Declaration of Conformity if such
authorization is reliant upon testing performed at a laboratory or
measurement facility in which any entity identified on the Covered
List, as established pursuant to Sec. 1.50002 of this chapter, has,
possesses, or otherwise controls an equity or voting interest of 10% or
more.
(h) Regardless of accreditation, the Commission will not recognize
any test lab:
(1) In which any entity identified on the Covered List, as
established pursuant to Sec. 1.50002 of this chapter, has, possesses,
or otherwise controls an equity or voting interest of 10% or more;
(2) That fails to provide, or provides a false or inaccurate,
certification as required in paragraph (c)(9) of this section; or
(3) That repeatedly fails to provide accurate test results or lacks
candor with regard to interactions with the Commission.
[[Page 55542]]
0
5. Section 2.949 is amended by adding paragraph (c) as follows:
Sec. 2.949 Recognition of laboratory accreditation bodies.
* * * * *
(c) The Commission will not recognize a laboratory accreditation
body that has any affiliation with a foreign adversary as designated by
the U.S. Department of Commerce at 15 CFR 7.4.
0
6. Section 2.960 is amended by adding paragraph (d) as follows:
Sec. 2.960 Recognition of Telecommunication Certification Bodies
(TCBs).
* * * * *
(d) The Commission will not recognize any TCB for which any entity
identified on the Covered List, as established pursuant to Sec.
1.50002 of this chapter, has, possesses, or otherwise controls an
equity or voting interest of 10% or more.
0
7. Section 2.962 is amended by revising paragraph (e)(2) and adding
paragraphs (e)(6) through (e)(9) as follows:
Sec. 2.962 Requirements for Telecommunication Certification Bodies.
* * * * *
(e) * * *
(2) The Commission will notify a TCB in writing of its intention to
withdraw or limit the scope of the TCB's recognition and provide at
least 60 days for the TCB to respond. In the case of a TCB designated
and recognized pursuant to an bilateral or multilateral mutual
recognition agreement or arrangement (MRA), the Commission shall
consult with the Office of the United States Trade Representative
(USTR), as necessary, concerning any disputes arising under an MRA for
compliance with the Telecommunications Trade Act of 1988 (Section 1371-
1382 of the Omnibus Trade and Competitiveness Act of 1988).
(i) The Commission will withdraw its recognition of a TCB if:
(A) The TCB's designation or accreditation is withdrawn, if the
Commission determines there is just cause for withdrawing the
recognition;
(B) The TCB requests that it no longer hold its designation or
recognition;
(C) The TCB fails to provide the certification required in
paragraph (8); or
(D) The TCB fails to fulfill its obligations to the Commission to
ensure that no authorization is granted for any equipment that is
produced by any entity identified on the Covered List, established
pursuant to Sec. 1.50002 of this chapter.
(ii) The Commission will limit the scope of equipment that can be
certified by a TCB if its accreditor limits the scope of its
accreditation or if the Commission determines there is good cause to do
so.
(iii) The Commission will notify a TCB in writing of its intention
to withdraw or limit the scope of the TCB's recognition and provide at
least 60 days for the TCB to respond. In the case of a TCB designated
and recognized pursuant to an bilateral or multilateral mutual
recognition agreement or arrangement (MRA), the Commission shall
consult with the Office of the United States Trade Representative
(USTR), as necessary, concerning any disputes arising under an MRA for
compliance with the Telecommunications Trade Act of 1988 (Section 1371-
1382 of the Omnibus Trade and Competitiveness Act of 1988).
* * * * *
(6) The Commission will not recognize as a TCB any organization in
which any entity identified on the Covered List, as established
pursuant to Sec. 1.50002 of this chapter, has, possesses, or otherwise
controls an equity or voting interest of 10% or more.
(7) A TCB must have an organizational and management structure in
place, including personnel with specific training and expertise, to
verify that no authorization is granted for any equipment that is
produced by any entity identified on the Covered List, established
pursuant to Sec. 1.50002 of this chapter.
(8) Each recognized TCB must certify to the Commission, no later
than [30 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later
than 30 days after any relevant change in the required information
takes effect that no entity identified on the Covered List has,
possesses, or otherwise controls an equity or voting interest of 10% or
more of the TCB.
(9) Each recognized TCB must provide to the Commission, no later
than [90 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later
than 30 days after any relevant change in the required information
takes effect, documentation identifying any entity that holds a 5% or
greater direct or indirect equity or voting interest in the TCB.
* * * * *
[FR Doc. 2024-14491 Filed 7-3-24; 8:45 am]
BILLING CODE 6712-01-P