[Federal Register Volume 89, Number 145 (Monday, July 29, 2024)]
[Proposed Rules]
[Pages 60998-61004]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-16498]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

Bureau of Industry and Security

15 CFR Parts 736, 744, and 774

[Docket No. 240712-0191]
RIN 0694-AI35


Export Administration Regulations: Crime Controls and Expansion/
Update of U.S. Persons Controls

AGENCY: Bureau of Industry and Security, Department of Commerce.

ACTION: Proposed rule, with request for comments.

-----------------------------------------------------------------------

SUMMARY: The Department of Commerce, Bureau of Industry and Security 
(BIS), seeks public comments on proposed amendments to the Export 
Administration Regulations (EAR) in support of U.S. national security 
and foreign policy interests. To build upon existing controls, BIS 
proposes establishing certain Foreign-Security End User (FSEU) and 
``U.S. persons'' activities controls and Commerce Control List-based 
(CCL) controls. The proposed additions of the foreign-security end user 
control and ``U.S. persons'' activity controls would implement expanded 
authority under the Export Control Reform Act of 2018 (ECRA), as 
amended, to control certain ``U.S. persons'' activities under the EAR. 
Specific to the EAR's ``U.S. persons'' activities controls, BIS is 
proposing amendments to control ``support'' furnished by ``U.S. 
persons'' to identified foreign-security end users. In addition, BIS is 
proposing to add to the Commerce Control List two new unilateral item 
controls on facial recognition technology.

DATES: Comments must be received by BIS no later than September 27, 
2024.

ADDRESSES: Comments on this rule may be submitted to the Federal 
rulemaking portal (www.regulations.gov). The regulations.gov ID for 
this rule is: BIS-2023-0006. Please refer to RIN 0694-AI35 in all 
comments.
    All filers using the portal should use the name of the person or 
entity submitting the comments as the name of their files, in 
accordance with the instructions below. Anyone submitting business 
confidential information should clearly identify the business 
confidential portion at the time of submission, file a statement 
justifying nondisclosure and referring to the specific legal authority 
claimed, and provide a non-confidential version of the submission. For 
comments submitted electronically containing business confidential 
information, the file name of the business confidential version should 
begin with the characters ``BC.'' Any page containing business 
confidential information must be clearly marked ``BUSINESS 
CONFIDENTIAL'' on the top of that page. The corresponding non-
confidential version of those comments must be clearly marked 
``PUBLIC.'' The file name of the non-confidential version should begin 
with the character ``P.'' Any submissions with file names that do not 
begin with either a ``BC'' or a ``P'' will be assumed to be public and 
will be made publicly available through https://www.regulations.gov. 
Commenters submitting business confidential information are encouraged 
to scan a hard copy of the non-confidential version to create an image 
of the file, rather than submitting a digital copy with redactions 
applied, to avoid inadvertent redaction errors which could enable the 
public to read business confidential information.

FOR FURTHER INFORMATION CONTACT: For questions specific to the human 
rights or foreign-security end-user provisions set forth in proposed 
Sec.  744.25, contact Anthony Christino, Director, Human Rights and 
Embargoes Division, [email protected], Phone: (202) 482-
3241. For general questions, contact Hillary Hess, Director, Regulatory 
Policy Division, [email protected]. Include, ``Human Rights End Users'' 
on subject line of emails. Phone: (202) 482-2440.

SUPPLEMENTARY INFORMATION:

Background

    In accordance with the Export Control Reform Act of 2018 (ECRA), 
the Bureau

[[Page 60999]]

of Industry and Security (BIS) utilizes item-based controls, end-user-
based controls, and specific licensing policies to address 
proliferation and prevent items subject to the Export Administration 
Regulations (EAR) from being diverted or misused contrary to U.S. 
national security and foreign policy interests. See 50 U.S.C. 4811(2); 
4813(a)(16); 15 CFR 742.7, 744.11.
    As set forth in 15 CFR 742.7, BIS imposes license requirements that 
support the protection of human rights (described in the EAR as crime 
control (CC) reasons for control). Under the licensing policy for CC-
controlled items in Sec.  742.7(b), BIS generally considers license 
applications favorably on a case-by-case basis unless there is civil 
disorder in the country or region of destination or unless there is a 
risk that the items will be used to violate or abuse human rights. In 
October 2020, BIS expanded this licensing policy beyond CC-controlled 
items to include those items controlled for any other reason (85 FR 
63007, Oct. 6, 2020). In April 2024, BIS further revised the CC 
licensing policy such that certain firearms and related items have a 
distinct licensing policy (89 FR 34680, April 30, 2024).
    In addition to item-based controls and licensing policy, BIS 
imposes end-user controls to promote the national security and foreign 
policy interests of the United States, which includes the promotion and 
protection of human rights. Entity List additions may be made to 
address activities that present a risk of being contrary to the 
national security and foreign policy interests of the United States, 
including the protection of human rights. See 15 CFR 744.11(b). To 
date, BIS has added 103 entities for such human rights reasons. With 
this proposed rule, BIS would add end user, end use, and item-based 
controls.
    On November 14, 1994, Executive Order 12938 (E.O. 12938, 59 FR 
59099) directed BIS to continue to regulate the activities of ``U.S. 
persons'' to prevent their participation in activities that could 
contribute to the proliferation of weapons of mass destruction. This 
control, which is set forth in Sec.  744.6 of the EAR, imposes 
licensing requirements on assistance furnished by ``U.S. persons'' in 
connection with activities of proliferation concern, even when such 
assistance does not involve any items subject to the EAR or any foreign 
entities subject to specified restrictions under the EAR (e.g., persons 
whose export privileges have been denied under the EAR). Subsequently, 
with the enactment of ECRA as part of the John S. McCain NDAA for FY 
2019 (Pub. L. 115-232), Congress authorized, in ECRA section 
1753(a)(2)(F), the control of ``U.S. persons'' activities related not 
only to weapons of mass destruction and their means of delivery, but 
also to specific ``foreign military intelligence services.'' 
Accordingly, in January 2021, BIS amended Sec.  744.6 of the EAR to add 
a new restriction on the activities of ``U.S. persons'' in support of 
certain military-intelligence end uses and end users. BIS also created 
a new Sec.  744.22 that targeted exports, reexports, and transfers (in- 
country) destined for certain military-intelligence end uses or end 
users (86 FR 4865, Jan. 15, 2021).
    Subsequently, section 5589(b) of the December 2022 National Defense 
Authorization Act (NDAA) for Fiscal Year (FY) 2023 (Pub. L. 117-263, 
NDAA for FY 2023) amended section 1753(a)(2)(F) of ECRA (50 U.S.C. 
4812(a)(2)(F)) by providing BIS with the statutory authority to impose 
controls on ``the activities of United States persons, wherever 
located, relating to specific foreign military, security, or 
intelligence services.'' Consistent with this statutory amendment, in 
this proposed rule, BIS would add to the ``U.S. persons'' activities 
control in Sec.  744.6 ``support'' of foreign-security end user 
activities and would expand existing part 744 restrictions to encompass 
activities of ``U.S. persons'' in connection with defined foreign-
security end users. Specifically, BIS proposes to add paragraph (b)(8) 
as the prohibition on ``U.S. persons'' `support' in Sec.  744.6(b)(8) 
to apply to foreign-security end users. BIS is proposing amendments to 
the EAR on military and intelligence end user controls, and controls 
that would restrict U.S. persons' support of such end users, in a 
separate rule published concurrently with this rule.
    Consistent with section 1754(d)(1) of ECRA (50 U.S.C. 4813(d)(1)) 
and Sec.  744.6 of the EAR, BIS proposes to regulate the ``U.S. 
persons'' activities described above only to the extent they are not 
subject to a license requirement or general prohibition administered by 
another Federal department or agency. Accordingly, ``U.S. persons'' are 
required to seek a license from BIS only for the activities described 
in section 744.6 that are not subject to a license requirement or 
general prohibition administered by the Department of Energy, 
Department of State, Department of the Treasury, or other federal 
department or agency. The issuance of a license by BIS, or any other 
federal department or agency, does not authorize ``U.S. persons'' to 
engage in any activity that is otherwise prohibited by law, including 
criminal statutes. See 15. CFR 744.6(a).
    In addition to the ``U.S. persons'' activities control and foreign-
security end user controls, BIS is proposing new item controls for 
facial recognition systems. In July 2020, BIS published a Notice of 
Inquiry (NOI) on Advanced Surveillance Systems and Other Items of Human 
Rights Concern NOI. (85 FR 43532, July 17, 2020; ``July 2020 NOI''). 
The proposed amendments in this proposed rule were informed by the 
public comments on the July 2020 NOI. In that NOI, BIS requested 
comments on: (1) new license requirements on crime control and 
detection items, including facial recognition software and other 
biometric systems for surveillance; (2) the proposed removal or 
modification of the CC controls on several items on the CCL; and (3) 
potential revisions to CC controls that are based on end uses and end 
users, such as end use and end user controls set forth in part 744 of 
the EAR.
    Of the 22 public comments received, eleven supported the 
implementation of end-use-and end-user-based controls, instead of list-
based controls (i.e., controls that derive from items' placement on the 
CCL). Overall, commenters that supported end-use and end-user-based 
controls over list-based controls noted several implementation 
challenges for list-based controls imposed to address concerns about 
misuse. Exporters cautioned that, in the human rights context, items 
are often ubiquitous and have a wide variety of end uses. Thus, 
depending on the item at issue, it may be difficult to tailor list-
based controls to precisely guard against the potential for human 
rights violations or abuses. Moreover, commenters warned that, in 
trying to meet the challenge of preventing items subject to the EAR 
from being used to commit or enable human rights violations or abuses, 
applying list-based controls may lead to over-broad controls that could 
stifle innovation and harm U.S. technological leadership. Exporters 
noted that even where list-based controls are successfully implemented, 
they may quickly become obsolete given the rapid advancement of 
technology. Commenters suggested that, in contrast to broad list-based 
controls on items that are often ubiquitous and have multiple uses, in 
the human rights context, targeted end-use and end-user controls, 
preferably end user controls, would allow BIS to review each item, end 
use, and end user to assess whether the item may be used to commit 
human rights violations or abuses.
    Additionally, several comments focused specifically on the expected

[[Page 61000]]

impact of new license requirements for facial recognition technology. 
Certain comments raised concerns with controls that could stifle the 
beneficial use of facial recognition technology. For example, 
commenters noted that the auto industry is developing new technologies 
that utilize facial-recognition-related capabilities to verify 
authorized users and allow for keyless entry and ignition. Commenters 
also noted that facial recognition technology is used in airports to 
enhance public safety and has several beneficial investigative and law 
enforcement applications when appropriate legal frameworks are in place 
to protect civil rights and liberties. In contrast, other commenters 
noted that certain state actors of concern are using facial recognition 
technology for more nefarious end uses--namely, to target individuals; 
track individuals' movements and actions; link individuals' actions to 
biometric profiles that include blood types, fingerprints, irises, and 
DNA analysis; and log spoken and written digital communications. BIS 
has considered these comments in proposing both the foreign-security 
end user control and the item controls.
    Discussed below are the proposed: `foreign-security end user' rule 
license requirement; expansion of the ``U.S. persons'' control for 
``support'' furnished by ``U.S. persons'' to identified `foreign-
security end users'; conforming changes to Sec.  744.11; and unilateral 
item controls on facial recognition technology.

I. Proposed New Sec.  744.25, Controls on `Foreign-Security End Users'

License Requirement for `Foreign-Security End Users'

    State actors exploit advancements in technologies to reinforce 
existing repression; target civil society actors, human rights 
defenders, journalists, activists, and dissidents; surveil and profile 
women in all their diversity, ethnic, religious, and racial minorities, 
and other members of marginalized populations; censor speech; spread 
misinformation and disinformation; engage in mass surveillance; control 
the flow of information; infringe privacy; and suppress freedom through 
a variety of end users, including traditional law enforcement bodies, 
public security agencies, private prisons, and private contractors. 
These practices are not new, but advances in technology have 
supercharged the ability of such state actors to leverage new 
mechanisms to deploy their repressive agendas. With this proposed rule, 
BIS would require a license for exports, reexports, and transfers (in-
country) for items subject to the EAR that are specified on the CCL 
when they are destined for `foreign-security end users,' as newly 
defined in the proposed new section, of a specified destination.
    The country scope of the license requirement would apply to Country 
Groups D:5 and E. Country Group D:5 includes countries subject to a 
U.S. arms embargo under the State Department's International Traffic in 
Arms Regulations (ITAR). Under the ITAR, with certain enumerated 
exceptions, it is the policy of the United States to deny licenses or 
other approval for exports of defense articles or defense services 
destined to these countries, including their armed forces, police, 
intelligence, or other internal security forces. See 22 CFR 126.1. 
Similarly, BIS requires a license for many ``600 series'' items--items 
that are of a military nature but do not warrant control on the U.S. 
Munitions List--to these countries. Country Group E represents 
countries that are state sponsors of terrorism or against which the 
United States imposes a unilateral embargo. BIS would impose a license 
requirement on foreign-security end users of D:5 and E countries for 
all items on the CCL to provide visibility into the end uses and end 
users of these items and to contribute to efforts to prevent use of 
these items to violate or abuse human rights.

Application of the Term `Foreign-Security End Users'

    The license requirement under this section would apply when a 
person has ``knowledge,'' as defined in part 772, that a CCL item is 
intended, entirely or in part, for `foreign-security end users.' The 
term `foreign-security end users' is defined in paragraph (f) of 
proposed new Sec.  744.25 as ``governmental and other entities with the 
authority to arrest, detain, monitor, search, or use force in the 
furtherance of their official duties.'' This definition would include 
persons or entities at all levels of the government police and security 
services, from the national headquarters or the ministry level to all 
subordinate agencies/bureaus (e.g., municipal, provincial, regional). 
The proposed definition of `foreign-security end users' also includes 
other persons or entities performing functions of a `foreign-security 
end user,' such as arrest, detention, monitoring, or search, and may 
include analytic and data centers (e.g., genomic data centers), 
forensic laboratories, jails, prisons, detention facilities, labor 
camps, and reeducation facilities, because government `foreign-security 
end users' often hire non-government entities to assist in their 
duties. Also included in the proposed definition of `foreign-security 
end users' would be Entity List entities identified through new 
footnote ``8'' designation.
    In this proposed rule, BIS would not apply the term `foreign-
security end users' to civilian emergency medical, firefighting, and 
search-and-rescue end users. In situations in which a country 
integrates police, emergency medical, firefighting, and search-and-
rescue services into a single public safety department, BIS seeks to 
ensure that the export, reexport, or transfer (in-country) of items 
necessary to protect lives is not disrupted and therefore would apply a 
case-by-case review standard. BIS also seeks to ensure that the export, 
reexport, or transfer (in-country) of items necessary to protect lives 
at airport terminals, railway and rapid transit stations, and other 
public transport hubs is not disrupted. Where an entity that appears to 
satisfy the definition of `foreign-security end user' but the end user 
is integrated into or organized under the military, the `Military End 
User' control in section 744.21 applies.

License Application Review Standard/Policy

    BIS would review license applications submitted pursuant to Sec.  
744.25 on a case-by-case basis to determine whether the proposed 
transaction presents an unacceptable risk of enabling human rights 
violations or abuses. Applications for transactions that would pose an 
unacceptable risk will be reviewed under a presumption of denial.
    This proposed rule would also establish a case-by-case license 
review policy to allow for the approval of items necessary for public 
health or safety, or for other end uses that do not implicate human 
rights. This case-by-case license review policy is intended to ensure 
that such exports, reexports, and transfers (in-country) would not be 
disrupted, while also allowing for the U.S. Government to review such 
license applications to ensure that such exports are consistent with 
that purpose and are not otherwise contrary to U.S. national security 
or foreign policy interests.
    Proposed paragraph (b) of Sec.  744.25 states that BIS may inform 
the public either individually by specific notice or through a 
rulemaking or notice published in the Federal Register that a license 
is required for specific exports, reexports, or transfers (in-county) 
of any item subject to the EAR because there is an unacceptable risk of 
use by, or diversion to, a certain end user in the specified 
destination. Only License Exception GOV, set forth in existing

[[Page 61001]]

Sec.  740.11(b)(2) and (c)(2), would be available to overcome the 
proposed license requirement if conditions of that license exception 
are met.

II. Proposed Expansion of U.S. Persons Controls

    This proposed rule would expand existing restrictions to encompass 
certain activities of U.S. persons in connection with `foreign-security 
end users.' Specifically, this proposed rule would revise Sec.  
744.6(b) of the EAR to add paragraph (b)(8) to reflect the expanded 
scope of U.S. person activities subject to the EAR, as described below, 
which includes activities identified in that section that support 
foreign-security end users defined by proposed new Sec.  744.25(f) and 
that are identified on the Entity List with a new footnote ``8'' 
designation. As with all existing Sec.  744.6(b) controls on specific 
activities of ``U.S. persons,'' such controls would only apply to the 
extent that the underlying activities would not be subject to a license 
requirement or general prohibition administered by another Federal 
department or agency. Thus, as proposed, the ``U.S. persons'' control 
would only apply to entities that fit the definition of proposed new 
Sec.  744.25(f) if they are identified on the Entity List with a 
footnote 8.

III. Proposed Conforming Amendments to Sec.  744.11

    Consistent with the proposed revisions to Sec.  744.6 and addition 
of Sec.  744.25, BIS proposes to amend Sec.  744.11 ``License 
requirements that apply to entities acting or at significant risk of 
acting contrary to the national security or foreign policy interests of 
the United States'' by adding entities that are `foreign-security end 
users' to the Entity List in supplement no. 4 to part 744, designating 
them by specific footnote, and adding license requirements for these 
entities to Sec.  744.11 of the EAR. Amendments to the Entity List 
would be made in a separate final rule.
    BIS proposes to amend Sec.  744.11 by revising the heading for 
paragraph (a)(2) from ``Entity List foreign-direct product'' (FDP) 
license requirements, review policy, and license exceptions'' to 
``Entities designated with specific conditions identified by 
footnote,'' because not all Entity List entities or footnote designated 
entities would have license requirements that include foreign-produced 
items subject to the EAR pursuant to a foreign-direct product rule in 
existing Sec.  734.9 of the EAR. This proposed rule would also move the 
description of footnote 4 entities in existing (a)(2)(ii) to 
(a)(2)(iii) and would include in (a)(2)(ii) requirements for footnote 3 
entities--Russian and Belarusian `military end users.' This proposed 
rule would reserve (a)(2)(iv), (v), (vi) for future use. Finally, this 
proposed rule would add paragraph (a)(2)(vii) footnote 8 entities--
`foreign-security end users.'
    Additionally, this proposed rule would add introductory text to 
paragraph (a)(2) to clarify that the ``standards-related activities'' 
exclusion to the license requirements set forth in existing paragraph 
(a)(1) would apply to all the footnote designated entities described in 
paragraph (a)(2).

IV. Proposed Amendments to CCL for Protection of Human Rights

    As described below, this proposed rule would revise three ECCNs in 
Category 3 of the CCL (Electronics) to enable further protection 
against human rights abuses.

Facial Recognition Systems

    Facial recognition technology coupled with artificial intelligence 
technology has bolstered the ability of foreign-security end users, 
such as law enforcement agencies (municipal, provincial, regional, 
national) and other government affiliated entities to target victims at 
a higher rate, leading to increased capabilities for violations or 
abuses of human rights. Working in concert, these technologies can log 
countless images to help state actors of concern arbitrarily and 
unlawfully track, mistreat, detain, and monitor people. Facial 
recognition technology can be used to draw inferences about 
individuals, such as inferences about ethnicity or religion, that can 
result in discriminatory treatment or detention. Previously, this same 
task would have been accomplished manually with a cost of thousands of 
hours and was difficult or impossible to perform at scale. In this way, 
advances in digital technology can be weaponized to deploy repressive 
tactics at lower cost, with greater ease, and larger impact.
    To further promote and protect human rights throughout the world, 
this proposed rule would create a new CC1 control for facial 
recognition systems specially designed for mass-surveillance and crowd 
scanning. CC1 controls would apply to crime control and detection 
instruments and equipment and related ``technology'' and ``software'' 
identified in the appropriate ECCNs on the CCL. A license would be 
required for exports of these items to countries listed in CC Column 1 
in the Country Chart (Supplement No. 1 to part 738 of the EAR). As 
these proposed controls are narrowly tailored, they would not apply to 
systems that merely restrict individual access to personal devices, 
automobiles, or residential or work premises by verifying that a person 
attempting to gain such access is authorized to do so.
    One of the ways facial recognition systems identify or verify a 
person from a digital image or a video frame is by comparing selected 
facial features from an input image to the features of faces stored in 
a database. The major components of such systems are input camera(s), 
data storage, processing computers, and the software algorithms needed 
to model facial images.
    There is no longer any effective difference between systems that 
require active permission by the subject and systems that can be 
utilized clandestinely, whether for individual or crowd identification. 
The capture components of these systems can be very small and easily 
concealable. Targets can employ limited measures to thwart 
identification, but these measures are expected to be less effective 
and less available as the technology matures.
    Accordingly, this proposed rule would amend ECCN 3A981 to include a 
proposed new item for facial recognition systems. Facial recognition 
software would be controlled under ECCN 3D980. As a result of the 
proposed changes to ECCN 3A981, facial recognition technology would be 
controlled under ECCN 3E980. All of these ECCNs would be controlled for 
CC1 reasons. CC reasons for control support U.S. foreign policy to 
promote the observance of human rights throughout the world.

V. Additional Conforming Amendments

    This proposed rule would make conforming revisions to Sec. Sec.  
736.2 to update the descriptions and applicability of the proposed new 
Sec.  744.25 `Foreign-Security End User' controls and Sec.  744.6 
revisions of U.S. Persons controls.

Request for Comments on This Proposed Rule

    BIS seeks to provide the interested public with an opportunity to 
submit comments in order to mitigate any unnecessary disruption to 
supply chains, ensure that the controls are drafted to be as effective 
as possible, and that the provisions of the controls are clear and 
unambiguous for ease of compliance for exporters, reexporters, and 
transferors. BIS continues to evaluate the scope of items subject to 
this rule, the scope of the end users covered by this rule, and the 
potential

[[Page 61002]]

for complementary controls, and welcomes comments on these issues.
    In particular, BIS is soliciting public comment on the proposed 
addition of Sec.  744.25 (Restrictions on certain human rights related 
end uses and end users: foreign-security end users) and the proposed 
revision to Sec.  744.6 (Restrictions on certain activities of U.S. 
persons), as well as any other proposed revisions. Comments may be 
submitted in accordance with the DATES and ADDRESSES sections above. 
BIS will review and, if appropriate, address such comments through a 
related rulemaking process.

Export Control Reform Act of 2018

    On August 13, 2018, the President signed into law the John S. 
McCain National Defense Authorization Act for Fiscal Year 2019, which 
included the Export Control Reform Act of 2018 (ECRA) (50 U.S.C. 4801-
4852). On December 23, 2022, the President signed into law the National 
Defense Authorization Act for Fiscal Year 2023 (NDAA, Pub. L. 117-263) 
section 5589(b) of which amended section 4812(a)(2)(F) of ECRA. ECRA 
provides the legal basis for BIS's principal authorities and serves as 
the authority under which BIS issues this proposed rule.

Rulemaking Requirements

    1. This proposed rule has been designated a ``significant 
regulatory action'' under Executive Order 12866, as amended by 
Executive Order 14094.
    2. Notwithstanding any other provision of law, no person is 
required to respond to nor be subject to a penalty for failure to 
comply with a collection of information, subject to the requirements of 
the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (PRA), 
unless that collection of information displays a currently valid Office 
of Management and Budget (OMB) Control Number. This regulation involves 
collections previously approved by OMB under control number 0694-0088, 
Simplified Network Application Processing System, which includes, among 
other things, license applications and commodity classifications, and 
carries a burden estimate of 29.4 minutes for a manual or electronic 
submission for a total burden estimate of 33,133 hours. Total license 
applications associated with the PRA and OMB control number 0694-0088 
are expected to be fewer than 200 license applications as a result of 
this rule. Therefore, the increase in burden hours will not exceed that 
approved for OMB control number 0694-0088.
    3. This rule does not contain policies with Federalism implications 
as that term is defined in Executive Order 13132.
    4. Pursuant to section 1762 of the Export Control Reform Act of 
2018 (50 U.S.C. 4801-4852), this action is exempt from the 
Administrative Procedure Act (5 U.S.C. 553) requirements for notice of 
proposed rulemaking, opportunity for public participation, and delay in 
effective date. Notwithstanding this exemption, BIS is providing the 
public with an opportunity to comment on this proposed rule.
    5. Because a notice of proposed rulemaking and an opportunity for 
public comment are not required to be given for this rule by 5 U.S.C. 
553, or by any other law, the analytical requirements of the Regulatory 
Flexibility Act, 5 U.S.C. 601, et seq., are not applicable. 
Accordingly, no regulatory flexibility analysis is required, and none 
has been prepared.

List of Subjects

15 CFR Part 736

    Exports.

15 CFR Parts 744 and 774

    Exports, Reporting and recordkeeping requirements, Terrorism.

    Accordingly, 15 CFR parts 736, 744, and 774 of the EAR (15 CFR 
parts 730-774) is proposed to be amended as follows:

PART 736--GENERAL PROHIBITIONS

0
1. The authority citation for 15 CFR part 736 continues to read as 
follows:

    Authority:  50 U.S.C. 4801-4852; 50 U.S.C. 4601 et seq.; 50 
U.S.C. 1701 et seq.; E.O. 12938, 59 FR 59099, 3 CFR, 1994 Comp., p. 
950; E.O. 13020, 61 FR 54079, 3 CFR, 1996 Comp., p. 219; E.O. 13026, 
61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 
CFR, 2001 Comp., p. 783; E.O. 13338, 69 FR 26751, 3 CFR, 2004 Comp., 
p. 168; Notice of November 8, 2022, 87 FR 68015 (November 10, 2022); 
Notice of May 8, 2023, 88 FR 30211 (May 10, 2023).

0
2. Section 736.2 is amended by adding paragraph (b)(7)(i)(A)(6) to read 
as follows:


Sec.  736.2  General prohibitions and determination of applicability.

* * * * *
    (b) * * *
    (7) * * *
    (i) * * *
    (A) * * *
    (6) A `foreign-security end user' as defined in Sec.  744.25(f) 
designated with a footnote 8 on the Entity List in supplement no. 4 of 
part 744 of the EAR.
* * * * *

PART 744--CONTROL POLICY: END-USER AND END-USE BASED

0
3. The authority citation for 15 CFR part 744 continues to read as 
follows:

    Authority:  50 U.S.C. 4801-4852; 50 U.S.C. 4601 et seq.; 50 
U.S.C. 1701 et seq.; 22 U.S.C. 3201 et seq.; 42 U.S.C. 2139a; 22 
U.S.C. 7201 et seq.; 22 U.S.C. 7210; E.O. 12058, 43 FR 20947, 3 CFR, 
1978 Comp., p. 179; E.O. 12851, 58 FR 33181, 3 CFR, 1993 Comp., p. 
608; E.O. 12938, 59 FR 59099, 3 CFR, 1994 Comp., p. 950; E.O. 13026, 
61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13099, 63 FR 45167, 3 
CFR, 1998 Comp., p. 208; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., 
p. 783; E.O. 13224, 66 FR 49079, 3 CFR, 2001 Comp., p. 786; Notice 
of September 7, 2023, 88 FR 62439 (September 11, 2023); Notice of 
November 1, 2023, 88 FR 75475 (November 3, 2023).

0
4. Section 744.6 is amended by:
0
a. Adding paragraph (b)(8);
0
b. Revising paragraph (c)(1);
0
c. Redesignating paragraph (e)(3) as (e)(4) and adding new paragraph 
(e)(3); and
0
d. Revising newly redesignated paragraphs (e)(4) introductory text, 
(e)(4)(i), and (e)(4)(ii)(C).
    The additions and revisions read as follows:


Sec.  744.6  Restrictions on specific activities of ``U.S. persons.''

* * * * *
    (b) * * *
    (8) A `foreign-security end user,' as defined in Sec.  744.25(f) 
designated with a footnote 8 on the Entity List in supplement no. 4 of 
part 744 of the EAR.
    (c) * * *
    (1) BIS may inform ``U.S. persons,'' either individually by 
specific notice, through amendment to the EAR published in the Federal 
Register, or through a separate notice published in the Federal 
Register, that a license is required because an activity could involve 
the types of `support' (as defined in paragraph (a)(1) of this section) 
to the end uses or end users described in paragraph (b) of this 
section. Specific notice is to be given only by, or at the direction 
of, the Principal Deputy Assistant Secretary for Strategic Trade and 
Technology Security or the Deputy Assistant Secretary for Strategic 
Trade. When such notice is provided orally, it will be followed by a 
written notice within two working days signed by the Principal Deputy 
Assistant Secretary for Strategic Trade and Technology Security or the 
Deputy Assistant Secretary for Strategic Trade or their designee. 
However, the absence of any such notification does not excuse the 
``U.S. person'' from compliance with the license

[[Page 61003]]

requirements of paragraph (b) of this section.
* * * * *
    (e) * * *
    (3) Applications for a ``U.S. person'' to `support' a `foreign-
security end user' will be reviewed consistent with the applicable 
policies described in Sec.  744.25 of the EAR.
    (4) In addition to any applicable license review standards in 
paragraphs (e)(1) through (3), applications for licenses submitted 
pursuant to the notice of a license requirement set forth in paragraph 
(c)(2) of this section will be reviewed in accordance with the policies 
described in this paragraph (e)(4). License review will take into 
account factors including technology level, customers, compliance 
plans, and contract sanctity.
    (i) Presumption of denial. Applications will be reviewed with a 
presumption of denial for Macau and destinations specified in Country 
Group D:5 and E and entities headquartered or whose ultimate parent is 
headquartered in Macau or destinations specified in Country Group D:5 
and E, unless paragraph (e)(4)(ii) of this section applies.
    (ii) * * *
    (C) For all other applications not specified in paragraph (e)(4)(i) 
or (e)(4)(ii)(A) or (B) of this section.
* * * * *
0
5. Section 744.11 is amended by revising and republishing paragraph 
(a)(2) to read as follows:


Sec.  744.11  License requirements that apply to entities acting or at 
significant risk of acting contrary to the national security or foreign 
policy interests of the United States.

* * * * *
    (a) * * *
    (2) Entities designated with specific conditions identified by 
footnote. With the exception of ``standards-related activities'' 
described in paragraph (a)(1) of this section, license requirements are 
set forth for footnote designated entities as described in paragraphs 
(a)(2)(i) through (vii) of this section.
    (i) Footnote 1 entities. You may not, without a license or license 
exception, reexport, export from abroad, or transfer (in-country) any 
foreign-produced item subject to the EAR pursuant to Sec.  
734.9(e)(1)(i) of the EAR when an entity designated with footnote 1 on 
the Entity List in supplement. no. 4 to this part is a party to the 
transaction. All license exceptions described in part 740 of the EAR 
are available for foreign-produced items that are subject to this 
license requirement if all terms and conditions of the applicable 
license exception are met and the restrictions in Sec.  740.2 of this 
EAR do not apply. The sophistication and capabilities of technology in 
items is a factor in license application review; license applications 
for foreign-produced items subject to a license requirement by this 
paragraph (a)(2) that are capable of supporting the ``development'' or 
``production'' of telecom systems, equipment, and devices below the 5G 
level (e.g., 4G, 3G) will be reviewed on a case-by-case basis.
    (ii) Footnote 3 entities. You may not export, reexport, or transfer 
(in-country) any item subject to the EAR, including foreign-produced 
items that are subject to the EAR under Sec.  734.9(g) of the EAR, 
without a license from BIS if, at the time of the export, reexport, or 
transfer (in-country), you have ``knowledge'' that the item is 
intended, entirely or in part, for a Russian or Belarusian `military 
end user,' as defined in Sec.  744.21(g), wherever located, that is 
listed on the Entity List in supplement no. 4 to this part with a 
footnote 3 designation. See Sec.  744.21 and part 746 of the EAR for 
license review policy, and restrictions on license exceptions.
    (iii) Footnote 4 entities. You may not, without a license, 
reexport, export from abroad, or transfer (in-country) any foreign-
produced item subject to the EAR pursuant to Sec.  734.9(e)(2) of the 
EAR when an entity designated with footnote 4 on the Entity List in 
supp. no. 4 to this part is a party to the transaction, or that will be 
used in the ``development'' or ``production'' of any ``part,'' 
``component,'' or ``equipment'' produced, purchased, or ordered by any 
such entity. See Sec.  744.23 for additional license requirements that 
may apply to these entities. The license review policy for foreign-
produced items subject to this license requirement is set forth in the 
entry in supplement no. 4 to this part for each entity with a footnote 
4 designation.
    (iv) [Reserved]
    (v) [Reserved]
    (vi) [Reserved]
    (vii) Footnote 8 entities. You may not export, reexport, or 
transfer (in-country) any item on the CCL without a license from BIS 
if, at the time of the export, reexport, or transfer (in-country), if 
the item is intended, entirely or in part, for a `foreign-security end 
user,' wherever located, that is listed on the Entity List in 
supplement no. 4 to this part with a footnote 8 designation. See Sec.  
744.25 of the EAR. See also Sec.  744.6(b)(8) for restrictions on 
specific activities of ``U.S. persons'' related to such entities.
* * * * *
0
8. Add Sec.  744.25 to read as follows:


Sec.  744.25  Restrictions on certain human rights related end users: 
foreign-security end users.

    (a) General prohibition. In addition to the license requirements 
for items on the Commerce Control List (CCL) in supplement no. 1 to 
part 774 of the EAR, you may not export, reexport, or transfer (in-
country) without a license items subject to the EAR that are specified 
on the CCL if, at the time of the export, reexport, or transfer (in-
country), you have ``knowledge'' that the item is intended, entirely or 
in part for `foreign-security end users,' as this term is defined in 
paragraph (f) of this section, of a country listed in Country Group D:5 
or E.
    (b) Additional prohibition on those informed by BIS. BIS may inform 
persons, either individually by specific notice or through amendment to 
the EAR, that a license is required for a specific export, reexport, or 
transfer (in-country), or for the export, reexport, or transfer (in-
country) of any item subject to the EAR to a certain end user, because 
there is an unacceptable risk of use in, or diversion to, the 
activities specified in paragraph (a) of this section. Specific notice 
is to be given only by, or at the direction of, the Principal Deputy 
Assistant Secretary for Strategic Trade and Technology Security or the 
Deputy Assistant Secretary for Strategic Trade. When such notice is 
provided orally, it will be followed by a written notice within two 
working days signed by the Principal Deputy Assistant Secretary for 
Strategic Trade and Technology Security, the Deputy Assistant Secretary 
for Strategic Trade, or their designee. However, the absence of any 
such notification does not excuse persons from compliance with the 
license requirements in paragraph (a) of this section.
    (c) License exception. Notwithstanding the prohibitions described 
in paragraphs (a) and (b) of this section, you may export, reexport, or 
transfer (in-country) items subject to the EAR under the provisions of 
License Exception GOV set forth in Sec.  740.11(b)(2) and (c)(2). No 
other license exceptions are available.
    (d) License application procedure. When submitting a license 
application pursuant to this section, you must state in the 
``additional information'' block of the application, ``this application 
is submitted because of the license requirement in Sec.  744.25 of the 
EAR.''
    (e) License review policy. Applications to export, reexport, or 
transfer (in-country) items requiring a license pursuant to paragraph 
(a) or (b) of this section will be reviewed on a case-by-case basis to 
determine whether

[[Page 61004]]

there is an unacceptable risk of use in human rights violations or 
abuses. Applications for transactions that would pose such an 
unacceptable risk will be reviewed with a presumption of denial. 
Applications will also be reviewed consistent with United States arms 
embargo policies in Sec.  126.1 of the ITAR (22 CFR 126.1).
    (f) Definition. For the purposes of this section, references to 
this section, or references to the terms in this paragraph, `foreign-
security end user' means any of the following:
    (1) Governmental and other entities with the authority to arrest, 
detain, monitor, search, or use force in furtherance of their official 
duties, including persons or entities at all levels of the government 
police and security services from the national headquarters or the 
Ministry level, down to all subordinate agencies/bureaus (e.g., 
municipal, provincial, regional),
    (2) Other persons or entities performing functions of a `foreign-
security end user,' such as arrest, detention, monitoring, or search, 
and may include analytic and data centers (e.g., genomic data centers) 
forensic laboratories, jails, prisons, other detention facilities, 
labor camps, and reeducation facilities, or
    (3) Entities designated with a footnote 8 on the Entity List in 
supplement no. 4 to this part.

    Note 1 to paragraph (f): This definition does not include 
civilian emergency medical, firefighting, and search-and-rescue end 
users. In situations in which a country integrates police, emergency 
medical, firefighting, and search-and-rescue services into a single 
public safety department, BIS seeks to ensure that the export, 
reexport, or transfer (in-country) of items necessary to protect 
lives is not disrupted and will apply a case-by-case review.


    Note 2 to paragraph (f): If the end user also satisfies the 
definition of `Military end user' in Sec.  744.21, then the control 
in Sec.  744.21 applies (e.g., if the national police is integrated 
into or organized under the military of a country listed in country 
group D:5 or E, the control in Sec.  744.21 applies.)

PART 774--THE COMMERCE CONTROL LIST

0
9. The authority citation for part 774 continues to read as follows:

    Authority: 50 U.S.C. 4801-4852; 50 U.S.C. 4601 et seq.; 50 
U.S.C. 1701 et seq.; 10 U.S.C. 8720; 10 U.S.C. 8730(e); 22 U.S.C. 
287c, 22 U.S.C. 3201 et seq.; 22 U.S.C. 6004; 42 U.S.C. 2139a; 15 
U.S.C. 1824; 50 U.S.C. 4305; 22 U.S.C. 7201 et seq.; 22 U.S.C. 7210; 
E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 
FR 44025, 3 CFR, 2001 Comp., p. 783.

0
10. Supplement No. 1 to Part 774 is amended under Category 3 by 
revising ECCNs 3A981 and 3D980 to read as follows:

Supplement No. 1 to Part 774--The Commerce Control List

* * * * *
3A981 Polygraphs (except biomedical recorders designed for use in 
medical facilities for monitoring biological and neurophysical 
responses); fingerprint analyzers, cameras and equipment, n.e.s.; 
automated fingerprint and identification retrieval systems, n.e.s.; 
psychological stress analysis equipment; electronic monitoring 
restraint devices; facial recognition systems; and ``specially 
designed'' ``components'' and ``accessories'' therefor, n.e.s.

License Requirements

Reason for Control: CC

 
                                              Country chart  (see Supp.
                Control(s)                       No. 1  to part 738)
 
CC applies to entire entry................  CC Column 1
 

List Based License Exceptions (See Part 740 for a Description of All 
License Exceptions)

LVS: N/A
GBS: N/A

List of Items Controlled

Related Controls: See ECCN 0A982 for other types of restraint 
devices
Related Definitions: N/A
Items: The list of items controlled is contained in the ECCN 
heading.
    Note 1 to ECCN 3A981. In this ECCN, electronic monitoring 
restraint devices are devices used to record or report the location 
of confined persons for law enforcement or penal reasons. The term 
does not include devices that confine memory impaired patents to 
appropriate medical facilities.
    Note 2 to ECCN 3A981. Item 3A981 does not control detection or 
authentication items versus identification items, nor items that 
facilitate individual access to personal devices or facilities.
* * * * *
3D980 ``Software'' ``specially designed'' for any of the following 
(see List of Items Controlled).

License Requirements

Reason for Control: CC, AT

 
                                              Country chart  (see Supp.
                Control(s)                       No. 1  to part 738)
 
CC applies to entire entry................  CC Column 1
AT applies to entire entry................  AT Column 1
 

List Based License Exceptions (See Part 740 for a Description of All 
License Exceptions)

TSR: N/A

List of Items Controlled

Related Controls: N/A
Related Definitions: N/A
Items:

    a. Software ``specially designed'' for the ``development,'' 
``production'' or ``use'' of commodities controlled by 3A980 and 
3A981,
    b. Software ``specially designed'' for the analysis and matching 
of voice, fingerprints, or facial features for facial recognition. 
This entry does not control software solely for person or object 
detection or for individual authentication to facilitate individual 
access to personal devices or facilities.
* * * * *

Thea D. Rozman Kendler,
Assistant Secretary for Export Administration.
[FR Doc. 2024-16498 Filed 7-25-24; 8:45 am]
BILLING CODE 3510-33-P