[Federal Register Volume 90, Number 150 (Thursday, August 7, 2025)] [Rules and Regulations] [Pages 38045-38071] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2025-14970] ======================================================================= ----------------------------------------------------------------------- FEDERAL COMMUNICATIONS COMMISSION 47 CFR Parts 2 and 15 [ET Docket No. 24-136; FCC 25-27; FR ID 305703] Promoting the Integrity and Security of Telecommunications Certification Bodies, Measurement Facilities, and the Equipment Authorization Program AGENCY: Federal Communications Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: In this document, the Federal Communications Commission (Commission or FCC) requires all recognized telecommunication certification bodies (TCBs), test labs, and laboratory accreditation bodies to certify to the Commission that they are not owned by, controlled by, or subject to the direction of a prohibited entity and to report all equity or voting interests of 5% or greater by any entity. The FCC also amends it rules to state that it will not recognize--and will revoke any existing recognition of--any TCB, test lab, or laboratory accreditation body that fails to provide, or that provides a false or inaccurate, certification; or that fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater. The FCC prohibits recognition of any TCB, test lab, or laboratory accreditation body owned by, controlled by, or subject to the direction of a prohibited entity, and prohibits such TCBs, test labs, and laboratory accreditation bodies from participating in the Commission's equipment authorization program, not only with regard to the equipment certification process but also the Supplier's Declaration of Conformity (SDoC) process. DATES: Effective September 8, 2025, except for amendatory instructions 4, 8, 9, 10, 12, 15, 16, 18, 20, 22, 23, and 24 which are delayed indefinitely. The Federal Communications Commission will publish a document in the Federal Register announcing the effective date. The incorporation by reference of certain material listed in the rule is approved by the Director of the Federal Register as of September 8, 2025. The incorporation by reference of certain other material listed in the rule was approved by the Director of the Federal Register as of October 30, 2023. FOR FURTHER INFORMATION CONTACT: Jamie Coleman of the Office of Engineering and Technology, at [email protected] or 202-418-2705. SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report and Order (Report and Order), in ET Docket No. 24-136, FCC 25-27, adopted on May 22, 2025, and released on May 27, 2025. The full text of this document is available for public inspection and can be downloaded at https://docs.fcc.gov/public/attachments/FCC-25-27A1.pdf. Alternative formats are available for people with disabilities (Braille, large print, electronic files, audio format) by sending an email to [email protected] or calling the Commission's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY). Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980, as amended (RFA), requires that an agency prepare a regulatory flexibility analysis for notice-and-comment rulemaking, unless the agency certifies that ``the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.'' Accordingly, the Commission has prepared a Final Regulatory Flexibility Analysis (FRFA) concerning the possible impact of the rule and policy changes contained in the Report and Order on small entities. The FRFA is set [[Page 38046]] forth in Appendix C of the Report and Order. Paperwork Reduction Act. This document contains proposed new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. The Commission, as part of its continuing effort to reduce paperwork burdens, invites the general public and the Office of Management and Budget (OMB) to comment on any information collection requirements contained in this document. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), we seek specific comment on how we might ``further reduce the information collection burden for small business concerns with fewer than 25 employees.'' Congressional Review Act. The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs, that this rule is ``non- major'' under the Congressional Review Act, 5 U.S.C. 804(2). The Commission will send a copy of this Report and Order and Further Notice of Proposed Rulemaking to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A). Synopsis Introduction The Commission adopts new rules to help ensure that the telecommunication certification bodies (TCBs), measurement facilities (test labs), and laboratory accreditation bodies that participate in the FCC's equipment authorization program are not subject to ownership, direction, or control by untrustworthy actors that pose a risk to national security. The Commission previously established new equipment authorization program rules that prohibit authorization of specified equipment determined to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons. It is incumbent on TCBs and test labs, to which certain functions of the certification process--including the receipt and maintenance of sensitive and proprietary information regarding communications equipment--have been entrusted, to be vigilant and to promote the integrity of the FCC's authorization procedures to help protect our nation's supply chain against such unacceptable risk. In light of these responsibilities and ongoing security risks, the Commission strengthens its oversight of TCBs, test labs, and laboratory accreditation bodies by adopting new rules that will help ensure the integrity of these entities for purposes of the FCC's equipment authorization program, promote national security, and advance the Commission's comprehensive strategy to build a more secure and resilient communications supply chain. The Commission finds that it is critical for national security and the integrity of the supply chain that it prohibit from recognition or participation in the equipment authorization program TCBs, test labs, and laboratory accreditation bodies that are owned by, controlled by, or subject to the direction of a prohibited entity. In defining the scope of the term ``prohibited entity,'' the Commission relies on federal government agency determinations identifying entities that pose national security threats. For purposes of the Order, the term ``prohibited entity'' means any of the following:Entities identified on the FCC's Covered List; Entities identified by any of the following sources: Department of Commerce Bureau of Industry and Security (BIS) Entity List; BIS Military End-User List; Department of Homeland Security (DHS) Uyghur Forced Labor Prevention Act (UFLPA) Entity List; Section 5949 of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year 2023 (Section 5949 List of Semiconductor Companies); Department of Defense (DOD) 1260H list of Chinese Military Companies (1260H List); Department of Treasury NS-CMIC List of Chinese military companies (NS-CMIC List); and Entities identified as ``foreign adversaries'' by the Department of Commerce. The Commission will deem a TCB, test lab, or laboratory accreditation body as ``owned by'' a prohibited entity when any such prohibited entity, has, possesses, or otherwise controls an equity or voting interest of 10% or more in the relevant TCB, test lab, or laboratory accreditation body. The Commission also provides further clarity on what it means for a TCB, test lab, or laboratory accreditation body to be controlled by or subject to the direction of a prohibited entity. To help ensure that the Commission has the necessary information to enforce this prohibition, the FCC expands its current reporting and certification requirements. The Commission adopts a requirement for all recognized TCBs, test labs, and laboratory accreditation bodies to certify to the FCC, within 30 days after the effective date of the rules, and thereafter with the request for recognition, that they are not owned by, controlled by, or subject to the direction of a prohibited entity. The Commission also adopts a requirement for all recognized TCBs, test labs, and laboratory accreditation bodies to report, within 90 days after the effective date of the rules, and thereafter with the request for recognition, all equity or voting interests of 5% or greater by any entity. The Commission also amends its rules to state that it will not recognize--and will revoke any existing recognition of--any TCB, test lab, or laboratory accreditation body that fails to provide, or that provides a false or inaccurate, certification; or that fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater. In keeping with the new reporting requirements, the Commission also clarifies the requirement that every entity specifically named on the Covered List must provide to the Commission, pursuant to Sec. 2.903(b), information regarding all of its subsidiaries and affiliates, not merely those that produce ``covered'' equipment. Each relevant entity must provide this information no later than 30 days after the effective date of this rule and thereafter in accordance with the provisions of Sec. 2.903(b). The Commission makes a minor rule change clarifying its process for withdrawing recognition from test labs and laboratory accreditation bodies. The Commission also adopts several additional rules to strengthen the integrity of TCBs and test labs associated with its equipment authorization program. Background In the EA Integrity NPRM, the Commission sought to strengthen its requirements for and oversight of FCC-recognized TCBs and test labs by proposing new rules that would help ensure the integrity of these entities for purposes of the equipment authorization program, better protect national security, and advance the Commission's comprehensive strategy to build a more secure and resilient supply chain. As the Commission stated, it is vital to ensure that these TCBs and test labs are not subject to control by foreign adversaries or other untrustworthy actors that pose a risk to national security. [[Page 38047]] The Equipment Authorization Program The Commission's equipment authorization program, codified in its part 2 rules, plays a critical role in enabling the Commission to carry out its responsibilities under the Communications Act of 1934, as amended (the Act). Under section 302 of the Act, the Commission is authorized to make reasonable regulations governing the interference potential of equipment that emits radiofrequency (RF) energy and that can cause harmful interference to radio communications; such regulations are implemented through the equipment authorization program. In addition, the equipment authorization program helps ensure that communications equipment complies with certain other policy objectives--which include protecting the communications networks and supply chain from equipment that poses an unacceptable risk to national security. Under section 302a(e) of the Act, certain important responsibilities have been delegated to TCBs and test labs with regard to implementing its equipment authorization program. Specifically, TCBs and test labs each play a role in ensuring that RF equipment complies with Commission rules, which is required for such equipment to be marketed in or imported to the United States. Test labs gather radiofrequency measurement data and develop technical reports to demonstrate subject equipment compliance with the Commission's applicable technical rules to minimize the risk of harmful interference, promote efficient use of spectrum, and advance other technical policy goals, such as ensuring hearing aid compatibility and controlling the environmental effects of RF radiation. TCBs perform evaluation and review of application data, including test reports, and make decisional determinations for certifications. For all granted certification applications, the TCBs must send to the Commission any test lab data and other information relied upon by the TCB. This information is made publicly available on the FCC's website upon grant of the equipment authorization. Commission rules also impose certain obligations on each TCB to perform post-market surveillance, based on ``type testing a certain number of samples of the total number of product types'' that the TCB has certified. Accreditation bodies conduct assessments to ensure that TCBs and test labs are competent and capable of providing accurate and reliable certification and testing services. To be recognized for participation in the FCC's equipment certification process, TCBs, test labs, and laboratory accreditation bodies must meet certain criteria specified in its rules. TCBs must be designated to issue grants of certification and must be located in the United States or in countries that have entered into applicable mutual recognition agreements (MRAs) with the United States. Currently, there are 39 FCC-recognized TCBs, 23 of which are located in the United States while the remaining 16 are located in seven MRA-partnered countries. The Commission will withdraw recognition of a TCB if the TCB's designation or accreditation is withdrawn, if the Commission determines that there is ``just cause,'' or if the TCB requests that it no longer hold its designation or recognition. The Commission's rules also set forth specific procedures, including notification requirements, that the Commission will follow if the Commission intends to withdraw its recognition of a TCB. Test lab recognition occurs based on current Commission rules stating that if a test lab has been accredited for the appropriate scope for the types of equipment that it will test, then it ``shall be deemed competent to test and submit test data for equipment subject to certification.'' Based on such accreditation, the Commission--namely, the Chief Engineer, to whom recognition authority has been delegated-- makes determinations regarding the continued acceptability of individual test labs. Test labs must be reassessed for accreditation and recognition at least every two years. Approximately 75% of certified devices are tested in recognized labs located in China. The Commission recognizes four laboratory accreditation bodies in the U.S. that can accredit test labs in the United States. For test labs in countries with which the U.S. has entered into an MRA, the Commission will consider for recognition an accredited laboratory that has been designated by a foreign designating authority. Currently there are 24 such FCC-recognized laboratory accreditation bodies outside the United States, located in 23 different MRA-partnered countries. All other test labs must be accredited by an organization recognized by the Commission to perform test lab accreditations in non-MRA countries. Currently, the Commission recognizes three such accrediting bodies. Current rules do not preclude a laboratory accreditation body that is not in an MRA-partnered country from submitting a request to be recognized, but, to date, the FCC has not recognized any laboratory accreditation body outside of an MRA-partnered country. Recent Related Commission Action The EA Security R&O and FNPRM. On November 11, 2022, the Commission adopted the EA Security Report and Order, Order, and Further Notice of Proposed Rulemaking (88 FR 7592; February 6, 2023). Specifically, the Commission established several new rules to prohibit authorization of equipment identified on the Commission's Covered List (covered equipment) maintained pursuant to the Secure and Trusted Communications Networks Act of 2019 (Secure Networks Act). The Covered List identifies certain types of communications equipment produced by particular entities as well as information security products and certain services provided by various entities. This list is derived from specific determinations made by sources enumerated in the Secure Networks Act, including certain federal agencies and Congress, that certain equipment or services pose an unacceptable risk to national security. The EA Security R&O adopted several revisions to part 2 of the Commission's rules concerning equipment authorization requirements and processes. These revisions include requirements that, to help implement the prohibition on authorization of any covered equipment, applicants seeking equipment certification must make certain attestations about the relevant equipment. These include attesting that the equipment is not prohibited from receiving authorization and whether the applicant is an entity identified on the Covered List as an entity producing covered communications equipment. TCBs, pursuant to their responsibilities as part of the Commission's equipment authorization program, review the applications and must ensure that only applications that meet all of the Commission's applicable technical and non- technical requirements are ultimately granted, and that none of these grants are for covered equipment. In the EA Security R&O, the Commission, in affirming its authority to prohibit authorization of communications equipment that had been placed on the Covered List, noted that it has broad statutory authority, under sections 302 and 303(e) of the Communications Act and other statutory provisions, to take into account national security concerns when promoting the public interest, including in its equipment authorization program. Evolving Risks Order and NPRM (88 FR 50486; August 1, 2023). Since adopting the EA Security R&O, the [[Page 38048]] Commission has taken several additional steps to address evolving national security concerns to protect the security of America's critical communications networks and supply chains. In April 2023, in the Evolving Risks Order and NPRM, the Commission required all international section 214 authorization holders to respond to a one- time information collection to update the Commission's records regarding their foreign ownership, noting that ``the information will assist the Commission in developing a timely and effective process for prioritizing the review of international section 214 authorizations that are most likely to raise national security, law enforcement, foreign policy, and/or trade policy concerns.'' The Commission also sought comment on further actions it could take to protect the nation's telecommunications infrastructure from threats in an evolving national security and law enforcement landscape by proposing comprehensive changes to the Commission's rules that allow carriers to provide international telecommunications service. The Commission proposed, among other things, to adopt a renewal framework or, in the alternative, a formalized periodic review process for all international section 214 authorization holders. The Commission stated that, due to the evolving national security and law enforcement concerns identified in its recent proceedings to revoke the section 214 authorizations of certain providers controlled by the Chinese government, a formalized system of periodically reassessing international section 214 authorizations would better ensure that international section 214 authorizations, once granted, continue to serve the public interest. In addition, in the Evolving Risks NPRM, the Commission proposed, among other things, to prioritize the renewal applications or any periodic review filings and deadlines based on, for example, ``reportable foreign ownership, including any reportable foreign interest holder that is a citizen of a foreign adversary country,'' as defined in the Department of Commerce's rule, 15 CFR 791.4. The Commission also sought comment on whether to revise its ownership reporting threshold, currently set at 10% or greater direct and indirect equity and/or voting interests, to 5%, noting that the current 10% threshold may not capture all of the foreign interests that may present national security, law enforcement, foreign policy, and/or trade policy concerns in today's national security and law enforcement environment. The Commission also proposed, among other things, to require applicants to certify in their application whether they use equipment or services identified on the Commission's Covered List. Cybersecurity IoT Labeling R&O (89 FR 61242; July 30, 2024). On March 14, 2024, the Commission adopted the Cybersecurity IoT Labeling R&O to strengthen the nation's cybersecurity protections by adopting a voluntary cybersecurity labeling program for wireless Internet of Things (IoT) products. In that R&O, the Commission determined that entities that are owned by, controlled by, or affiliated with ``foreign adversaries,'' as defined by the Department of Commerce, should be ineligible for purposes of the Commission's voluntary IoT Labeling Program. The Commission also generally prohibited entities that produce equipment on the Covered List, as well as entities named on the DOD's list of Chinese military companies or the Department of Commerce's Entity List, and entities suspended or debarred from receiving federal procurements or financial awards, including all entities and individuals published as ineligible for award on the General Service Administration's System for Award Management, from any participation in the IoT Labeling Program. Also, the Commission specifically prohibited any of these entities from serving as a Cybersecurity Label Administrator or serving as a CyberLAB for testing products for compliance with forthcoming cybersecurity technical standards. The Commission concluded that these lists represent the determination of relevant federal agencies that entities on these lists may pose a national security threat within their respective areas, and that it is not in the public interest to permit these entities to provide assurance to the public that their IoT products meet the new cybersecurity standards for obtaining the U.S. Cyber Trust Mark. In the Submarine Cable Landing License NPRM (90 FR 12036; March 13, 2025), the Commission opened a proceeding to improve and streamline the submarine landing license rules, seeking comment on how to facilitate efficient deployment of submarine cables while ensuring the security, resilience, and protection of this critical infrastructure. It noted that, of the 84 licensed cables that currently are operating or planned to enter service, three land in a ``foreign adversary'' country as defined by the U.S. Department of Commerce rules and, according to the Commission's records, nine licensees of submarine cables have direct or indirect interest holders that include the Chinese government or an entity with a place of organization in China. The Commission, among other things, sought comment on whether to preclude the grant of a cable landing license application filed by any applicant that: (1) is directly and/or indirectly owned or controlled by, or subject to the influence of a government organization of a foreign adversary country, as defined under 15 CFR 791.4; (2) is directly and/or indirectly owned or controlled by, or subject to the influence of an individual or entity that has a citizenship(s) or place(s) of organization in a foreign adversary country; (3) is directly and/or indirectly owned or controlled by, or subject to the influence of an individual or entity on the Commission's Covered List; and/or (4) is using or will use equipment or services identified on the Commission's Covered List in the proposed submarine cable infrastructure. The Commission also proposed, among other things, to prioritize the filing and review of periodic ownership reports and related submarine cable system information for submarine cable systems that: (1) have a licensee that is directly or indirectly wholly or partially owned by a government of, or other entities with a place of organization in, a ``foreign adversary'' country, as defined in the Department of Commerce's rule, 15 CFR 791.4; (2) have a licensee with a place of organization in a ``foreign adversary'' country; or (3) land in a ``foreign adversary'' country. The Commission also sought comment on whether it should prohibit cable landing licensees from entering into arrangements for Indefeasible Rights of Use or leases for capacity on submarine cables landing in the United States, with any entity that has a citizenship(s) or place(s) of organization in a ``foreign adversary'' country, as defined under 15 CFR 791.4. It sought comment on whether it should prohibit cable landing licensees from entering into such arrangements with any entity that is directly and/or indirectly owned or controlled by, or subject to the influence of, (1) a government organization of a foreign adversary country, and/or (2) any individual or entity that has a citizenship(s) or place(s) of organization in a ``foreign adversary'' country, as defined under 15 CFR 791.4. Additionally, it sought comment on whether to adopt rules that prohibit cable landing licensees from landing a cable licensed by the Commission in certain locations, such as landing points in a ``foreign [[Page 38049]] adversary'' country, as defined under 15 CFR 791.4. The EA Integrity NPRM On May 23, 2024, the Commission adopted the EA Integrity NPRM (89 FR 55530; July 5, 2024), in which it proposed measures to strengthen the requirements for and oversight of TCBs and test labs to help ensure the integrity of these entities for purposes of the equipment authorization program, better protect national security, and help build a more secure and resilient communications supply chain. The Commission explained that, in light of the new national security-related responsibilities on TCBs and test labs, and their ongoing responsibilities to receive and maintain sensitive and proprietary information regarding communications equipment, among other reasons, it is vital to ensure that TCBs and test labs are not subject to influence or control by untrustworthy actors that pose a risk to national security. First, the Commission proposed to prohibit any TCB or test lab in which an entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more from being recognized by the FCC or participating in the FCC's equipment authorization program. Second, the Commission proposed prohibiting the use of, or reliance on, any TCB or test lab for equipment authorization if any entity listed on the Covered List holds, possesses, or otherwise controls an equity or voting interest of 10% or more. Third, the Commission sought comment on prohibiting recognition of any TCB or test lab owned or controlled by a foreign adversary or any other entity that has been found to pose a risk to national security. To that end, the Commission sought comment on whether and how the FCC should consider national security determinations made in other federal agency lists in establishing eligibility qualifications for Commission recognition of a TCB or a test lab in the equipment authorization program. Fourth, to help ensure that the Commission has the information required to enforce any requirements adopted in the proceeding, the FCC proposed new certification, recordkeeping, and reporting obligations for TCBs and test labs, including requiring TCBs and test labs to certify that no entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more in the TCB or test lab, and to produce documentation identifying any entity that has, possesses, or otherwise controls an equity or voting interest of 5% or more in the TCB or test lab. The Commission also sought comment on other revisions or clarifications to its rules to implement this requirement. Finally, the Commission sought comment on various related matters regarding implementation of the proposed prohibition and the equipment authorization program generally. Namely, the Commission sought comment regarding whether to revise its rules, policies, or guidance regarding post-market surveillance, accreditation and reassessment of TCBs, recognition and withdrawal of recognition of TCBs, transparency for test labs, accreditation of test labs, recognition and withdrawal of recognition of test labs, and whether to require the use of accredited, FCC-recognized test labs in the SDoC process. In particular, in light of the goals of the proceeding, the Commission sought comment on potential revisions to the rules governing TCB and laboratory accrediting bodies. In response to the NPRM, the Commission received 10 comments and two reply comments. Some commenters generally supported the goal of the Commission to ensure the integrity of entities that participate in its equipment authorization program and found the Commission's proposals to be reasonable and important to promoting national security, while others generally supported the Commission's goals but expressed concerns with certain aspects of its proposals or contended that no changes to the equipment authorization program are needed. Some advised that any action the Commission takes should be designed so as not to cause disruption or delay in the equipment authorization process and to the FCC's supply chains, and suggest alternative actions the Commission could take that those commenters believe would be less disruptive. Report and Order In the Report and Order, the Commission adopts revisions to its rules designed to promote the integrity of the FCC's equipment authorization program and ensure that it serves the Commission's goal of protecting its communications equipment supply chain from entities posing unacceptable risks to national security. The Commission recognizes that the benefits of protecting U.S. national security, law enforcement, foreign policy, and trade policy interests are difficult to quantify in monetary terms. The difficulty in quantifying these benefits does not, however, diminish their importance. The Commission previously has found that ``a foreign adversary's access to American communications networks could result in hostile actions to disrupt and surveil its communications networks, impacting the nation's economy generally and online commerce specifically, and result in the breach of confidential data.'' Given that the national gross domestic product was over $29 trillion in 2024, the digital economy accounted for approximately 16% of its economy, and the volume of international trade for the United States (exports and imports) was $7.3 trillion in 2024, even a temporary disruption in communications could cause millions of dollars in economic losses. The harms by foreign adversaries or other untrustworthy actors thus could be significant, causing disruption to the U.S. economy, residential and government communications, and critical infrastructure. Through the Commission's equipment authorization process, third party entities are tasked with various responsibilities to ensure that RF devices comply with FCC rules. Specifically, equipment for which an authorization is sought is provided to a test lab to gather radiofrequency measurement data and develop technical reports to demonstrate device compliance with the Commission's applicable rules. For devices for which equipment certification is sought (as opposed to SDoC), TCBs perform evaluation and review of those test reports along with other application data, and make decisional determinations for certifications. The Commission has a process, known as ``recognition,'' for ensuring that accredited TCBs and test labs, and the laboratory accreditation bodies, meet the necessary qualifications for participation in the FCC's equipment authorization program. The Commission finds that excluding from participation in its equipment authorization program entities that threaten to undermine national security is necessary to effectively promote the integrity of the FCC's equipment authorization program and to protect national security interests. To implement this finding, the Commission takes several actions to ensure the integrity of those entities the FCC recognizes for participation in its equipment authorization program or upon which entities seeking authorization may rely. First, the Commission identifies, pursuant to federal agency or congressional determinations, a class of ``prohibited entities'' that pose national security threats and therefore could adversely affect the trustworthiness of, or [[Page 38050]] otherwise undermine the public's confidence in, a TCB, test lab, or laboratory accreditation body that is owned by, controlled by, or subject to the direction of a prohibited entity. Second, the Commission prohibits from participation in its equipment authorization process, any TCB, test lab, or laboratory accreditation body that is owned by, controlled by, or subject to the direction of a prohibited entity. This includes a prohibition on the reliance on or use of, for purposes of equipment authorization, any such TCB or test lab, for both certification and supplier's declaration of conformity (SDoC). Third, the Commission explains that it will consider a TCB, test lab, or laboratory accreditation body as ``owned by'' a prohibited entity when a prohibited entity has, possesses, or otherwise controls an equity or voting interest of 10% or more in the TCB, test lab, or laboratory accreditation body. The Commission also provides clarification on what it means for a TCB, test lab, or laboratory accreditation body to be controlled by, or subject to the direction of, a prohibited entity. Fourth, the Commission adopts expanded reporting requirements to require that all TCBs, test labs, and laboratory accreditation bodies seeking Commission recognition certifies to the Commission that they are not owned by, controlled by, or subject to the direction of a prohibited entity and report all equity or voting interests of 5% or greater by any entity. The Commission will not recognize, and will revoke recognition of, any TCB, test lab, or laboratory accreditation body that fails to provide or provides false or inaccurate information or certification. Finally, the Commission adopts a minor rule change clarifying its process for withdrawing recognition from test labs and laboratory accreditation bodies, and the Commission adopts other revisions to its rules including related recordkeeping and reporting obligations associated with the FCC's equipment authorization program and non-substantive changes to remove repetition of requirements. Identifying ``Prohibited Entities'' In the EA Integrity NPRM, the Commission proposed to not recognize or permit reliance on TCBs, test labs, or their accrediting bodies, or permit them to have any role in the FCC's equipment authorization program, if they have sufficiently close ties with Covered List entities. The Commission also sought comment on whether, and to what extent, the Commission should apply its measures to other entities identified by federal agencies or Congress that reflect expert determinations about entities that pose national security concerns. Specifically, the Commission sought comment on extending the proposed prohibition to the entities identified pursuant to the following: Department of Commerce list of ``foreign adversary'' countries that identifies any foreign government or foreign non- government person that the Secretary of Commerce has determined to have engaged in a ``long-term pattern or serious instances of conduct significantly adverse to the national security interest of the United States or security and safety of United States persons;'' DOD 1260H list of Chinese Military Companies; Department of Commerce Entity List; Department of Commerce Military End-User List; Non-Specially Designated Nationals Chinese Military- Industrial Complex Companies List; FY2023 NDAA section 5949 list of semiconductor companies; Foreign entities of concern as defined by the CHIPS Act; and Uyghur Forced Labor Prevention Act Entity List. The Commission concludes that the integrity of its equipment authorization program is more effectively ensured not only through the exclusion of participation by entities identified on the Covered List, but also the other entities as described herein that federal government agencies or Congress have determined pose national security risks. Collectively, the Commission will refer to these as ``prohibited entities'' with regard to participation in the Commission's equipment authorization program. Entities Identified on the Covered List The Covered List is derived from specific determinations made by certain sources (particular federal agencies with national security expertise and Congress) designated by the Secure Networks Act that certain equipment or services produced or provided by a specified entity poses an unacceptable risk to national security. In light of these determinations from expert federal agencies and Congress about the serious national security risks posed by equipment or services produced or provided by entities identified on the Covered List, the Commission concludes that it should not permit TCBs, test labs, or laboratory accreditation bodies to have any role in its equipment authorization program, if they have sufficiently close ties with entities identified on the Covered List. This exclusion will help to promote the integrity of the equipment authorization program and protect the equipment supply chain from pre-authorization exposure to entities that present national security concerns. Other Entities That Raise National Security Concerns The Covered List is only one source that identifies entities presenting national security concerns that have potential to compromise the integrity of the equipment authorization program. Several federal agencies with particular national security responsibilities--including two agencies that also serve as sources of determinations for the Covered List--develop or maintain lists that identify entities, companies, persons, and other parties that they have determined raise national security concerns. Congress has done similarly in legislation. The Commission finds that to help ensure the integrity of entities that play a role in its equipment authorization program, to promote national security, and to advance the Commission's comprehensive strategy to build a more secure and resilient communications supply chain, the Commission should not limit its definition of ``prohibited entities'' to entities identified on the Covered List, but also address entities that federal agencies have determined raise similar national security concerns. The Commission's conclusion to include entities identified by federal agencies as posing unacceptable risks to national security in addition to those on the Covered List is supported by the Heritage Foundation and the Foundation for Defense of Democracies (FDD) (two Washington, DC think tanks with national security expertise). Heritage stated that ``it would be prudent for the Commission to consult other agencies that maintain lists of known entities that present national security risks to the U.S.'' In fact, Heritage encouraged the Commission to go even further and consider extending the prohibition to any foreign adversary-linked entity. FDD similarly encouraged the Commission to extend its prohibition to ``entities not only listed on the FCC's Covered List, but also those subject to the jurisdiction, direction, or control of a foreign adversary, consistent with federal definitions under the Committee on Foreign Investment in the United States.'' According to FDD, ``[g]iven the PRC's current regulatory environment, including national security laws that coerce corporate cooperation with state intelligence objectives, firms operating under PRC jurisdiction cannot credibly demonstrate operational independence [[Page 38051]] from the Chinese government. This presents a material compliance and reputational risk to U.S. markets. Therefore, all PRC-based or PRC- controlled entities must be assumed to be under state influence.'' Additionally, DOJ strongly supports ``the FCC considering eligibility restrictions based on determinations made by Executive Branch agencies regarding entities that pose national security risks. This whole-of- government approach leverages specialized expertise across the federal enterprise to identify and mitigate evolving threats. For example, it is essential that the FCC utilizes other lists developed by Executive Branch agencies that reflect expert determinations about entities that pose national security concerns, rather than relying solely on the FCC's Covered List.'' The Commission seeks comment on a similar proposal in the Further Notice of Proposed Rulemaking (FNPRM) portion of the proceeding, relying instead on the Department of Commerce's definition of foreign adversary. Conversely, the China-based Telecommunication Terminal Industry Forum Association (TAF) argued that the Commission's current regulations in this area are ``sufficiently strict,'' and that the Commission should not rely on lists from other U.S. government agencies, and instead, use these lists ``as background references for the FCC when considering the covered list.'' The Commission disagrees and finds unpersuasive TAF's argument that these other federal agency lists ``are established for different regulatory purposes.'' The Commission also rejects TAF's argument that referencing other lists and determinations would ``contravene the spirit of the [World Trade Organization Agreement on Technical Barriers to Trade]'' and ``increase the costs for telecommunications equipment manufacturers, ultimately driving up the final prices of electronic consumer products in the U.S.'' The Commission finds that prohibiting entities that have been determined to pose risks to U.S. national security is not an unnecessary or arbitrary barrier to trade, but instead serves to promote public confidence in the integrity of the FCC's equipment authorization process and helps protect U.S. communications networks by addressing these national security concerns. The Commission also finds that any potential increased costs are outweighed by the substantial benefit to enhancing national security. Each of the entities on the lists that the Commission discusses in the Order has been determined by either Congress or a federal agency to raise national security concerns and has been blocked from accessing certain aspects of the U.S. supply chain, thereby addressing concerns similar to those that the FCC seeks to address today to protect the integrity of its equipment authorization program. Moreover, many of the same agencies that Congress directed to serve as sources of determinations for inclusion on the Covered List are the sources of determination for entities on these other lists. The Commission finds that permitting such entities to participate in its equipment authorization program as TCBs, test labs, or laboratory accreditation bodies would adversely affect the trustworthiness of, or otherwise undermine the public's confidence in, the equipment authorization program, and would be inconsistent with U.S. national security interests. For these and the other reasons discussed in the Order, the Commission finds that, in addition to the entities identified on the Covered List, it is incumbent upon us to also address, with regard to the equipment authorization program, other entities deemed by federal agencies to pose risks to national security as follows: Entities identified by any of the following sources: Department of Commerce Bureau of Industry and Security (BIS) Entity List (BIS Entity List); BIS Military End-User List; Department of Homeland Security (DHS) Uyghur Forced Labor Prevention Act (UFLPA) Entity List; Section 5949 of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year 2023 (Section 5949 List of Semiconductor Companies); Department of Defense (DOD) 1260H list of Chinese Military Companies; Department of Treasury NS-CMIC List of Chinese military companies; and Entities identified as ``foreign adversaries'' by the Department of Commerce, including governments. Department of Commerce BIS Entity List. ``The [BIS] Entity List . . . identifies persons or addresses of persons reasonably believed to be involved, or to pose a significant risk of being or becoming involved, in activities contrary to the national security or foreign policy interests of the United States'' as determined by an End-User Review Committee consisting of various federal national security agencies. The BIS Entity List in part seeks to ensure that sensitive technologies do not fall into the hands of known threats. The Commission concludes that these entities, which federal agencies found to, at the very least, ``pose a significant risk'' of activities threatening American national security or foreign policy interests, present the same concerns with regard to the integrity of the equipment authorization program. Seeing as U.S. persons are generally prohibited from providing unlicensed exports, re-exports, or transfers (in-country) of certain commodities, software, and technology subject to BIS jurisdiction to entities on the BIS Entity List, the Commission finds it particularly risky for such entities to be closely associated with the review and approval of communications devices (with all the components therein) for the U.S. market--if these entities should not be allowed access to sensitive technologies after they are on the market, they similarly should not be allowed access before they are on the market through the equipment authorization program. This conclusion is consistent with the Commission's action in the Cybersecurity IoT Labeling R&O (89 FR 61242; July, 30, 2024), which prohibited entities named on the BIS Entity List from having their products receive a U.S. Cyber Trust Mark label or from serving as Cybersecurity Label Administrator or other lab participating in the labelling program. Commerce Department BIS Military End-User List. The Military End- User List consists of entities subject to heightened export controls because the End-User Review Committee determined that ``exports, reexports, or transfers . . . to that entity represent an unacceptable risk of use in or diversion to a `military end use' in Belarus, Burma, Cambodia, China, Nicaragua, the Russian Federation, or Venezuela, or for a Belarusian, Burmese, Cambodian, Chinese, Nicaraguan, Russian, or Venezuelan `military end user,' wherever located.'' The Commission finds that the national security risks presented by these foreign military-associated entities in terms of export activities are applicable to the FCC's obligation to ensure the integrity of its equipment authorization program, which is an integral step in the importation and marketing of devices in the U.S. DHS Uyghur Forced Labor Prevention Act Entity List. Section 2 of the UFLPA requires reporting a list of entities found to be involved in forced labor in the Xinjiang region of China, which the Department of Homeland Security posts on its website. The Commission received no comments on this specific list, but Heritage did urge the [[Page 38052]] Commission to consider forced labor practices in China and noted that broadening the sources used to make determinations about recognition of test labs might remove from recognition consideration labs using forced labor or committing other human rights abuses. Federal agencies have found the entities listed on the UFLPA Entity List to be involved in forced labor, and goods that are manufactured wholly or in part by such entities are prohibited from U.S. importation. Because goods manufactured by these entities are prohibited from U.S. importation, the Commission finds that it would not be in the public interest or consistent with the integrity and security of the equipment authorization testing program for these entities to play a role in the equipment authorization program, particularly in such a way that contributes to ensuring compliance to the FCC's rules of equipment that must be authorized to be imported. Section 5949 List of Semiconductor Companies. Section 5949 of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year 2023 prohibits Executive Branch agencies from procuring, obtaining, or contracting with entities to obtain any electronic parts, products, or services that include a semiconductor, a semiconductor product, or a product that incorporates semiconductor products designed or produced by Semiconductor Manufacturing International Corporation, ChangXin Memory Technologies, Yangtze Memory Technologies Corp, or any subsidiary, affiliate, or successor of such entities; or any such product produced by an entity determined by designated sources. The FCC finds that Congress's determination that these entities were not to be trusted to provide semiconductor products and services to ``Federal systems'' and were a threat in the ``supply chains of Federal contractors and subcontractors'' is strong evidence that the Commission should address the threat such entities present to ensuring the integrity and security of the equipment authorization program. DOD 1260H List of Chinese Military Companies. Under section 1260H of the FY 2021 NDAA, the Secretary of Defense is required to publicly list entities that the Secretary has determined to be a ``Chinese military company'' that is ``operating directly or indirectly in the United States'' and is ``engaged in providing commercial services, manufacturing, producing, or exporting.'' Effective June 30, 2026, DOD is prohibited from entering into, renewing, or extending contracts for goods, services, or technology with entities on the 1260H List or their affiliates. Contracts with companies controlled by these listed entities are also prohibited. Further, in 2027, DOD is prohibited from entering into, renewing, or extending a contract for the procurement of goods or services that include goods or services produced or developed by an entity, or controlled by an entity, on the Section 1260H List. The prohibitions do not extend to existing contracts or to contracts for goods, services, or technology that provide a service that connects to the facilities of a third party, including backhaul, roaming, or interconnection arrangements. The Secretary of Defense may waive the prohibition under certain circumstances. The FCC concludes that, for the same reasons that these entities are identified on the 1260 List, such companies present an unacceptable risk to ensuring the integrity and security of the equipment authorization testing program. This is consistent with the Commission's action in the Cybersecurity IoT Labeling R&O, which prohibited entities named on the DOD 1260H List from having their products receive a U.S. Cyber Trust Mark label or from serving as Cybersecurity Label Administrator or other lab participating in the labelling program. Department of Treasury NS-CMIC List of Chinese Military Companies. The NS-CMIC List, maintained by the Department of Treasury, consists of persons found to ``operate or have operated in the defense and related materiel sector or the surveillance technology sector of the economy of the PRC'' and was created as part of an Executive Order to address ``the threat posed by the military-industrial complex of the People's Republic of China (PRC) and its involvement in military, intelligence, and security research and development programs, and weapons and related equipment production under the PRC's Military-Civil Fusion strategy.'' This list is almost identical to the 1260H List. The FCC concludes that the threat presented by such entities as determined by federal agencies would apply in terms of its efforts to ensuring the integrity and security of the equipment authorization program. Foreign Adversary Governments and Persons. The Department of Commerce has developed a list of ``foreign adversary'' governments and persons, which includes ``any foreign government or foreign non- government person determined by the Secretary [of Commerce] to have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.'' Currently, the list of foreign adversaries consists of the People's Republic of China (including the Hong Kong Special Administrative Region and the Macau Special Administrative Region), Republic of Cuba, Islamic Republic of Iran, Democratic People's Republic of North Korea, Russian Federation, and the Venezuelan politician Nicolas Maduro. The rules establishing the process for these determinations were made pursuant to Executive Order 13873 of May 15, 2019, ``Securing the Information and Communications Technology and Services Supply Chain.'' President Trump issued Executive Order 13873 in response to the national emergency caused by the threat of foreign adversaries exploiting vulnerabilities in information and communications technology and services (ICTS). The same concerns that the Department of Commerce's ICTS rules seek to address are also a key component of the Commission's equipment authorization program; namely, the equipment authorization program seeks to ensure the Commission protects the U.S. communications networks and the supply chain from equipment that poses an unacceptable risk to national security. Moreover, the Secure Networks Act's definition of ``foreign adversary'' is identical to the definition of ``foreign adversary'' as used by the Department of Commerce in producing its list of foreign adversaries. National Telecommunications and Information Administration (NTIA), in a notice and request for public comment implementing these provisions of the Secure Networks Act, treated the Department of Commerce's list of foreign adversaries as ``foreign adversaries'' for purposes of determining who is a ``trusted . . . provider of advanced communications service or a supplier of communications equipment or service'' under the Secure Networks Act. If Congress and NTIA determined that entities subject to foreign adversaries' ownership or control are not to be trusted to provide or supply communications equipment or services, the Commission does not believe they should be trusted to participate in the equipment authorization program, which tests and reviews communications equipment. The FCC's proposal to address participation by foreign adversaries in the equipment authorization program is generally supported by Heritage and FDD. And the Commission does not [[Page 38053]] agree that application of the foreign adversary list is ``discriminatory,'' as TAF contends, given that the list reflects determinations by an expert agency that the entities listed have engaged in a ``long-term pattern or serious instances of conduct significantly adverse to the national security interest of the United States or security and safety of United States persons.'' The Commission finds that its efforts to ensure the integrity and security of the equipment authorization program could be hindered by the participation of entities determined to have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons. These findings are consistent with the Commission's actions in other proceedings. For example, in the Cybersecurity IoT Labeling R&O, the Commission relied on the foreign adversary list as a disqualifier from receiving a U.S. Cyber Trust Mark label or from serving as Cybersecurity Label Administrator or other lab participating in the labelling program. Additionally, in the Evolving Risks Order and NPRM, the Commission proposed to rely on the Department of Commerce's definition of foreign adversary in its proposal to prioritize the renewal applications or any periodic review filings and deadlines based on, for example, ``reportable foreign ownership, including any reportable foreign interest holder that is a citizen of a foreign adversary country.'' CHIPS Act. At this time, the FCC declines to extend the definition of prohibited entity to any ``foreign entity of concern'' as defined by the CHIPS Act, because this definition extends to entities subject to the ``jurisdiction'' of specified countries. The FCC interprets this definition as potentially applicable to a broader range of entities than those owned by, controlled by, or subject to the direction of certain entities, and thereby more broadly applicable than anticipated in the EA Integrity NPRM. So, the FCC seeks further comment on adopting this definition, as discussed in the FNPRM portion of the proceeding. The FCC also declines at this time to extend the prohibition in this R&O to several other federal agency-developed and statutory ``lists'' of entities of concern both because the record on these lists is not developed and because the alignment between the policy goals underlying those lists and the integrity and security of the equipment authorization testing program is not as obvious, and seeks further comment in the FNPRM. Preventing Prohibited Entities From Participating in the Equipment Authorization Program Recognizing the importance of ensuring that the TCBs and test labs that review equipment for importation and marketing in the U.S., and the entities that accredit test labs, are themselves trustworthy actors, and to complement the FCC's efforts to ensure the security of the supply chain, the Commission takes steps to remove from participation in its equipment authorization program entities that have been determined to pose unacceptable risks to the national security of the United States based on a number of sources (i.e., prohibited entities). The Commission adopts its proposals in the EA Integrity NPRM to: (1) prohibit from recognition by the Commission and participation in the FCC's equipment authorization program any TCB, test lab, or laboratory accreditation body owned by, controlled by, or subject to the direction of a prohibited entity; and (2) prohibit reliance on or use of, for purposes of equipment authorization, any TCB or test lab owned by, controlled by, or subject to the direction of a prohibited entity. By adopting these prohibitions, the FCC takes a significant step in addressing the risks posed by these actors to U.S. national security in the communications equipment supply chain. The restriction on entities that present national security concerns is rooted in longstanding legislative and regulatory efforts aimed at safeguarding U.S. national security, economic interests, and technological leadership, which have consistently recognized the risks posed by foreign adversaries. These efforts have consistently targeted the same foreign adversaries (or a subset thereof) designated as such by the Department of Commerce and treated as ``prohibited entities'' in the rules the FCC adopts today. These efforts include actions to safeguard military operations, protect U.S. supply chains against foreign adversaries exploiting vulnerabilities in key industries, and federal restrictions on adversarial access to sensitive data and emerging technologies that have been implemented to address cybersecurity, research security, and otherwise protect national security. In February of this year, President Trump issued a memorandum announcing the America First Investment Policy which, among other things, states that ``[e]conomic security is national security,'' discusses the need to limit certain investments in strategic sectors by the same six foreign adversaries as identified in the Department of Commerce's rules, and singles out China in particular for its nefarious exploitation of U.S. open capital markets to gain access to U.S. strategic technology and critical infrastructure. Taken together, these measures reflect an ongoing, bipartisan effort to mitigate foreign adversary involvement in U.S. economic and technological supply chains across multiple fronts over multiple Congresses and multiple Presidential Administrations. Contrary to TAF's assertion that accreditation according to relevant ISO standards alone is sufficient to allow test lab participation in the Commission's equipment authorization program, the FCC believes that compliance with ISO standards should be a floor, not a ceiling, for all equipment authorization participants. And, while such compliance with generally universally-applied standards may be necessary to ensure technical competency, it may not be sufficient. Furthermore, the Commission believes that implementation of Congress's instruction that the Commission ``may . . . establish such qualifications and standards as it deems appropriate for such private organizations, testing, and certification'' requires us to address other concerns, such as protecting the supply chain from entities that present national security concerns. In light of ongoing security risks, the Commission must take measures to ensure that entities entrusted with access to equipment, and related data, prior to authorization for importing and marketing, as well as entities that assess the competence of such, are not acting on behalf of foreign adversaries but instead are operating consistent with their responsibilities to help ensure that equipment that poses an unacceptable risk to national security is kept out of our nation's supply chain, in addition to being technically competent. In fact, the Secure Networks Act demonstrates Congress's view that participants in the communications equipment supply chain that are ``owned by, controlled by, or subject to the influence of a foreign adversary'' are not to be ``trusted.'' Additionally, one of the agencies upon which the FCC regularly relies for national security expertise--the Department of Justice, National Security Division (FIRS)--has noted several other national security concerns arising from reliance on TCBs and test labs ``that could be exploited by adversarial entities.'' Specifically, FIRS points out that TCBs and test labs perform certain activities that create technical vulnerabilities. The privileged access by TCBs and test labs to highly sensitive [[Page 38054]] intellectual property and emerging technologies could lead to systematic collection of information that represents a significant counterintelligence concern and the aggregation of such data has the potential to aid foreign adversaries in developing counterstrategies or identifying asymmetric advantages. Also, compromised entities could deliberately overlook or inadequately test devices, or manipulate test results, which could result in compromised devices in the U.S. market that have the potential to facilitate access by foreign intelligence services or that do not meet compliance requirements and pose interference risks. The FCC finds that allowing entities that have been repeatedly identified as foreign adversaries of the U.S. government, specifically those identified in the Order as prohibited entities, to participate in the equipment authorization program as TCBs, test labs, and laboratory accreditation bodies could adversely affect a TCB's, test lab's, or laboratory accreditation body's ``trustworthiness, or otherwise undermine the public's confidence,'' especially their ``access to proprietary, sometimes sensitive information about suppliers and their devices.'' By enforcing stricter regulations on ownership and control of TCBs, test labs, and laboratory accreditation bodies, the FCC upholds core national security priorities, reinforcing the broader strategy to protect U.S. interests from adversarial exploitation. Prohibiting Recognition of TCBs, Test Labs, and Laboratory Accreditation Bodies That Are Owned by, Controlled by, or Subject to the Direction of Prohibited Entities In the EA Integrity NPRM, the Commission proposed to prohibit from recognition by the Commission and participation in the FCC's equipment authorization program any TCB, test lab, or laboratory accreditation body in which an entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more, either directly or indirectly, and sought comment on this proposal. The Commission also proposed and sought comment on whether it should decline to recognize laboratory accreditation bodies associated with any foreign adversary, including as to how such association should be determined. The Commission adopts a modified version of these proposals to include a prohibition on recognition of, or participation by, TCBs, test labs, and laboratory accreditation bodies that are owned by, controlled by, or subject to the direction of prohibited entities, as defined in the Order. Several commenters were broadly supportive of the proposal, stating, for example, that it is necessary to ensure equipment is properly vetted against the Commission's rules intended to address national security threats. The Covered List represents expert determinations made by Congress and relevant federal agencies that the specified equipment and services produced by certain named entities represent an unacceptable threat to national security, and the risk of their importation into the United States necessitates that the FCC take measures to prevent such equipment from improperly obtaining FCC equipment authorization. Congress believed so strongly that the importation or marketing of certain equipment and services produced or provided by specific entities posed a threat to the national security and public safety that it passed the Secure Equipment Act to ensure that such equipment and services would be unable to obtain equipment authorizations from the Commission. The Commission takes seriously the Congressional mandate to ensure that its equipment authorization system excludes entities that have been determined to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons. As such, the FCC finds it necessary to expand its proposal beyond the Covered List to include all prohibited entities as defined in the Order. The Commission finds it imperative that it not allow prohibited entities to circumvent supply chain protections or otherwise undermine the integrity of its supply chain. Prohibiting recognition of TCBs, test labs, or laboratory accreditation bodies that are owned by, controlled by, or subject to the direction of prohibited entities will help to ensure that participants in the FCC's equipment certification procedure, the most rigorous equipment authorization process, are not subject to undue influence and support the integrity and security of the program. The Commission rejects TAF's arguments that there is no need to make changes to the existing authorization system because it has operated effectively to date without national security incidents, and that restricting lab authorization based on national security lacks a technical basis because labs do not modify products and so cannot introduce national security issues, nor do they possess any information that could threaten national security. A2LA also observed that as part of ISO/IEC 17011, accreditation bodies must maintain impartiality and, by that criteria, no accreditation body should have an ``affiliation'' with a foreign government, adversarial or not. The Commission emphasizes that the measures it adopts today are both an important corollary to the rules the FCC adopted in the EA Security R&O and proactive measures against evolving risks reflected in the record before us. As FDD noted, this action is just the latest Commission effort in recognition of ``a growing vector of systemic risk: adversarial control over the authorization process that safeguards the U.S. communications technology ecosystem.'' Further, the Commission agrees with FDD that ``TCBs and test labs handle highly sensitive, proprietary manufacturing and development data, conduct testing protocols, and produce compliance certifications upon which the FCC relies,'' meaning ``their actions directly affect what devices are legally imported into and offered for sale within the United States.'' The Commission further agrees with FDD that if U.S. adversaries are participants in this layer of the supply chain, they can introduce vulnerabilities at scale, long before devices reach consumers or critical systems.'' Absent rules intended to ensure the impartiality of TCBs, test labs, and laboratory accreditation bodies, prohibited entities could pressure TCBs, test labs, or laboratory accreditation bodies to take actions that are contrary to the FCC's efforts to protect the communications equipment supply chain. For example, entities that own, control, or direct TCBs, test labs, or laboratory accreditation bodies could pressure the TCB, test lab, or laboratory accreditation body to overlook requirements that could ultimately result in the authorization of equipment identified on the Covered List. Furthermore, TCBs and test labs have access to sensitive, proprietary information related to equipment submitted for testing and certification and laboratory accreditation bodies are tasked with assessing the competence of test labs. Access to such information by entities who have been determined to pose unacceptable risks to national security would provide further opportunity for actions that would compromise the integrity of the FCC's equipment authorization program. Given the importance of ensuring the security of the FCC's supply chain and limiting vulnerabilities from entities that present national security concerns, the Commission declines to implement certain alternatives proposed by commenters. For example, the [[Page 38055]] Commission finds inadequate TIC's suggestion that it would be sufficient to simply adopt disclosure requirements, because such disclosure requirements would not necessarily prevent entities presenting national security concerns from, participating in the FCC's equipment authorization program. Moreover, such a disclosure regime would potentially require the Commission to engage in extensive, individualized reviews of test lab and TCB ownership to determine whether national security interests are implicated. Such a regime also would result in uncertainty within the regulated community as to what the Commission might do to address such instances. By adopting the rules in the Order, the Commission is creating a transparent method of addressing the threat of entities that present national security risks within its equipment authorization program. The Commission is also not persuaded that its proposed rules would meaningfully adversely impact global supply chains, slow equipment approvals, or increase costs for manufacturers. The transparency of these new requirements will not only provide the Commission with the necessary information to ensure the integrity of its equipment authorization program, it will also increase awareness within industry as to the entities with whom they choose to do business and lessen concern that prohibited entities could interfere with their equipment authorizations or the process of obtaining such, potentially speeding up equipment approvals and reducing costs. Additionally, the Commission doesn't find it necessary to provide an extended transition period for implementation of the rules in order to allow sufficient time to identify and engage adequate replacement facilities, as suggested. Considering the time needed for the rules adopted here to take effect, in addition to the procedural timeframes included in the rules for withdrawal of recognition, the Commission believes that any concerns are speculative and outweighed by its goal of ensuring the integrity of the equipment authorization program. The role of laboratory accreditation bodies in the FCC's equipment authorization program--namely, to provide impartial assessment of the competence of the test labs that they accredit--requires that they be free of and safeguarded from influence by actors that may pose a risk to national security. The Commission also recognizes that the activities and practices of laboratory accreditation bodies extend internationally and include relationships with various foreign actors, and so clarity is needed regarding how to determine which laboratory accreditation bodies will be recognized by the Commission. In addition, if the Commission were to adopt a prohibition on TCBs and test labs owned by, controlled by, or subject to the direction of prohibited entities without adopting a corresponding prohibition on laboratory accreditation bodies, the Commission would leave open the possibility that prohibited entities would simply move upstream to exercise ownership, control, or direction within the equipment authorization program. Acknowledging commenters' desire for clarity, the Commission adopts a rule that it will not recognize a laboratory accreditation body, and will revoke the recognition of any previously-recognized laboratory accreditation body, that is owned by, controlled by, or subject to the direction of a prohibited entity. The Commission finds that this rule, along with the explanation provided in the proceeding of what the FCC means by ``owned by, controlled by, or subject to the direction of'' will provide clear requirements for participation in the equipment authorization program. With regard to A2LA's observation that laboratory accreditation bodies are required to maintain impartiality pursuant ISO/IEC 17011, the Commission finds it incumbent upon us to take proactive measures to ensure the integrity and guarantee against equipment authorization program participation by entities owned by, controlled by, or subject to the direction of prohibited entities. Prohibiting Reliance on, or Use of, for Purpose of Equipment Authorization, and TCB or Test Lab Owned by, Controlled by, or Subject to the Direction of a Prohibited Entity In the EA Integrity NPRM, the Commission also proposed to prohibit from recognition by the Commission and participation in its equipment authorization program, any TCB or test lab in which an entity identified on the Covered List has direct or indirect ownership or control. The Commission tentatively concluded that, in light of the determinations made from expert federal agencies and Congress about the national security risks posed by entities with equipment identified on the Covered List, the Commission should not permit such TCBs and test labs to have any role in its equipment authorization program. The Commission adopts the proposed rule to prohibit reliance on or use of any TCB or test lab owned by, controlled by, or subject to the direction of an entity (or its subsidiaries or affiliates) identified on the Covered List, for purposes of equipment authorization. The Commission expands this prohibition, however, to include all ``prohibited entities.'' This means that parties seeking equipment authorization pursuant to the SDoC process may not rely on testing performed at a test lab that is owned by, controlled by, or subject to the direction of a prohibited entity. By prohibiting, for purposes of SDoC authorization, the use of test labs that are owned by, controlled by, or subject to the direction of a prohibited entity, the Commission seeks to ensure that entities posing national security risks cannot use the SDoC process as a loophole to circumvent the FCC's restrictions. The Commission rejects the arguments of commenters that extending the prohibition to the SDoC process will not enhance national security, and that any security concerns are mitigated by the existing prohibition on entities identified on the Covered List from using SDoC. The Commission also disagrees with TIA that we must provide specific evidence of abuse of the SDoC process to warrant changes. In enacting the Secure Networks Act and Secure Equipment Act, Congress recognized that it was imperative that those entities determined to pose unacceptable risks to U.S. national security be foreclosed from accessing U.S. communications networks and supply chains, and nothing in the record would support excluding test labs used as part of the SDoC process from this prohibition. Information on equipment authorized via the SDoC process is less readily transparent to the Commission than information on equipment authorized via certification, meaning that equipment authorization through the SDoC process may be at greater risk of potential exploitation by prohibited entities, raising national security concerns regarding the possible introduction of equipment that poses an unacceptable risk to national security into the U.S. market. In prohibiting entities identified on the Covered List from using SDoC to obtain equipment authorization, the Commission sought to ensure consistent application of the prohibition on further authorization of covered equipment, while also providing for more active oversight. The same rationale applies here--namely that, absent the clarification the Commission adopts today, prohibited entities might use their influence over labs, and take advantage of the more limited oversight the Commission has [[Page 38056]] over the SDoC process, to allow for the introduction of equipment that poses an unacceptable risk to U.S. national security and otherwise undermine the integrity of its equipment authorization process. The value of the SDoC process to many parties seeking equipment authorization, and the importance of prohibiting equipment that poses an unacceptable risk to national security, necessitates that the Commission takes measures to prevent abuse of the SDoC process. Defining ``Ownership'' and ``Direction or Control'' The FCC prohibitions in section III.B. of this document rely on specific definitions of ``ownership'' and ``direction or control.'' As the Commission discusses below, it has repeatedly used ownership limits or attribution rules to identify entities presumed to be able to exert effective direction or control even in the absence of a majority voting interest. Here the Commission defines and adopts such a limit. The Commission also recognizes that an entity may exert direction or control when it has minority interests below the limits the Commission sets or no ownership interests, so the Commission adopts and clarifies qualitative indicia that entities, and the Commission, may use in determining and attesting to the existence of direction or control. Implementation of the 10% Ownership Threshold The Commission adopts its proposals in the EA Integrity NPRM to prohibit from recognition by the Commission and participation in its equipment authorization program, any TCB, test lab, or laboratory accreditation body in which a prohibited entity directly or indirectly owns or controls 10% or more of the equity or voting rights. Consistent with Commission precedent and the rules and precedent of other federal regulatory agencies, the Commission finds that the 10% ownership threshold provides a reasonable proxy or indication that a TCB, test lab, or laboratory accreditation body is controlled by or subject to the direction of a prohibited entity. Some commenters oppose the proposed prohibition and recommended alternative approaches. For instance, TIA proposed that the Commission first ``target'' only TCBs and test labs that are wholly owned by entities on the Covered List. TIA presented no evidence, however, to support its implicit contention that a threat is only present when a TCB or a test lab is wholly owned by a prohibited entity, nor does it explain why a prohibited entity cannot exert direction or control even though it may hold only a minority ownership interest or no ownership interest in the TCB, test lab, or laboratory accreditation body. Indeed, under TIA's proposal, a TCB 99.99% owned by an entity identified on the Covered List would not be prohibited, but it would be prohibited if such ownership rose to 100%. Based on the FCC's record, such a limited prohibition would not adequately protect the integrity of the equipment authorization program against participation by prohibited entities. Therefore, the Commission rejects TIA's proposal and concludes that prohibiting only those TCBs and test labs that are wholly owned by prohibited entities would not sufficiently advance the national security interests in the proceeding. Some commenters question whether laboratory accreditation bodies have the capability to ascertain ownership interests. In their view, because laboratory accreditation is primarily a technical assessment conducted by technical experts--and not a review of ownership interests by financial analysts, accountants, or auditors--reliance on laboratory accreditation bodies to prevent accreditation of test labs based on ownership interests is not feasible. A preferable approach, according to A2LA, would be for the Commission to assess all test labs, offer accreditation if warranted, and then restrict the ability of labs to conduct testing or participate in the equipment authorization if accredited entities are found to be a national security risk. Another proposed alternative was to create a ``self-reporting component'' for ownership interests of TCBs and test labs that the Department of Commerce might oversee. A2LA further stated that it was unclear how ownership impacts national security risk. In response to concerns of commenters that laboratory accreditation bodies are not equipped to determine ownership interests, the Commission clarifies that the rules it adopts today do not require laboratory accreditation bodies to independently investigate and establish ownership. Rather, the rules will require TCBs and test labs themselves to certify that no prohibited entity has an equity or voting interest of 10% or more in the TCB or test lab. And while the FCC's rules do require that the laboratory accreditation body submit a test lab's certification directly to the Commission in order for the test lab to be included on the list of accredited test labs that the FCC has recognized, this does not require the laboratory accreditation body to undertake its own investigation of a test lab's ownership. Nor do the Commission see that this requirement imposes an undue burden on laboratory accreditation bodies, which must already submit to the Commission various information regarding the test lab. That said, the Commission do, however, expect a laboratory accreditation body to take reasonable steps to not knowingly or negligently facilitate the obfuscation of the ownership of a test lab. In other words, a laboratory accreditation body could be held responsible for what it knew or should reasonably have known concerning the ownership interests in the TCB or test lab. Indeed, this is the same standard that TCBs should already be applying in the equipment authorization context in assessing whether an applicant's attestations regarding the equipment for which authorization is sought--namely that the equipment is not ``covered,'' and providing a valid U.S. agent for service of process-- is accurate and true. A2LA asked how ``affiliation'' would be defined, as used in the NPRM, and asked whether participation by accreditation bodies in countries with which the U.S. has MRA and accreditation of test labs in foreign countries might be considered ``affiliation.'' A2LA said U.S. accreditation bodies have accredited test labs in foreign countries that ``may be'' on the adversary list and questioned whether those accreditation bodies would be precluded for that reason. ANAB similarly said that the FCC should clarify that ``affiliation'' does not include participation in widely recognized international accreditation cooperations through which ANAB accepts and promotes the results of conformity assessment bodies accredited by other signatories, some of which are government organizations in countries identified on the foreign adversaries list. In the proposals the Commission provided in the NPRM, we used the term ``affiliation'' very broadly throughout the discussion and once in the proposed rules to convey a connection between entities. The Commission did not specifically propose to tie that term to its definition of ``affiliate'' nor did the Commission propose a new definition. In finalizing the rules that the Commission adopts today, we are adopting a defined relationship of ownership, direction, or control in lieu of affiliation, for the reasons discussed herein. As such, the Commission finds no reason to further expand upon the discussion of ``affiliation'' as raised by A2LA and [[Page 38057]] ANAB. The Commission also clarifies here that its rules apply equally to all TCBs, test labs, and laboratory accreditation bodies regardless of the existence of MRAs or physical location of the relevant facility. The Commission concludes that it is appropriate to prohibit any TCB, test lab, laboratory accreditation body from participating in the equipment authorization process if a prohibited entity directly or indirectly owns 10% or more of the equity or voting stock. Consistent with Commission precedent and that of other federal agencies, the Commission finds that a third party could exert direction or control over another entity even without holding a majority of the equity or voting rights. Establishing the direct and indirect ownership rule at 10% aligns with Commission precedent and reflects a reasonable standard for identifying potential direction or control. For example, applicants for an international section 214 authorization are required to identify any individual or entity that directly or indirectly owns 10% or more of the equity interests and/or voting interests, or a controlling interest, of the applicant. Also, applicants or licensees subject to the ownership reporting requirements of Sec. 1.2112 of the FCC's rules must identify any party holding 10% or more of stock, partnership interest, or indirect ownership interest in the reporting entity. This 10% threshold is also consistent with definitions of ownership applied by other federal agencies with expertise in examining corporate ownership and structure. For example, the Internal Revenue Code defines the term ``United States shareholder'' with respect to any foreign corporation, as ``a United States person . . . who owns . . . 10 percent or more of the total combined voting power of all classes of stock entitled to vote of such foreign corporation, or 10 percent or more of the total value of such shares of all classes of stock of such foreign corporation.'' Under the Change in Bank Control Act, anyone, including those ``acting in concert,'' must provide a written notice before acquiring control of a bank or bank holding company, if they acquire 10% or more of its voting shares. Similarly, a foreign entity acquiring at least 10% of the voting interest (directly or indirectly through a U.S. entity) in a U.S. business enterprise, either through acquisition or establishment of a new entity, is required to file a BE- 13 Report with the Bureau of Economic Analysis (BEA). The Commission concludes that adopting the 10% ownership threshold appropriately identifies entities with sufficient direction or control as to pose a risk. Heritage asked the Commission to explain ``why entities with less than 10% [ownership or control] pose a risk, but entities below 5% do not.'' The Commission recognizes that a third party may exercise direction or control over another entity even where it holds less than a 10% ownership stake in that entity or holds no ownership stake. Consistent with precedents discussed above of this document, the Commission expands its current reporting requirement and adopts a requirement that all TCBs, test labs, and laboratory accreditation bodies report all equity or voting interests of 5% or greater by any entity. This 5% reporting threshold balances the need to protect national security while minimizing undue reporting burden by providing the Commission with the necessary information to confirm compliance with the ownership prohibitions and to more easily identify closely associated entities. The Commission notes that the reporting requirement is parallel to and not a substitute for its requirement that all TCBs, test labs, and laboratory accreditation bodies, regardless of ownership interests, certifies that they are not under the ownership, or otherwise direction or control of prohibited entities based on the indices of direction or control that the Commission discusses next. Definition of ``Direction or Control'' In addition to prohibiting any TCB, test lab, or laboratory accreditation body in which a prohibited entity has direct or indirect ownership or control of 10% or more equity or voting interest from recognition or participation in the FCC's equipment authorization process, the Commission also adopts that prohibition for any TCB, test lab, or laboratory accreditation body that is subject to the direction or control of a prohibited entity. The concept of direction and control includes the control that is inherent when an entity is a part of the governmental structure or hierarchy of a foreign adversary, including subnational governments thereof. Recognizing that a prohibited entity may exert direction or control over another entity even where it does not own 10% or more of the equity or voting stock of that entity, the Commission therefore requires TCBs, test labs, and laboratory accreditation bodies to assess whether a prohibited entity directly or indirectly possesses or has the power (whether or not exercised) to determine, direct, or decide important matters affecting an entity. Factors indicating direction or control could include the power to decide matters pertaining to the entity's reorganization, merger, or dissolution; the opening or closing of facilities or major expenditures or to exercise authority over its operating budget; selection of new lines of business; entering into, terminating, or otherwise affecting the fulfillment of significant contracts; adopting policies relating to treatment of non-public or proprietary information; appointing officers or senior leadership; appointing or dismissing employees with access to critical or sensitive technology; or amending the entity's organizational documents. Such indicators would be relevant regardless of whether the power was exercised, and could take the form of, for example, ownership of securities or partnership or other ownership interests, board representation, holding a special share, contractual arrangements, or other formal or informal arrangements to act in concert or to decide important matters affecting an entity. Additionally, the Commission considers any applicant, wherever located, to be under the direction or control of a prohibited entity if that applicant acts as an agent or representative of a prohibited entity or acts in any other capacity at the order or request of a prohibited entity or whose activities are directly or indirectly supervised, directed, controlled, financed, or subsidized in whole or in majority part. Reporting, Certification, and Recordkeeping Requirements To help ensure that the Commission have the necessary information to implement the measures it adopts to prohibit from participation in the equipment authorization program entities that have been determined to pose unacceptable risks to national security, the Commission expands its current reporting and certification requirement for TCBs, test labs, and laboratory accreditation bodies that seeks Commission recognition. The Commission finds that requiring certification and reporting of ownership is necessary to minimize vulnerabilities in the telecommunications infrastructure and strengthen national security through the equipment authorization process by ensuring that TCBs, test labs, and laboratory accreditation bodies will not be owned by or under the direction or control by prohibited entities. The Commission finds that these adopted rules will yield significant benefits, including improved consistency in the Commission's consideration of evolving national security risks, completeness of the [[Page 38058]] Commission's information regarding equipment authorization, and timely Commission attention to issues that warrant heightened scrutiny. The Commission also finds that the adoption of the rules will better protect U.S. telecommunications infrastructure from national security risks posed by prohibited entities. These benefits cannot be achieved with ad hoc reviews alone. Thus, adopting a systemized review of the ownership certification and report by TCBs, test labs, and laboratory accreditation bodies is necessary to help ensure that the Commission and the Executive Branch agencies have the necessary information to address evolving national security, law enforcement, foreign policy, and/or trade policy risks on a continuing basis. While it is difficult to quantify these economic benefits, the Commission believes the benefits are far greater than the costs of the requirements. The Commission adopts a requirement for all recognized TCBs, test labs, and laboratory accreditation bodies to certify to the Commission, within 30 days after the effective date of the relevant rules, and thereafter with each request for recognition, that they are not owned by, controlled by, or subject to the direction of a prohibited entity. The Commission also adopts a requirement that all recognized TCBs, test labs, and laboratory accreditation bodies report, within 90 days after the effective date of the relevant rules and thereafter with each request for recognition, all equity or voting interests of 5% or greater by any entity. The Commission will not recognize--and will revoke any existing recognition of--any TCB, test lab, or laboratory accreditation body that fails to provide, or that provides a false or inaccurate certification; or that fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater. If there is any change to any of the lists that make up the prohibited entities resulting in the addition of an entity after the effective date of these rules, the Commission will require compliance with the relevant reporting, certification, and recordkeeping requirements no later than 90 days after the effective date of such change. In keeping with these reporting requirements, the FCC also clarifies the requirement that every entity specifically named on the Covered List must provide to the Commission, pursuant to Sec. 2.903(b), information regarding all of its subsidiaries and affiliates, not merely those that produce ``covered'' equipment. The Commission orders each relevant entity to provide this information no later than 30 days after the effective date of this rule and thereafter in accordance with the provisions in Sec. 2.903(b). In order to more effectively protect the FCC's equipment authorization program from the direction or control of untrustworthy entities and ensure the integrity of the program, the Commission proposed and sought comment in the EA Integrity NPRM on new recordkeeping, reporting, and certification obligations for TCBs and test labs to enable the Commission to determine ownership or control, as well as comment on any changes to its rules governing laboratory accreditation bodies. First, the Commission proposed that any entity seeking to become an FCC-recognized TCB or test lab report to the Commission equity or voting interests in the TCB or test lab of 5% or more. Second, the Commission proposed to require that recognized TCBs and test labs: (1) no later than 30 days after the effective date of any final rules adopted in this proceeding, certify that no entity identified on the Covered List (or otherwise specified in our final rules) has, possesses, or otherwise controls an equity or voting interest of 10% or more in the TCB or test lab, and (2) no later than 90 days after the effective date of any final rules adopted in this proceeding identify any entity (including the ultimate parent of such entities) that holds such ownership or control interest as our final rules require, proposed as 5% or more ownership, as discussed above. Third, the Commission proposed that any test lab that takes measurements of equipment subject to an equipment authorization, whether pursuant to certification or SDoC, maintain in its records a certification that no entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more in the test lab and documentation identifying any entity that has, possesses, or otherwise controls an equity or voting interest of 5% or more in the test lab. Finally, the Commission sought comment on precluding laboratory accreditation bodies associated with foreign adversaries, including how such association should be determined. The Commission received comments directed at these reporting requirements. The American Council of Independent Laboratories commented that the Commission's reporting requirements are reasonable and appropriate. Other commenters expressed concerns or suggested changes to these proposals. For instance, TIC commented that the proposed reporting requirements are not currently covered in MRAs between the United States and participating countries, and asked that any rules adopted be tailored to address supply chain security without disrupting testing capacity or U.S. trade commitments. Heritage asked the Commission to consider whether any level of ownership by an entity on the Covered List needs to be disclosed. Other commenters made more general observations that are relevant here. For example, TIA said that any new rules should not overly burden trustworthy TCBs or test labs. The Commission adopts the certification, reporting, and recordkeeping requirements that the Commission proposed in the EA Integrity NPRM with the modifications that these requirements will be extended to laboratory accreditation bodies and broadened to include ownership, control, or direction by any prohibited entity, as well as the additional note that reported ownership information will be made publicly available on the Commission's website. The Commission and all parties seeking equipment authorization must have ready access to the information necessary to determine which TCBs, test labs, and laboratory accreditation bodies can be relied upon for purposes of the FCC's equipment authorization program. In particular, stakeholders must be able to evaluate any ownership interest concerns that may be raised regarding an entity's impartiality or trustworthiness, particularly with regard to potential influence by entities that raise national security concerns. The Commission also finds that such ownership information could be relevant going forward to establishing appropriate ``qualifications and standards'' under section 302(e) of the Act regarding private entities to which the Commission has delegated and entrusted certain responsibilities as part of its equipment authorization program. Such data could also be instructive in other efforts to bolster the integrity of the equipment authorization program, such as ensuring that TCBs are complying with applicable impartiality requirements and rules targeted at ensuring they are not owned or controlled by a manufacturer whose equipment they must examine. Certification Requirement. To implement our prohibition on recognition of TCBs, test labs, and laboratory accreditation bodies that are subject to ownership or direction or control of a prohibited entity, the Commission adopts the proposal that, [[Page 38059]] no later than 30 days after the effective date of the rules adopted in the proceeding, recognized TCBs, test labs, and laboratory accreditation bodies must certify that no prohibited entity has, possesses, or otherwise controls an equity or voting interest of 10% or more. The Commission also requires that recognized TCBs, test labs, and laboratory accreditation bodies certify compliance with these rules and submit the requested ownership information along with the request for recognition and within 30 days after any relevant change. Because ownership interests evolve over time, and the lists of prohibited entities are subject to modification, the Commission believes that change-dependent certification and reporting requirements, along with regular confirmation, are critical to verifying the integrity of TCBs, test labs, and laboratory accreditation bodies. The Commission recognizes that relevant entities would need time to consider their options when there is a change to any of the lists that make up the prohibited entities resulting in the addition of an entity. To allow TCBs, test labs, and laboratory accreditation bodies to fully assess their ownership considerations, the Commission will require compliance with the relevant certification requirements no later than 90 days after the effective date of such changes to the prohibited entities. Reporting Requirement. The Commission also adopts a requirement that all recognized TCBs, test labs, and laboratory accreditation bodies report, within 90 days after the effective date of the rules, all equity or voting interests of 5% or greater by any entity. The Commission further requires that recognized TCBs, test labs, and laboratory accreditation bodies submit an updated report with the request for recognition and within 30 days after any change to entities that own 5% or more of its equity or voting interests. The Commission recognizes that the current 10% ownership threshold may not capture all of the information necessary to adequately assess whether a TCB, test lab, or laboratory accreditation body is owned by, controlled by, or subject to the direction of a prohibited entity. In certain instances, an entity holding less than 10% of direct or indirect ownership may nonetheless be able to exert direction or control over a TCB, a test lab, or a laboratory accreditation body. For example, where enhanced voting rights are present, such an entity may possess disproportionate decision-making power relative to its ownership stake. To balance the need to protect national security while minimizing undue reporting burden, the Commission expands its current reporting requirement and adopts a requirement that all recognized TCBs, test labs, and laboratory accreditation bodies, or those seeking recognition, report all equity or voting interests of 5% or greater by any entity. A reporting threshold of 5% would be consistent with the ownership threshold used by the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (Committee) in its review of certain applications. For instance, in the 2021 Standard Questions Order, the Commission noted the views of Committee staff that, ``5% threshold is appropriate because in some instances a less-than-ten percent foreign ownership interest--or a collection of such interests--may pose a national security or law enforcement risk.'' The Commission, based on the views of Committee staff, agreed that a 5% ownership reporting threshold is appropriate with respect to the Standard Questions. Given the Committee's expertise in assessing national security and law enforcement risks associated with foreign ownership interests, the Commission finds its reliance on a 5% threshold lends further support to its decision to adopt the same. The Commission concludes that a 5% reporting threshold would position the Commission to more easily identify foreign interests and their possible control. A reporting threshold of 5% would also be consistent with requirements imposed by other agencies, such as the Securities and Exchange Commission (SEC). The SEC Exchange Act Rule 13d-1 requires a person or ``group'' that becomes, directly or indirectly, the ``beneficial owner'' of more than 5% of a class of equity securities registered under section 12 of the Exchange Act to report the acquisition to the SEC. The Commission further notes that various SEC forms filed by issuers, including their annual reports (or proxy statements) and quarterly reports, require the issuer to include a beneficial ownership table that contains, inter alia, the name and address of any individual or entity, or ``group,'' who is known to the issuer to be the beneficial owner of more than 5% of any class of the issuer's voting securities. Finally, a reporting threshold of 5% is also consistent with the standards adopted by the Committee on Foreign Investment in the United States (CFIUS), which reviews certain transactions involving foreign acquisitions of U.S. businesses. The Commission is mindful of the caution from commenters against placing overly burdensome restrictions on TCBs or test labs. However, the Commission considers this type of information collection to be routine in many contexts and find that these obligations are an appropriate and not unduly burdensome means of enabling the Commission to confirm compliance with the ownership prohibitions and to more easily identify closely associated entities of TCBs, test labs, and laboratory accreditation bodies seeking to participate in the equipment authorization program. As aforementioned, the Commission and other government agencies commonly adopt rules to identify direct or indirect ownership or control of entities by third parties to address various concerns including national security. The Commission concludes that ascertaining the holders of 5% or more of the direct or indirect ownership should not present a substantial burden because it is reasonable to conclude that a privately held company would be aware of its investors and would maintain record of such information in the ordinary course of business, while for publicly held companies, the information on persons holding 5% or more of any class of equity security should be generally available to the public. The Commission recognizes that relevant entities would need time to consider their options when there is a change to any of the lists that make up the prohibited entities resulting in the addition of an entity. To allow TCBs, test labs, and laboratory accreditation bodies to fully assess their ownership considerations, the Commission will require compliance with the relevant reporting requirements no later than 90 days after the effective date of such an addition of prohibited entities. Recordkeeping requirements. In order to implement the prohibition, for purposes of SDoC authorization, on the use of test labs that are owned by, controlled by, or subject to the direction of a prohibited entity, the Commission adopts a requirement that parties seeking equipment authorization pursuant to the SDoC process maintain a record that the entity performing the testing conducted pursuant to the SDoC process is not owned by, controlled by, or subject to the direction of a prohibited entity. Specifically, parties availing themselves of the SDoC process must maintain a record that no prohibited entity has, possesses, or otherwise controls an equity or voting interest of 5% or more in the test lab performing the testing conducted [[Page 38060]] pursuant to the SDoC process. This requirement will help to ensure that responsible parties perform the due diligence necessary to compile the required record and determine that the test lab is eligible to participate in the FCC's equipment authorization program pursuant to the rules the Commission adopts today. The Commission also finds, and agrees with CTA, that this requirement will not meaningfully raise the cost and complexity of the SDoC process. As with test labs seeking FCC recognition, the Commission believes this type of ownership information would be retained by the test lab in the ordinary course of business. For these reasons, the Commission modifies Sec. 2.938(b)(2) of its rules to adopt this requirement. The Commission recognizes that relevant entities would need time to consider their options when there is a change to any of the lists that make up the prohibited entities resulting in the addition of an entity. To allow TCBs, test labs, and laboratory accreditation bodies to fully assess their ownership considerations, the Commission will require compliance with the relevant recordkeeping requirements no later than 90 days after the effective date of such changes to the prohibited entities. To make determinations regarding the continued acceptability of TCBs, test labs, and laboratory accreditation bodies, the Commission may also request additional information regarding the test site, the test equipment, or the qualifications of the company or individual performing the tests for the SDoC process, including documentation identifying any entity that holds a 5% or greater direct or indirect equity or voting interest in the test lab, company, or individual performing the testing. Reporting subsidiaries and affiliates of Covered List entities. The Commission proposed in the EA Integrity NPRM to require that every entity specifically named on the Covered List must provide to the Commission information regarding all of its subsidiaries and affiliates, not just those subsidiaries and affiliates that produce ``covered'' equipment, pursuant to Sec. 2.903(b). The Commission stated that this proposal would be in keeping with the certification and reporting requirements for test labs and TCBs discussed above. The Commission did not receive comment directed at this proposal. The Commission adopts this proposal and requires that every entity specifically named on the Covered List must provide to the Commission information regarding all of its subsidiaries and affiliates. The Commission has previously explained that in adopting rules and procedures to prohibit authorization of ``covered'' equipment, it is critical for the Commission, applicants for equipment authorizations, TCBs, and other interested parties to have the requisite, transparent, and readily available information of the particular entities that in fact are associated with the named entities on the Covered List. In light of the rules the Commission adopts today, it is now critical that the Commission and all stakeholders have complete information regarding all of the subsidiaries and affiliates of Covered List entities in order for the Commission, applicants for equipment authorization, TCBs, and others to make determinations about which entities may be relied upon for purposes of the Commission's equipment authorization program. Requiring this information is reasonable and justified in keeping with its goal of effectively ensuring that ``covered'' equipment determined as posing an unacceptable risk to national security under the Secure Networks Act, and prohibited from authorization under the Secure Equipment Act, is not authorized, and helps to ensure that the Commission meet the mandate in the Secure Equipment Act that the Commission not approve the grant of any ``covered'' equipment. Accordingly, the Commission requires each entity specifically named on the Covered List to submit a complete and accurate list to the Commission, within 30 days after the effective date of the rules, identifying all subsidiaries and affiliates. For each associated entity (e.g., subsidiary or affiliate), the entity named on the Covered List must provide the following information: the full name, mailing address or physical address (if different from mailing address), email address, and telephone number of each of that named entity's associated entities (e.g., subsidiaries or affiliates). As before, named entities must provide up-to-date information on any changes to the list, and if there are changes, the named entity must submit such updated information to the Commission within 30 days after the change(s), and indicate the date on which the particular change(s) occurred. Furthermore, when the Covered List is updated, any newly named entity must submit the required information for associated entities within 30 days after its inclusion on the Covered List. These submissions must be reported by an affidavit or declaration under penalty of perjury, signed and dated by an authorized officer of the named entity on the Covered List with personal knowledge verifying the truth and accuracy of the information provided about the entity's associated entities. The affidavit or declaration must comply with Sec. 1.16 of the Commission's rules. The Commission directs the OET to make the lists of affiliates and subsidiaries available to the public for review and inspection. Defining ``own'' for purposes of identifying affiliates. The Commission also proposed in the EA Integrity NPRM to revise the term ``own,'' in the context of determining what is an ``affiliate'' of an entity named on the Covered List, from ownership of more than 10 percent to ownership of 10 percent or more. The Commission received only one comment relevant to this revision. A2LA observed that the current definition of ``affiliate'' uses an ownership threshold of ``more than 10 percent,'' while the rule as proposed uses a threshold of 10% or more, and asked for clarity as to the threshold. The Commission adopts the revision as proposed. Specifically, the Commission revises its rules such that the term ``own'' in the context of determining what is an ``affiliate'' of an entity named on the Covered List means to ``have, possess, or otherwise control an equity or voting interest (or the equivalent thereof) of 10 percent or more.'' The Commission observes first that it's not bound, here, by a particular statutory definition of the term ``affiliate.'' Rather, while the Communications Act generally defines the terms ``affiliate'' and ``own,'' and there ``own'' means ``to own an equity interest (or the equivalent thereof) of more than 10 percent,'' such definitions are applied ``unless the context otherwise requires.'' The National Defense Authorization Act for Fiscal Year 2019, which designated as ``covered telecommunications equipment or services'' any telecommunications equipment produced by Huawei or ZTE ``or any subsidiary or affiliate of such entities,'' and, for certain purposes, video surveillance and telecommunications equipment produced by Hytera, Hikvision, or Dahua ``or any subsidiary or affiliate of such entities,'' did not define the term ``affiliate,'' but the Commission believes that the threshold of 10% or more, rather than more than 10%, is most consistent with Congress's intent because of its use in several other statutory schemes as well as other Commission information collections. The Commission finds that the compelling interest in preventing authorization of equipment that may pose an unacceptable risk to national security also justifies using the [[Page 38061]] moderately more expansive definition the Commission adopts today. Other Rule Revisions TCB, test lab, and laboratory accreditation body recognition withdrawal. The Commission proposed in the EA Integrity NPRM that, if a relevant TCB or test lab does not make the certification required in the proceeding, or provides a false or inaccurate certification, the Commission would suspend the recognition of any such TCB or test lab and commence action to withdraw FCC recognition under applicable withdrawal procedures. The Commission also sought comment on whether laboratory accreditation bodies should be subject to additional requirements. With regard to withdrawal of recognition of test labs, the Commission received one comment directly relevant to this proposal. A2LA suggested that the Commission employ different levels of sanctions for different violations, such as harsher penalties for intentional violations of FCC requirements. Further, A2LA asked the Commission to consider offering test labs the opportunity to remediate an otherwise prohibited ownership threshold before withdrawing recognition. Inherent in the authority to recognize a TCB, test lab, or laboratory accreditation body is the authority to withdraw or cease such recognition when a TCB, test lab, or laboratory accreditation body does not comply with the FCC's requirements. Accordingly, the Commission adopts rules specifying that its will to withdraw the FCC's recognition of a TCB, test lab, or laboratory accreditation body, if the TCB, test lab, or laboratory accreditation body is owned by, controlled by, or subject to the direction of a prohibited entity; fails to provide, or provides a false or inaccurate, certification that it is not owned by, controlled by, or subject to the direction of a prohibited entity or, similarly, fails to provide, or provides a false or inaccurate, report regarding entities with more than 5% ownership. Although the Commission believes that such ownership, control, or direction, a failure to report, or providing a false or inaccurate report, would constitute ``just cause'' that would permit revocation under existing rules, the Commission takes the opportunity here to codify it as an explicit basis for revocation and to provide a more streamlined process for resolution. The Commission finds this is necessary to adequately ensure the integrity of the equipment authorization program. It is also consistent with existing obligations on TCBs, test labs, and laboratory accreditation bodies and the Commission's rules regarding withdrawal of recognition of a TCB for just cause or if the TCB is not certifying equipment in accordance with the Commission's rules and policies. The FCC's rules already specifies the procedures the Commission will follow when withdrawing recognition of a TCB. The Commission adopts similar rules here, specific to withdrawal of recognition of a TCB, test lab, or laboratory accreditation body, if the TCB, test lab, or laboratory accreditation body is owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; fails to provide, or provides a false or inaccurate, certification that it is not owned by, controlled by, or subject to the direction of a prohibited entity or, similarly, fails to provide, or provides a false or inaccurate, report regarding entities with more than 5% ownership. The procedure for such withdrawal is consistent with that explained in the EA Integrity NPRM and already employed by OET in taking action to suspend or deny the recognition of a test lab apparently owned by an entity on the Covered List. In any instance in which the Commission or OET, acting on delegated authority, has a reasonable basis for determining that a TCB, test lab, or laboratory accreditation body is owned by, controlled by, or subject to the direction of a prohibited entity, or fails to provide or provides a false or inaccurate, certification of such, the Commission directs OET to issue a letter to the TCB, test lab, or laboratory accreditation body notifying it of the FCC's intent to withdraw or deny recognition. The letter will request explanation or correction of any apparent deficiencies, and for the TCB, test lab, or laboratory accreditation body to show cause it should be allowed recognition, within 30 days after the date of correspondence. The Commission directs OET to withdraw or deny recognition of any TCB, test lab, or laboratory accreditation body that fails, in OET's determination, to timely reply, to adequately explain or correct any deficiencies, or to show cause OET will issue a public notice of withdrawal of recognition of any TCB, test lab, laboratory accreditation body. Other NPRM Proposals TCB Post-market surveillance. In the EA Integrity NPRM, the Commission invited comment on whether to revise the post-market surveillance rules, policies, or guidance to require surveillance of authorized equipment for compliance relating to the prohibition on authorization of ``covered'' equipment. In particular, the Commission sought comment on reasonable practices TCBs could implement to identify erroneous authorizations of ``covered'' equipment, whether to change the post-market surveillance requirements to require that TCBs review grants by other TCBs, whether to require that any post-market surveillance be done only by FCC-recognized labs in the United States or MRA countries, and other measures the Commission might take to strengthen the integrity of the post-market surveillance process. The Commission received comments directed at this proposal from one commenter. TIC ``fores[aw] challenges'' leveraging post-market surveillance to identify erroneous authorizations--particularly if used to monitor for authorized equipment that is discovered post- authorization to be ineligible--because TCBs rely on attestations and information from the Commission to assess whether a grantee is ineligible based on the Covered List, and TCBs are unlikely to have more information than the Commission. TIC also said that it is unlikely that changes in eligibility would be discovered during the ``relatively short'' post-market surveillance look-back period of 12 to 18 months. Finally, TIC noted that TCBs have ``limited'' resources and skills to perform the organizational and financial analysis necessary for identifying manufacturers impermissibly connected to the Covered List, and believes the Commission is in a superior position to request, track, and review such information. The purpose of post-market surveillance is to reassess compliance of the product with the Commission's rules. While OET guidance provides that evaluation against all of the Commission's rules is not required, sufficient testing must be performed to allow the TCB to evaluate those requirements most likely to be in non-compliance, and to provide a high level of confidence that the sample complies with the Commission's rules, including its rules on authorizations prohibited by virtue of the Covered List. Accordingly, TCBs must consider compliance with the rules the Commission adopts today when reviewing and deciding whether a product subject to post-market surveillance complies with applicable Commission rules. Consistent with our rules, should the TCB find that a sample fails to comply with Commission requirements, the TCB is required to immediately notify the grantee and the Commission in writing of its findings. The Commission therefore expects that the existing post-market surveillance [[Page 38062]] process, even absent any changes, will help ensure that prohibited equipment is not authorized. The Commission will not at this time revise its rules related to post-market surveillance but seeks further comment on doing so in the Further Notice portion of the proceeding. The Commission believes the rules it adopts today will be a significant measure in ensuring the integrity of test labs and TCBs that participate in the FCC's equipment authorization program and preventing the authorization of equipment that poses an unacceptable risk to national security. Nevertheless, the Commission may revisit this decision as its rules are implemented and learns more about the potential influence of untrustworthy actors in the program. Accreditation and reassessment of TCBs. The Commission sought comment in the EA Integrity NPRM on whether the Commission should clarify or revise its rules or procedures concerning the accreditation of TCBs to ensure that the TCBs can meet their responsibilities. In particular, the Commission sought comment on what particular steps or procedures in the accreditation process could be implemented to examine how TCBs are structured, owned, or managed to safeguard impartiality and otherwise ensure that commercial, financial, or other pressures do not compromise impartiality on certification activities concerning prohibited equipment authorization. The Commission also proposed that, if it were to revise any such rules or procedures, the changes would also apply to reassessments required for continued accreditation, and sought comment on whether to provide additional clarity on the reassessment process. Further, the Commission sought comment on whether any such changes may implicate U.S. international agreements such as MRAs, and asked any commenters that proposed further clarification or revisions to address any implications under the existing MRAs and whether and how to implement any suggested changes. The Commission received two comments relevant to TCB accreditation procedures. As noted above, A2LA said that ownership assessments for certification bodies should not be the responsibility of accreditation bodies as they lack the necessary expertise in financial analysis or auditing. TIA asked that the Commission provide notice and timelines for accreditation and reassessments. The Commission does not believe it necessary to clarify its rules regarding accreditation and reassessment of TCBs at this time, for the following reasons. First, the Commission notes that the standard to which TCBs are accredited, ISO/IEC 17065, already requires that certification activities by TCBs be ``undertaken impartially'' and contains provisions intended to ensure impartiality, including regarding the management, structure, and personnel of the TCB, and TCBs are required to have a mechanism to ensure impartiality. Second, insofar as the existing impartiality requirements are insufficient, the rules the Commission adopts today will help to ensure the impartiality of TCBs and prevent undue influence on them by entities that pose a risk to national security and other untrustworthy actors. They will also improve Commission oversight over the entities that participate in its equipment authorization program and provide information that will help in determining whether and what further changes to the FCC's equipment authorization program may be necessary, including with regard to accreditation and reassessment of TCBs. Third, while the Commission has experience in recognizing TCBs, the Commission is not directly involved in the accreditation of TCBs, so the Commission is better positioned to effectuate its aims in the proceeding through amendments and clarifications to recognition processes, as the Commission does herein. FCC recognition of TCBs. The Commission sought comment in the EA Integrity NPRM on whether the Commission should consider revisions to the rules or processes by which the Commission recognizes a TCB following its initial accreditation, or the process by which accreditation is subsequently extended on a periodic basis, including any further review the FCC would do to continue to recognize an accredited TCB. In particular, the Commission sought comment on whether it should make any clarifications or changes to the FCC recognition rules or procedures to better ensure that TCBs have the capacity and procedures to meet their obligations under Commission rules, including any requirements adopted in the proceeding. The Commission did not receive comments directly responsive to these inquiries. The Commission adopts the requirement proposed in the EA Integrity NPRM that TCBs must have an organizational and management structure in place, including personnel with specific training and expertise, to verify that no authorization is granted for any equipment that is listed on the Covered List. The Commission does not believe this represents a substantial burden for TCBs, as TCBs are required to certify equipment in accordance with the Commission's rules and policies and equipment on the Covered List is already prohibited from obtaining FCC equipment authorization. Therefore, TCBs should already have the means, including the requisite organizational structure and personnel, to determine when authorizations are prohibited under the FCC's rules. The Commission is otherwise confident that TCBs, which as noted must already be capable of understanding and applying the Commission's rules and policies in order to participate in its equipment authorization program, will be capable of interpreting and implementing the requirements the Commission adopts today, and that they will have the requisite information to do so pursuant to the certification and reporting requirements for test labs that the FCC have established. As such, the Commission does not believe further revision of its rules regarding recognition of TCBs is necessary at this time. The Commission will monitor implementation of the rules it adopts today and may later revisit this question. Procedures for withdrawing FCC recognition of a TCB. In the EA Integrity NPRM the Commission invited comment on the its rules and policies regarding withdrawal of FCC recognition of a TCB, in particular as to the procedures by which the Commission would withdraw recognition of a TCB, and whether and to what extent any changes would affect MRAs. One commenter addressed the Commission's procedures for withdrawing recognition of a TCB. Specifically, TIA commented that if the Commission revokes the authority of a TCB, the FCC should provide clear guidelines and procedures, including notice and timelines, to allow manufacturers sufficient time to plan alternative testing arrangements. Further, to prevent disruption to manufacturers and existing contracts, such revocations should be prospective, not retroactive--that is, if a manufacturer has engaged in certification with a recognized TCB, the Commission should not retroactively revoke authorizations from a TCB that were granted based on an existing recognition. The Commission finds that, with the revisions it adopts today, the FCC's rules are sufficiently clear regarding the procedures by which the Commission will withdraw recognition of a TCB, and provide TCBs with ample time to [[Page 38063]] respond to the Commission's concerns. Specifically, Sec. 2.962(e)(2) of the FCC's existing rules states that the Commission will notify a TCB in writing of its intention to withdraw the TCB's recognition. The Commission maintains that procedure and adopts a withdrawal procedure specific to instances where the TCB is found to be owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; fails to provide, or provides a false or inaccurate, certification, as required in this section; or that fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater, as required in this section. In such instances, OET will notify a TCB in writing of its intention to withdraw the TCB's recognition and provide at least 30 days for the TCB to respond. The Commission finds that the potential harm posed by such TCBs, as discussed throughout the proceeding, necessitates a more streamlined process for withdrawal of recognition so as to ensure timely removal from participation in our equipment authorization process. Further, as discussed in the proceeding, the Commission expects the relevant information would be maintained by the TCB in the ordinary course of business thereby presenting minimal burden to disclose whereas other reasons for withdrawal of recognition are likely to be related to technical functions of the entity, which could require more time for resolution. While the Commission is not in a position to inform every equipment manufacturer that may be seeking authorization through that TCB that the Commission may withdraw the TCB's recognition, the Commission could request that the TCB so inform parties seeking equipment authorizations, or otherwise make public that the Commission intends to withdraw recognition of a TCB if the Commission believes that withdrawing recognition might disrupt time to market timelines for manufacturers. Further, the FCC's rules already provides that if the Commission withdraws recognition of a TCB, all certifications will remain valid unless specifically set aside or revoked by the Commission, effectively addressing concerns of commenters about broad, retroactive revocations of authorizations. Test lab transparency. In the EA Integrity NPRM, the Commission sought comment on whether additional transparency requirements for test labs are necessary and appropriate in light of the proposals in the NPRM. The Commission received one comment. Heritage commented that while test labs are reassessed every two years, that is ``too lengthy'' a time period for change in ownership disclosures, noting that the Securities and Exchange Commission requires quarterly and annual earnings reports from publicly traded companies. In response to Heritage's comment, the Commission notes that recognized TCBs, test labs, and laboratory accreditation bodies will be required to provide updated certifications or documentation regarding their ownership within 30 days after the effective date of the rules, within 30 days after any relevant change, and thereafter with the request for recognition. Should these mechanisms prove insufficient to protect the certification and SDoC equipment authorization procedures under the rules the Commission adopts today, the Commission may consider additional transparency measures in the future. The Commission will, therefore, not at this time require additional transparency measures. Test labs in non-MRA countries. The Commission sought comment in the EA Integrity NPRM on whether, in light of evolving national security concerns, the Commission should revisit its rules and procedures for recognizing test labs with regard to some or all of the countries that do not have an MRA with the United States, and asked specifically whether to no longer recognize any test lab that is located in a ``foreign adversary'' country that does not have an MRA with the United States. TIA commented that changes in testing requirements, including as to test labs in non-MRA countries, could negatively impact the global information and communications technology market, interfere with international trade agreements, and negatively affect U.S. competitiveness. TIA recommended that the Commission should consult with industry and U.S. trade officials to assess the impacts of revoking authorizations from non-MRA countries. While test labs in non-MRA countries may be impacted by the rules the Commission adopts today, the Commission will not at this time take additional action related to these inquiries and directed toward test labs in non-MRA countries. The Commission believes that the rules announced today will mitigate the potential for national security threats arising from test labs in foreign countries. To the extent that the location of the test lab indicates potential ownership of direction or control over the test lab, the Commission observes again that it has limited information at this time about the ownership and control of test labs that participate in the FCC's equipment authorization program, and accordingly a limited understanding of the entities that may be under the ownership of, or direction or control over, the lab, and limited ability to forecast the impact of additional prohibitions on the FCC's equipment authorization program. Further, any action the Commission takes should properly first look to sources and lists of entities that pose a risk to national security compiled by agencies and other bodies with appropriate national security expertise, and it is unclear whether prohibiting test labs based on their location, rather than on the identity of the entities that own, direct, or control the test lab, will accomplish that aim. Nevertheless, the Commission intends to revisit this decision after it has had time to review the ownership information reported by test labs pursuant to the rules the Commission adopts today and assess, in consultation with relevant federal agencies and other sources, the necessity, benefits, and any potential adverse impacts of precluding recognition of test labs on bases other than the one the Commission adopts today. Use of accredited, FCC-recognized test labs in SDoC process. The Commission sought comment in the EA Integrity NPRM on whether to require that all equipment authorized pursuant to the SDoC process be tested by accredited and FCC-recognized test labs, which could serve to promote the integrity of the program in precluding potentially untrustworthy test labs from participating in the equipment authorization program and serve the national security goals of the proceeding. Some commenters expressed concern about the potential ``rolling back'' of the successful SDoC program. These commenters say that the SDoC program has been a resounding success that has added efficiency to the equipment authorization program without raising interference or national security concerns, as evidenced by the few enforcement actions related to SDoC devices, and that therefore it is unclear what national security benefit would be derived from so revising the SDoC program. The Consumer Technology Association (CTA) suggests that, alternatively, the FCC could require parties seeking equipment authorization to maintain a record that the equipment was not tested by a lab, company, or individual owned by an entity named on the Covered List (or otherwise [[Page 38064]] identified by the lists or processes determined by the outcome of the proceeding). In CTA's view, doing so would preclude the use of such labs for SDoC without raising the cost and complexity for all users of the process. The Commission acknowledges the concerns of commenters and recognizes that any changes the Commission adopts herein must be balanced with the significant interest in maintaining the ability of its equipment authorization program to timely review new products and allow compliant products to come to market. In light of the changes the Commission adopts today to promote the integrity of test labs, and the limited record the Commission currently possesses regarding whether and how to amend the current SDoC process, the Commission have determined that it will not at this time require the use of accredited, FCC- recognized labs in the SDoC process. Nevertheless, in light of the persistent and evolving threats posed by untrustworthy actors seeking, among other things, to compromise the FCC's networks and supply chains, the Commission will continue to consider whether and what reforms may be necessary to ensure the integrity of the FCC's SDoC process and that equipment authorized pursuant to that process does not pose a risk to national security. The Commission further considers this issue in the FNPRM portion of the proceeding. Location of laboratory accreditation bodies. The Commission sought comment on whether laboratory accreditation bodies should be located only in the United States or other MRA-partnered countries. The Commission received one relevant comment. A2LA commented that accreditation bodies that meet the competency criteria should be permitted to accredit test labs in the United States, no matter their country of origin, and that this is and should be a reciprocal arrangement among MRA-partners. The Commission will not require that laboratory accreditation bodies be located only in the United States or other MRA-partnered countries because the Commission believes that the rules it adopts today are better suited to ensuring the integrity of the laboratory accreditation bodies participating in the equipment authorization process, and additional requirements are not necessary at this time. Accreditation and assessment of test labs. The Commission sought comment in the EA Integrity NPRM on the responsibilities and procedures by which FCC-recognized laboratory accreditation bodies conduct their assessment of prospective test labs and determine whether to accredit particular test labs. In part, the Commission asked whether to clarify its recognition requirements with regard to any of the ISO/IEC 17025 standards to ensure that the test lab accreditation process guarantees that test labs are competent and impartial, generate valid test results, and ensure that effective procedures are in place to ensure that test labs meet the ownership, direction, and control requirements adopted in the proceeding. The Commission proposed that if it were to adopt clarifications of any ISO/IEC 17025 principles, the Commission would require that the laboratory accreditation bodies reassess test labs under the new requirements or procedures. The Commission also requested comment on whether to clarify or revise any of the Commission's rules or policies concerning assessment of test lab accreditation every two years in order to help ensure implementation of the prohibitions on recognition adopted in the proceeding, and asked whether OET should establish specific procedures for reassessment and recognition of test labs and other potential revisions of its procedures for reassessment, recognition, and revocation. Commenters observed that laboratory accreditation is primarily an assessment of the technical capabilities of the test lab and said that the laboratory accreditation process is ``rigorous.'' A2LA said that accreditation against the ISO/IEC 17025 standard is a technical assessment ``limited to activities directly related to the tests on the proposed scope of accreditation'' and that assessors are ``technical experts in their fields,'' not financial analysts or other personnel with expertise in examining ownership and financial records. TIC said that the ``accreditation process is a thorough assessment of the capacity and competency of the lab and its personnel to understand and perform the testing, as well as to generate accurate test reports that can be relied upon for equipment authorization.'' TIC also said that the accreditation process is ``rigorous, requiring a demonstration of technical competence, an understanding of program rules, and well- established policies and procedures to safeguard objectivity, confidentiality, and impartiality.'' Based on the record, in which commenters argue that the laboratory accreditation process is adequate, the Commission will not at this time adopt any rules related to these inquiries, but the Commission seeks additional comment in the FNPRM portion of this proceeding on certain proposals that were not substantially addressed by commenters. Incorporation by Reference The OFR has regulations concerning incorporation by reference. These regulations require that, for a final rule, agencies must discuss in the preamble to the final rule the way in which materials that the agency incorporates by reference are reasonably available to interested parties, and how interested parties can obtain the materials. Additionally, the preamble to the final rule must summarize the material. Section 2.960 incorporates by reference ISO/IEC 17025:2005(E) and ISO/IEC 17025:2017(E). Both of these standards are currently incorporated by reference elsewhere within the Commission's rules. The standards contain the requirements related to test laboratory accreditation, including requirements for processes, procedures, documented information, and organizational responsibilities. Interested persons may obtain ISO/IEC 17025:2005(E) or ISO/IEC 17025:2017(E) from the sources provided in 47 CFR 2.910. A copy of the standards may also be inspected at the FCC's main office. The following standards appear in the amendatory text of this document and were previously approved for the locations in which they appear: ISO/IEC 17011:2004(E) and ISO/IEC 17065:2012(E). Cost-Benefit Analysis In the Report and Order, the Commission strengthens its oversight of TCBs, test labs, and laboratory accreditation bodies by adopting new rules that help ensure the integrity of these entities to the extent that they participate in the FCC's equipment authorization program. The Commission finds that it is critical for national security and the integrity of the supply chain that it prohibits from recognition, or participation in the equipment authorization program by, TCBs, test labs, and laboratory accreditation bodies that are owned by, controlled by, or subject to the direction of a prohibited entity. The Commission recognizes that the benefits of protecting U.S. national security, law enforcement, foreign policy, and trade policy interests are difficult to quantify in monetary terms. The difficulty in quantifying these benefits does not, however, diminish their importance. The Commission previously has found that ``a foreign adversary's access to American communications networks could result in hostile actions to disrupt and surveil the FCC's communications networks, [[Page 38065]] impacting its nation's economy generally and online commerce specifically, and result in the breach of confidential data. Given that its national gross domestic product was over $29 trillion in 2024, the digital economy accounted for approximately 16% of its economy, and the volume of international trade for the United States (exports and imports) was $7.3 trillion in 2024, even a temporary disruption in communications could cause billions of dollars in economic losses. The harms by foreign adversaries or other untrustworthy actors thus could be significant, causing disruption to the U.S. economy, residential and government communications, and critical infrastructure. The Commission finds that requiring certification and reporting of ownership is necessary to minimize vulnerabilities in the telecommunications infrastructure and the communications and consumer technology supply chain. Furthermore, it would strengthen national security through the equipment authorization process by ensuring that TCBs, test labs, and laboratory accreditation bodies are not owned by, controlled by, or under the direction of prohibited entities. The Commission finds that these adopted rules will yield significant benefits, including improved consistency in the Commission's consideration of evolving national security risks, completeness of the Commission's information regarding equipment authorization, and timely Commission attention to issues that warrant heightened scrutiny. The Commission also finds that the adoption of the rules will better protect U.S. telecommunications infrastructure and the communications and consumer technology supply chain from national security risks posed by prohibited entities. These benefits cannot be achieved with ad hoc reviews alone. Thus, adopting a systemized review of the ownership certification and reporting by TCBs, test labs, and laboratory accreditation bodies is necessary to help ensure that the Commission and the Executive Branch agencies have the necessary information to address evolving national security, law enforcement, foreign policy, and/or trade policy risks on a continuing basis. The benefits exceed the requirements' costs as discussed in this section. By adopting the proposed rules, the Commission requires TCBs, test labs, and laboratory accreditation bodies to: (1) certify that they are not owned by or subject to the direction or control of, a prohibited entity; and (2) report all equity or voting interests of 5% or greater by any entity. The Commission further adopts the proposal and requires that every entity specifically named on the Covered List must provide to the Commission information regarding all of its subsidiaries and affiliates. The Commission concludes that requiring TCBs, test labs, and laboratory accreditation bodies to ascertain their direct and indirect ownership information or whether they are under direction of or controlled by prohibited entities does not present a substantial burden because a privately held company likely knows its investors and stakeholders with significant control of the business directives, while a publicly held company is required to identify its interest holders in requisite filings with the U.S. Securities and Exchange Commission. For similar reasons, the Commission finds that requiring entities on the Covered List to provide information on its subsidiaries and affiliates imposes only a minimal burden as these entities should retain this information as part of their normal business operations. The Commission estimates that the aggregate recurring annual costs associated with the attestation and reporting requirements adopted in the Report and Order will not exceed $800,000. Specifically, the Commission estimates that each of the 706 FCC-recognized TCBs, test labs, and laboratory accreditation bodies will require approximately two hours of outside legal counsel time at a rate of $300 per hour and eight hours of administrative staff time at a rate of $57 per hour to complete the attestation and reporting process each year. For the 11 entities named on the Covered List, the Commission conservatively doubles the estimated time to account for additional reporting obligations regarding subsidiaries and affiliates. Based on these assumptions, the Commission estimates the upper bound of the aggregate annual compliance costs to be $768,768. The Commission finds that this estimate likely substantially overestimates the actual attestation and reporting burden for several reasons. First, many test labs operate under common ownership and may therefore satisfy the attestation and reporting requirements at the firm level, rather than on a per- laboratory basis. Second, the Commission assumes that, for purposes of this estimate, each TCB, test lab, and laboratory accreditation body will report changes in ownership annually, whereas many entities are unlikely to experience ownership changes each year. Third, the FCC's estimate assumes reliance on outside counsel, whereas many entities may utilize in-house resources or forego legal review altogether, thereby potentially incurring lower compliance costs. Finally, as discussed above, the Commission expects that many entities already maintain the information required by the Report and Order as part of routine business practices or to comply with obligations imposed by other government agencies (e.g., the Securities and Exchange Commission, Team Telecom). Accordingly, these entities are unlikely to incur material additional costs in complying with the requirements set forth herein. The Commission further requires parties seeking equipment authorization pursuant to the SDoC process to maintain a record that no prohibited entity has ownership in or direction or control of the test lab, company, or individual performing the testing conducted pursuant to the SDoC process. As the Commission clarifies in the section titled ``Reporting, Certification, and Recordkeeping Requirements,'' the Commission believes this type of ownership information would be retained by the test lab in the ordinary course of business. As a result, the Commission finds the requirement imposes minimal burden, and that any associated costs are negligible when weighed against the substantial benefits to the security of the telecommunications infrastructure and national interests. The Commission finds that the requirements adopted in the Report and Order are highly unlikely to impose substantial harms on U.S. consumers, equipment manufacturers, or other stakeholders. The Commission finds any direct costs stemming from the requirements in the Report and Order will be minor; any indirect costs that may be borne by domestic stakeholders are likely similarly minor but also highly speculative in nature. First, the Commission did not receive substantive comments or reply comments in its record outlining such harms. Second, the Commission tentatively believes that most test labs negatively affected by the Report and Order are owned by, controlled by, or subject to the direction of China and that these test labs disproportionately test equipment from Chinese companies. Harms to such entities are not considered in a Cost-Benefit Analysis. Third, the vast majority of TCBs, test labs, and laboratory accreditation bodies would maintain their recognition under these rules, and the Commission have no evidence that U.S. equipment producers or U.S. consumers would face significant costs as a result of some producers switching to non- prohibited [[Page 38066]] test labs. Therefore, the Commission finds the requirements to be minimally harmful to U.S. stakeholders. Ordering Clauses Accordingly, it is ordered, pursuant to the authority found in sections 1, 4(i), 229, 301, 302, 303, 309, 312, 403, and 503 of the Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 229, 301, 302a, 303, 309, 312, 403, and 503, section 105 of the Communications Assistance for Law Enforcement Act, 47 U.S.C. 1004; the Secure and Trusted Communications Networks Act of 2019, 47 U.S.C. 1601- 1609; and the Secure Equipment Act of 2021, Public Law 117-55, 135 Stat. 423, 47 U.S.C. 1601 note, that this Report and Order and Further Notice of Proposed Rulemaking is hereby adopted. It is further ordered that the amendments of parts 2 and 15 of the Commission's rules as set forth in Appendix A of the Report and Order are adopted, effective 30 days after the date of publication in the Federal Register, with the exception of Sec. Sec. 2.903(b); 2.911(d)(5)(ii); 2.929(c)(2), (d)(1)(ii); 2.932(e)(2); 2.938(b)(2); 2.949(b)(5)-(6), (d); 2.950(c) through (e); 2.951(a)(10) and (11), (c); 2.960(a)(2) and (3); 2.962(d)(9); 2.1033(b)(3), (c)(3), and 2.1043(b)(2)(i)(C), (b)(3)(i)(C) which contain new or modified information collection requirements that require review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act. The Commission directs the Office of Engineering and Technology to establish and announce the effective date of these sections in a document published in the Federal Register after completion of OMB review. It is further ordered that the Office of the Secretary, shall send a copy of the Report and Order, including the Final Regulatory Flexibility Analyses, to the Chief Counsel for Advocacy of the Small Business Administration. It is further ordered that the Office of the Managing Director, Performance Program Management, shall send a copy of the Report and Order in a report to be sent to Congress and the Government Accountability Office pursuant to the Congressional Review Act, 5 U.S.C. 801(a)(1)(A). List of Subjects 47 CFR Part 2 Administrative practice and procedures, Communications, Communications equipment, Incorporation by reference, Reporting and recordkeeping requirements, Telecommunications, Wiretapping and electronic surveillance. 47 CFR Part 15 Communications equipment, Reporting and recordkeeping requirements, Security measures, Wiretapping and electronic surveillance. Federal Communications Commission. Marlene Dortch, Secretary. Final Rules For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR parts 2 and 15 as follows: PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL RULES AND REGULATIONS 0 1. The authority citation for part 2 continues to read as follows: Authority: 47 U.S.C. 154, 302a, 303, and 336, unless otherwise noted. 0 2. Add Sec. 2.902 to read as follows: Sec. 2.902 Terms and definitions. Owned by, controlled by, or subject to the direction of. Any entity: (1) In which any other entity has direct or indirect ownership or control of 10% or more equity, voting interest, or stock; (2) In which any other entity directly or indirectly possesses or has the power (whether or not exercised) to determine, direct, or decide important matters affecting the subject entity; or (3) That acts as an agent or representative of another entity or acts in any other capacity at the order or request of another entity or whose activities are directly or indirectly supervised, directed, controlled, financed, or subsidized in whole or in majority part, including being part of a governmental structure or hierarchy. Prohibited entities. (1) Each entity identified on the Covered List pursuant to Sec. 1.50002 of this chapter. (2) Entities identified by any of the following sources: (i) Department of Commerce Bureau of Industry and Security Entity List pursuant to 15 CFR part 744, supplement no. 4; (ii) Department of Commerce Bureau of Industry and Security Military End-User List pursuant to 15 CFR part 744, supplement no. 7; (iii) Department of Homeland Security Uyghur Forced Labor Prevention Act Entity List as published by the Forced Labor Enforcement Task Force pursuant to 19 U.S.C. 4681; (iv) Section 5949 of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (Pub. L. 117-263); (v) Section 1260H of the National Defense Authorization Act (NDAA) for Fiscal Year 2021 (Pub. L. 116-283); and (vi) Department of Treasury Non-Specially Designated Nationals Chinese Military-Industrial Complex Companies List pursuant to 31 CFR part 586. (3) Entities identified as ``foreign adversaries'' by the Department of Commerce pursuant to 15 CFR 791.4. 0 3. Amend Sec. 2.903 by revising the definition of ``Affiliate'' in paragraph (c) to read as follows: Sec. 2.903 Prohibition on authorization of equipment on the Covered List. * * * * * (c) * * * Affiliate. The term ``affiliate'' means an entity that (directly or indirectly) owns or controls, is owned or controlled by, or is under common ownership or control with, another entity; for purposes of this definition, the term ``own'' means to have, possess, or otherwise control an equity interest (or the equivalent thereof) of 10 percent or more. * * * * * 0 4. Delayed indefinitely, further amend Sec. 2.903 by revising paragraph (b) to read as follows: Sec. 2.903 Prohibition on authorization of equipment on the Covered List. * * * * * (b) Each entity named on the Covered List, as established pursuant to Sec. 1.50002 of this chapter, must provide to the Commission the following information: the full name, mailing address or physical address (if different from mailing address), email address, and telephone number of each of that named entity's associated entities (e.g., subsidiaries or affiliates). (1) Each entity named on the Covered List must provide the information described in this paragraph (b) no later than 30 days after the effective date of each updated Covered List; and (2) Each entity named on the Covered List must notify the Commission of any changes to the information described in this paragraph (b) no later than 30 days after such change occurs. * * * * * 0 5. Amend Sec. 2.906 by revising paragraphs (a) and (d) to read as follows: Sec. 2.906 Supplier's Declaration of Conformity. (a) Supplier's Declaration of Conformity (SDoC) is a procedure where the responsible party, as defined in [[Page 38067]] Sec. 2.909, makes measurements or completes other procedures found acceptable to the Commission to ensure that the equipment complies with the appropriate technical standards and other applicable requirements. (1) Equipment testing necessary to ensure compliance with the appropriate technical standards and other applicable requirements must not be performed at a measurement facility that is owned by, controlled by, or under the direction of a prohibited entity, as defined in Sec. 2.902. (2) Submittal to the Commission of a sample unit or representative data demonstrating compliance is not required unless specifically requested pursuant to Sec. 2.945. * * * * * (d) Notwithstanding other parts of this section, equipment otherwise subject to the Supplier's Declaration of Conformity process that is produced by any entity identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter, is prohibited from obtaining equipment authorization through that process. The rules in this chapter governing certification apply to authorization of such equipment. 0 6. Amend Sec. 2.907 by revising paragraph (c) to read as follows: Sec. 2.907 Certification. * * * * * (c) Any equipment otherwise eligible for authorization pursuant to the Supplier's Declaration of Conformity, or exempt from equipment authorization, produced by any entity identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter, must obtain equipment authorization through the certification process. 0 7. Amend Sec. 2.910 by revising paragraphs (c)(1) through (4) to read as follows: Sec. 2.910 Incorporation by reference. * * * * * (c) * * * (1) ISO/IEC 17011:2004(E), Conformity assessment--General requirements for accreditation bodies accrediting conformity assessment bodies, First Edition, 2004-09-01; IBR approved for Sec. Sec. 2.948(e); 2.949(b); 2.960(d). (2) ISO/IEC 17025:2005(E), General requirements for the competence of testing and calibration laboratories, Second Edition, 2005-05-15; IBR approved for Sec. Sec. 2.948(e); 2.949(b); 2.950(a); 2.960(a); 2.962(c). (3) ISO/IEC 17025:2017(E), General requirements for the competence of testing and calibration laboratories, Third Edition, November 2017; IBR approved for Sec. Sec. 2.948(e); 2.949(b); 2.950(a); 2.960(a); 2.962(c). (4) ISO/IEC 17065:2012(E), Conformity assessment--Requirements for bodies certifying products, processes and services, First Edition, 2012-09-15; IBR approved for Sec. Sec. 2.960(a) and (c); 2.962(a), (c), (d), and (i). * * * * * 0 8. Delayed indefinitely, amend Sec. 2.911 by revising paragraphs (b) and (d)(5)(ii) to read as follows: Sec. 2.911 Application requirements. * * * * * (b) A TCB shall submit an electronic copy of each equipment authorization application to the Commission pursuant to Sec. 2.962(d)(6) on a form prescribed by the Commission at https://www.fcc.gov/eas. * * * * * (d) * * * (5) * * * (ii) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter. * * * * * 0 9. Delayed indefinitely, amend Sec. 2.929 by revising paragraphs (c)(2) and (d)(1)(ii) to read as follows: Sec. 2.929 Changes in name, address, ownership, or control of grantee. * * * * * (c) * * * (2) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; and * * * * * (d) * * * (1) * * * (ii) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; and * * * * * 0 10. Delayed indefinitely, amend Sec. 2.932 by revising paragraph (e)(2) to read as follows: Sec. 2.932 Modification of equipment. * * * * * (e) * * * (2) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; and * * * * * 0 11. Amend Sec. 2.938 by revising paragraph (b)(1)(ii) and adding paragraph (h) to read as follows: Sec. 2.938 Retention of records. * * * * * (b) * * * (1) * * * (ii) State the name of the test laboratory, company, or individual performing the testing; * * * * * (h) The Commission may request additional information regarding the test site, the test equipment, or the qualifications of the company or individual performing the tests, including documentation identifying any entity that has equity or voting interests of 5% or greater in the test lab. 0 12. Delayed indefinitely, further amend Sec. 2.938 by revising paragraph (b)(2) to read as follows: Sec. 2.938 Retention of records. * * * * * (b) * * * (2) A written and signed certification that: (i) As of the date of first importation or marketing of the equipment, the equipment for which the responsible party maintains Supplier's Declaration of Conformity is not produced by any entity identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; and (ii) As of the date of testing, the test laboratory performing the testing is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902. * * * * * 0 13. Amend Sec. 2.948 by: 0 a. Revising paragraph (a); and 0 b. Removing and reserving paragraph (c). The revision reads as follows: Sec. 2.948 Measurement facilities. (a) Equipment authorized under the certification procedure must be tested at a laboratory that is: (1) Accredited in accordance with paragraph (e) of this section; and (2) Recognized by the Commission in accordance with Sec. 2.951. * * * * * 0 14. Amend Sec. 2.949 by adding paragraphs (c) through (f) to read as follows: Sec. 2.949 Recognition of laboratory accreditation bodies. * * * * * (c) The Commission will not recognize a laboratory accreditation body that: [[Page 38068]] (1) Is owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; (2) Fails to provide, or provides a false or inaccurate, certification as required in this section; or (3) Fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater as required in this section. (d) [Reserved] (e) The Commission will withdraw recognition of any laboratory accreditation body that: (1) Is owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; (2) Fails to provide, or provides a false or inaccurate, certification, as required by this section; or (3) Fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater, as required by this section. (f) The Commission will notify a laboratory accreditation body in writing of its intention to withdraw the laboratory accreditation body's recognition and provide at least 30 days for the laboratory accreditation body to respond. 0 15. Delayed indefinitely, further amend Sec. 2.949 by adding paragraphs (b)(5) and (6) and (d) to read as follows: Sec. 2.949 Recognition of laboratory accreditation bodies. * * * * * (b) * * * (5) Certification to the Commission that the laboratory accreditation body is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902. (6) Documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the laboratory accreditation body. * * * * * (d) Each recognized laboratory accreditation body must provide to the Commission, in accordance with Sec. 2.950 and no later than 30 days after any relevant change to the required information takes effect: (1) Certification to the Commission that the laboratory accreditation body is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902. (2) Documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the laboratory accreditation body. * * * * * 0 16. Delayed indefinitely, amend Sec. 2.950 by adding paragraphs (c) through (e) to read as follows: Sec. 2.950 Transition periods. * * * * * (c) Each recognized laboratory accreditation body must provide to the Commission: (1) No later than October 6, 2025, certification to the Commission that the laboratory accreditation body is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; and (2) No later than December 5, 2025, documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the laboratory accreditation body. (d) Each recognized laboratory must provide to the Commission: (1) No later than October 6, 2025, certification to the Commission that the laboratory is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; and (2) No later than December 5, 2025, documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the laboratory. (e) Each recognized TCB must provide to the Commission: (1) No later than October 6, 2025, certification to the Commission that the TCB is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; and (2) No later than December 5, 2025, documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the TCB. 0 17. Add Sec. 2.951 to read as follows: Sec. 2.951 Recognition of measurement facilities. (a) The Commission will consider for recognition a measurement facility (i.e., testing laboratory) for which an FCC-recognized accrediting organization submits a written request to the Chief of the Office of Engineering and Technology (OET) requesting such recognition, including the following information: (1) Laboratory name, location of test site(s), mailing address, and contact information. (2) Name of accrediting organization. (3) Scope of laboratory accreditation. (4) Date of expiration of accreditation. (5) Designation number. (6) FCC Registration Number (FRN). (7) A statement as to whether the laboratory performs testing on a contract basis. (8) For laboratories outside the United States, the name of the mutual recognition agreement or arrangement under which the accreditation of the laboratory is recognized. (9) Other information as requested by the Commission. (b) The Commission will not recognize a laboratory: (1) In which a prohibited entity, as established pursuant to Sec. 2.902, has, possesses, or otherwise controls an equity or voting interest of 10% or more; (2) That fails to provide, or that provides a false or inaccurate, certification as required in this section; or (3) That fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater as required in this section. (c) [Reserved] (d) The Commission will withdraw recognition of any laboratory that: (1) Is owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; (2) Fails to provide, or provides a false or inaccurate, certification, as required in this section; or (3) Fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater, as required in this section. (e) The Commission will notify a laboratory in writing of its intention to withdraw the laboratory's recognition and provide at least 30 days for the lab to respond. 0 18. Delayed indefinitely, amend Sec. 2.951 by adding paragraphs (a)(10) and (11) and (c) to read as follows: Sec. 2.951 Recognition of measurement facilities. (a) * * * (10) Certification to the Commission that the laboratory is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902. (11) Documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the laboratory. * * * * * (c) Each recognized laboratory must provide to the Commission, in accordance with Sec. 2.950 and no later than 30 days after any relevant change to the required information takes effect: (1) Certification to the Commission that the laboratory is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902. (2) Documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the laboratory. * * * * * 0 19. Revise Sec. 2.960 to read as follows: [[Page 38069]] Sec. 2.960 Recognition of Telecommunication Certification Bodies (TCBs). (a) The Commission will consider for recognition under the terms of this section a Telecommunication Certification Body (TCB) that: (1) Has been designated according to requirements of this section to issue grants of certification as required under this part. (2)-(3) [Reserved] (4) By means of accreditation specifying the group of equipment to be certified and the applicable regulations for product evaluation, meets all appropriate specifications in ISO/IEC 17065 (incorporated by reference, see Sec. 2.910) for the scope of equipment the TCB would certify. (5) Demonstrates expert knowledge of the regulations for each product with respect to which the body seeks designation. Such expertise must include familiarity with all applicable technical regulations, administrative provisions or requirements, as well as the policies and procedures used in the application thereof. (6) Has the technical expertise and capability to test the equipment it will certify and must also be accredited in accordance with ISO/IEC 17025 (incorporated by reference, see Sec. 2.910) to demonstrate it is competent to perform such tests. (7) Demonstrates an ability to recognize situations where interpretations of the regulations or test procedures may be necessary. The appropriate key certification and laboratory personnel must demonstrate knowledge of how to obtain current and correct technical regulation interpretations. (i) The competence of the TCB must be demonstrated by assessment. The general competence, efficiency, experience, familiarity with technical regulations and products covered by those technical regulations, as well as compliance with applicable parts of ISO/IEC 17025 and ISO/IEC 17065 must be taken into consideration during assessment; and (ii) The TCB must be assessed for accreditation on intervals not exceeding two years. (iii) The Commission will provide public notice of the specific methods that will be used to accredit TCBs, consistent with the qualification criteria provided in this part. (b) The Commission will not recognize a TCB: (1) In which a prohibited entity, as established pursuant to Sec. 2.902, has, possesses, or otherwise controls an equity or voting interest of 10% or more; (2) That fails to provide, or provides a false or inaccurate, certification as required in paragraph (a) of this section; or (3) That fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater. (c) In the United States, TCBs must be accredited and designated by the National Institute of Standards and Technology (NIST) under its National Voluntary Conformity Assessment Evaluation (NVCASE) program, or other recognized programs based on ISO/IEC 17065 (incorporated by reference, see Sec. 2.910) to comply with the Commission's qualification criteria for TCBs. NIST may, in accordance with its procedures, allow other appropriately qualified accrediting bodies to accredit TCBs. (d) Outside the United States, a TCB must be designated in accordance with the terms of an effective bilateral or multilateral mutual recognition agreement or arrangement (MRA) to which the United States is a party. (1) The Commission will not recognize a TCB in an MRA partner economy if that economy does not permit TCBs in the United States to authorize equipment to its requirements. (2) The organization accrediting the prospective telecommunication certification body must be capable of meeting the requirements and conditions of ISO/IEC 17011 (incorporated by reference, see Sec. 2.910). (3) A team of qualified experts in, but not limited to, electromagnetic compatibility and telecommunications equipment (wired and wireless), must perform the accreditation assessment covering all of the elements within the scope of accreditation. (e) The Commission will notify a TCB in writing when it has concerns or evidence that the TCB is not certifying equipment in accordance with the Commission's rules in this chapter and policies and request that it explain and correct any apparent deficiencies. (1) The Commission may require that all applications for the TCB be processed under the pre-approval guidance procedure in Sec. 2.964 for at least 30 days, and will provide a TCB with 30 days' notice of its intent to do so unless good cause exists for providing shorter notice. (2) The Commission may request that a TCB's Designating Authority or accreditation body investigate and take appropriate corrective actions as required, and the Commission may initiate action to limit or withdraw the recognition of the TCB. (3) In the case of a TCB designated and recognized pursuant to a bilateral or multilateral mutual recognition agreement or arrangement (MRA), the Commission will consult with the Office of the United States Trade Representative (USTR), as necessary, concerning any disputes arising under an MRA for compliance with the Telecommunications Trade Act of 1988 (section 1371-1382 of the Omnibus Trade and Competitiveness Act of 1988). (f) The Commission will limit the scope of equipment that can be certified by a TCB if its accreditor limits the scope of its accreditation or if the Commission determines there is good cause to do so. The Commission will notify a TCB in writing of its intention to limit the scope of the TCB's recognition and provide at least 60 days for the TCB to respond. (g) The Commission will notify a TCB in writing of its intention to withdraw the TCB's recognition, and provide at least 60 days for the TCB to respond, if: (1) The TCB's designation or accreditation is withdrawn; (2) The Commission determines there is just cause for withdrawing the recognition; or (3) The TCB requests that it no longer hold its designation or recognition. (h) The Commission will notify a TCB in writing of its intention to withdraw the TCB's, and provide at least 30 days for the TCB to respond, if the Commission determines that the TCB: (1) Is owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; (2) Fails to provide, or provides a false or inaccurate, certification, as required in this section; or (3) Fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater, as required in this section. (i) If the Commission withdraws its recognition of a TCB, all certifications issued by that TCB will remain valid unless specifically set aside or revoked by the Commission. (j) The Commission will publish a list of recognized TCBs. 0 20. Delayed indefinitely, further amend Sec. 2.960 by adding paragraphs (a)(2) and (3) to read as follows: Sec. 2.960 Recognition of Telecommunication Certification Bodies (TCBs). (a) * * * (2) Has certified to the Commission that the TCB is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902. (3) Has reported to the Commission documentation identifying any entity [[Page 38070]] that has equity or voting interests of 5% or greater in the TCB. * * * * * 0 21. Revise Sec. 2.962 to read as follows: Sec. 2.962 Requirements for Telecommunication Certification Bodies. (a) A TCB must review for compliance with the Commission's requirements an application that includes all the information specified in this part to determine whether to grant equipment certification in accordance with Sec. 2.911. (1) The certification system must be based on type testing as identified in ISO/IEC 17065 (incorporated by reference, see Sec. 2.910). (2) Certification determinations must typically be based on testing of no more than one unmodified representative sample of each product type for which certification is sought. A TCB may request additional samples when clearly warranted, such as when certain tests are likely to render a sample inoperative. (b) A TCB must not outsource review and certification decision activities. (c) Evaluation may be performed using internal TCB resources or external (outsourced) resources. (1) Evaluation is the selection of applicable requirements and the determination that those requirements are met. (2) Bodies that meet the applicable requirements of ISO/IEC 17025 may perform the evaluation of a product in accordance with the applicable provisions of ISO/IEC 17065 for external resources (outsourcing) and other relevant standards. (3) The TCB remains responsible for any evaluation function provided by external resources, including the testing of equipment subject to certification, and the TCB must maintain appropriate oversight of the external resources used to ensure reliability of the evaluation. Such oversight must include periodic audits of products that have been tested and other activities as required in ISO/IEC 17065. (d) A TCB must: (1) Certify equipment in accordance with the Commission's rules in this chapter and policies. (2) Accept test data from any Commission-recognized accredited test laboratory, subject to the requirements in ISO/IEC 17065, and must not unnecessarily repeat tests. (3) Only act on applications that it has received or for which it has issued a grant of certification. (4) Dismiss an application that is not in accordance with the provisions of this subpart or when the applicant requests dismissal. A TCB may dismiss an application if the applicant does not submit additional information or test samples requested by the TCB. (5) Follow the procedures in Sec. 2.964 for equipment on the pre- approval guidance list. (6) Supply an electronic copy of each certification application and all necessary exhibits to the Commission prior to grant or dismissal of the application. Where appropriate, the application must be accompanied by a request for confidentiality of any material that may qualify for confidential treatment under the Commission's rules in this chapter. (7) Grant or dismiss each certification application through the Commission's electronic filing system. (8) Participate in any consultative activities, identified by the Commission or NIST, to facilitate a common understanding and interpretation of applicable regulations. (e) A TCB may establish and assess fees for processing certification applications and other Commission-required tasks. (f) Within 30 days of the date of grant of certification, the Commission or TCB issuing the grant may set aside a grant of certification that does not comply with the applicable requirements or upon the request of the applicant. A TCB must notify the applicant and the Commission when a grant is set aside. After 30 days, the Commission may revoke a grant of certification through the procedures in Sec. 2.939. (g) A TCB must not: (1) Grant a waiver of the rules in this chapter; (2) Take enforcement actions; or (3) Authorize a transfer of control of a grantee. (h) All TCB actions are subject to Commission review. (i) In accordance with ISO/IEC 17065 a TCB must perform appropriate post-market surveillance activities. These activities must be based on type testing a certain number of samples of the total number of product types that the TCB has certified. (1) The Chief of the Office of Engineering and Technology (OET) has delegated authority under Sec. 0.241(g) of this chapter to develop procedures that TCBs will use for performing post-market surveillance. OET will publish a document on TCB post-market surveillance requirements that provides specific information such as the number and types of samples that a TCB must test. (2) OET may request that a grantee of equipment certification submit a sample for evaluation directly to OET, to the TCB that performed the original certification, or to an entity designated by OET. Any equipment samples requested by the Commission and properly tested by a TCB may be counted toward the minimum number of samples that the TCB must test. (3) TCBs may request samples of equipment that they have certified directly from the grantee of certification in accordance with Sec. 2.945. (4) If during post market surveillance of a certified product, a TCB determines that a product fails to comply with the technical regulations for that product, the TCB must immediately notify the grantee and the Commission in writing of its findings. The grantee must provide a report to the TCB describing the actions taken to correct the situation, and the TCB must provide a report of these actions to the Commission within 30 days. (5) TCBs must submit periodic reports to OET of their post-market surveillance activities and findings in the format and by the date specified by OET. 0 22. Delayed indefinitely, further amend Sec. 2.962 by adding paragraph (d)(9) to read as follows: Sec. 2.962 Requirements for Telecommunication Certification Bodies. * * * * * (d) * * * (9) Provide to the Commission, in accordance with Sec. 2.950 and no later than 30 days after any relevant change to the required information takes effect: (i) Certification to the Commission that the TCB is not owned by, controlled by, or subject to the direction of a prohibited entity pursuant to Sec. 2.902; and (ii) Documentation to the Commission identifying any entity that has equity or voting interests of 5% or greater in the TCB. * * * * * 0 23. Delayed indefinitely, amend Sec. 2.1033 by revising paragraphs (b)(3) and (c)(3) to read as follows: Sec. 2.1033 Application for certification. * * * * * (b) * * * (3) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; and * * * * * (c) * * * (3) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter. * * * * * [[Page 38071]] 0 24. Delayed indefinitely, amend Sec. 2.1043 by revising paragraphs (b)(2)(i)(C) and (b)(3)(i)(C) to read as follows: Sec. 2.1043 Changes in certificated equipment. * * * * * (b) * * * (2) * * * (i) * * * (C) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; * * * * * (3) * * * (i) * * * (C) An affirmative or negative statement as to whether the applicant is identified on the Covered List, established pursuant to Sec. 1.50002 of this chapter; * * * * * PART 15--RADIO FREQUENCY DEVICES 0 25. The authority citation for part 15 continues to read as follows: Authority: 47 U.S.C. 154, 302a, 303, 304, 307, 336, 544a, and 549. 0 26. Amend Sec. 15.103 by revising paragraph (j) to read as follows: Sec. 15.103 Exempted devices. * * * * * (j) Notwithstanding other provisions of this section, the rules in this chapter governing certification apply to any equipment produced by any entity identified on the Covered List, as established pursuant to Sec. 1.50002 of this chapter. [FR Doc. 2025-14970 Filed 8-6-25; 8:45 am] BILLING CODE 6712-01-P