Dual use export controls - overview
Dual-use items are goods, software and technology normally used for civilian purposes but which may have military applications, or which may contribute to the proliferation of weapons of mass destruction. Through Regulation (EC) No 428/2009 (Regulation), the EU controls the export of dual-use items so as to contribute to international peace and security. Restrictions are also in place for brokering such goods as well as on the transit of such items through the EU. However, this note focuses on the export of dual use items.
The Regulation provides for common EU control rules, a common EU control list and harmonised policies for implementation. The existence of a common control system allows for the free movement of dual-use items within the EU Single Market except for some particularly sensitive items (e.g. nuclear related items, explosive detonators, items performing cryptanalytic functions, etc.), which are subject to prior authorisation even for intra-EU transfers. An export authorisation is otherwise only required when controlled items leave the EU customs territory (essentially, the EU and Monaco).
The Regulation specifically targets dual-use items that can be used to develop and build weapons of mass destruction (biological, chemical and nuclear weapons) or their means of delivery (e.g. missiles). Controlled items are listed in Annex I of the Regulation which runs to over 250 pages. Under certain conditions, non-listed items may also be controlled under the so-called “catch-all clause” (Article 4 of the Regulation), particularly where there is reason to believe such items are intended for use in connection with a biological, chemical, nuclear weapons or ballistic missile weapons programme, or for use in violation of an arms embargo.
The Regulation is binding and directly applicable throughout the EU. In other words, it is mandatory law in all EU Member States. Member States nevertheless are required to introduce domestic legislation to implement some of the Regulation’s provisions, e.g. in relation to breaches and applicable penalties. The Control of Exports (Dual Use Items) Order 2009 (2009 Order) gives effect to the Regulation in Ireland. Under the 2009 Order, the Department of Jobs, Enterprise and Innovation (DJEI) operates an export licensing system. Under the Control of Exports Act 2008, a person or company that breaches the 2009 Order commits an offence and may be liable to significant fines and even imprisonment.
Intangible exports and exemptions
The definition of ‘export’ under the Regulation is very broad in that the export control regime captures not only traditional tangible exports but also exports by intangible means, for example the downloading of software or technology, its transmission by way of e-mail or by making it accessible on a company’s intranet. Export controls also apply to the oral transmission of technology when it is described over the telephone. The Regulation also makes no distinction between intra-company exports and exports to third parties.
Helpfully, there are a number of exemptions from the application of the licensing regime for software and technology. However, these exemptions do not apply where end-use concerns arise, i.e. where the catch-all clause applies:
controls on the export of technology do not apply to basic scientific research. This means experimental or theoretical work undertaken principally to acquire new knowledge of the fundamental principles of phenomena or observable facts, not primarily directed towards a specific practical aim or objective;
the controls on software and technology will not apply to software or technology which is in the public domain. This means technology or software which has been made available without restrictions upon its further dissemination (copyright restrictions are acceptable). This would be the case where it is freely and legally available - for example in a book, on a website, at an exhibition, etc;
controls on the export of technology do not apply to information which is the minimum necessary for patent applications;
controls do not apply to that technology which is the minimum necessary for the installation, operation, maintenance (checking) and repair of those goods which are not controlled or whose export has been authorised;
there is a general exemption from the licensing requirement for encryption products when they are accompanying their user for their user’s personal use; and
there is a ‘mass-market’ exemption for encryption products (including software) provided certain cumulative criteria are satisfied including that the product must generally be available to the public by being sold, without restriction, from stock at retail selling points. There is also an exemption for dual-use items incorporating or using cryptography which satisfy other strict cumulative criteria.
Finally, dual-use export controls will also not apply to the supply of services or the transmission of technology involving cross-border movement of persons, e.g. where an EU technician travels to a country outside of the EU and performs maintenance services on a controlled good.
Given the size of the software and IT industry in Ireland, DJEI is seeing a significant increase in the number of queries received in relation to intangible exports. These queries reflect technological advances in areas such as cloud computing. The DJEI is presently considering (in conjunction with authorities in other member states) the extent to which export controls apply to cloud computing.
This post is the first in a series dealing with export controls and technology. Upcoming articles will focus on the treatment of cloud computing and information security (e.g. cryptography) under the export control regime.
For more information, contact a member of our Technology team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.