FCC Expands National Security Reporting Requirements and Restrictions

On May 27, the Federal Communications Commission (FCC) opened two rulemaking proceedings aimed at foreign involvement in U.S. communications networks, particularly by countries identified as foreign adversaries, such as China and Russia. First, a Notice of Proposed Rulemaking (NPRM), titled “Protecting our Communications Networks by Promoting Transparency Regarding Foreign Adversary Control,” aims to expand foreign adversary ownership and control reporting requirements for FCC licensees. Second, a Report and Order and Further Notice of Proposed Rulemaking (FNPRM), titled “Promoting the Integrity and Security of Telecommunications Certifications Bodies, Measurement Facilities, and the Equipment Authorization Program,” finalizes the prohibition on certification, accreditation, or testing of equipment requiring FCC authorization by entities that are “owned by, controlled by, or subject to the jurisdiction or direction of” prohibited entities, and requests comment on expansion of equipment authorization program prohibitions and promotion of testing and certification within the United States.

The FCC is accepting comments on the NPRM until July 21 and reply comments by August 19. Comments on the FNPRM are due August 15, and reply comments are due September 15.

NPRM – Expansion of Foreign Adversary Ownership/Control Reporting Requirements

The rules proposed in the NPRM seek to expand the foreign adversary ownership and control reporting requirements by requiring entities holding a “Covered Authorization” to certify whether they are “owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” Those listed as foreign adversaries are China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and the Maduro Regime in Venezuela pursuant to 15 CFR § 791.4 . “Covered Authorization” is defined broadly to include holders of licenses, authorizations or approvals for wireless, satellite, media, submarine cable, telephone, and common carrier operations. It would also include entities seeking equipment certifications; holders of Telecommunications Relay Services and Data Network Identification Codes; and participants in FCC auctions.

This new reporting regime would significantly expand existing foreign ownership disclosure requirements that apply to a subset of entities, such as parties whose transactions — international telecommunication authorizations (Section 214), submarine cable authorization from a U.S. point to an international territory, or Section 310(b) requests for wireless and broadcast carriers to exceed the statutory foreign ownership limit — may implicate Team Telecom review.

Each “Covered Authorization” holder would be required to certify whether “it is or is not owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” If the entity answers in the affirmative, then it would have to disclose the following information:

• All 5% or greater direct or indirect ownership interests (equity and/or voting interest);

  • Any natural persons with a 5% or greater interest will have to disclose their countries of citizenship.

  • Business organizations with a 5% or greater interest will need to disclose places of incorporation/organization, headquarters, and/or principal place of business.

• The foreign adversary that the Covered Authorization holder is “owned by, controlled by, or subject to the jurisdiction or direction of”; and

• The nature of the foreign adversary’s “ownership, control, jurisdiction, or direction” with respect to the Covered Authorization holder.

This reporting structure would reduce the threshold of existing foreign ownership reporting for certain licensees that are currently required to report 10% or greater foreign ownership, such as those seeking licenses through the competitive bidding process in wireless services under 47 CFR § 1.2112 or Section 214 transfer of control requests for international and domestic common carriers under 47 CFR Part 6.

The NPRM proposes to require annual certification from all Covered Authorization holders or file an initial certification with the condition that Covered Authorization holders report, within 30 days, any foreign ownership changes where a foreign adversary is involved or if there is a new foreign entity owning 5% or more.

For Covered Authorization holders that fail to respond or provide false certification information, the FCC is proposing to adopt a streamlined revocation process that requires notice to the Covered Authorization holder of the Commission’s intent to revoke its authorization with an opportunity to show cause why the authorization should not be revoked. The NPRM also considers whether Covered Authorization holders that report foreign ownership should be automatically referred to Team Telecom for a national security review — an uncommon practice since only certain applicants and licensee holders are subject to Team Telecom review.

Report and Order and FNPRM – Prohibition on Ownership/Control of Certification and Testing Bodies by Foreign Adversaries and Designated Entities

Under the Report and Order and FNPRM, the FCC will require Telecommunication Certification Bodies (TCB), test labs, or laboratory accreditation bodies (“testing entities”) to certify that they are not “owned by, controlled by, or subject to the jurisdiction or direction of a prohibited entity,” which is defined to include those described on the following lists:

• FCC Covered List pursuant to Section 2 of the Secure and Trusted Communications Networks Act (STCNA);

• Department of Commerce, Bureau of Industry (BIS) Entity List;

• BIS Military End-User List;

• Department of Homeland Security Uyghur Forced Labor Prevention Act Entity List;

• Section 5949 of the 2023 National Defense Authorization Act List of Semiconductor Companies including Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies (CXMT), Yangtze Memory Technologies (YMTC), and their affiliates;

• Department of Defense 1260H List of Chinese Military Companies;

• Department of the Treasury, Office of Foreign Assets Control (OFAC) List of Chinese Military-Industrial Complex Companies (NS-CMIC); and

• Foreign Adversaries identified by Commerce under 15 CFR § 791.4, as listed above.

As part of its equipment authorization process, which is intended to regulate harmful interference by products that emit radiofrequency (RF) energy, the FCC delegates the testing and certification process to approved testing entities. According to this new rule, a testing entity cannot be “owned by, controlled by, or subject to the direction of a prohibited entity,” based on the lists above. Testing entities found to fit this definition will lose their recognition in the equipment authorization program and the FCC will “prohibit reliance on or use of, for purposes of equipment authorization, any [testing entity] owned by, controlled by, or subject to the direction of a prohibited entity.”

Under the FCC’s new rules, each recognized TCB, test lab, and laboratory accreditation body must certify to the FCC that it is not owned or controlled by, or subject to the direction of, a prohibited entity. These certifications would be due 30 days after the effective date of the rules. Then, within 90 days after the effective date of the rules, each TCB, test lab, and laboratory accreditation body must disclose to the Commission all equity or voting interests of 5% or greater.

If there are any ownership or control changes, testing entities will have 30 days to update their information.

Proposed Rules

The FNPRM also initiates a public comment process for several proposed actions related to this rule. Some notable proposed actions include the following:

• Incorporation of additional federal lists to identify prohibited entities (e.g., Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACA), OFAC Specially Designated Nationals and Blocked Persons List or 2024 National Defense Authorization Act (NDAA) list of prohibited battery manufacturers and its successors);

• Adoption of a “presumption-of-prohibition policy” where an entity must provide clear and convincing evidence that there is no national security risk from its participation in the equipment authorization program; and

• Rule changes to incentivize (such as expedited processing) the testing and certification of equipment by entities based in the U.S. or partner countries.

Moving Forward

These recent actions signal the FCC’s continuing shift to focus more on national security issues. Another illustration of this trend is Chairman Brendan Carr’s recent establishment of an FCC Council on National Security, with the following objectives:

1. Reduce the American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries;

2. Mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries; and

3. Ensure the U.S. wins the strategic competition with China over critical technologies, such as 5G and 6G, AI, satellites and space, quantum computing, robotics and autonomous systems, and the Internet of Things.

Recently, the FCC’s Bureau of Public Safety and Homeland Security sought expedited notice and comment (15-day response) on including in its Covered List certain hardware and software related to connected vehicles that the Commerce Department found to pose a national security risk under the ICTS regulations.

As the comment deadlines near, potentially impacted organizations should consider engaging in the process. More broadly, it is becoming increasingly clear that those in the FCC ecosystem will need to pay closer attention to potential national security issues as a condition of doing business in the United States. Entities that undertake offshore equipment authorization should consider how these rules and proposals may affect their operations. Telecom licensees and other entities holding “Covered Authorizations” should likewise consider any foreign ownership reporting requirements and establish a protocol for managing any new applicable requirements.

Troutman Pepper Locke’s telecommunications and national security teams will continue to monitor any updates related to these actions that could affect the telecommunication industry, and can assist relevant entities engage with regulators on these issues or implement processes to ensure regulatory compliance.