Comparative Analysis of EU Export Control Regulations of Dual-Use Item

: On June 11, 2021, the EU issued the revised Regulation on Control of Dual-Use Items Export (EU 2021/821, hereinafter referred to as "the Regulation") in its official gazette. The Regulation came into force on September 9, 2021, and replaced the EU's existing export control laws and regulations, which were introduced in 2009. Compared with the revised proposal of the Regulation issued by the European Commission for the first time in 2016, the newly revised Regulation has made certain adjustments in the scope of control, further reflecting the competition and consideration between EU member states and the European Commission on the specific scope of control and measures when revising the Regulation. Through the introduction of the main structure and content of the newly revised Regulations and interpretation of the newly revised contents that deserve attention in the Regulations, this paper compares the Regulations with the export control rules of China and the United States, and finally provides reference suggestions for compliance.


The main structure and content of the Regulation
The revised Regulation consists of 10 chapters, 32 articles and 6 annexes, covering export control systems related to the export, intermediary services, technical assistance, transit and transfer of dualuse items.[1]

"Control Purpose and Definitions"
It mainly clarifies the definitions of important concepts such as export, exporter, cybersurveillance items, and internal compliance mechanism.Especially, the most important is the concept of export and exporter related to the scope of application: The term "Export" covers export, re-export, outward processing procedure and transmission of software or technology by electronic media.
The term "Exporter" covers: (1) natural persons, legal persons and enterprises that have signed a contract with a consignee in a third country and have the right to send items out of the EU customs area; (2)The natural person, legal person or enterprise that transmits the software or technology from within the EU to the destination outside the EU through electronic media, including fax, telephone, e-mail or any other electronic means(3) A natural person carrying dual-use items in personal luggage.

"Scope of Control"
It mainly stipulates which products need to be licensed for export, mainly covering two categories: (1) dual-use items listed in annex 1 of the Regulation (Article 3); (2) Articles 4, 5, 9 and 10 provide for the export of certain dual-use items not listed in Annex 1, which may be used for (1) the development, production, maintenance, storage or transportation of chemical, biological and nuclear weapons; (2) when exported to embargoed countries for military end-use; (3) Parts and components illegally exported and used as military items; (4) It is used for cyber-surveillance items related to terrorism and violation of human rights; (5) or it may be used in the case depended by member states themselves.

"Export License and Intermediary Service and Technical Assistance License"
It mainly stipulates the license type and conditions for use.There are four types of EU licenses, namely Union General Export Authorisation (UGEA), National General Export Authorisation of Member States, NGA, Global Export Authorisation, and Individual Export Authorisation.In addition, this chapter also clarifies the requirements for intermediary service providers and technical supporters to apply for licenses and the information they should provide.

"Amendment Rules for Dual-use Items and Destination Lists"
This chapter specifies the Commission's authority to modify the list of items and adjust the destination of items.

"Customs Procedures"
This chapter requires exporters to translate relevant supporting documents into the official language of the member states of the export declaration form, and requires strengthening communication between member states and the European Commission.

"Cooperation, Implementation and Enforcement Rules"
The mechanisms for the exchange of information between member states as well as between member states and the Commission have been clarified.

"Publicity, Communication, Monitoring and Evaluation"
The European Commission is required to submit relevant rules for annual reports, especially the approval of cyber-surveillance items.

"Management Measures"
It stipulates the requirements for the preservation of export-related documents and requires exporters to keep the files for at least five years.

"Third Country Cooperation Mechanism"
The European Commission and member states are required to maintain dialogue with third countries to promote the global implementation and coordination of control measures.

"Final Terms"
The previous Regulation 428/2009 on Export Control of Dual Use Items has been explicitly abolished, the newly revised Regulation will come into force 90 days after its promulgation, and the previously submitted licenses will continue to be valid.
Generally speaking, the control logic of the Regulation can be summarized as follows: (1) licensing requirements have been put forward for the export of EU items listed in Annex 1; (2) For EU items not included in the list in Annex 1, if they may be used for specific regulatory purposes (such as military, network monitoring, public security considered by member states, etc.), they also need to comply with relevant licensing requirements; (3) Non-export activities such as "intermediary services", "technical support" and "transit" of EU goods are subject to prior licensing requirements if they are likely to be used for controlled purposes.

Contents of the Regulation that deserve special attention 2.1 Cyber-surveillance Items
Based on the definition of the Regulation, cyber surveillance items refer to dual-use items specially designed to monitor, extract, collect or analyze information and data in the telecommunications system, but secretly monitor natural persons.The Regulation provides that when all or part of the cyber-surveillance items not included in annex 1 are used or may be used for :(1) internal repression; and/or, (2) in case of serious violations of human rights and international humanitarian law, relevant licensing requirements shall be complied with.
According to the Regulation, if the exporter, upon due diligence, knows that cyber-surveillance items may involve the above controlled uses, the exporter is obliged to notify the relevant regulatory authorities in a timely manner, and the relevant regulatory authorities need to decide whether to impose licensing requirements on the export of these cyber-surveillance items; In addition, if the exporter has reasonable grounds to suspect that the cyber-surveillance items may involve the above controlled uses, the Member States may choose to impose licensing requirements at the level of national legislation.When a Member State chooses to impose licensing requirements on the export of cyber-surveillance items, it must notify other member states and the European Commission.If all member states have imposed licensing requirements on the same transaction, the European Commission will publish the relevant information of the transaction of cyber-surveillance items in the bulletin.

Technical Support Control
The revised Regulation distinguishes the definitions between "technology" and "technical support", and adds the definition of "technical support provider".Specifically, "technical support" refers to any technical support related to repair, development, manufacturing, assembly, testing, maintenance or any other technical services, which may take the form of guidance, advice, training, job knowledge or skill teaching or consulting services; "Technical support providers" include individuals or entities that provide the following support via electronic means, telephone or any other oral form, specifically covering the following three situations: (1) Anyone who provides technical support to a third country from within the EU; (2) Residents of EU member states or entities established in the EU provide technical support in a third country; (3) Residents of EU member states or entities established in the EU provide technical support to third country nationals/entities who stay in the EU for a short time.
Since the control of technical support has been extended to such circumstance as providing support to residents/entities of a third country temporarily staying in the EU customs area, the problems that "technical support providers" may encounter in practice include: how to determine whether the object of support is EU residents, and how to collect and process relevant information according to the EU Data Protection Law.

Considerations of Public Security and Human Rights Violations
According to the provisions of the Regulation, Member States may, on the basis of public security (including counter-terrorism) or human rights considerations, exercise control over the export of dualuse items not included in Annex 1, establish a national control list, and impose requirements for prohibition of export or application for permission.Member states are required to inform the European Commission and other member states of any of the above measures and to explain the exact reasons for adopting them.If the measures taken by the Member States include the national control list, the Member States shall also inform the European Commission and other Member States of the description of the specific items listed in the national control list.The Regulation does not give an example or explanation to "serious violations of human rights and international humanitarian law".[2]

New license types
Overall, the Regulation does not increase the overall type of licensing.The current types of licensing under EU export control rules are still EU general export licensing, member state general export licensing, global licensing and individual licensing.Under Union General Export Authorisation (UGEA), the Regulation introduces two types of new licenses involving "Encryption No EU008" and "Intra group export of software and technology No EU007", which aims to ensure the security of transactions through strong control measures (such as registration, notification, reporting and audit) while promoting trade.In the applicable conditions of the "Intra-group export of software and technology" license, the Regulation emphasizes that exporters using the license shall implement the Internal Compliance Program (ICP).
The concern is that, according to Annex 2 of the Regulation, the "encryption" license may not be used to export controlled encrypted items to China (including Hong Kong and Macao) and other specific countries, and China is not included in the list of countries/regions that may use the "Intra group export of software and technology" license.

Expand the Scope of Definitions and Concepts
The Regulation expands the definition of 'Exporter' to include 'a natural person who carries dualuse items in his personal luggage'.The definition of "Broker" is expanded to include "natural persons, legal persons and partnerships who provide intermediary services in the EU but are not resident or established in a member State of the EU".

Circumvention Conduct Is not Prohibited
Provisions prohibiting circumvention were introduced in the European Commission's proposed amendment to the regulations submitted in 2016 to prevent companies from knowingly engaging in transactions that circumvent the export licensing requirements for dual-use items (for example, exporting such items from another Member State).[3] Although EU sanctions regulations contain similar non-circumvention clauses, the above-mentioned non-circumvention clauses fails to appear in the newly revised Regulation.

Information Exchange and Law Enforcement Coordination
The Regulation provides for the establishment of a law enforcement coordination mechanism in the dual-use item coordination group to support information exchange and law enforcement cooperation among member states.Under the law enforcement coordination mechanism, Member States and the European Commission need to communicate on law enforcement practices such as the application, nature and effect of penalties for violations.

Emphasis on Establishing an Internal Compliance Program (ICP)
Compared with the previous regulations on export control for dual-use item, which did not mention the contents of internal compliance program (ICP), the newly revised Regulation mentioned ICP in many places and defined it: "ICP refers to the continuously effective, appropriate and proportionate policies and internal control procedures adopted by the exporter in accordance with the Regulation to comply with the provisions of the Regulation, especially risk assessment and due diligence measures related to the export of dual-use items to end-users and end uses." The newly revised Regulation formally listed the formulation and implementation of ICP as compliance guidance and compliance requirements for exporters, and stipulated that exporters using Global Export Authorisation and Intra-group export of software and technology licensing shall establish and implement ICP.

Subject of Obligation
The subject of obligations under the U.S. export control laws and regulations mainly refers to "Americans" (U.S. citizens, permanent residents (green card holders), U.S. companies and people in the United States) who export, re-export, transfer (domestic) and are deemed to export controlled U.S. items (including hardware, software, technology and information).However, because the US export control laws and regulations have certain extraterritorial effects, non-US subjects also need to comply with the US export control laws and regulations when exporting, re-exporting, transferring (within the territory) and being deemed to export controlled US items.
The subjects of obligations under the export control rules of the United States and the European Union are mainly "exporters", which are not limited to individuals or entities in their own countries/regions.In terms of the jurisdiction of "re-exporters", the United States covers the individuals/entities who transfer the controlled items outside the United States in the subject of obligations, which makes the United States export control laws and rules show a strong extraterritorial application effect.However, the EU Regulation does not directly govern individuals/entities transferring controlled items outside the EU.In addition, in terms of jurisdiction over "intermediaries", the United States covers intermediaries providing financial, transportation and other auxiliary services in the subject of obligations, therefore, the scope of jurisdiction is significantly wider than that of the EU Regulation.

Acts Subject to Jurisdiction
The definition of "export" is relatively uniform in the jurisdictional acts of the United States and the European Union, both of which are cross-border transfers in practical and geographical sense.The "outward processing" in the EU Regulation is distinguished from the "export" due to differences in tariff calculation rules, but the behavior model is the same.The United States has jurisdiction over the "transfer" of controlled items in the same non-US country or region, while the EU Regulation does not have jurisdiction over the transfer within the territory of a third country.
The definition of "re-export" has showed significant differences between the United States and the European Union: re-export under US export control refers to the transfer of controlled items in non-US regions, while "re-export" referred to in EU dual-use items rules refers to the procedures for transferring of non-EU goods, such as bonded storage and import processing, from EU to outside the EU under the Union Customs Code.
The "deemed export" in the US export control rules refers to the act of transmitting technology, source code, system or any other controlled information or technology to non-Americans, which corresponds to the acts of "electronic transmission of software and technology" and "technical support" in the EU Regulation.Based on the above analysis, the scope of the subject and object of "deemed export" in the United States is slightly wider than that of the relevant rules of the EU, mainly reflecting in the jurisdiction of overseas technology transfer matters.As shown in table1:

Behavior Object
Non-American, no matter he is located in or outside the US Electronic transmission of software and technology: entities/individuals outside the EU Technical support: nationals/entities in third countries, and nationals/entities in third countries staying in the EU for a short time

Items under Jurisdiction
The items under the jurisdiction of the United States export control rules include: (1) all products in free trade zones within and outside the United States, or items transferred from one country to another via the United States; (2) All items of the United States origin around the world; (3) Items manufactured abroad that contain controlled items of the United States origin exceeding the minimum proportion; (4) Specific items produced outside the United States that directly rely on technology or software of the United States origin; (5) Specific items produced by equipment outside the United States (or the main parts of the equipment are located outside the United States) that directly rely on technology or software of the United States origin.
The items governed by the EU dual-use items control rules mainly include dual-use items listed in Annex 1 of the Regulation.Regardless of whether they constitute EU goods or not, the items listed in Annex 1 shall comply with the licensing requirements specified in the Regulation when transferring from EU territory to outside EU.[4] In addition, when dual-use items not listed in Annex 1 are used for chemical, biological weapons, nuclear weapons, military, terrorism, human rights violations and other purposes, Member States may increase licensing requirements for items not listed in Annex 1 according to the specific circumstances of the transaction.

Use under Jurisdiction
Article 5 of the general prohibition rules on end users/end uses in the United States export control stipulates: "Without obtaining a license or an applicable license exception, it is not allowed to knowingly export or re-export any controlled items to the end users and end uses prohibited by Part 744 of the Export Administration Regulations."The prohibited end-user refers to the subject listed in the sanctions list of the US Department of Commerce.
The uses governed by the EU Regulations include biological and chemical weapons, nuclear weapons, military affairs, terrorism, endangering public security, human rights violations, etc.Unlike the United States, the EU Regulation does not provide for jurisdictional measures based on specific subjects at the alliance level.However, EU sanctions against specific subjects may be imposed by the European Council in accordance with the resolutions adopted by the United Nations Security Council under Chapter VII of the Charter of the United Nations, or sanctions may be imposed within the framework of the Common Foreign and Security Policy (CFSP), mainly involving financial and trade sanctions.

Comparison between the Regulations and Export Control Law of the People's Republic of China
On October 17, 2020, the Export Control Law of the People's Republic of China was officially issued.Prior to this, China had never had a special superordinate law on export control, and the relevant rules on export control were scattered in the relevant foreign trade regulations, customs administrative regulations and departmental rules.The promulgation of the Export Control Law has provided a strong legal guarantee for China's export control work.

Subject of Obligation
The subject of obligations under China's export control laws and regulations is mainly export operators, but also includes importers and individuals or entities that provide services such as agency, freight, delivery, customs declaration, third-party e-commerce trading platform and finance for export goods.According to Article 2 (3) of the Export Control Law, for the purposes of this Law, "export control" means the prohibitive or restrictive measures imposed by the state on the outward movement of controlled items from the territory of the People's Republic of China and the provision of controlled items by a citizen, legal person, or unincorporated organization of the People's Republic of China to a foreign organization or individual..." and Article 44 "Organizations and individuals outside the People's Republic of China who violate the provisions of this law on export control... shall be disposed and investigated for legal responsibility in accordance with the law."The subjects of relevant obligations are not limited to Chinese individuals/entities, but cover all kinds of subjects involved in export activities, including Chinese and foreign natural persons, legal persons and other organizations.
Therefore, in terms of the subject of obligations, China, the European Union and the United States all emphasize the jurisdiction over the subject of export behavior, and do not limit the subject of obligations to individuals/organizations in their own countries/regions, which have the effect of applying to extraterritorial subjects.China and the United States have the same definition scope of "intermediary" in the subject of obligations, both of which include the third-party subject providing financial, transportation and other auxiliary services, while the EU Regulation excludes such subjects from the subject of obligations.

Acts Subject to Jurisdiction
China's Export Control Law does not explicitly list Deemed Export as jurisdictional acts, but according to the content of Article 2 (3) of the Export Control Law and the definition of "items" in the Export Control Law (including goods, technology, services, and technical data related to items), China actually covers the transfer of technology within the scope of jurisdictional acts.China's export control laws and regulations stipulate the items of technology export, but it has not yet explained the specific scenarios of technology export under its jurisdiction like the EU and the United States.

Items under Jurisdiction
According to Article 9 of the Export Control Law, China implements a control list system for items under its jurisdiction, covering dual-use items, military products, nuclear and other items related to safeguarding China's national security and interests.In addition, according to the provisions of Article 12, if the controlled items listed in the control list and the items other than the temporarily controlled items may be used for endangering national security and interests, weapons of mass destruction and terrorist purposes, the corresponding licensing requirements shall also be complied with.At present, the control list formulated according to the Export Control Law has not been released yet, but the In terms of the scope of items under jurisdiction, China, the European Union and the United States have all adopted the control list system.China and the EU mainly control the items in the export control list, and set up a use-based control mechanism for the items not included in the export control list.Comparatively speaking, the scope of items governed by the US export control laws and regulations is broader, which is mainly reflected in the expansion of the jurisdiction over non-US products.[5]

Use under Jurisdiction
In terms of jurisdiction over use, China and the EU have similar rules, namely, use control shall be implemented for items not included in the control list; In terms of jurisdiction over users, China and the United States have similar rules.Under the export control legal system, a control list is set up to implement specific control and sanctions measures on specific subjects.At present, China has not included any subject in the control list under the Export Control Law.

Conclusion
To sum up, a systematic introduction and comparative analysis to the main structure and content of the newly revised Regulation have been made in this paper, as well as an interpretation to the newly revised contents that deserve attention in the Regulation.From the perspective of comparative law, this paper compares the Regulation with the export control rules of China and the United States, which provides certain reference value for forming compliance reference suggestions.
Ministry of Commerce and the General Administration of Customs have formulated the Catalogue of Dual-Use Items and Technologies Subject to Export License Administration, which is adjusted and updated annually; In addition, the Ministry of Commerce and the Ministry of Science and Technology formulated and adjusted the Catalogue of Technologies Prohibited or Restricted by China from Export in August 2020 for dual-use technologies; In December 2020, the Ministry of Commerce, the State Cryptography Administration and the General Administration of Customs jointly issued the Announcement on Issuing the List of Import License for Commercial Passwords, the List of Export Control and Related Administrative Measures.

Table 1 :
The comparison