Where Industry and Security Intersect
What's New | Sitemap | Search
License Exception ICT would allow an approved “parent company” and its approved wholly-owned or “controlled-in-fact” entities to export, reexport, or transfer (in-country) many items on the Commerce Control List (CCL) among themselves for internal company use only. Prior authorization from BIS would be required to use ICT.
Additional details on License Exception ICT may be found in the October 3, 2008, publication in the Federal Register (73 FR 57554)
1. What is the duration of an ICT authorization?
Once a parent company and its wholly-owned or controlled-in-fact entities have been authorized to use ICT, the duration of the authorization is unlimited so long as all terms and conditions of the license exception are met. To the extent an approved entity undergoes certain changes, however, such as a change in control, its ICT authorization may no longer be valid. See § 740.19(g) for a description of actions that the entity may need to take in such a situation.
2. Does the country restriction in Supplement No. 4 to part 740 apply to the parent company’s wholly-owned or controlled in fact entities?
No. Supplement No. 4 to part 740 provides that the parent company serving as the eligible applicant must either be incorporated or have its principal place of business in one of the countries listed in the Supplement. This requirement applies only to the parent company. However, in order to be eligible for License Exception ICT, the parent company’s wholly-owned or controlled-in-fact entities cannot be located in North Korea or a country listed in Country Group E , as stated in § 740.19(c)(1). In addition, this license exception does not authorize the release of technology or source code or the export, reexport, or transfer of any item to a destination in or national of Country Group E or North Korea.
3. If a parent company that is not the ultimate parent company will be the eligible applicant under § 740.19(b)(1), must the ultimate parent company be incorporated or have its principal place of business in certain countries?
No. Under the proposed rule, the country restrictions described in Supplement No. 4 to part 740 (place of incorporation and principal place of business) only apply to the eligible applicant parent company. The restrictions on location set forth in § 740.19(c)(1) only apply to the eligible applicant parent company and those entities that are listed in the ICT authorization request as the intended eligible users or eligible recipients, pursuant to § 740.19(e)(1)(ii). However, § 740.19(e)(1)(i)-(ii) requires the disclosure of all individuals or groups that have at least a 10% ownership interest in the eligible applicant parent company and the eligible applicant parent company’s wholly-owned or controlled-in-fact entities that are part of the ICT authorization request.
4. Does ICT only apply to technology?
No. Commodities, software, and technology may be exported, reexported, or transferred (in-country) under ICT. However, see restrictions in §§ 740.2 and 740.19(c) as well as question 5 below.
5. What items may be eligible to be exported, reexported, or transferred (in-country) under ICT?
ICT may be used to export, reexport, or transfer (in-country) all items on the CCL, except for the following:
6. Do individual non-U.S. national employees receiving technology or source code need to be listed in the ICT authorization request?
No. Only the parent company’s wholly-owned or controlled-in-fact entities, such as a subsidiary or branch, need to be listed in the ICT authorization request. The only time that the name of an employee needs to be submitted to BIS is under the annual reporting requirement of § 740.19(h) for foreign national employees receiving technology or source code under ICT.
7. Are parent companies required to list ECCN subparagraphs in the ICT authorization request?
No. The eligible applicant parent company only needs to list the five-digit ECCN. However, the eligible applicant parent company must also include a detailed narrative describing the intended use of the items covered by the listed ECCNs and the anticipated resulting commodities (where relevant).
8. Can any commodity, software, or technology described in an ECCN that is listed in the ICT authorization request be exported, reexported, or transferred (in-country) under ICT, once the applicant receives authorization?
As long as (i) the commodity, software, or technology described in an ECCN that is listed in the authorization request is consistent with the detailed narrative describing the intended use of the listed ECCNs, (ii) the intended use is permissible, and (iii) all other aspects of ICT are fulfilled, then the applicable commodity, software, or technology that is described in the listed ECCN and authorized by BIS may be exported, reexported, or transferred (in-country) under ICT for internal company use. The narrative must include existing uses as well as potential or anticipated new uses of ECCNs if the parent company wishes the ICT authorization to apply to both existing and new uses.
9. Are all elements of the ICT control plan mandatory?
No. Certain exceptions to the mandatory elements are listed in § 740.19(d)(2) and are dependent on whether ICT will be used for commodities, software, or technology.
10. Are parent companies required to address all examples that are listed under the mandatory elements for the ICT control plan?
No. The examples listed under the mandatory elements in § 740.19(d)(1)(i)-(v), corporate commitment to export compliance, physical security plan, information security plan, personnel screening procedures, and training and awareness program, are only illustrative. Parent companies have discretion as to how they plan to address those five elements.
However, for the self-evaluation element in § 740.19(d)(1)(vi), parent companies must address three issues: creation and performance of regular self-audits; creation of a checklist of critical areas and items to review; and development of corrective procedures or measures to correct identified deficiencies. In fulfilling the self-audit requirement, parent companies have discretion in determining whether the self-audit should occur through the use of internal or external resources.
No illustrative examples are included for the elements in § 740.19(d)(1)(vi)-(ix): letter of assurance for software and technology, signing of non-disclosure agreements, and review of end-user lists. Thus, parent companies must address all requirements listed with those elements, unless they are exempt entirely from addressing those three elements based on the item(s) for which ICT authorization is sought, pursuant to § 740.9(d)(2).
11. How long will it take the U.S. Government to review an ICT authorization request?
Reviews will be processed in the same manner as license applications pursuant to §§ 750.3 and 750.4 and Executive Order 12981. Therefore, ICT authorization requests will undergo interagency review as well as the same appeal procedures. BIS anticipates that the length of review will be similar to that for individual licenses.
12. What information must be submitted to BIS in the annual report for foreign national employees, as described in note 2 to § 740.19(b)(3)(ii), who receive technology or source code under ICT?
The name, home country, and date of birth of the foreign national employee who receives technology or source code under ICT must be submitted to BIS in the annual report. No other information is required.
Note that this reporting requirement applies to those foreign national employees who would have received technology or source code under a license (i.e., deemed export license, deemed reexport license, or license issued to a facility that contains conditions allowing certain foreign nationals to receive technology or source code), if not for ICT. Additionally, this reporting requirement applies to those foreign national employees who receive technology or source code under ICT in place of another authorization, such as a license exception. Therefore, if a foreign national employee receives technology or source code under NLR (“no license required”) or under another license exception such as TSR, CIV, APP, or ENC, then no reporting pursuant to ICT is required for that foreign national employee. (There may be other reporting requirements, depending on the specific authorization or license exception.)
13. Should foreign national employees, as described in note 2 to § 740.19(b)(3)(ii), be included in the annual reporting requirement even if they have not received technology or source code under ICT?
If an approved parent company believes that it would be beneficial to include the names of all foreign national employees, as described in note 2 to § 740.19(b)(3)(ii), who may potentially receive technology or source code under ICT, even if they have not done so during the preceding year, then the parent company may list them. Note also that there are certain recordkeeping requirements related to the initial release of technology or source code to a foreign national employee that must be followed pursuant to § 740.19(k). Additionally, in order to be an eligible recipient of technology or source code under ICT, the foreign national employee must be screened in accordance with § 740.19(d)(1)(ix) and sign a non-disclosure agreement with his or her employer in accordance with § 740.19(d)(1)(viii).
14. How does ICT differ from the Special Comprehensive License (SCL)?
The SCL is valid for a four-year period. ICT, in contrast, has an unlimited validity period as long as all terms and conditions are met. The SCL and ICT also vary in terms of eligibility of certain items as well with respect to the procedures and requirements for obtaining authorization. Finally, ICT must be used for internal company use only, whereas a SCL may authorize the sale of items to customers outside of a company.