Explanatory Memorandum to COM(2016)616 - Union regime for the control of exports, transfer, brokering, technical assistance and transit of dual-use items (recast)

Please note

This page contains a limited version of this dossier in the EU Monitor.



1. CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

In May 2009, the Council of the European Union adopted Regulation (EC) No 428/2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items 1 (hereunder 'the Regulation'). In line with Article 25(2) of the Regulation, the Commission presented in October 2013 a comprehensive report to the European Parliament and the Council 2 on the implementation of the Regulation. The report concluded that the EU export control system provides solid legal and institutional foundations but cannot remain static and must be upgraded in order to face new challenges. In April 2014, the Commission adopted a Communication 3 setting out concrete policy options for the review of the EU export control regime and its adaptation to rapidly changing technological, economic and political circumstances. In 2015, the Commission conducted an impact assessment of the review options outlined in that Communication to identify the most suitable regulatory and non-regulatory actions to bring them into effect. This proposal has been prepared in light of the conclusions of the impact assessment.

The export control policy review has been identified as an initiative under the Regulatory Fitness and Performance Programme (REFIT) in consideration of its potential regulatory simplification and burden reduction.

Council Regulation (EC) No 428/2009 has been amended on several occasions. Since further amendments are to be made, it should be recast in the interests of clarity and readability.

Consistency with existing policy provisions in the policy area

The proposal aims at supporting the overall policy objectives of the Union, as laid out in Article 3 of the Treaty on European Union, i.e. 'contribute to peace and security, as well as free and fair trade and the protection of human rights'. The proposal will contribute to the European Security Strategy 4 , and in particular responds to the 2013 Council Conclusions on the new challenges presented by the proliferation of weapons of mass destruction (WMD) 5 . The proposal will also ensure that the EU and its Member States effectively comply with their international obligations, in particular with respect to WMD non-proliferation. Moreover, the proposal will enhance the EU's efforts to prevent non-state actors from gaining access to sensitive items and will thus contribute to the fight against terrorism 6 . Lastly, in light of the increasing blurring between the civilian and defence sectors, the proposal forms part of the EU's efforts to counter hybrid threats 7 .

The proposal is fully in line with EU trade policy's aim to foster competitiveness and reduce distortions to trade, and with the 2015 'Trade for All' Communication' 8 which announced "an ambitious modernisation of the EU´s policy of export controls of dual-use goods, including the prevention of the misuse of digital surveillance and intrusion systems that results in human rights violations”.

Consistency with other Union policies

The proposal – and in particular provisions relating to the control of cyber-surveillance technologies – will contribute to the protection of human rights globally, in line with the 2015 Human Rights Action Plan 9 and the EU Guidelines for Freedom of Expression 10 , which explicitly call for tightening controls on the export of such technologies.

The proposal will also support the digital single market strategy, as the introduction of controls on cyber-surveillance technology aims at addressing risks associated with digital trade. Since the proposal aims, in particular, to reduce administrative burden by making EU law simpler and less costly, it also serves the objectives of the REFIT programme.

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

Dual-use export controls form an integral part of the Common Commercial Policy under Article 207 TFEU.

Subsidiarity

Trade in dual use items must be based on common principles in compliance with Article 207 of the Treaty on the Functioning of the European Union (TFEU), while respecting Member States' prerogatives in the area of security. Moreover, EU intervention is necessary as the security objectives pursued can only be achieved collectively, if competent authorities act in close collaboration and in accordance with the same principles. Action at EU level is also necessary to address distortions of competition within the Single Market and to promote the convergence of controls with third countries and a more level playing field globally.

EU intervention is justified in light of the Charter of Fundamental Rights, since a number of human rights have been identified as potentially affected by exports of certain dual-use items, in particular in relation to exports of cyber-surveillance technology.

Proportionality

The provisions in this proposal are limited to what is necessary in order to attain the objectives of the Regulation and therefore comply with the principles of proportionality.

The proposal consists mostly of amendments to existing provisions of Regulation (EC) No 428/2009, where they are duly justified to enhance the effectiveness or the consistency of controls throughout the EU. Amendments are also proposed that aim at simplifying the administration of controls and reducing the burden for operators across the Single Market.

The proposal however also introduces new provisions to control the export of certain specific cyber-surveillance technology, in order to fill a regulatory gap identified during the export control policy review, i.e. the insufficient legal basis for control in this area.

As illustrated by the impact assessment, other instruments such as guidelines could usefully complement and support the implementation of legislative changes, but would not address the lack of legal clarity of some provisions of the Regulation or the lack of sufficient control of cyber-surveillance technology. Amendments to the Regulation are therefore necessary.

3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

Results of ex-post evaluation

In 2011, the Commission issued a Green Paper 11 , inviting stakeholders to express their views about the EU export-control regime. The Commission reported on the outcome of this process in the Staff Working Document 'Strategic export controls: ensuring security and competitiveness in a changing world' 12 . The Staff Working Document concluded that stakeholders called for various adjustments to the EU export control system in order to adapt it to rapidly changing technological, economic and political circumstances. The Staff Working Document formed the basis for the presentation of a Report from the Commission to the Council and the European Parliament on the implementation of the Regulation 13 which opened the way to the review of EU export control policy.

Stakeholder consultations

The Commission conducted wide-ranging stakeholder consultations to support the preparation of this proposal. The consultation strategy included regular dedicated conferences and outreach to key stakeholders in order to develop a dialogue with dual use industry, civil society and Member States.

The Impact Assessment also involved dedicated stakeholder consultations. A data collection study was commissioned in 2014-2015, which included targeted surveys of industry associations and companies, national administrations, academia and non-governmental organizations. Also as part of the impact assessment, the Commission conducted a public consultation in 2015 regarding review options and their impact 14 . Stakeholders generally agreed that a review of current rules would improve the export control system, in particular with regards to its capacity to address evolving security risks such as WMD proliferation and terrorism and to respond to rapid scientific and technological developments, and could also enhance the efficiency of export control administration and companies' competitiveness. On the other end, many stakeholders raised concerns regarding the potential economic impact of options to control exports that could be misused for human rights violation in third countries.

Collection and use of expertise

In the absence of official statistics on dual-use production or trade, the Commission has developed, since 2013, a statistical methodology to assess dual-use trade flows, and also makes use of licensing data shared by Member States. The data collection study commissioned as part of the impact assessment validated that methodology and provided further details e.g. on dual-use related trade flows and on specific sectors.

Data obtained from the private sector through interviews and surveys, as well as open sources and specialised research, provided additional insights on dual-use trade.

Impact assessment

The impact assessment report was presented to the Regulatory Scrutiny Board (RSB) in March 2016 and received a positive opinion with comments. The RSB opinion is available on the Europa website at ec.europa.eu/smart-regulation/impact/iab/iab_en.

Besides the baseline scenario (no policy change), the impacts of four other scenarios were assessed, including Option 2 'Implementation and Enforcement Support' (consisting in soft law and guidance), Option 3 'EU System Upgrade' (adjustments to the regulatory framework), Option 4 'EU System Modernisation' (focusing on cyber-surveillance technologies and human rights) and Option 5 'EU System Overhaul' (implying full centralisation of controls at EU level).

As a result, a combination of Option 3 and 4 was selected as the preferred option. Option 3 'EU System Upgrade' appears as the most efficient and effective option to address problems identified and in light of economic and social (security and human rights) impact criteria. Option 4 'EU System Modernisation' was also retained in spite of concerns expressed by some stakeholders. It is recognised that option 4 could result in a higher administrative burden for operators and authorities, since a new category of goods and technology would be subject to control. It also involves a risk that distortions of competition be introduced at global level, as it cannot be assured that other key technology suppliers will introduce similar controls. However, option 4 is expected to have a significant positive impact on security and human rights: it appears as an indispensable condition to prevent human rights violations resulting from the export of EU items to third countries and to address security risks, to the EU and its citizens, associated with new cyber-surveillance technologies. In light of this assessment, the proposal sets out a two-fold approach, combining detailed controls of a few specific listed items with a 'targeted catch-all clause' to act as an 'emergency brake' in case where there is evidence of a risk of misuse. The precise design of those new controls would ensure that negative economic impact will be strictly limited and will only affect a very small trade volume.

In spite of its positive long term impact, Option 2 appeared relatively costly in the short to medium term and could only be achieved with additional resources both at national and EU level. Therefore, Option 2 was not retained, although a gradual implementation of some actions could be envisaged (e.g. development of electronic licensing systems, technical consultations with industry) on the basis of a clear prioritisation of tasks and provided the necessary resources can be allocated, including through joint commitments by relevant stakeholders such as Member States and industry.

Option 5 would have implied radically changing the EU approach to export controls, including the centralisation of the implementation of controls and the establishment of a central licensing agency at EU level. Considerable the costs – administrative, financial as well as in terms of legal transition – and the lack of stakeholder support, this option was not retained.

Regulatory fitness and simplification

As a REFIT initiative, the proposal is expected to bring benefits in terms of reduction of administrative burden both for operators and public administrations, in particular due to positive impact on staff resources and processing times. Thus, thanks to the introduction of new EU General Export Authorisations (EUGEAs), controls would become four times less costly for companies, and up to 11 times less costly for licensing authorities. The proposal is also expected to enable a reduction of administrative burden within the Single Market, in particular as the number of products subject to control on transfers within the EU would be reduced by approximately 40%.

The proposal also contains amendments to certain key control provisions whose implementation experience has demonstrated to be unclear. The proposal is thus expected to enhance legal clarity and, thus, reduce compliance costs due to complex and unclear control provisions.

The proposal does not provide for exemptions in favour of Small and Medium Enterprises (SMEs): due to overriding security reasons, it is imperative that SMEs comply with controls. However, the scope of certain provisions which may be particularly demanding in terms of human and IT resources has been limited to avoid excessive regulatory burden on SMEs. Thus, the requirement for companies to implement an effective Internal Compliance Programme (ICP) – a set of formal measures and procedures ensuring compliance with export controls – mainly applies in relation to global licences, while small companies that cannot afford to develop a formal ICP can export under most general authorisations and/or individual licences. Moreover, the proposal's simplification of licensing procedures and enhanced legal clarity will bring important benefits to SMEs.

Lastly, the proposal is expected to improve the international competitiveness of EU operators as certain provisions – e.g. on technology transfers, on the export of encryption – will facilitate controls in areas where third countries have already introduced more flexible control modalities. The proposal's new chapter on cooperation with third countries is also expected to promote the convergence of controls with key trade partners and a global level-playing field, and thus to have a positive impact on international trade.

Fundamental rights

Surveillance activities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties must be laid down by law and constitute a necessary and proportionate measure in a democratic society with due regard for the legitimate interests of the individuals concerned. In recent years however, there have been numerous reports of cyber-surveillance technologies being exported to repressive regimes and/or into conflict areas and misused in violation of human rights. Cyber-surveillance technologies, which have legitimate and regulated law enforcement applications, have thus been misused for internal repression by authoritarian or repressive governments to infiltrate computer systems of dissidents and human rights activists, at times resulting in their imprisonment or even death. As evidenced by those reports, the export of cyber-surveillance technology under such conditions poses a risk to the security of those persons and to the protection of fundamental human rights, such as the right to privacy and the protection of personal data, freedom of expression, freedom of association, as well as, indirectly, freedom from arbitrary arrest and detention, or the right to life.

By subjecting exports of specific cyber-surveillance technologies to authorisation, the proposal provides for an effective response to threats for human rights resulting from their uncontrolled export, which was identified as a key issue in the impact assessment. While the measures will have some effects on the freedom to conduct a business for exporters, these measures will be appropriate to the overall objective of an effective response to threats to human rights resulting from the export of these technologies. The proposal is thus expected to have an overall significant positive impacts for the protection of fundamental rights. The Commission, in close consultations with the Member States and stakeholders, will develop guidelines to support the practical applications of the targeted catch-all controls. The Commission will endeavour to finalise the adoption of these guidelines in a synchronised manner with the entry into force of the Regulation.

4. BUDGETARY IMPLICATIONS

Some specific provisions in the proposal are expected to have implications on the resources of relevant services at EU or national levels. The implementation of the extended competence for the Commission to amend lists of dual-use items and general export authorisations by delegated acts is expected to require about 50% of a Full Time Expert (FTE), depending on the number of modifications to EUGEAs that could be expected each year. In addition, cyber-surveillance controls are expected to require some additional administrative costs (staff) for administrations, both at national and EU level (1 FTE).

The proposal also provides a legal basis to enable the realisation of certain actions – such as the development of electronic licensing systems – while the financing and budgetary implications remain to be assessed in detail before any decision is taken regarding their implementation.

5. OTHER ELEMENTS

Implementation plans and monitoring, evaluation and reporting arrangements

Monitoring of implementation will be carried out in cooperation with Member States in order to ensure that competent authorities and exporters implement effectively and consistently the requirements of the proposed regulation. Periodic (annual) reporting will allow for appropriate monitoring of the implementation of the proposed Regulation and to inform the European Parliament and the Council regularly.

In addition, as indicated in the impact assessment report, the Commission will undertake an evaluation of its new initiative five years after its entry into force in order to assess the actual economic, social, and environmental impacts and evaluate its efficiency and effectiveness and the extent to which its results are consistent with the objectives. The Commission will communicate the results of the evaluation to the European Parliament and the Council.

6. DETAILED EXPLANATION OF THE SPECIFIC PROVISIONS OF THE PROPOSAL

Modernisation of existing control provisions

The proposal provides for amendments to various control provisions in order to clarify, simplify and improve the regulatory framework in light of 'lessons learnt' and to tackle new developments:

• The proposal contains amendments to key export control notions in order to reflect new realities. The definition of dual-use items is thus revised to reflect the emergence of new types of dual-use items, such as cyber-surveillance technologies. The proposal also amends the definition of 'export' and 'exporter', as well as provisions relating to the determination of the competent authority, in order to clarify the application of controls to natural persons, who may be 'exporters', especially when it comes to technology transfers (e.g. service providers, researchers, consultants and even a person downloading 'controlled technology').

• Intangible technology transfers (ITT): The proposal clarifies ITT controls and facilitates low-risk technology transfers, as they only become subject to control when the dual-use technology is made available to a person in a third country, which is in particular expected to facilitate the use of cloud services;

• Technical assistance: With the entry into force of the Lisbon Treaty, the provision of technical assistance involving a cross-border movement has become EU competence and is subject to controls. The proposal therefore clarifies applicable controls and defines technical assistance.

• Strengthening of brokering controls: the proposal reduces the risk that controls are circumvented by extending the definition of the broker to subsidiaries of EU companies outside of the EU, as well as to brokering services supplied by third country nationals from within the EU territory. Moreover, in order to ensure their consistency and effectiveness, the proposal harmonises their application to non-listed items and military end-uses and extends their application to terrorism and human rights violations.

• Strengthening of transit controls: in order to ensure the consistency of control, and avoid distortions of competition and the risk of weak links in the chain of controls, the proposal harmonises the application of transit controls to non-listed items and military end-uses, and extends controls to the risk of misuse for terrorist acts and human rights violations.

• Tackling illicit trade: in order to counter illicit trafficking, and in line with other trade security instruments (restrictive measures), the proposal provides for certain controls – e.g. on brokering, technical assistance - to apply throughout the EU jurisdiction – including controls on the activities of EU persons located in third countries, and introduces an anti-circumvention clause, thus establishing an EU-wide legal basis for the prosecution of export control violations.

Optimisation of EU licensing architecture

1.

The proposal further harmonises licensing processes with a view to reducing the administrative burden associated with licences:


• Harmonisation of licensing processes: the proposal provides for a definition of authorisations and for common licensing parameters (e.g. validity period) and conditions for use of the EUGEAs (registration, reporting requirements...) and for global licences (requirement for an Internal Compliance Programme). A standard requirement for transparency on licensing timelines is proposed with a view to reducing divergences within the Single Market.

A new authorisation for large-projects is proposed for certain large multiannual projects e.g. construction of a nuclear power plant, providing the benefit of one single licence covering all related export operations, for the duration of the project and subject to certain conditions (e.g. reporting, auditing).

• Introduction of new EUGEAs: the proposal introduces new general authorisations to facilitate trade while ensuring a sufficient level of security through robust control modalities e.g. registration, notification and reporting, auditing:

– Encryption: this EUGEA could be especially useful given the commercial importance and wide circulation of these items and to ensure a level-playing field in light of license exceptions existing in certain non-EU countries;

– Low Value Shipments: this EUGEA aims at facilitating controls for shipments under a certain value provided the items and destinations are eligible and certain conditions are met;

– Intra-company transmission of software and technology: this EUGEA aims at facilitating transfers of dual-use technology within a company and its affiliates in non-sensitive countries, in particular for research and development purposes, as long as the technology remains under the ownership or control of the parent company;

'Other dual-use items': in light of the experience of certain Member States, the proposal aims at equipping the EU with a capacity to facilitate controls of certain 'other dual-use items' (e.g. frequency changers) when it is considered appropriate for certain items and destinations.

• Delegation of competence: the proposal expands the delegation of competence for the Commission to modify destinations or items on EUGEAs, with a view to ensuring that the EU export control regime becomes more flexible and capable of reacting to technological or economic developments.

Convergence of catch-all controls

The proposal provides for a clarification and harmonisation of the definition and scope of catch-all controls to ensure their uniform application across the EU. The proposal also provides for a mandatory consultation procedure between competent authorities to ensure the EU-wide application and validity of catch-all decisions. It introduces regular exchange of information between the Commission and Member States to be supported by a 'catch-all database' recording catch-all licensing requirements, end-users and items of concern.

Re-evaluation of intra-EU transfers

The proposal revises the list of items subject to control within the EU in order to focus controls on an updated list of most sensitive items (in Section B of Annex IV), taking account of technological and commercial developments. It also introduces a general transfer authorisation in Section A of Annex IV for the updated list of sensitive items. It thus minimises administrative burden and disruptions to trade within the EU while ensuring the security of transfers of most sensitive items through robust control modalities (e.g. registration, notification, reporting, auditing, post-shipment verification).

An initiative to control exports of cyber-surveillance technologies

The proposal responds to the need to protect national security and public morals, in consideration of the proliferation of cyber-surveillance technologies whose misuse poses a risk to international security as well as the security of the EU, its governments, companies and citizens, and to the protection of human rights and digital freedoms in a globally connected world,

The proposal sets out new provisions for an effective control focusing on specific and relevant cyber-surveillance technologies. It introduces an EU autonomous list of specific cyber-surveillance technologies of concern to be subject to controls (monitoring centres and data retention systems), with detailed technical parameters. This systematic control is complemented by a targeted catch-all control, which allows controlling the export of non-listed cyber-surveillance technologies in certain situations where there is evidence that they may be misused. The targeted catch-all control applies where there is evidence that the items may be misused by the proposed end-user for directing or implementing serious violations of human rights or international humanitarian law in situations of armed conflict or internal repression in the country of final destination.

Controls of cyber-surveillance technology are supported by a revised definition of 'dual-use items', reflecting the evolution towards a wider approach to security also taking into consideration the security of the EU, its citizens and companies. The revised definition of 'dual-use items' is combined with a definition of 'cyber-surveillance technology' and revised control criteria, explicitly providing for controls to prevent exports where there is a clear risk of human rights violations and terrorism.

Enhanced cooperation on implementation and enforcement

The proposal provides for enhanced information exchange between competent authorities and the Commission with a view to support effective and consistent application of controls. It introduces a legal basis regarding the introduction of electronic licensing systems and their interconnection with the Dual-Use Electronic System (DUeS) with a view to supporting more effective licensing procedures for all competent authorities, and for the setting up of technical expert groups bringing together key industry and Government experts into a dialogue on the technical parameters for controls.

With due respect to the competences of the Member States, the proposal introduces provisions to support information-exchange and cooperation on enforcement, in particular with the setting up of an enforcement coordination mechanism under the Dual-Use Coordination Group.

Transparency and outreach – private sector partnership

The proposal sets out transparency measures and expands outreach and information-sharing with operators in order to develop a 'partnership with the private sector', as the 'first line of defence' against evolving security risks, and in light of stakeholders' observation that regulatory compliance and competitiveness are mutually reinforcing,. The proposal also provides a legal basis for the development of tools for operators as a key element of that partnership and e.g. supports the introduction of electronic licensing systems in all Member States, which will allow for more timely and efficient management of licensing processes and relations with economic operators.

In response to industry's call for a common interpretation and application of the Regulation, the proposal provides for the publication of guidance for exporters on topical issues. Transparency, e.g. with the publication of annual reports, will also enable civil society organisations to fully contribute to the formulation and implementation of export control policy.

Export control dialogue with third countries

In order to enhance regulatory convergence and a global level-playing field, the proposal provides a basis for the development of regular dialogues between the EU and key trade partners, and for the negotiation of mutually beneficial measures such as end-user verification programmes (whereby selected third-country companies could be granted special status of 'Verified end-user' and obtain EU-wide recognition and facilitation of controls). The EU is also implementing an 'EU P2P Export Control Programme' in order to assist third countries to establish well-functioning export control systems, which offers a basis for updating third countries on developments with respect to EU legislation.


🡻 428/2009 (adapted)