Skip to Content

Proposed Rule

Export Administration Regulations: Establishment of License Exception Intra-Company Transfer (ICT)

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble Start Printed Page 57554

AGENCY:

Bureau of Industry and Security, Commerce.

ACTION:

Proposed rule.

SUMMARY:

This proposed rule would amend the Export Administration Regulations (EAR) to establish a new license exception entitled “Intra-Company Transfer (ICT).” This license exception would allow an approved parent company and its approved wholly-owned or controlled in fact entities to export, reexport, or transfer (in-country) many items on the Commerce Control List (CCL) among themselves for internal company use. Prior authorization from the Bureau of Industry and Security (BIS) would be required to use this license exception. This rule describes the criteria pursuant to which entities would be eligible to use License Exception ICT and the procedure by which they must apply for such authorization. This proposed rule is one of the initiatives in the export control directive announced by the President on January 22, 2008.

DATES:

Comments must be received by November 17, 2008.

ADDRESSES:

You may submit comments, identified by RIN 0694-AE21, by any of the following methods:

  • Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • E-mail: rpd2@bis.doc.gov. Include “RIN 0694-AE21” in the subject line of the message.
  • Fax: 202-482-3355
  • Mail/Hand Delivery: Steven Emme, U.S. Department of Commerce, Bureau of Industry and Security, Regulatory Policy Division, 14th & Pennsylvania Avenue, NW., Room 2705, Washington, DC 20230, ATTN: RIN 0694-AE21.
Start Further Info

FOR FURTHER INFORMATION CONTACT:

Steven Emme, Regulatory Policy Division; Telephone: 202-482-2440; E-mail: semme@bis.doc.gov.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Background

Presidential Directives on U.S. Export Control Reform and Deemed Export Advisory Committee

On January 22, 2008, the President announced a package of directives to ensure that the export control policies and practices of the United States support the National Security Strategy of 2006, while facilitating the United States' continued international economic and technological leadership. These directives focus the export control system to meet the unprecedented security challenges as well as the economic challenges faced by the United States, due to the increasing worldwide diffusion of high technology and impact of global markets.

The directives recognize that the economic and technological competitiveness of the United States is essential to meet long-term national security interests. Export controls must, therefore, cover the export and reexport of sensitive items without unduly burdening U.S. economic competitiveness and innovation. This is particularly critical in light of the current and increasing globalization of research, development, and production, as well as the rise of new economic competitors and the diffusion of global supply networks that challenge U.S. economic and technological competitiveness.

Shortly before the President announced the package of directives on U.S. export control reforms, the Deemed Export Advisory Committee (DEAC) presented its findings to the Secretary of Commerce on deemed export controls. The DEAC, a federal advisory committee established by the Secretary, undertook a comprehensive examination of the national security, technology, and competitiveness aspects of the deemed export rule. A deemed export is the release of technology and source code subject to the EAR to foreign nationals in the United States that is “deemed” to be an export to the home country or countries of the foreign national. In its final report, which was issued in December 2007, the DEAC concluded that the deemed export rule “no longer effectively serves its intended purpose and should be replaced with an approach that better reflects the realities of today's national security needs and global economy.” In order to address this concern, the DEAC made several recommendations, including creating a category of “Trusted Entities” that voluntarily elect to qualify for streamlined treatment after meeting certain criteria. Further, the DEAC recommended that these “Trusted Entities” include subsidiaries abroad so that individuals and ideas could move within the company structure without the need for separate deemed export licenses.

It is in the context of the President's directives on U.S. export control reforms and with respect to the DEAC's recommendations on deemed export controls that BIS is proposing this rule creating a license exception for intra-company transfers.

The Impact of U.S. Export Controls on Intra-Company Transfers

As global markets and manufacturing continue to evolve, many parent companies have numerous operations in multiple countries for distribution, service and repair, manufacturing and development, product testing, and other uses. In this environment, parent companies increasingly export commodities, software, and technology to their foreign branches, subsidiaries, and/or ultimate foreign parent companies around the world. Consequently, many companies may need multiple export licenses from BIS under a variety of scenarios for their own internal operations. For example, to conduct day-to-day operations, many companies in the United States must export commodities, software, and technology to their foreign branches and subsidiaries, resulting in the need for export licenses. In addition, companies may also require reexport licenses to transfer items among their foreign branches, foreign subsidiaries, and/or their ultimate foreign parent companies, located in multiple countries. On occasion, a company will have several branches or subsidiaries within the same foreign country and must then seek authorization to make in-country Start Printed Page 57555transfers of technology and other items between those entities. Finally, releasing technology and source code subject to the EAR to foreign national employees at locations of the company in the United States or at the location of another foreign branch or subsidiary could generate the need for deemed export or deemed reexport licenses.

Generally, obtaining these licenses for intra-company transfers can negatively impact transactions due to the delay involved in waiting for a licensing decision. Moreover, obtaining licenses for intra-company transfers can hinder more than just individual transactions; they can also hinder product development and the ability to be first to market—activities key to the competitiveness of U.S. companies. For many companies, product development entails large capital investments, compressed product cycles, and intensive coordination of research and development. With the current licensing requirements in place, however, many companies with U.S. operations may be forced to segregate their research and development activities. For instance, while waiting for the approval of a deemed export license, U.S. employees and certain foreign national employees would be precluded from collaborating together on projects. Furthermore, once the license is approved, companies may still need to segregate their research and development activities in the future because product breakthroughs could exceed the licensing parameters and require a new round of export licensing.

Establishment of License Exception ICT

In order to facilitate secure exports, reexports, and in-country transfers to, from, and among a parent company and its wholly-owned or controlled in fact entities, the Bureau of Industry and Security is proposing to amend the Export Administration Regulations (EAR) to create License Exception Intra-Company Transfer (ICT). License Exception ICT, which would be set forth in new § 740.19 of the EAR, would provide companies a process for intra-company exports, reexports, and in-country transfers without individual licenses. This license exception would allow parent companies and the entities that the parent company wholly owns or controls in fact to export, reexport, and transfer (in-country) many items on the Commerce Control List (CCL) among themselves for internal company use. The grant of ICT would be restricted to those approved companies and those Export Control Classification Numbers (ECCNs) that are authorized by BIS.

Companies authorized to use License Exception ICT would benefit because it would relieve them of some of the administrative requirements of obtaining, tracking, and reporting on individual licenses and would reduce the lag time, expense, and uncertainty in the licensing process. This license exception would also improve research and development and other internal company activities, thus leading to improved competitiveness and innovation for companies with operations in the United States.

In proposing this license exception for intra-company exports, reexports, and in-country transfers, BIS recognizes that industry and government share the goal of protecting controlled commodities, software, and technology, since these often represent proprietary information and property. Moreover, BIS also recognizes that many companies devote considerable financial and workforce resources to ensuring compliance with export controls. BIS would authorize License Exception ICT for those companies that demonstrate effective internal control plans, submit annual reports on their use of ICT, and agree to audits by BIS officials as requested.

By authorizing this license exception for companies that have effective internal control plans and have agreed to audits, BIS can focus its resources on evaluating transactions involving lesser-known items and entities to better prevent exports to persons who may act contrary to U.S. national security and foreign policy interests. Greater focus on such transactions would increase the national security value of the remaining reviews of individual license applications.

Definitions

For purposes of this rule, BIS is defining multiple terms used with respect to License Exception ICT. These terms are “controlled in fact,” “employee,” and “parent company.” This rule would amend § 772.1 of the EAR to include these new definitions as described below.

First, BIS is amending the definition of “controlled in fact” in § 772.1 by applying aspects of the definition of the same term set forth in § 760.1(c) of the EAR to specify the circumstances in which one entity will be presumed to have control over another entity for purposes of License Exception ICT. In order to include any entity in its application to use License Exception ICT, the parent company must either wholly own or control in fact that individual entity.

Next, BIS is amending § 772.1 to add the term “employee,” for purposes of License Exception ICT, to refer to persons who work, with or without compensation, in the interest of an entity that is an approved eligible user or an approved eligible recipient of ICT. Such persons must work at the approved eligible entity's locations, including overseas locations, or at locations assigned by the approved eligible entity, such as at remote sites or on business trips. This definition may include permanent employees, contractors, and interns.

Finally, BIS is amending § 772.1 to add the term “parent company,” which will be defined for purposes of License Exception ICT, to mean any entity that wholly owns or controls in fact a different entity, such as a subsidiary or branch. The parent company does not have to be an ultimate parent company, as that term is referred to in the definition of parent company; it may be wholly-owned or controlled by another entity or other entities. Also, the parent company does not need to be incorporated in or have its principal place of business in the United States. However, in order to be eligible for and use License Exception ICT, the parent company must be incorporated in or have its principal place of business in a country listed in Supplement No. 4 to part 740 (see new § 740.19(b)(1)). This definition does not include colleges and universities. Thus, the research conducted by colleges and universities that is not fundamental research (see § 734.8(a) of the EAR) and that requires a license would not qualify for License Exception ICT. However, a university professor who enters into a contractual relationship with a company to conduct proprietary research could qualify as an “employee” if all conditions in that definition are met.

Information Required for Submission to BIS for Review to Use License Exception ICT

In order to avail themselves of License Exception ICT, a “parent company” and the entities that it wholly owns or “controls in fact” must maintain an internal control plan, hereinafter referred to as an ICT control plan. Upon implementation of the ICT control plan, the parent company, as the eligible applicant under new § 740.19(b)(1), must submit the plan to BIS for review pursuant to new § 740.19(e). Additionally, the eligible applicant must submit documentation showing that the ICT control plan has been implemented. Such documentation should include a representative sample of records showing effective compliance with the screening, training, and self-evaluation elements of the ICT control plan, as described below in further detail.Start Printed Page 57556

Along with the ICT control plan and supporting documentation, the eligible applicant parent company must list the wholly-owned entities and controlled in fact entities that the applicant parent company intends to be eligible users (see new § 740.19(b)(2)) or eligible recipients (see new § 740.19(b)(3)(i)) of this license exception. It is possible for an entity to be both an eligible user and an eligible recipient. For itself, and for each eligible user and eligible recipient entity, the eligible applicant parent company must list any individual or group that has at least a 10% ownership interest. Finally, the eligible applicant parent company must list the ECCNs of the items it plans to export, reexport, or transfer (in-country) under ICT; provide a narrative describing the purpose for which the requested ECCNs will be used and the anticipated resulting commodities, if applicable; disclose its relationship with each entity that is intended to be an eligible user and/or eligible recipient; and provide a signed statement by a company officer of the eligible applicant parent company stating that each entity will allow BIS to conduct audits on the use of License Exception ICT.

ICT Control Plan

An ICT control plan seeks to ensure that items on the Commerce Control List will not be exported, reexported, or transferred in violation of this license exception. As this license exception may be used for commodities, software, and technology, the ICT control plan must address how the parent company and the entities that it wholly owns or controls in fact, as eligible users and eligible recipients, will maintain items authorized for export, reexport, or transfer by this license exception within the company structure, as authorized by BIS.

Within the ICT control plan, eligible applicants must describe how certain mandatory elements will be met. These mandatory elements, which are listed in new § 740.19(d)(1), include corporate commitment to export compliance, a physical security plan, an information security plan, personnel screening procedures, a training and awareness program, a self-evaluation program, a letter of assurance for software and technology, non-disclosure agreements, and end-user list reviews. All of these elements are aspects of export control compliance programs that establish effective internal control plans. In turn, these internal control plans generate an increased level of awareness of export control compliance issues among employees and help secure a company's proprietary information.

For the required ICT control plan elements in paragraphs (d)(1)(i) through (d)(1)(vi) of new § 740.19, BIS is not specifying how each company must achieve them due to the varying characteristics of companies. However, paragraphs (d)(1)(i) through (d)(1)(vi) do contain illustrative examples of evidence that a company may use in its descriptions detailing how it will implement those mandatory elements. While companies may include additional elements in their ICT control plan, they must, at a minimum, describe how the minimum mandatory elements set forth in § 740.19(d)(1) will be met. One mandatory element—the self-evaluation program in paragraph (d)(1)(vi)—requires the creation and performance of regular internal self-audits, creation of a checklist of critical areas and items to review, and development of corrective procedures or measures implemented to correct identified deficiencies. If any identified deficiencies rise to the level of a violation of the EAR, the company should make a voluntary self-disclosure pursuant to § 764.5.

If a company plans to use this license exception for commodities only, then the company may state in the ICT control plan that the mandatory elements of the ICT control plan set forth in paragraphs (d)(1)(iii) (information security plan), (d)(1)(iv) (personnel screening procedures), (d)(1)(vii) (letter of assurance for software and technology), (d)(1)(viii) (signing of non-disclosure agreements), and (d)(1)(ix) (review of end-user lists) are not applicable because the license exception will be used for commodities only and not used for software or technology. Similarly, if a company plans to use this license exception for software (excluding source code) only, or if a company plans to use this license exception for commodities and software (excluding source code) only, then the company may state in the ICT control plan that the mandatory elements found in paragraphs (d)(1)(iv) (personnel screening procedures), (d)(1)(viii) (signing of non-disclosure agreements), and (d)(1)(ix) (review of end-user lists) are not applicable because the license exception will be used for software (excluding source code) only, or, if appropriate, for software (excluding source code) and commodities only, and not used for technology or source code.

Mandatory Requirements for Technology and Source Code Under an ICT Control Plan

Entities that seek to be approved eligible users and/or eligible recipients of this license exception must ensure that non-U.S. national employees, wherever located, sign non-disclosure agreements before receiving technology or source code under this license exception. Such non-disclosure agreements must state that the employee agrees not to release any technology or source code in violation of the EAR, and such agreements must be binding as long as the technology or source code remains subject to export controls, regardless of the signatory's employment relationship with the employer. In other words, even if the signatory's employment relationship with the employer were severed, the signatory would remain prohibited from releasing any technology or source code received under License Exception ICT while employed. The non-disclosure agreement must also specify that the prohibition would remain in effect until the technology or source code no longer required a license to any destination under the EAR.

In addition, entities that seek to be approved eligible users and/or eligible recipients of ICT must screen non-U.S. national employees who are also foreign national employees in the country in which they are working against lists of end-user concern. This screening requirement applies if such individuals are to receive technology or source code under ICT. The lists of end-users of concern are compiled by the U.S. government and may be accessed at the BIS Web site at http://www.bis.doc.gov. Upon publication of a final rule, BIS plans to provide guidance on its website with respect to screening such employees for purposes of ICT.

Non-U.S. national employees are those employees who are not U.S. citizens, U.S. permanent residents, or protected individuals under the Immigration and Naturalization Act (8 U.S.C. 1324b(a)(3)). Foreign national employees are those non-U.S. national employees, wherever located, who are not citizens or legal permanent residents of the country in which they work. For instance, a German national working in the United States and a German national working in France are both considered foreign national employees for purposes of this rule (and more generally for purposes of the EAR). However, a French national working in France is not a foreign national employee from the perspective of BIS. Therefore, all foreign national employees are non-U.S. national employees, but not all non-U.S. national employees are foreign national employees. This distinction is important because the non-disclosure agreement element in an ICT control plan applies to the German national working in France as well as to the French national Start Printed Page 57557working in France. Thus, it applies to non-U.S. national employees who would otherwise be permitted to receive technology or source code subject to the EAR, if not for the grant of ICT, under a deemed export license, deemed reexport license, license to a facility where the employee works, or other license exception.

Unlike the non-disclosure agreement requirement, the screening element applies only to foreign national employees. Hence, it would apply to a German national working in France but not to a French national working in France. The release of technology or source code subject to the EAR to a foreign national employee may occur under a deemed export or deemed reexport license or by operation of a license exception, but it may also occur under a license that has been issued to a facility. For example, a technology license approved for a French facility may have a condition allowing all EU nationals to receive the technology as well as the French employees. The screening requirement is intended to apply to all foreign national employees receiving technology or source code under ICT that would otherwise require a license, whether it be through a license for a deemed export or deemed reexport, a license issued to a facility, or other license exception.

Additionally, foreign national employees of companies located in the United States must comply with U.S. immigration laws and maintain current and valid visa authorization.

Authorization From BIS to Use License Exception ICT

Following receipt of the ICT control plan and all information required under new § 740.19(e)(1), BIS will review and refer the submission to the reviewing agencies consistent with §§ 750.3 and 750.4 of the EAR and Executive Order 12981, as amended by Executive Orders 13020, 13026, and 13117. In order to determine ICT eligibility, BIS will consider prior licensing history of the eligible applicant parent company and its wholly-owned or controlled in fact entities that are part of the authorization request, demonstration of an effective ICT control plan, need for this license exception within the company structure as articulated by the applicant parent company, and relationship of the wholly-owned or controlled in fact entities to the eligible applicant parent company.

Upon reaching a decision, BIS will inform the eligible applicant parent company in writing if it may use this license exception pursuant to new § 740.19(f). BIS will specify the terms of the ICT authorization, including identifying the wholly-owned or controlled in fact entities of the eligible applicant parent company that may use ICT and the ECCNs of the items that may be exported, reexported, or transferred (in-country) for internal company use under ICT. After receiving authorization, approved parent companies and their approved wholly-owned or controlled in fact entities, if covered under the ICT control plan, may use this license exception to export, reexport, or transfer (in-country) approved commodities, software, and/or technology among themselves for internal company use only. Any entity that seeks to become an eligible user and/or eligible recipient, as described in new §§ 740.19(b)(2) and 740.19(b)(3)(i), must be specifically covered by the ICT control plan submitted to BIS and maintain the ICT control plan of the eligible applicant parent company.

Exports, reexports, and in-country transfers for any purpose other than internal company use are not authorized under License Exception ICT. With respect to an item that has been exported, reexported, or transferred (in-country) pursuant to License Exception ICT, the entity must submit a license application if required under the EAR before using the item for a purpose other than that covered by this license exception. Also, should control of the approved eligible applicant parent company change, then use of License Exception ICT is no longer valid. The newly-controlled eligible applicant parent company must re-submit the information required for ICT authorization, as described in new § 740.19(g)(3).

Annual Reporting Requirements

After submitting a request for authorization to use License Exception ICT pursuant to new § 740.19(e) and after receiving approval from BIS, approved eligible applicant parent companies must submit an annual report to BIS on the use of this license exception by itself and by its approved wholly-owned or controlled in fact entities. Specifically, approved eligible applicant parent companies must list the name, nationality, and date of birth of each foreign national employee, as described in note 2 to new § 740.19(b)(3)(ii), who has received technology or source code under this license exception. The requirement is limited to those employees, who would have required a license to receive technology or source code if not for ICT, and who are not citizens or legal permanent residents of the country in which they are employed. Therefore, it applies to foreign national employees working in the United States and to foreign national employees working outside of the United States.

Also, approved eligible applicant parent companies must submit the names of those foreign national employees, as described in note 2 to new § 740.19(b)(3)(ii), who previously received technology or source code under this license exception and have ended their employment. This requirement does not apply to those who have merely switched positions within the company structure of the parent company, so long as the new employer is an approved eligible entity under the same parent company. BIS is requesting this information in order to examine the use of License Exception ICT and measure its effectiveness. Further, a company officer must certify to BIS that the approved eligible applicant parent company and its approved eligible users and eligible recipient entities are in compliance with the terms and conditions of ICT. This certification should include the results of the self-evaluation described in paragraph (d)(1)(vi) of this section.

Auditing Use of License Exception ICT

BIS will conduct audits of approved eligible applicant parent companies and their approved wholly-owned or controlled in fact entities to ensure proper compliance with License Exception ICT. These reviews will take place approximately once every two years. Generally, BIS will give notice to the relevant parties before conducting an audit. However, if BIS has reason to believe that an entity is improperly using ICT, BIS may conduct an unannounced audit at its discretion that is separate from the biennial audit.

Restrictions on the Use of License Exception ICT and the Direct Product Rule

Consistent with other license exceptions, License Exception ICT is subject to the restrictions on the use of all license exceptions, which are set forth in § 740.2 of the EAR. Therefore, ICT cannot be used for certain items, such as items controlled for missile technology reasons or certain items that are “space qualified.” Moreover, ICT is subject to revision, suspension, or revocation, in whole or in part, without notice.

Also, new § 740.19(c) lists restrictions on using ICT. For instance, items controlled for Encryption Items (EI) reasons and items controlled for Significant Items (SI) reasons are ineligible for export, reexport, or transfer (in-country) under ICT. At this Start Printed Page 57558time, License Exception ENC will remain the primary resource for providing the authorization necessary for many intra-company transfers of encryption items. Further, no items exported, reexported, or transferred within country under this license exception may be subsequently exported, reexported, or transferred for purposes other than internal company use, unless done so in accordance with the EAR. However, items that have been exported, reexported, or transferred (in-country) under License Exception ICT may not be subsequently exported, reexported, or transferred (in-country) under License Exception APR (see § 740.16).

Finally, note that whether the foreign direct product of U.S. software or technology exported from abroad, reexported, or transferred under License Exception ICT is subject to the EAR is determined under § 736.2(b)(3) of the EAR, when the foreign direct product is exported from abroad, reexported, or transferred (in-country) for other than internal use within a Country Group D:1 country or Cuba.

Although the Export Administration Act expired on August 20, 2001, the President, through Executive Order 13222 of August 17, 2001, 3 CFR, 2001 Comp., p. 783 (2002), as extended by the Notice of July 23, 2008, 73 FR 43603 (July 25, 2008), has continued the Export Administration Regulations in effect under the International Emergency Economic Powers Act.

Rulemaking Requirements

1. This proposed rule has been determined to be significant for purposes of Executive Order 12866.

2. Notwithstanding any other provision of law, no person is required to respond to nor be subject to a penalty for failure to comply with a collection of information, subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (PRA), unless that collection of information displays a currently valid Office of Management and Budget (OMB) Control Number. This proposed rule contains a collection previously approved by the OMB under control numbers 0694-0088, “Multi-Purpose Application,” which carries a burden hour estimate of 58 minutes to prepare and submit form BIS-748. Miscellaneous and recordkeeping activities account for 12 minutes per submission. In addition, this proposed rule contains a new collection for reporting, recordkeeping, and auditing requirements, which would be submitted for approval to use License Exception ICT, carries an estimated burden of 19.6 hours for companies having an existing internal control plan and 265.6 hours for companies not having an existing internal control plan in place. A request for new collection authority will be submitted to OMB for approval. Public comment will be sought regarding the burden of the collection of information associated with preparation and submission of these proposed voluntary requirements. BIS estimates that this rule will reduce the number of multi-purpose application forms that must be filed by 582 annually. Send comments regarding this burden estimate or any other aspect of this collection information, including suggestions for reducing the burden, to Jasmeet K. Seehra, Office of Management and Budget (OMB), and to the Regulatory Policy Division, Bureau of Industry and Security, Department of Commerce, as indicated in the Addresses section of this proposed rule.

3. This rule does not contain policies with Federalism implications as that term is defined in Executive Order 13132.

4. The Regulatory Flexibility Act (RFA), as amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA), 5 U.S.C. 601 et seq., generally requires an agency to prepare a regulatory flexibility analysis of any rule subject to the notice and comment rulemaking requirements under the Administrative Procedure Act (5 U.S.C. 553) or any other statute, unless the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities. Under section 605(b) of the RFA, however, if the head of an agency certifies that a rule will not have a significant economic impact on a substantial number of small entities, the statute does not require the agency to prepare a regulatory flexibility analysis. Pursuant to section 605(b), the Chief Counsel for Regulations, Department of Commerce, certified to the Chief Counsel for Advocacy, Small Business Administration, that this proposed rule, if promulgated, will not have a significant economic impact on a substantial number of small entities for the reasons explained below. Consequently, BIS has not prepared a regulatory flexibility analysis.

The EAR applies to all entities that export, reexport, or transfer commodities, software, and technology that are subject to the EAR. The EAR potentially affects any entity in any sector that chooses to export, reexport, or transfer items subject to the EAR. Thus, while this proposed rule could potentially have a significant economic impact on small entities, BIS believes that this proposed rule will not impact a substantial number of small entities.

BIS does not have data on the total number of small entities that are potentially impacted by the requirements of the EAR, but BIS does maintain data on actual licenses applied for by entities of all sizes. In order to examine the number of small entities that would be impacted by this proposed rule, BIS examined the licensing data to find approved licenses that would potentially qualify as an intra-company transfer. Using this data as well as using estimated burden hours in gaining ICT authorization, BIS conducted a cost-benefit analysis to see which entities would likely choose to apply for authorization. BIS also examined all approved licenses that could qualify as intra-company transfers to determine whether any entities were small entities.

Upon initial examination of licensing data from 2004 to 2006, BIS found that approximately 200 companies had licenses approved that could potentially qualify as an intra-company transfer. Of those companies, the vast majority consisted of large parent companies, medium-sized companies, or companies that were owned by larger domestic or foreign companies. This result supports the premise that entities that would avail themselves of ICT must be large enough to have subsidiaries or branches located in different countries that the entities control in fact.

To look at which of those approximately 200 companies would most likely choose to apply for ICT authorization, BIS conducted a cost-benefit analysis by estimating the burden hours involved in gaining ICT authorization as well as with complying with recordkeeping and reporting requirements under ICT. BIS determined that over a three-year period it would take 280.8 hours (or 16,848 minutes) for a company without an internal control program to seek ICT authorization and 34.8 hours (or 2088 minutes) for a company with an existing internal control program to seek ICT authorization. The threshold by which companies would likely be inclined to apply for authorization to use ICT is the point at which the burden of applying for licenses over a three-year period (at 70 minutes per license) exceeds the total ICT burden hours over three years (at 16,848 minutes for companies without an existing internal control program or at 2088 minutes for companies with an internal control program). In order to meet that threshold, companies without an internal control program would have to apply for about 241 licenses over a three-year period, and companies with Start Printed Page 57559an existing internal control program would have to apply for about 30 licenses per year over a three-year period. Only two companies meet the 241 license threshold, and those companies are not small entities under the North American Industry Classification System (NAICS) standards. Sixteen companies meet the 30 license threshold or come close (within five licenses) of meeting the threshold, and none of those companies is a small entity under the NAICS standards. In addition to burden hours, companies without an existing internal compliance program may be less likely to choose to seek ICT authorization because additional investments would likely need to be made to implement an internal control program. While these upfront investments could greatly vary depending on company size as well as the type and number of items in the company portfolio, it is likely that companies would need to invest in physical and information security as well as incur travel expenses to visit overseas facilities to ensure that the internal compliance program is operating effectively. All of these additional costs would likely increase the burden in any cost-benefit analysis and would likely make an entity of any size that does not have an internal compliance program less likely to seek ICT authorization and thus not be impacted by this proposed rule.

Even if an entity without an internal compliance program utilizes a different cost-benefit analysis and decides to apply for ICT authorization, BIS licensing data shows that the potential ICT candidate would not be a small entity. Only four companies, for which public information was available, were found to qualify as small entities under the NAICS. However, the potential intra-company licenses approved for these four entities would all be ineligible under License Exception ICT. The items approved for export were all items listed under § 740.2 that are restricted for export, reexport, or in-country transfer under all license exceptions. Therefore, no small entity was found to have licenses that were approved by BIS over a three-year period that would qualify under ICT. Consequently, this proposed rule would not affect a significant number of small entities.

This proposed rule was mandated by the President in National Security Presidential Directive (NSPD) 55. While this proposed rule will increase burden hours for those entities choosing to seek authorization for License Exception ICT, BIS licensing data and publicly available information show that no small entities in the period of review received approved licenses for intra-company transfers that would be eligible for License Exception ICT. Thus, a substantial number of small entities will not be impacted by this proposed rule.

Start List of Subjects

List of Subjects

End List of Subjects

For the reasons set forth in the preamble, parts 740 and 772 of the Export Administration Regulations (15 CFR 730-774) are amended as follows:

Start Part

PART 740—[AMENDED]

1. The authority citation for 15 CFR part 740 is revised to read as follows:

Start Authority

Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; 22 U.S.C. 7201 et seq.; E.O. 13026, 61 FR 58767, 3 CFR, 1996 Comp., p. 228; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of July 23, 2008, 73 FR 43603 (July 25, 2008).

End Authority

2. Section 740.19 is added to read as follows:

Intra-Company Transfer (ICT).

(a) Scope. This license exception authorizes exports, reexports, and in-country transfers of items on the Commerce Control List for internal company use among approved eligible applicants, eligible users, and eligible recipients, as described in paragraphs (b)(1), (b)(2), and (b)(3) respectively, of this section. Use of License Exception ICT is limited to those entities and those ECCNs that are authorized by BIS, pursuant to paragraph (f) of this section.

(b) Eligibility.

(1) Eligible applicant. The eligible applicant is the “parent company,” as that term is defined in section 772.1, that institutes an ICT control plan, as described in paragraph (d) of this section, and that applies for authorization from BIS to use this license exception. The eligible applicant must be incorporated in or have its principal place of business in any country listed in Supplement No. 4 to part 740. In addition, the eligible applicant may be, but is not required to be, the ultimate parent company, as that term is referred to in the definition of “parent company” set forth in section 772.1; hence the eligible applicant may be owned or controlled by other entities. However, the ultimate parent company cannot be an eligible user under this license exception unless it is also the eligible applicant. Application requirements are set forth in paragraph (e) of this section.

(2) Eligible users. Eligible users may be eligible applicants, as described in paragraph (b)(1) of this section, and their wholly-owned or “controlled in fact” entities that implement and maintain the ICT control plan of the eligible applicant and that are included in the applications submitted by eligible applicants pursuant to paragraph (e) of this section. Eligible applicants must ensure that each eligible user implements the eligible applicant's ICT control plan, including the use of non-disclosure agreements as described in paragraph (d)(1)(viii) of this section.

(3) Eligible recipients.

(i) Entities. Eligible recipients of items under this license exception may be eligible applicants as described in paragraph (b)(1) of this section, eligible users as described in paragraph (b)(2) of this section, and eligible applicants' other wholly-owned or controlled in fact companies that implement and maintain the ICT control plan of the eligible applicant and that are named in the applications submitted by the eligible applicant pursuant to paragraph (e) of this section. Eligible applicants must ensure that each eligible recipient, as described in this paragraph, implements the eligible applicant's ICT control plan, including the use of non-disclosure agreements as described in paragraph (d)(1)(viii) of this section.

(ii) Non-U.S. national employees receiving technology or source code. Non-U.S. national employees (wherever located) of entities that are eligible applicants, eligible users, and/or eligible recipients of this license exception may be eligible recipients of technology and source code under this license exception provided the non-U.S. national employees sign non-disclosure agreements with their employer in which the non-U.S. national employees agree not to release any technology or source code in violation of the EAR. Additionally, if non-U.S. national employees are also foreign national employees in their country of employment, then such non-U.S. national employees must also be screened by the appropriate eligible user against end-user lists compiled by the U.S. government. For further information on employees, non-disclosure agreements, and screening requirements, see §§ 772.1, 740.19(d)(1)(viii), and 740.19(d)(1)(ix) respectively.

Note 1 to Paragraph (B)(3)(II) of this Section:

Non-U.S. national employees are those employees who are not U.S. citizens, lawful permanent residents of the United Start Printed Page 57560States, or individuals protected under the Immigration and Naturalization Act (8 U.S.C. 1324b(a)(3)). Non-U.S. national employees include those working in the United States and outside of the United States. Furthermore, non-U.S. national employees include those employees who would otherwise be permitted to receive technology or source code only under: (1) A deemed export or deemed reexport license; (2) a license issued to a facility, and the employee is a citizen or legal permanent resident of the same country where the facility is located; and (3) a license issued to a facility, but the employee is not a citizen or legal permanent resident of the country where the facility is located; (4) another authorization such as a license exception other than ICT.

Note 2 to Paragraph (B)(3)(II) of this Section:

Foreign national employees are those non-U.S. national employees who are not citizens or legal permanent residents of the country in which they are employed. Foreign national employees include those employees who would otherwise receive technology or source code under: (1) A deemed export or deemed reexport license; or (2) a license to a facility, but the employee is not a citizen or legal permanent resident of the country where the facility is located; or (3) another authorization such as a license exception other than ICT.

(4) Eligible uses. Items exported, reexported, or transferred within country under this license exception may be exported, reexported, or transferred only for purposes of the internal company use by approved eligible applicants and approved eligible users of this license exception, as described in paragraphs (b)(1) and (b)(2) respectively, of this section.

(c) Restrictions.

(1) No item may be exported, reexported, or transferred within country under this license exception to destinations in or nationals of Country Group E or North Korea.

(2) No item exported, reexported, or transferred within country under this license exception may be subsequently exported, reexported, or transferred for purposes other than the internal company use of approved eligible applicants, eligible users, and eligible recipients, as described in paragraphs (b)(1), (b)(2), and (b)(3)(i) respectively, of this section, unless done so in accordance with the EAR. See paragraph (c)(3) of this section for further restrictions.

(3) No items that have been exported, reexported, or transferred (in-country) under License Exception ICT may be subsequently exported, reexported, or transferred (in-country) under License Exception APR (see § 740.16).

(4) No release of technology or source code is authorized under this license exception to foreign national employees whose visa or authority to work has been revoked, denied, or is otherwise not valid. It is the responsibility of the exporter to ensure that foreign national employees working in the United States maintain a valid U.S. visa if they are required to hold a visa from the United States.

(5) No release of technology or source code is authorized under this license exception to a foreign national employee, as described in note 2 to paragraph (b)(3)(ii), if that employee or a prior employer of that employee is listed on any of the end-user lists of concern compiled by the U.S. government. In such instances, eligible applicants (or eligible users, as appropriate) should obtain the appropriate authorization required under the EAR.

(6) No items controlled for Encryption Items (EI) reasons under ECCNs 5A002, 5D002, or 5E002 may be exported, reexported, or transferred (in-country) under this license exception.

(7) No items controlled for Significant Items (SI) reasons may be exported, reexported, or transferred (in-country) under this license exception.

(d) ICT control plan. Prior to submitting an application to BIS under paragraph (e) of this section, and before making any exports, reexports, or in-country transfers under this license exception, eligible applicants must implement an ICT control plan that is designed to ensure compliance with this license exception and the EAR. In addition, eligible users and eligible recipient entities must implement the ICT control plan of the eligible applicant. Under an ICT control plan, which may be a component of a more comprehensive export compliance program, all entities that seek to use this license exception must ensure that commodities, software, and technology, where applicable, will not be exported, reexported, or transferred in violation of this license exception. With their application for authorization (as described in paragraph (e) of this section) to use this license exception, eligible applicants must submit a copy of the ICT control plan and must specifically note which of their wholly-owned or controlled in fact entities are covered by the plan. BIS may require the eligible applicant to modify the ICT control plan before authorizing use of this license exception. Paragraph (d)(1) of this section lists the mandatory elements of an ICT control plan. Paragraph (d)(2) of this section lists exceptions to addressing certain mandatory elements in paragraph (d)(1) in the ICT control plan.

(1) Mandatory elements of an ICT control plan. The following elements are mandatory, subject to the exceptions in paragraph (d)(2) of this section. The ICT control plan must describe how each mandatory element will be implemented. In order to provide guidance, the mandatory elements described in paragraphs (d)(1)(i) through (d)(1)(v) include illustrative examples of evidence demonstrating how the element may be addressed. Note that these illustrative examples are guidelines only; satisfying the five required elements in paragraphs (d)(1)(i) through (d)(1)(v) of this section is dependent upon the nature and complexity of company activities, the type of items that will be exported, reexported, or transferred under this license exception (i.e., commodities, software, and/or technology), the countries involved, and the relationship between the eligible users and eligible recipients of this license exception, as described in paragraphs (b)(2) and (b)(3)(i) respectively of this section. With respect to the other four elements of the ICT control plan, eligible applicants must fulfill certain specified requirements. For paragraphs (d)(1)(vi), (d)(1)(vii), (d)(1)(viii), and (d)(1)(ix) of this section, no illustrative examples are included. Note, however, that to satisfy the self-evaluation element in paragraph (d)(1)(vi) of this section, establishing self-audits, creating a checklist, and developing corrective measures are required, but the self-audits may be structured in a manner that works best for the eligible applicant and its wholly-owned or controlled in fact entities. In order to use this license exception for technology or software, a letter of assurance, consistent with §§ 740.19(c) and 740.6, must be provided by a company officer of the eligible applicant. Additionally, in order to use this license exception for non-U.S. national employees, wherever located, to receive technology or source code under this license exception, submitting a template or sample of the non-disclosure agreement to be used is a mandatory element. Also, in order to use this license exception for non-U.S. national employees who are also foreign national employees, reviewing lists of end-users of concern compiled by the U.S. government is a mandatory element.

(i) Corporate commitment to export compliance. Evidence of a corporate commitment to export compliance may include: An organizational chain of command for export controls compliance issues and related issues of concern; senior management member(s) responsible for export controls compliance, who are able to Start Printed Page 57561demonstrate how compliance issues are resolved; internal recordkeeping requirements in accordance with the EAR; maintenance of a sound commodity classification methodology; and commitment of resources to implement and maintain an ICT control plan.

(ii) Physical security plan. Evidence of a physical security plan may include: Methods of physical security that prevent the transfer of commodities, software, and technology on the Commerce Control List outside of the internal company structure; and organization and maintenance of up-to-date building layouts, including a description of physical security measures, such as secured doors and badges as well as biometric, guard, and perimeter controls.

(iii) Information security plan. Evidence of an information security plan may include: Organization and maintenance of up-to-date virtual security layouts and descriptions of what information security methods are in place, such as password protection, firewalls, segregated servers, non-network computers, and intranet security.

(iv) Personnel screening procedures. Evidence of personnel screening procedures may include: Thorough pre-screening analysis of new foreign national employees, as described in note 2 to paragraph (b)(3)(ii), which includes, but is not limited to, criminal background, driver's license, and credit history, before allowing them to receive technology or source code through a license or license exception.

(v) Training and awareness program. Evidence of a training and awareness program may include: Creation, scheduling, and performance of regular training programs (for all employees working in areas relevant to export controls) to inform employees about export controls and limits on their access to technology or source code.

(vi) Self-evaluation program. Evidence of a self-evaluation program must include the following three components: Creation and performance of regular internal self-audits, which may be conducted through the use of internal and/or external resources depending upon the needs and demands of the organization; creation of a checklist of critical areas and items to review, including identification of any deficiencies; and development of corrective procedures or measures implemented to correct identified deficiencies. Note: Disclosure of identified deficiencies and corrective actions will be considered when evaluating effective ICT control plans under paragraph (f)(2). Failure to disclose this information could result in revocation, as noted in paragraph (j). Any violations of the EAR that are uncovered in the process of conducting this self-evaluation should be disclosed to BIS in accordance with the voluntary self-disclosure procedures found in section 764.5.

(vii) Letter of assurance for software and technology. A company officer of the eligible applicant must submit a signed statement on company letterhead stating that under this license exception, the eligible applicant and each eligible user and/or eligible recipient entity will not export, reexport, or transfer (in-country) software (including the source code for the software) and technology, consistent with paragraph (c)(1) of this section and consistent with paragraphs (a)(1) and (a)(2) of § 740.6.

(viii) Signing of non-disclosure agreements. Non-disclosure agreements not to release any technology or source code must be binding with respect to any technology or source code that has been released or otherwise provided to any non-U.S. national employee, wherever located, on the basis of this license exception, until such technology or source code no longer requires a license to any destination under the EAR, regardless of whether the non-U.S. national's employment relationship with the company remains in effect. Non-disclosure agreements should be completed in both English and the non-U.S. national employee's native language.

(ix) Review of end-user lists. Foreign national employees, as described in note 2 to paragraph (b)(3)(ii), who are eligible to receive technology or source code under this license exception, must be screened against all lists of end-users of concern compiled by the U.S. government. In addition, prior employers of the foreign national employees must also be screened. These lists can be accessed at http://www.bis.doc.gov. See paragraph (c)(5) of this section for specific restrictions.

(2) Exceptions to certain mandatory elements of an ICT control plan.

(i) If this license exception will be used only for commodities, then the ICT control plan elements described in paragraphs (d)(1)(iii), (d)(1)(iv), (d)(1)(vii), (d)(1)(viii), and (d)(1)(ix) are not mandatory. In this situation, the ICT control plan must state that this license exception will be used for commodities only and not used for software or technology.

(ii) If this license exception will be used only for software (excluding source code), or if this license exception will be used only for commodities and software (excluding source code), then the ICT control plan elements described in paragraphs (d)(1)(iv), (d)(1)(viii), and (d)(1)(ix) are not mandatory. In this situation, the ICT control plan must state that this license exception will be used for software (excluding source code) only, or will be used for commodities and software (excluding source code) only, and not used for technology or source code.

(e) Information required for grant of ICT authorization.

(1) Prior to the export, reexport, or in-country transfer of items on the Commerce Control List under this license exception, an eligible applicant, as described in paragraph (b)(1) of this section, must submit the following information to BIS:

(i) For the eligible applicant: Full name of company; location of company headquarters; location of principal place of business; complete physical addresses (listing a post office box is insufficient) of company's headquarters and principal place of business; post office box if used as an alternate address; location of registration or incorporation; ownership of company, including listing all individuals or groups that have at least a 10% ownership interest; and need for License Exception ICT, including listing the ECCNs of the items that will be exported, reexported, or transferred (in-country) under this license exception and a detailed narrative describing the intended use of the items covered by the listed ECCNs and the anticipated resulting commodities, where relevant;

(ii) For each company, separate from the eligible applicant, that is intended to be an eligible user or eligible recipient that will export, reexport, transfer (in-country), or receive items under this license exception: Full name of entity; location of entity's principal place of business; complete physical address (listing a post office box is insufficient) of entity's principal place of business; post office box if used as an alternate address; location of entity's registration or incorporation; relationship of the entity to the eligible applicant; and ownership of company, including listing all individuals or groups that have at least a 10% ownership interest, where relevant;

(iii) Name and contact information of the employee(s) responsible for implementing the ICT control plan of the eligible applicant and its wholly-owned or controlled in fact entities that are eligible users and/or eligible recipients;

(iv) A full copy of the ICT control plan, as described in paragraph (d) of this section, covering the eligible Start Printed Page 57562applicant and its wholly-owned or controlled in fact entities that are eligible users and/or eligible recipients;

(v) Documentation showing implementation of screening, training, and self-evaluation elements in the ICT control plan, as described in paragraphs (d)(1)(iv), (d)(1)(v), (d)(1)(vi), and (d)(1)(ix), where applicable; and

(vi) A signed statement, on company letterhead, by a company officer of the eligible applicant that states each eligible user and/or eligible recipient entity will allow BIS, at the agency's discretion, to conduct audits to ensure compliance with this license exception.

(2) Submit all required information to: Bureau of Industry and Security, Attn: License Exception ICT, HCHB Room 2705, 14th Street & Pennsylvania Ave., NW., Washington, DC 20230.

(f) Review of License Exception ICT submissions. Upon receipt of completed information required under paragraph (e)(1) of this section, BIS will conduct a review described in paragraph (f)(1) of this section. During the review, BIS will use the factors described in paragraph (f)(2) of this section to determine authorization. In addition to informing the eligible applicant whether it may use this license exception, BIS will provide the terms of the ICT authorization including which wholly-owned or controlled in fact entities may use this license exception and the ECCNs of the items that may be exported, reexported, or transferred under this license exception. BIS will respond in writing to the eligible applicant once a decision is reached.

(1) Processing procedures. For purposes of review only, License Exception ICT submissions will be reviewed in the manner that license applications are reviewed pursuant to §§ 750.3 and 750.4 of the EAR and Executive Order 12981, as amended by Executive Orders 13020, 13026, and 13117.

(2) Review factors. The following factors will be considered in determining License Exception ICT authorization: Prior licensing history; demonstration of an effective ICT control plan; and need for the license exception, as expressed in the submission for ICT authorization, including the requested ECCNs and the relationship of the wholly-owned or controlled in fact entities to the parent company or other entities of national security or foreign policy concern. BIS will also consider any deficiencies, including violations of the EAR, that are uncovered as part of the self-evaluation element of the eligible applicant's ICT control plan described in (d)(vi) of this part, and, if appropriate, disclosed to BIS in accordance with section 764.5, as well as any corrective action that was subsequently taken.

(g) Changes to Submitted Information Following Receipt of Authorization.

(1) Before an entity not previously identified in an approved eligible applicant's initial submission under paragraph (e) of this section may use this license exception, the approved eligible applicant must submit the information regarding the new entity in accordance with paragraph (e)(1)(ii) of this section to BIS at the address listed in paragraph (e)(2) of this section. This submission will undergo the same process of review as the initial submission, which is described in paragraph (f)(1) of this section.

(2) After obtaining authorization to use this license exception, an approved eligible applicant may request License Exception ICT eligibility for additional ECCNs that were not previously identified in its initial submission. To make such a request, the approved eligible applicant must submit the necessary information required under paragraph (e)(1)(i) regarding the additional ECCNs to BIS at the address listed in paragraph (e)(2) of this section. This submission will undergo the same process of review as the initial submission, which is described in paragraph (f)(1) of this section.

(3) If control of an approved eligible applicant changes after obtaining prior authorization to use this license exception (e.g., through change of ownership, acquisition, or merger), authorization to use this license exception will no longer be valid. Under such circumstances, the new eligible applicant must submit all information required under paragraph (e)(1) of this section to obtain new authorization to use this license exception. This submission will undergo the same process of review described in paragraph (f)(1) of this section. The new eligible applicant and its wholly-owned or controlled in fact entities may export, reexport, or transfer within country items under this license exception only upon receipt of written authorization from BIS. See the definition of “controlled in fact” in § 772.1 for further information regarding changes in ownership.

(4) If an approved eligible applicant's control of an approved eligible user or eligible recipient entity changes after obtaining prior authorization to use this license exception (e.g., through a different organization's acquisition or merger of the approved eligible user or eligible recipient entity), the newly-controlled eligible user or eligible recipient entity must immediately terminate use of this license exception. In addition, the approved eligible applicant must notify BIS in writing of the removal of the newly-controlled entity from use of this license exception within fifteen (15) days after the change in control. Notification letters should be submitted to the address in paragraph (g)(5) of this section. Subject to paragraph (g)(3) of this section, the approved eligible applicant and its other approved eligible users and/or eligible recipient entities may continue to use this license exception. See the definition of “controlled in fact” in § 772.1 for further information.

(5) After obtaining authorization to use this license exception, if the legal name of an approved eligible applicant, eligible user, or eligible recipient entity of this license exception, as described in paragraphs (b)(1), (b)(2), and (b)(3)(i) of this section respectively, changes, the approved eligible applicant must notify BIS of the name change within fifteen (15) days after the name change. Subject to paragraph (g)(3) of this section, the approved eligible applicant may continue to use this license exception after the name change but must submit a letter informing BIS of the name change to the Director of the Office of Exporter Services at: Office of Exporter Services, HCHB Room 2705, 14th Street & Pennsylvania Ave., NW., Washington, DC 20230.

(h) Annual reporting requirement.

(1) After receiving authorization to use License Exception ICT pursuant to paragraph (e) of this section, approved eligible applicants must submit the following information to BIS on an annual basis:

(i) The name, nationality, and date of birth of foreign national employees, as described in note 2 to paragraph (b)(3)(ii) of this section, who have received technology or source code under License Exception ICT during the prior reporting year.

(ii) The name, nationality, and date of birth of foreign national employees, as described in note 2 to paragraph (b)(3)(ii), who are subject to the reporting requirement in paragraph (h)(1)(i) of this section and who have terminated their employment with the approved eligible applicant, eligible user, or eligible recipient entity. This requirement does not apply to employees subject to the reporting requirement in paragraphs (h)(1)(i) and (h)(1)(ii) of this section who have changed positions within the parent company's structure (i.e., among the approved eligible applicant parent company's wholly-owned or controlled in fact entities that are approved eligible Start Printed Page 57563users and/or eligible recipients of this license exception).

(iii) A certification signed by a company officer stating that the approved eligible applicant and its approved eligible users and eligible recipient entities are in compliance with the terms and conditions of License Exception ICT. This certification should include the results of the self-evaluations described in paragraph (d)(1)(vi) of this section.

(2) Annual reports must be submitted to and received by BIS no later than February 15 of each year, and must cover the period of January 1 through December 31 of the prior year. Reports must be submitted to the address listed in paragraph (e)(2) of this section.

(i) Auditing use of License Exception ICT.

(1) Biennial audit. BIS will review the use of License Exception ICT by the approved eligible applicant and its approved eligible users and/or eligible recipients approximately once every two years. Generally, BIS will give reasonable notice to approved eligible applicants in advance of an audit of their use of License Exception ICT. As part of the biennial audit, BIS may request that an approved eligible applicant and its approved eligible users and/or eligible recipient entities submit all or part of their records described in paragraph (h) of this section.

(2) Discretionary audit. BIS may conduct special unannounced system reviews if BIS has reason to believe an approved eligible applicant or one of its approved eligible users and/or eligible recipients has improperly used or failed to comply with the terms and conditions of License Exception ICT.

(j) Revision, Suspension, and Revocation of License Exception ICT. Consistent with § 740.2(b), BIS may revise, suspend, or revoke authorization to use License Exception ICT in whole or in part, without notice. Factors that might warrant such action may include, but are not limited to, the following: use of ICT for other than internal company use, release of controlled items to unauthorized entities or destinations, failure to maintain the ICT control plan initially submitted to BIS as part of the application, and failure to comply with reporting and recordkeeping requirements.

(k) Recordkeeping requirements. In addition to the recordkeeping requirements set forth in part 762 of the EAR, entities that are approved eligible applicants, eligible users, and/or eligible recipients of this license exception, as described in paragraphs (b)(1), (b)(2), and (b)(3)(i) of this section respectively, must retain copies of their ICT control plan and associated materials, including signed non-disclosure agreements. Entities that are approved eligible applicants, eligible users, and/or eligible recipients must also maintain records, by ECCN, of the items on the Commerce Control List that have been exported, reexported, or transferred within country under the authority of this license exception. For foreign national employees receiving technology or source code under ICT, approved eligible applicants, eligible users, and eligible recipient entities are required to record only the initial release of such technology or source code to a given foreign national employee; subsequent release of the same technology or source code to that same foreign national employee does not require additional recordkeeping. However, if a foreign national receives technology or source code under ICT that is controlled under a different ECCN, then the initial receipt of the different technology or source code must also be recorded. Such records must be made available to BIS on request.

3. Supplement No. 4 to part 740 is added to read as follows:

Supplement No. 4 to Part 740—Countries in Which Eligible Applicants Must Be Incorporated In or Have Their Principal Place of Business in For License Exception Intra-Company Transfer (ICT) Eligibility

Argentina

Australia

Austria

Belgium

Bulgaria

Canada

Cyprus

Czech Republic

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Iceland

Ireland

Italy

Japan

Korea, South

Latvia

Lithuania

Luxembourg

Malta

Netherlands

New Zealand

Norway

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

Switzerland

Turkey

United Kingdom

United States

End Part Start Part

PART 772—[AMENDED]

4. The authority citation for part 772 is revised to read as follows:

Start Authority

Authority: 50 U.S.C. app. 2401 et seq.; 50 U.S.C. 1701 et seq.; E.O. 13222, 66 FR 44025, 3 CFR, 2001 Comp., p. 783; Notice of July 23, 2008, 73 FR 43603 (July 25, 2008).

End Authority

5. Section 772.1 is amended:

a. By amending the definition of “Controlled in fact” as set forth below; and

b. By adding, in alphabetical order, the definitions of “Employee” and “Parent company”, as follows:

Definitions of Terms as Used in the Export Administration Regulations (EAR).
* * * * *

Controlled in fact. For purposes of License Exception ICT only (see § 740.19 of the EAR), the term “controlled in fact” means the authority or ability of an entity, which has been routinely exercised in the past, to establish the general policies or day-to-day operations of a different organization, such as a subsidiary, branch, or office. An entity will be presumed to have control over a different organization when:

(a) The entity beneficially owns or controls (whether directly or indirectly) more than 50 percent of the outstanding voting securities of the different organization;

(b) The entity operates the different organization pursuant to the provisions of an exclusive management contract; or

(c) Members of the entity's governing body (i.e., board of directors) comprise a majority of the comparable governing body of the different organization.

For purposes of the Special Comprehensive License (part 752 of the EAR), controlled in fact is defined as it is under the Restrictive Trade Practices or Boycotts (§ 760.1(c) of the EAR).

* * * * *

Employee. For purposes of License Exception ICT only (see § 740.19 of the EAR), “employee” means any person who works, with or without compensation, in the interest of an entity that is an approved eligible user (see § 740.19(b)(2)) or an entity that is an approved eligible recipient (see § 740.19(b)(3)(i)). The person must work at the approved eligible entity's locations or at locations assigned by the approved eligible entity, such as at remote sites or on business trips. This definition may include permanent employees, contractors, and interns.

* * * * *
Start Printed Page 57564

Parent company. For purposes of License Exception ICT only (see § 740.19 of the EAR), “parent company” means any entity that wholly-owns or controls in fact a different entity, such as a subsidiary or branch. The parent company may be incorporated in and conduct its principal place of business inside the United States or outside of the United States, but certain location restrictions apply (see § 740.19(b)(1) and Supplement No. 4 to part 740). The parent company itself may also have an ultimate parent company, meaning the parent company is wholly-owned or controlled in fact by another entity or other entities. See also the definition of “controlled in fact” in this section for further information.

* * * * *
Start Signature

Dated: September 29, 2008.

Christopher R. Wall,

Assistant Secretary for Export Administration.

End Signature End Part End Supplemental Information

[FR Doc. E8-23506 Filed 10-2-08; 8:45 am]

BILLING CODE 3510-33-P