The recast of Regulation 428/2009 (“the Dual-use Regulation”), which has been an on-going project for the last two years, now appears to have come to a turning point, with a draft proposal from the EU Commission. The leaked document (link), yet to be formally communicated to the EU Parliament and Council, foresees a range of important changes that should be implemented in the new dual-use Regulation, the most important of which is the clear inclusion of a human rights factor in the processing of export license requests.
Earlier in June, we informed our readers of the growing impact of human rights considerations in export control regulations and the potential insertion of even stricter rules in the recast of the EU new dual-use Regulation to be adopted by the EU Parliament and Council. This possible approach proved controversial, however, as EU businesses feared it would lead to unfair competition from non-EU businesses, and create legal uncertainty. Yet, the pressure appeared to be strong on the Commission, as several stakeholders from civil society, as well as the EU Parliament itself, called for the inclusion of a human rights factor in the new Regulation.
Though quite clearly foreseeable, the question remained as to how the Commission would take this new factor into account. Would it redefine the notion of dual-use goods, extend the scope of the catch-all clause, or rely on the discretion granted to the Member States to take into account “all relevant considerations” in the granting of export licenses?
In its proposal, the Commission takes an assertive stance, by putting forward a threefold approach.
First, the Commission redefines the notion of dual-use goods. While the former definition covered “items, including software and technology, which can be used for both civil and military purposes, and shall include all goods which can be used for both non-explosive uses and assisting in any way in the manufacture of nuclear weapons or other nuclear explosive devices”, the new definition clearly mentions the human rights criterion : “dual-use items shall also include cyber-surveillance technology which can be used for the commission of serious violations of human rights or international humanitarian law […]”.
Second, the proposal foresees the drafting of an EU specific list of specific cyber-surveillance technologies, with detailed parameters. Although this can be seen as the pledge of a certain – and welcomed – legal certainty, it remains that the adoption of such a list would drive the EU away from multilaterally agreed control lists and regimes.
Finally, a targeted catch-all sub-provision was included in the draft, whereby “an authorization shall be required for the export of dual-use items not listed […] if the exporter has been informed by the competent authority that the items in question are or may be intended, in their entirety or in part: […] (d) for use by persons complicit in or responsible for directing or committing serious violations of human rights or international humanitarian law in situations of armed conflict or internal repression in the country of final destination, and where there is evidence of the use of this or similar items for directing or implementing such serious violations by the proposed end-user”.
Waiting for the next steps, a few comments can already be made with regard to these aspects of the potential new Regulation.
The Commission appears to have specifically targeted cyber-surveillance technologies. This comes as no surprise, as the misuse of EU made technologies for internal repression during the Arab Spring was much debated. In that regard, the Commission sets out a definition of such technologies : “items specially designed to enable the covert intrusion into information and telecommunication systems with a view to monitoring, extracting, collecting and analyzing data and/or incapacitating or damaging the targeted system”. The document goes on with a non-exhaustive list of such items : mobile telecommunication interception equipment ; intrusion software ; monitoring centers ; lawful interception systems and data retention systems ; biometrics ; digital forensics ; location tracking devices ; probes ; deep package inspection systems.
Despite its specific attention to cyber-surveillance items, the new Regulation would potentially cover an even broader list of items with a catch-all clause that will include any items potentially used for human rights and humanitarian law violations. It expands the scope of the new Regulation to an unprecedented extent and could come at the expense of legal certainty.
The new proposal, arguably, will get a mixed reception within Europe. EU businesses, having repeatedly voiced their concerns regarding the potential impact of the recasting of the dual-use Regulation, will certainly see the inclusion of an additional criteria as an additional burden, leading to competition distortion. This risk was acknowledged by the Commission, which explained that “[the inclusion of a new category of goods] also involves a risk that distortions of competition be introduced at global level, as it cannot be assured that other key technology suppliers will also introduce similar controls”. In that regard, the objective of the Commission “to develop dialogue and cooperation with third countries in order to support a global level-playing field and enhance international security” may not be fulfilled.