Driven by rapidly evolving technological developments, security risks and threats to human rights, a revised text of Regulation (EC) No 428/2009 has now been agreed and is expected to be formally adopted by the end of 2020.
Application in the UK
The recast Regulation will enter into force too late to be automatically translated into UK law, creating an early example of divergence between the rules applicable in the EU and in Northern Ireland, on the one hand, and those in Great Britain on the other. (This Regulation is included in the Northern Ireland Protocol in the list of EU Regulations that will continue to apply there after the end of the Brexit transition period on 31 December 2020.) The UK government is not committed to remain aligned with EU Regulations – the freedom to set its own regulatory regime was one of the main arguments for Brexit – but the UK is nonetheless expected to consider whether to adopt EU regulatory changes on a case-by-case basis.
The most significant change will be the greater emphasis on the protection of human rights relative to the current regime’s focus on weapons of mass destruction, military threats and state security. New provisions will:
- include the prevention of human rights violations among the criteria for granting export licences;
- require exporters to consider human rights risks in their due diligence; and
- create a new EU regime to control a wider range of cyber-surveillance items (e.g. equipment to intercept mobile phone communications) than those controlled at international level.
The recast includes measures to adapt the regime to the accelerated pace of technological development and to maintain the international competitiveness of EU businesses by catching-up with more flexible controls already adopted by some other countries, notably the US:
- clearer, updated rules on electronic transfers of information and on technical assistance;
- new General Export Authorisations to facilitate exports of encryption items and the intra-company transmission of software and technology. These should significantly reduce the administrative burden on companies and licensing authorities for these frequent but generally low risk transfers; and
- enabling rapid updates of the list of items that are subject to controls, to make the regime more flexible and responsive to technological and economic developments.
Enhanced Transparency and Co-ordination
The revisions aims to improve the functioning and harmonisation of the controls across the EU, including by:
- reinforcing information-exchange between licensing authorities and the Commission;
- outreach to industry, setting up a dialogue with third countries and working for a more level playing field at global level; and
- requiring holders of Global export authorisations (equivalent to Open Individual Export Licences in the UK) to implement an effective internal compliance programme and to submit annual reports on what has been sent to whom.
For companies exporting dual-use items from Great Britain, these changes will not apply unless the UK government decides in due course to adopt them. The UK government already gives substantial weight to human rights risks in making its licensing decisions and will, in principle, have greater agility in adapting its national rules to emerging challenges once it is fully outside the EU. However, if the UK continues its relatively restrictive approach to exports of encryption items, it risks seeing business and investment in the field of information security increasingly leaking across the Channel.
The more immediate and significant impact will be felt from 1 January 2021, when export licences will be required for all exports of dual-use items between GB and the EU. The UK government has created an Open General Licence for this purpose: all those trading in dual-use items should ensure that they are registered for this licence before the end of the year and have the necessary procedures in place to comply with its conditions.
Sign up to our email digest