DEVELOPMENTS IN GLOBAL TRADE CONTROLS: OCTOBER-DECEMBER 2024

Dear Clients and Friends,

Below are highlights of key regulatory updates, proposed legislation, and enforcement events in the field of international trade regulation over the fourth quarter of 2024. The update also touches on significant developments in trade controls from the beginning of January 2025. These developments in trade controls may affect compliance requirements for companies operating in Israel and abroad.  

REGULATORY UPDATES

US Issues Guidance to US and Foreign Financial Institutions on EAR Compliance

On October 9, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) released new guidance for financial institutions on practices to ensure compliance with the Export Administration Regulations (EAR). The guidance highlights BIS’s authority over transactions where items ‘subject to the EAR’ are involved, reminding that the list of items that can be subject to the EAR can include foreign items with certain US content or produced with US software, technology, or tools. The guidance underscores BIS’s intention to hold financial institutions liable under the EAR for supporting transactions in violation of the EAR and recommends a series of steps to mitigate this liability. While the guidance is directed at financial institutions, the recommended standards and practices are likely to translate into further compliance requirements placed on the customers of US and foreign financial institutions.

EU Issues Guidance for Cyber-Surveillance Exports

On October 16, 2024, under the EU’s Dual-Use regulation, the European Commission issued guidelines pertaining to export controls on cyber-surveillance items. The guidelines help identify items that fit the category of cyber-surveillance, defining the terms “internal repression” and “serious violations of human rights and international humanitarian law”, as well as set out due diligence steps and other compliance obligations.

US Restrictions on Investments in National Security Technologies in Countries of Concern

On October 28, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) published a final rule that  places certain limitations and prohibitions on US persons from engaging in “covered transactions” with persons from designated countries of concern involving technologies that fall into the categories of semiconductors and microelectronics, quantum information technologies, and artificial intelligence. Currently, the only identified restricted country of concern under the new regulation is China. This rule, which came into effect on January 2, 2025, establishes a framework for compliance, detailing obligations, exceptions, and required notifications for transactions involving these sensitive technologies. The new restriction will significantly limit US investors from investing in foreign companies with significant China ties involving these technologies.

European Banking Authority Issues Guidelines on Sanctions Compliance

On November 14, 2024, the European Banking Authority issued two sets of guidelines aimed at setting common standards for compliance with EU restrictive measures. The guidelines are split with one set of guidelines focused on financial institutions within the EBA’s supervisory remit, and the second set of guidelines directed at Payment Service Providers (PSPs) and Crypto-Asset Service Providers (CASPs). Some key elements of the guidelines involve data screening systems, governance frameworks, and risk management systems, necessary to comply with the relevant restrictive measures. These recommended standards and practices are likely to translate into further compliance requirements placed on the customers of EU financial institutions.

US Tightens Export Controls to Restrict Chinese Production and Development of AI, Advanced Semiconductors, and Supercomputers

On December 2, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a comprehensive set of rules aimed at limiting China’s ability to produce and develop advanced AI, semiconductor, and supercomputer technologies. This new regulatory package includes:

• Restrictions on 24 types of semiconductor manufacturing equipment;
• Restrictions on high-bandwidth memory (HBM) critical for AI training and advanced computing ICs;
• Controls on software tools related to the development and production of advanced-node ICs, including controlled software “that increases the productivity of advanced machines or allows less-advanced machines to produce advanced chips”;
• Restrictions on Electronic Computer Aided Design (ECAD) and Technology Computer Aided Design (TCAD) software and technology used for the design of advanced-node ICs in restricted destinations;
• Clarification/widening of existing export controls on software keys;
• the addition of 140 entities to the Entity List and a new restricted category on the Entity List (footnote 5);
• two new Foreign Direct Product Rules further expanding US jurisdiction and control on certain Semiconductor Manufacturing Equipment and related items that were produced with US software, technology or machines.

The controls follow a continuing US strategy to impede China’s efforts to develop, produce, or access advanced AI, semiconductors, or supercomputers.

Israeli Notices on Compliance Risks in Light of US Controls

In December 2024, the Israeli Ministry of Economy and Industry put out two notices to Israeli exporters on the continuing US restrictions. The first notice concerns the aforementioned US controls aimed at restricting Chinese development, production, or access to advanced AI, semiconductors, or supercomputers, while the other more generally addresses the US’s approach to restrictions on AI. Ultimately, the Ministry recommends in both notices that Israeli exporters remain updated on recent US regulatory changes and adjust their operations accordingly to avoid exposure.

Israeli Defense Export Control Agency Published Updated Version of the MTCR End-User Declaration

On December 2, 2024, the Israeli Defense Export Control Agency (DECA) published an updated version of DECA’s International Missile Technology Control Regime (MTCR) declaration to replace the previous version starting January 1, 2025. The new version includes minor changes, including the removal of references to weapons of mass destruction and providing a definition for the term “Item”.

US Program for Countering Information and Communication Technology Risks

On December 3, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a final rule establishing procedures for investigating foreign adversary threats to information and communications technology and services (ICTS) transactions affecting US national security. This rule formalizes the operations of the Office of Information and Communications Technology and Services (OICTS), which was created to address these risks. In line with this framework, BIS has recently issued an Advance Notice of Proposed Rulemaking Regulating Information and Communications for Drones. The deadline for public comments is March 4, 2025.

Israeli Defense Export Control Agency Issues Clarification regarding the term Interim Agent for purposes of License Requests

On December 8, 2024, the Israeli Defense Export Control Agency (DECA) issued a clarification for the purposes of filling out license applications regarding the definition of “interim agent” as opposed to the term “interim user” defined in the Defense Export Control Law. For the purposes of Defense Marketing Licenses and Defense Export Licenses, it is necessary to list any interim agents, which DECA defines as foreign entities that perform marketing activities or defense services provision on behalf of the exporter, within the framework of the transaction for which the license is requested. DECA also clarifies that should an intermediate agent be an Israeli entity, it is the entity’s responsibility to register as a security services exporter and submit a separate license application or register as part of the Israeli manufacturer’s registration.

US amendments to Space-Related Export Controls

On December 23, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a set of three rules aimed at modernizing space-related export controls: one Final Rule, one Interim Final Rule, and one Proposed Rule. The rules set to remove license requirements for certain items for US allies and partners, and for less sensitive components for most destinations. In addition, one of the rules proposes to transfer jurisdiction of certain space-related defense items that are no longer considered advanced or as providing a critical military advantage from the US Munitions List to the less controlled framework of the Commerce Control List.

US Announces Additional Regulatory Framework Limiting Export of Advanced Artificial Intelligence Technology

On January 13, 2025, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a new drastic regulatory framework to control advanced computing chips and advanced US AI models aimed at “safeguard[ing] the most advanced AI technology and help ensure it stays out of the hands of [US]… foreign adversaries”. The framework, which  will be incorporated into the U.S. Export Administration Regulations  (EAR), has three primary features:

1. New Controls on Advanced Computing Chips: The new rule imposes a global license requirement for the export of certain advanced computing chips to many countries, with certain limited license exceptions for export to some US ally countries who have implemented measures to prevent the diversion of advanced technologies (not including Israel), for supply chains, and for low volume uses. The rule creates country allocation levels of advanced computing chips, such that once a country meets its quota, there will be a presumption of denial for the authorization of export of advanced computing chips to those countries, with some exceptions.
   The restrictions also update the existing Data Center Validated End User (VEU) Program to include new Universal VEUs (UVEUs) and National VEUs (NVEUs) to streamline data center construction globally, excluding US arms-embargoed countries.
2. Controls on Advanced AI Models: The new rule imposes controls on the export of advanced AI models, initially applicably to the weights of models trained with 10^26 computational operations or more, with exceptions for deployments by U.S. or certain allied entities and open-weight models.
3. Security Conditions: the new rule includes requirements regarding the storage of advanced models and to prevent the risk of diversion for advanced computing chips.

US Institutes Controls on Connected Vehicles Tied to China and Russia

On January 14, 2025, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a final rule prohibiting the sale or import of certain connected vehicles and components with ties to China or Russia. The rule targets hardware and software integrated into vehicles which allow for external connectivity and autonomous driving capabilities that could expose sensitive data or allow remote manipulation of vehicles by foreign adversaries.

US Tightens Restrictions on Foundry Due Diligence and Prevent Diversion to China

On January 15, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced further restrictions aimed at tightening export controls on advanced computing semiconductors to limit China’s ability to obtain advanced computing semiconductors. The new restrictions place additional due diligence measures and tighten license requirements for foundries and packaging companies exporting advanced chips absent certain exceptions.

Israeli National Bureau for Counter-Terror Financing Issues Update to Sanctions Designations

The Israeli National Bureau for Counter-Terror Financing (NBCTF) regularly updates its lists of Israeli sanctions designations. The lists are periodically updated and include updates from the last quarter of 2024.

Anti-Boycott Compliance

In continuation of our last update regarding US antiboycott compliance in the context of a rise in boycotts of Israeli businesses, the US has added some 70 new entities to a list of parties identified as having made potential reportable boycott requests. Under Section 760 of the US Export Administration Regulations (EAR), US companies are prohibited from certain actions in “furtherance or support of a boycott maintained by a foreign country against a country friendly to the US”, primarily applicable to unsanctioned foreign boycotts against Israel. The prohibition includes not only the refusal to do business with a boycotted country, but also disallows providing information about an entity’s business relationships with boycotted countries and certain related certifications.

Russia-Related Trade Control Updates

• US targets diversion to Russia: On October 30, 2024,   the State Department sanctioned 120 individuals and entities, the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctioned 275 individuals and entities, and the US Department of Commerce’s Bureau of Industry and Security (BIS) expanded restrictions against some 49 entities on the Entity List and added 40 more entities to the Entity list, involved in effort to evade US sanctions or divert export of U.S-controlled goods to Russia.  The entities were located in several high-risk diversion locations, including China, India, Singapore, Türkiye, and the United Arab Emirates.
• UK issues new sanctions package against Russia: On November 7, 2024, the UK announced a new sanctions package targeting Russia’s war efforts as well as “Russian malign activity globally”, targeting Russian proxy military groups in Africa. The sanctions package also designates entities in China, Türkiye, and Central Asia involved in supplying and producing equipment, including microelectronics, for the Russian military-industrial complex.
• US Sanctions Gazprombank and Other Russian Financial Entities: On November 21, 2024, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Gazprombank and its foreign subsidiaries and over 50 associated banks, further restricting Russia’s access to the international financial system. Additionally, OFAC issued an alert detailing the risks of joining Russia’s System for Transfer of Financial Messages (SPFS), the Russian SWIFT alternative. This alert continues OFAC’s previous guidance to financial institutions regarding the increased risk of secondary sanctions against financial institutions that engage with Russia’s war economy.
• US targets Russian sanctions evasions through the use of digital assets: On December 4, 2024, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned five individuals and four entities linked to the TGR Group, a network facilitating sanctions evasion for Russian elites. The sanctions, part of a collaborative effort with the UK and UAE, aim to disrupt the use of digital assets to evade sanctions.
• EU establishes new sanctions framework against Russia’s global destabilization activities: On October 8, 2024, the EU announced the establishment of a new sanctions framework targeting individuals and entities engaged in Russia’s “hybrid threats” to “undermine the fundamental values,…security, independents and integrity” of the EU as well as international organizations and third countries. The framework targets destabilizing activities such as “undermining electoral processes and the functioning of democratic institutions; threats against and sabotage of economic activities, services of public interest or critical infrastructure; the use of coordinated disinformation, foreign information manipulation and interference (FIMI); malicious cyber activities, (and) the instrumentalisation of migrants”. The regulation widens the EU’s ability to sanction Russian activities beyond the framework of the current Russian war in Ukraine or other limited regulations such as those specifically concerning chemical weapons or human rights.
• EU Publishes Guidance on Russia Sanctions Compliance Efforts:
  • On November 22, 2024, the EU issued guidance on the “Best Efforts” requirement in which EU persons must “undertake their best efforts to ensure that any legal person … established outside the Union that they own or control does not participate in activities that undermine” the Russia sanctions. The guidance explains best efforts to include “all actions that are suitable and necessary” to prevent undermining the sanctions, which include the obligation to implement appropriate controls and risk-management policies.
  • Similarly, on December 11, 2024, the EU issued guidance on due diligence requirements and circumvention risks for compliance with its Russia Sanctions. The guidance does not dictate a general one-size-fits-all approach for due diligence but “a risk-based approach that consists of risk assessment, multi-level due diligence, and ongoing monitoring”. The guidance does specifically mention screening against sanctions lists as well as adverse media investigations.
  • Also on December 11, 2024, the EU issued guidance for enhanced due diligence requirements for Common High Priority (CHP) Items. The EU recommends due diligence checks at the various levels of the transaction from the stakeholders, to the flow of money, transportation and logistics, and routes of goods. The guidance also lists several risk factors indicating that a CHP item may be diverted to Russia.
• 15^th EU Sanctions Package against Russia: On December 16, 2024, the EU announced the adoption of its 15^th sanctions package against Russia including sanctions against dozens of individuals and entities, including Chinese persons involved in supplying drone equipment and microelectronic items to Russia. The EU also identified 32 additional entities as supporting Russia’s military and industrial complex or involved in the circumvention of trade restrictions, and as such, subject to increased export restrictions concerning dual-use and other controlled goods.

PROPOSED REGULATIONS

Israel Proposes Repealing the Encryption Order

On October 14, 2024, the Israeli Ministry of Justice published a draft law repealing the Encryption Order (or the Order Governing the Control of Commodities and Services (Engagement in Encryption Items)-1974). If canceled, regulation over Information Security exports will be divided between two regulators- the Defense Export Control Agency for exporters to defense end users and the Ministry of Economy and Industry for civilian end users.

With the cancellation of the Encryption Order, existing licenses will remain valid for one year, after which exporters will be required to submit a new licensing application to the appropriate regulator. The Ministry of Justice also released a Regulatory Impact Assessment (RIA) regarding the cancellation of the Encryption Order, assessing that out of 2,593 products currently requiring encryption licenses, approximately 70% will not require supervision according to Section 5, Part 2 of the Wassenaar Arrangement. Conversely, while most licenses issued under the Encryption Order were granted relatively broadly, after the proposed change, licenses will generally be issued on a transaction-by-transaction basis. In cases where a license is granted based on a specific transaction, the exporter will be required to provide information about the use and the end user of the controlled product for each export transaction.

Enforcement Updates

US imposes $950M penalty in Connection with Defective Pricing, Foreign Bribery, and Export Control Schemes

On October 16^th, the US Department of Justice announced that the Raytheon Company has entered into deferred prosecution agreements and paid over $950 million to resolve the Justice Department’s investigations into: (i) a major government fraud scheme involving defective pricing on certain government contracts and (ii) violations of the Foreign Corrupt Practices Act (FCPA) and the Arms Export Control Act (AECA) and its implementing regulations, the International Traffic in Arms Regulations (ITAR). While the violations centered around bribery schemes, it is noted that part 130 of the ITAR requires disclosure of fees, commissions, and political contributions connected to defense exports.

US Imposes Penalty on GlobalFoundries for Shipment to for shipments to Chinese Entities on the Entity List

On October 17, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a civil penalty of $500,000 against GlobalFoundries US Inc. and its subsidiary, due to unauthorized shipments of semiconductor wafers valued at approximately $17.1 million to SJ Semiconductor (SJS), a company listed on the BIS Entity List. The violations involved dozens of shipments and were attributed to a data entry error that caused SJS to not be screened appropriately. The penalty was mitigated due to GlobalFoundries cooperation, including voluntary self-disclosure.

US Imposes penalty on American Life Insurance Company for Sanctions Violations

On November 14, 2024, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a settlement of $178,421 with American Life Insurance Company (ALICO) for 2,331 apparent violations of OFAC sanctions regarding Iran. ALICO issued group medical and life insurance policies, collected premiums, and paid claims to several schools and entities in the UAE that were owned or controlled by the Iranian government.  Despite sanctions alerts from their screening process, ALICO cleared these alerts as false and subsequently continued with their transactions.

US Imposes Penalty Against Integra Technologies for Export Violations

On December 18, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a civil penalty of $3.3 million against US company, Integra Technologies Inc., for extensive shipments of transistors and related products to Russia without the requisite BIS authorization. Integra sold approximately 6.67 million dollars’ worth of Common High Priority List (CHPL) items vital to Russia. While Integra was aware it was shipping to Russia, its compliance program was lacking, and failed to realize that a new license requirement had been imposed on its shipments. The penalty was significantly mitigated due to Integra immediately ceasing shipments to Russia and issuing a voluntary self-disclosure upon learning of their violations.

US Imposes Penalty against Indium Corporation for Electronics Manufacturing Components Exports to Russia

On December 23, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a civil penalty of $180,000 against the Indium Corporation of America, for unauthorized shipments of materials used in electronics manufacturing to Russia. Although the items were classified as EAR99, they fell under Harmonized Tariff Schedule codes requiring a license for export to Russia in compliance with the Export Administration Regulations (EAR). Red flags were noted during these transactions that Indium failed to address appropriately. The penalty was reduced due to Indium’s cooperation and implementation of remedial actions.

US Imposes Penalty on Quantum Corporation for Antiboycott Violations

On September 30, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) announced a civil penalty of $151,875 against Quantum Corporation, a US data storage and management firm, for failure to report requests received from a distributor in the United Arab Emirates, asking the company to refrain from importing goods of Israeli origin. Other examples of penalties for violations of US antiboycott provisions can be found in BIS’s publication “Don’t Let This Happen to You”.

This client update highlights certain developments in the field of international trade that can assist in meeting compliance requirements. It does not review all the updates that took effect in 2024 and is not intended to provide a comprehensive summary.  This client update provides general information, and may not be relied upon in any particular situation without additional legal advice.