On October 20, the House of Representatives passed five bills with overwhelming bipartisan support that aim to promote supply chain and network security. This post will focus on two bills directed towards the Federal Communications Commission (“FCC”). While these legislative measures are directed towards a U.S. government entity, and thus may not (on their face) appear applicable to corporate supply chains, if enacted, these bills could result in changes to laws, regulations, and policies down the line that impact compliance measures for companies.
Secure Equipment Act of 2021 (H.R. 3919)
The Secure Equipment Act would prohibit the FCC from reviewing or issuing new equipment licenses to companies on the FCC’s “Covered Equipment or Services List” that pose a national security threat.
The use of equipment made by telecommunications companies based in China, such as Huawei and ZTE, have had restrictions placed on them by various federal agencies in the past few years, based on claims of aiding Chinese intelligence services. A September 2021 Congressional Research Service report noted that “Chinese firms, such as Huawei, are restructuring themselves and their foreign partnerships, arguably to avert U.S. national security restrictions and access U.S. technology, IP, research, and talent. China’s industrial policies continue to require U.S. and other foreign firms to transfer advanced capabilities to China, using structures that place these firms’ IP, R&D, and technology under China’s authorities and control.” Huawei is the second largest smartphone maker in the world and the largest manufacturer of telecommunications equipment, including equipment for 5G networks.
The Secure and Trusted Communications Networks Act (P.L. 116-124), which was enacted in March 2020, prohibits the use of federal funds for the purchase of equipment from foreign-based companies deemed by the FCC to pose a national security risk to U.S. communications network. In June 2020, the FCC voted unanimously to require U.S. telecommunications providers to replace equipment purchased from five Chinese-based companies that they deemed threats to national security: Huawei, ZTE, Hytera, Hikvision and Dahua. Since the 2020 law only prohibits telecom companies from using federal funding to purchase equipment from companies on the FCC “covered list,” U.S. carriers may still use private funds or nonfederal government funds to purchase equipment from the covered companies.
This bill requires the FCC to issue rules clarifying that it will no longer review or approve any equipment authorization application for equipment or services produced or provided by a company that the FCC has determined poses a national security risk to U.S. communications services. The measure, however, prohibits the FCC from implementing a rule that would allow it to retroactively review or revoke an equipment authorization that was approved before the final FCC rule was implemented.
A companion measure in the Senate (S. 1790) also has bipartisan support, and is cosponsored by key members in both parties. In August, the bill was amended and reported favorably out of the Senate Committee on Commerce, Science, and Transportation. The legislation now awaits consideration by the full Senate.
Communications Security, Reliability, and Interoperability Act (H.R. 4067)
The Communications Security, Reliability, and Interoperability Act would codify into law an FCC advisory council and tasks it with making recommendations on how to best ensure the security, reliability, and resiliency of the nation’s communications systems.
The FCC first established the Network Reliability Council in 1992 to study the causes of telephone network service outages and to help reduce their frequency and impact on consumers. The council was composed of network carriers, telecommunications manufacturers, regulators and consumer groups. As the telecommunications industry shifted from landlines to smart phones over the past three decades, the scope of the council has widened to encompass other issues affecting communications networks. In 1996, the council was renamed the Network Reliability and Interoperability Council, and its charter was modified to incorporate accessibility and connectivity issues. The council’s scope was expanded again in 2009 to include network security, and it was renamed the Communications Security, Reliability and Interoperability Council. While the council has met multiple times every year since 1992, it currently lacks a statutory authorization or codified reporting requirements other than those determined by the FCC.
This bill codifies the FCC’s existing advisory Council on Communications Security, Reliability and Interoperability. Under the measure, the council’s members would be appointed by the FCC chairman for a two year term. The chairman may not appoint a representative of any telecommunications company that is determined to be owned, controlled or influenced by an adversarial foreign government. The bill also requires the council to provide a publicly available report to the FCC every two years on ways to increase the security, reliability, and interoperability of communication networks.
The House-passed bill has been received in the Senate and referred to the Senate Committee on Commerce, Science, and Transportation. The measure now awaits a mark-up by the committee before consideration by the full Senate.