New EU Dual-Use Regulation from 9 September 2021

19/07/21

The new EU Dual-Use Regulation, often referred to as the Recast, will enter into force on 9 September 2021 (Regulation 2021/821). Please also see our previous news flash, in which we already highlighted a couple of the announced changes in the Recast EU Dual-Use Regulation. The Recast has a greater focus on considerations with respect to violations of human rights, internal repression and/or public security, including the prevention of acts of terrorism.

In addition, due to technological developments, further controls on technologies are introduced, under which, controls on cyber-surveillance items.

What does this mean for your business?

As mentioned, the Recast introduces additional rules and responsibilities, which should be considered carefully by businesses. It concerns, amongst others, the following key changes:

Introduction of controls on cyber-surveillance items

Cyber-surveillance items can be defined as dual-use items specially designed to enable the covert surveillance of natural persons by monitoring, extracting, collecting or analyzing data from information and telecommunication systems. Examples of such cyber-surveillance items are high-performance computers and drones, which can be used for civilian applications, but also for the development of weapons of mass-destruction, terrorist acts and/or human rights violations. As such, the export of these types of items in principle require an authorization or are prohibited.

Catch-all clause (cyber-surveillance) dual-use items

Next to the (cyber-surveillance) dual-use items mentioned in Annex I (i.e. list with dual-use items), also items not included in Annex I can be subject to export controls. Defining whether the items in question are or may be intended, in their entirety or in part, for use in connection with internal repression, the commission of serious violations of human rights and international humanitarian law and/or terrorism acts will be critical. If so, an authority may prohibit or impose an authorisation requirement.

Please note that it is allowed for a Member State to adopt (or maintain national legislation) imposing an authorisation requirement on the export of (cyber-surveillance) dual-use items not listed in Annex I (regardless of whether the other Member States will or are imposing the same requirements).

Due diligence

It is good to note in this respect, that the Recast also implies that authorities can expect exporters to have performed sufficient due diligence on the end-use and end-user, when exporting their dual-use items. In other words, exporters must be even more aware of the end-use and end-user of their (potential) dual-use goods. This shift in responsibilities from the authorities to businesses, is a tendency/development that is recurring in other customs-related areas. It is therefore becoming more important for businesses, trading internationally to be in control of their trade compliance position and, as part of that, have a decent third party screening mechanism or third party risk management tool in place*.

*We also, for example, see this shift in the case of the Registered Exporter System (REX), in which the certification of origin of goods is based upon the principle of self-certification. Importers, claiming preferential tariff, based upon such a REX statement, are expected to have performed due diligence on the exporter and the origin statement.

Let's talk!

With the implementation of the Recast, it is apparent that the EU will further enhance controls on the export of dual-use items that may be used or contribute to the commission of serious violations of human rights, irrelevant of whether they are mentioned specifically in Annex I. In addition, the scope of dual-use items has been broadened and includes technological items such as cyber-surveillance tools. Furthermore, authorities expect exporters to know the end-user and end-use of their dual-use items.

It is therefore highly recommended that businesses assess their product portfolio and consider implementing an Internal Compliance Program (which is in some cases/countries mandatory when applying for an export authorization).

We, at PwC, have a team of subject matter experts with background in investigations, (trade) compliance and customs, within the EU but also cross-border in other regions, who have extensive knowledge and experience in sanctions & export controls matters. If appreciated, we can help with assessing your product portfolio, considering the Recast EU Dual-Use Regulation (and/or other export control regulations) and if desired, support with the design and implementation of an Internal Compliance Program.