Export Control Tracker Fourth Edition: November 2021
The Bureau of Industry and Security (BIS) was busy in November, adding new designees related to companies involved in quantum computing and military modernization for China; companies involved in technology acquisition for Iran and North Korea; and technology transfers supporting Pakistan’s nuclear and ballistic missile programs.
BIS also made the news with its first enforcement action with regard to Huawei since it was listed in 2019.
BIS actions by the numbers in November:
Entity List: 31 added, 1 removed
Denied Persons list: 6 added, 5 removed
Military End User List (MEU): 1 added
See the data for yourself — get a Castellum.AI account!
Military Application of Quantum Computing Technology
As part of a 24 November action adding 27 entities, BIS added three Chinese entities involved in the development or acquisition of quantum computing capabilities for military applications. Included in this list is QuantumCTek, a secure communications company working on quantum keys for encryption that notably debuted on the Shanghai stock exchange with an IPO that jumped over 900% in its first trading day. BIS listed QuantumCTek, as well as an affiliate company and the state-linked Hefei National Laboratory for Physical Sciences at the Microscale (HFNL), for attempting to acquire US military technology. The listings of these Chinese companies and five others involved in military modernization have already drawn criticism from Beijing as part of escalating trade and security disagreements.
Iran and DPRK Military Technology
Three new entities have been added to the Entity List for facilitating the purchase of technology on behalf of Iran, North Korea, and China. The entities, Corad Technology (Shenzhen) Ltd. of China, Corad Technology Pte Ltd. of Singapore, and Corad Technology Japan K.K. of Japan, are all affiliates of a previously listed entity, Corad Technology Limited.
Cyber Rules FAQs
BIS issued a FAQ document on cyber rules on 12 November that includes clarifications for industry. In particular, the FAQ provides guidance on how to interpret the BIS’ definition of “intrusion software” to adhere to the cybersecurity rule amending Export Administration Regulations (EAR) in October 2021. Notably, the FAQ and new cybersecurity rule signify increasing attention paid to cybersecurity items by BIS. This aligns with the addition of four cyber actors to the BIS’ export control list, including the Israeli cyber company NSO Group that produced the Pegasus spyware, which we highlighted in last month’s Export Control Tracker.
Pakistan Nuclear Proliferation
Pakistan’s nuclear programs also featured heavily in new listings this month, with 12 Pakistan-based entities and three China-based entities added to the BIS Entity List based on their activities supporting Islamabad’s nuclear program. The three Chinese firms, Poly Asia Pacific, Peaktek Company, and Shaanxi Zhi En Electromechanical Technology Co., are all electronic component suppliers to Pakistan. An additional Pakistan entity, Broad Engineering, was added for its support of Pakistan’s development of ballistic missile program.
Huawei Enforcement Action
Adding to the ongoing disagreements between Washington and Beijing over Chinese technology acquisition, BIS issued its first enforcement action related to Huawei in November. BIS originally listed Huawei on its Entity List in May 2019, restricting the export of EAR-listed technologies to the telecommunications company. On 8 November 2021, BIS reached a settlement with Pennsylvania-based SP Industries over unauthorized exports to Huawei-related entities. As part of the settlement, SP Industries agreed to pay a fine of USD 80,000, make improvements to its compliance procedures, and submit to audits.
Military End-User Addition
BIS added one Russia-based entity, Moscow Institute of Physics and Technology, to the MEU List but did not specify the type of technology or products it produced. The institute is a prominent university in Moscow with specialized centers focused on nuclear, artificial intelligence and machine learning, and aerospace research.
BIS Data Delays
BIS press announcements typically precede changes to the actual BIS list data, by one or more business days, creating a dangerous situation where companies that are identified as national security risks are still allowed to transact.
This is evidenced by a five day delay in updating its data in November. The BIS issued a press release on 24 November adding 27 entities to the Entity List, but BIS List data was not updated until five days later on 29 November.
Methodology
Castellum.AI obtains global sanctions information from primary sources, and then proceeds to standardize, clean and enrich the data, extracting key information like IDs and addresses from text blobs. Castellum.AI enriches as many as fifteen separate items per entry. This analysis is based on the enriched primary source data that populates our database. The database consists of over 900 watchlists, covering over 200 countries and six different categories (sanctions, export control, law enforcement most wanted, contract debarment, politically exposed persons, regulatory enforcement, and elevated risk). Castellum.AI checks for watchlist updates every five minutes directly from issuing authorities.
Castellum.AI shows the physical location of a designee, as provided by the US government. This information should be examined within the context of the entity’s legal registration within a respective country, which sometimes may actually be a branch of a multinational corporation that is headquartered elsewhere. For example, a Costa Rica listing is not necessarily that of a Costa Rican company, instead it is the local branch of Huawei - a multinational Chinese corporation. Additionally, a small number of entries have addresses that cannot be with high confidence assigned to a specific country, and as such are left blank. For reasons both geographic and political, all entries related to Hong Kong have been consolidated into China. Northern Mali has been recategorized as Mali due to the mapping provider not having an option for Northern Mali. State Department DDTC is not mapped because State Department DDTC lists do not have any location information.
What Are Export Controls
Export controls are laws that regulate and restrict the release of critical technologies, information, and services to foreign nationals. Over 50 countries globally, from Argentina to Ukraine, have sophisticated export control regimes that focus on goods, technologies and locations. For example, carbon fiber from the United Kingdom cannot be exported to North Korea. But only the US and Japan have export watchlists that name individuals and entities, in addition to goods. Japan’s export control list, however, is very much driven by US listings, with over 65% overlap with US sanctions and export control lists; it also changes infrequently. For this reason, our export control tracker will initially focus only on US export control lists. Our goal is not just to analyze ongoing actions, but to measure and predict their impact. Each edition focuses on the previous month.
Want to be ahead of the headlines?
We have you covered. Sign up to receive data alerts and original insights from Castellum.AI
