Summary of BIS’s December 5, 2024, Chip Controls

On December 5, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) promulgated an interim final rule (the December IFR) expanding its authority to restrict the dissemination of advanced chip technology and semiconductor manufacturing equipment (SME) through controls on new items including high bandwidth memory (HBM) commodities, two new foreign direct product rules (FDPRs), expanded end-use and US person restrictions, and clarifying the export control status of software keys.

Off

Read the interim rule here.

The major features of the December IFR are:

  • Controls on HBM chips under new Export Control Classification Number (ECCN) 3A090.c.
  • Eight brand-new ECCNs, as well as revisions to eight existing ECCNs, primarily focusing on SME.
  • Two new FDPRs: one targeting companies on the Entity List with a new Footnote 5 designation (FN5 FDPR), and one focused on SME (SME FDPR) and accompanying changes to the de minimis rules.
  • Clarification that “software keys” and “software license keys” are subject to the same controls as their associated hardware/software.
  • New red flag guidance focused on advanced chips and SME specifically.

All provisions of the December IFR are in full effect, with the effective and compliance dates having taken place in December 2024.

Controls on HBM Chips

BIS adds HBM chips to the Commerce Control List (CCL) under 3A090.c, which applies to:

c. High bandwidth memory (HBM) having a ‘memory bandwidth density’ greater than 2 gigabytes per second per square millimeter.

A license is required for the HBM chip and the software and technology to develop and produce them to destinations in Macau or Country Group D:5, as well as tor any entity that is headquartered in, or whose ultimate parent company is headquartered in, Macau or Country Group D:5. However, a license is not required for deemed exports or reexports of associated technology or software.

BIS offers one license exception and one General License that can, subject to several complicated conditions, offer a way to avoid obtaining a license. First, the new License Exception HBM is available for exporters, reexports, or transferors of 3A090.c items if:

  • The memory bandwidth density is less than 3.3 GB/s/mm^2.
  • The exporter, re-exporter, or transferer is headquartered in the United States or Country Group A:5, and does not have an ultimate parent in Macau or Country Group D:5.
  • The items are directly purchased by the designer of the co-packaged commodity not otherwise prohibited from receipt of the items.
  • The items are be exported, reexported, or transferred directly to the packaging site.
  • The packaging site must confirm in writing to the producer of the chips that they were packaged and exported, reexported, or transferred (in-country) to the specified designer of the co-packaged commodity.

These are only the main criteria. Parties looking to rely on License Exception HBM should consult counsel and read the full regulation at EAR § 740.25, which lays out eligibility requirements under different scenarios and reporting obligations.

Additionally, BIS expanded the Temporary General License (TGL) for advanced computing items, which expires on December 31, 2026, and appears in EAR Part 736, Supplement No. 1, General Order No. 4, to include 3A090.c items. Assuming other conditions laid out in Supplement No. 1 are met, then the TGL covers exports, reexports, or in-country transfers of ECCN 3A090.c items:

  • To or within Macau/Country Group D: 5, if one of the following scenarios apply:
    • The end-user’s headquarters and ultimate parent company are not located in Macau/Country Group D:5 with the end use being integration, assembly (mounting), inspection, testing, quality assurance, and distribution of advanced computing ICs classified under certain ECCNs.
    • The ultimate end user is outside of Country Groups D:1, D:4, or D:5 minus A:5 or A:6, and does not have headquarters or an ultimate parent company in Macau or Country Group D:5. 
  • For use in any destination, if the 3A090.c item is incorporated into another commodity that is not an advanced computing IC classified under certain ECCNs.
    • If the higher-level commodity is an advanced computing IC, then the TGL allows 3A090.c items to go only to an ultimate end use outside of Country Groups D:1, D:4, or D:5 minus A:5 or A:6, and by an entity that does not have headquarters or an ultimate parent company in Macau or Country Group D:5.

New ECCNs

To expand controls on SME, the December IFR introduces eight new ECCNs (3B993, 3B994, 3D992, 3D993, 3D994, 3E992, 3E993, and 3E994) and makes revisions to 3B001, 3B002, 3B991, 3B992, and 3D002.

These ECCNs are highly technical, and to fully dissect the range of SME that they cover would probably require the help of a semiconductor engineer. Some of the most significant changes include new controls on SME designed for volume production (under new 3B994) and on electronic computer-aided (ECAD) software for advanced semiconductor packaging (under 3D992).

The license requirements for the new and revised ECCNs are not much easier to digest. Six of the new ECCNs (3B993, 3B994, 3D993, 3D994, 3E993, and 3E994) will be subject to Anti-Terrorism (AT) controls, as well as a license requirement when destined to a Footnote 5 Entity and not subject to the EAR pursuant to the new FN5 FDPR and de minimis rules (see below). But as discussed below, they will be subject to this licensing requirement anyway, albeit via the even broader FN5 FDPR, if they are subject to the EAR pursuant to the new FDPR and de minimis rules. We all wish that BIS would simplify this mess!

The other two new ECCNs (3D992 and 3E992) along with ECCNs 3B001.a.4, c, d, f.1, f.5, k to n, p.2, p.4, r, 3B002.c are subject beefed-up National Security (NS) controls, requiring a license for Macau and Country Group D:5. Deemed exports and deemed reexports are not subject to this license requirement. There are also worldwide RS export controls on a subset of these ECCNs, specifically software and technology for equipment controlled by 3B001.c.1.a or c.1.c. There are also other terribly complicated exclusions to these new NS requirements codified at EAR § 742.4(a)(4).

BIS, Stretch Thy Hands: Two New FDP Rules

BIS’s December rule established two new FDPRs, which is a (controversial) application of the agency’s authority over US know-how to establish jurisdiction over foreign-made products, making them subject to the EAR.

FN5 FDPR – and the Just One IC Rule (aka the Princess and the Pea)

First, BIS issued an entity-focused FDPR that applies only to US transactions involving prohibited parties on BIS’s Entity List that have been marked with a “Footnote 5” designation.

The FN5 FDPR applies to foreign-produced items that are described under ECCNs 3B001 (except 3B001.a.4, c, d, f.1, f.5, f.6, g, h, k to n, p.2, p.4, r), 3B002 (except 3B002.c), 3B903, 3B991 (except 3B991.b.2.a through 3B991.b.2.b), 3B992, 3B993, or 3B994 if the item, the plant that produced the item (or a commodity contained inside the item), or any major component of such a plant is the direct product of certain U.S. technology or software.  In addition, the FN5 FDPR contains a Note 3 clarifying that if a foreign-produced item falls under one of the ECCNs and contains an IC that was produced with the use of a tool that was itself a “direct product” of certain US technology or software, then the product scope would be met.

BIS’s new red flag guidance, states that if a foreign-produced item falls under one of the applicable ECCNs and contains at least one IC, it can be presumed that the IC was produced using at least one US tool, and therefore that the product scope of the FN5 FDP is met.  In other words, via its Red Flags guidance, BIS is asserting that all ICs worldwide described by the ECCNs are subject to its extensive FDPR jurisdiction, and that therefore, all SME containing any such IC can be controlled.

If these conditions are true, then the foreign-produced item is subject to the EAR and requires a license if there is “knowledge” (including reason to know) that:

  • It will be incorporated into any “part,” “component,” or “equipment” produced, purchased, or ordered by a FN5 Entity or by an entity located at a “facility” in Macau/Country Group D:5 where the “production” of logic or DRAM “advanced-node integrated circuits” occurs.
  • A FN5 Entity or an entity located at a “facility” located in Macau/Country Group D:5 where the “production” of logic or DRAM “advanced-node integrated circuits” occurs is a party to any transaction involving the foreign-produced commodity.

SME FDPR

The SME FDPR is designed to restrict Macau and Country Group D:5 countries from accessing the production capabilities of certain SME. It applies to a foreign-made item that is specified in 3B001.a.4, c, d, f.1, f.5, k to n, p.2, p.4, r, or 3B002.c if the items or the plant that produced items/a commodity contained inside the item (or any major component of such a plant) is the direct product of certain U.S. technology or software.

Like the FN5 FDPR, the SME FDPR contains the same Note 3 regarding ICs. Furthermore, BIS’s sweeping new red flag guidance likewise states that if a foreign-produced item falls under one of the relevant ECCNs and contains at least one IC, that should be considered an indication that the item meets the above conditions.

If the above conditions are met, the item is then subject to the EAR if there is “knowledge” that a foreign-made commodity is destined to Macau or a D:5 country. It would be treated the same as other items falling under ECCNs 3B001.a.4, c, d, f.1, f.5, k to n, p.2, p.4, r, or 3B002.c – i.e. deemed exports and reexports would not require a license, and the same exclusions in § 742.4(a)(4) apply.

“Software Keys” and “Software License Keys” to Enable Use of Software/Hardware are Classified Like the Software/Hardware

The December IFR revises EAR § 734.19 to clarify that “software keys” and “software license keys” which allow access to or which enable the use of controlled software or hardware – by granting or renewing software or hardware use licenses — are treated as being under the same classification as the software or hardware itself.

The new regulations further elaborate:

  • If a license is obtained for the export, reexport, or transfer of the software or hardware, then the authorization also applies to the corresponding software key or software license key.
  • If no license was required for the initial export of software, hardware, or the associated software key or software license key, but a license requirement is later imposed, then subsequent exports, reexports, or transfers of all the foregoing items will be subject to the new requirement.
  • Keys that unlock an item’s dormant functionality (i.e. a customer wants to buy and add additional features to an item that came activated and usable) are not subject to this new rule. However, these keys may modify or add to an item in such a way that changes the item’s classification.

New Red Flag Guidance

The December IFR also provides additional guidance to help exporters, re-exporters, and transferors identify when an item may be going to an unauthorized destination, end use, or end user. The new guidance, mainly focused on SME and integrated circuits, include eight new red flags that can be found at EAR Part 734, Supplement No. 3.

Continue Reading