Prohibition on Authorization of “Covered” Equipment
Prohibition on authorization of “covered” equipment. As of February 6, 2023, any equipment that has been identified as “covered” equipment on the Commission’s Covered List will be prohibited from obtaining an equipment authorization from the Commission. This prohibition is being implemented pursuant to the Commission’s decision revising its equipment authorization program, as set forth in its Report and Order, Order, and Further Notice of Proposed Rulemaking (FCC 22-84).[1]
- Specifically, effective February 6, 2023, under the Commission’s revised part 2 rules and policies concerning authorization of equipment, “covered” equipment is prohibited from obtaining an equipment authorization under either the Commission’s certification procedures or its Supplier’s Declaration of Conformity (SDoC) procedures.
- In addition, as of February 6, 2023, new “covered” equipment can no longer qualify under part 15 rules as exempted from the need from an equipment authorization, and thus is prohibited from being imported, marketed, sold, or operated in the United States.
The Covered List. The Commission’s Covered List is published by the Public Safety and Homeland Security Bureau and posted on the Commission’s website (The List of Equipment and Services Covered By Section 2 of The Secure Networks Act: List of Covered Equipment and Services). This list, which is periodically updated, identifies particular equipment, produced by particular entities, that constitutes “covered” equipment.
The current Covered List. The current Covered list identifies the following as “covered” equipment. (see Covered List, Appendix):
- "Telecommunications equipment” and “video surveillance equipment” produced by Huawei
Technologies Company (Huawei) or ZTE Corporation (ZTE), or by any subsidiaries or affiliates
of such entities; - “Telecommunications equipment” and “video surveillance equipment” produced by Hytera Communications Corporation (Hytera), Hangzhou Hikvision Digital Technology Company (Hikvision), or Dahua Technology Company (Dahua), or by any subsidiaries or affiliates of such entities, “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.”
Prohibition applies to equipment authorizations after February 6, 2023. As a result of this prohibition, as of February 6, 2023 no new authorizations of “covered” equipment will be permitted. This, in turn, will prevent the marketing, sale, or operation of any such new “covered” equipment within the United States. This prohibition does not apply to any equipment that obtained an equipment authorization prior to this date.
This guidance. This high-level summary of the Commission’s recent decision is only intended to provide guidance on the implementation of the rules and policies on “covered” equipment; parties are reminded that the Commission’s decision itself ultimately governs. Parties affected by these new rules should review the Commission’s decision and its more detailed discussion, as needed and appropriate.
The following topics are discussed below:
- The Commission’s decision in its Report and Order, Order, and Further Notice of Proposed Rulemaking – which adopted new rules and procedures prohibiting equipment authorization of “covered” equipment;
- The Commission’s Covered List and the “covered” equipment (based on the current Covered List);
- Guidance on what constitutes “covered” equipment – which includes “telecommunications equipment” and “video surveillance equipment” produced by Huawei, ZTE, Hytera, Hikvision, and Dahua (and their subsidiaries and affiliates).
- Guidance on additional requirements concerning authorization of Hytera, Hikvision, and Dahua “telecommunications equipment” and “video surveillance equipment” pending further Commission approval.
Section One
On November 25, 2022, the Commission released its Report and Order, Order, and Further Notice of Proposed Rulemaking (FCC 22-84) on “Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Process.” As part of this decision, the Commission adopted rules revising its equipment authorization program (under the Commission’s part 2 rules, subparts J, K, and I) to prohibit, after February 6, 2023, any authorization of “covered” equipment identified on its Covered List. The Commission also revised its part 15 rules on exempted devices, effective February 6, 2023, to remove the exemption with respect to “covered” equipment.
Summary of major rule revisions. The Commission’s Report and Order revises the Commission’s equipment authorization program in a number of ways. Among the major revisions and new requirements, the Report and Order –
- Adopts several revisions to the Commission’s part 2 rules concerning equipment authorization processes, including authorization under the equipment certification procedures (which involve use of Telecommunication Certification Bodies) and the Supplier’s Declaration of Conformity (SDoC) procedures. These new rules, which are effective February 6, 2023 --
- Prohibit “covered” equipment from obtaining an equipment authorization through either certification procedures or SDoC procedures. (See Report and Order, paragraphs 45-46; new rule §§ 2.903(a), 2.906(d), 2.907(c).)
- Require that if authorization is sought for equipment that is produced by any of the entities identified on the Covered List as producing “covered” equipment (i.e., Huawei, ZTE, Hytera, Hikvision, or Dahua, or their subsidiaries and affiliates), such equipment (which must not be “covered”) can only be authorized through the Commission’s equipment certification procedures. SDoC procedures cannot be used to obtain authorization of any equipment produced by any of these entities. (See Report and Order, paragraphs 75, 77-79; new rule §§ 2.903(a)(1)-((2), 2.906(d), 2.907(c).)
- Require that each applicant for equipment certification attest in its application (in the form of a written and signed certification) that the particular equipment for which it seeks certification is not “covered” equipment. In addition, each applicant must indicate whether it is an entity identified on the Covered List as producing “covered” equipment. (See Report and Order, paragraphs 54-58, 82-83; rule §§ 2.911(d)(5)-(7), 2.1033(b)-(c).)
- Require that each responsible party seeking authorization of equipment under the SDoC procedures attest, in the form of a written and signed certification, that the subject equipment is not produced by any entity identified on the Covered List as producing “covered” equipment. The responsible party must maintain this attestation in its records. (See Report and Order, paragraphs 82-83; new rule §§ 2.903(a)(2), 2.906(d), 2.938(b)(2).)
- Prohibit any entity that has been identified on the Covered List as producing “covered” equipment (i.e., Huawei, ZTE, Hytera, Hikvision, or Dahua, or their subsidiaries and affiliates) from obtaining equipment authorization of any of their equipment through the Commission’s SDoC procedures. Such entities must seek authorization of any equipment they produce through the certification procedures. (See Report and Order, paragraphs 75, 78-79; new rule §§ 2.903(a), 2.906(d), 2.907(c).)
- Require that each entity expressly named on the Covered List as producing “covered” equipment (i.e., Huawei, ZTE, Hytera, Hikvision, or Dahua) provide the Commission (by March 8, 2023) information on the name and address of each of that entity’s subsidiaries and affiliates that produce equipment that requires an equipment authorization, and to keep that information up-to-date; such information will be posted on the Commission’s website. (See Report and Order, paragraph 186; new rule § 2.903(b).)
- Prohibit use of the modification or permissive change rules to modify previously certified equipment if such modification would result in authorization of “covered” equipment. (See Report and Order, paragraph 66; revised rule §§ 2.932, 2.1043(b)(2)-(3).)
- Revises the part 15 rules on exempted devices (§ 15.103) so that, as of February 6, 2023, no new equipment produced by any of the entities identified on the Covered List as producing “covered” equipment (i.e., Huawei, ZTE, Hytera, Hikvision, or Dahua, or their subsidiaries and affiliates) can qualify as an exempted device; accordingly, any such equipment that is “covered” equipment is prohibited. Under the revised rules, as of February 6, 2023 any such new equipment (which must not be “covered”) produced by these entities is not exempted from the need for authorization and such equipment must obtain authorization through the equipment certification procedures before such equipment can be marketed, sold, or operated in the United States. (See Report and Order, paragraphs 97-100; rule §§ 2.903(a)(3), 2.907(c), 15.103(j).)
- Adopts streamlined procedures for revocation of any equipment authorization grant in which the applicant had included in its application a false statement or representation that the subject equipment is not “covered” equipment. (See Report and Order, paragraphs 111-13 ; new rule § 2.939(d).)
In addition to prohibiting authorization of “covered” equipment, the Commission’s Report and Order also adopts a new requirement – applicable, beginning February 6, 2023 (the effective date of the new rules) – that each applicant for equipment certification designate an agent located in the United States for purposes of accepting service of process on behalf of the applicant/grantee of each new equipment authorization that is granted. (See Report and Order, paragraphs 62-64; new rule §§ 2.911(d)(7), 2.1033(b)(1)((ii), 2.1033(c)(1)(ii).)
Section Two
The Commission’s prohibition on authorization of “covered” equipment concerns such equipment as identified on the Commission’s Covered List, which the Commission periodically updates.
Covered List. The Commission’s Covered List is published pursuant to the Secure and Trusted Communications Networks Act of 2019. That Act requires that the Commission publish a list of communications equipment and services (Covered List) that have been determined to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons. Section 1.50002 of the Commission’s rules requires that the Public Safety and Homeland Security Bureau publish the Covered List identifying “covered” equipment and services, and periodically update the list when any new determinations concerning equipment or services.
“Covered” equipment. The new rules prohibit authorization of any “covered” equipment identified on the Covered List (i.e., the most current version of the Covered List). This list can be found at https://www.fcc.gov/supplychain/coveredlist.
The current Covered List – published on September 20, 2022 – identifies the following “covered” equipment (see Covered List, Appendix):
- “Telecommunications equipment” and “video surveillance equipment” produced by Huawei Technologies Company (Huawei) or ZTE Corporation (ZTE), or by any subsidiaries or affiliates of such entities;
- “Telecommunications equipment” and “video surveillance equipment” produced by Hytera Communications Corporation (Hytera), Hangzhou Hikvision Digital Technology Company (Hikvision), or Dahua Technology Company (Dahua), or by any subsidiaries or affiliates of such entities, “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.”
Section Three
In the Report and Order, the Commission identified “covered” equipment on the current Covered List as including both “telecommunications equipment” and “video surveillance equipment” produced by the Huawei, ZTE, Hytera, Hikvision and Dahua, or by subsidiaries or affiliates of these entities. (See Report and Order, paragraphs 144, 171.) The Commission also defined “subsidiary” and “affiliate” for purposes of implementing the prohibition on authorization of “covered” equipment. (See Report and Order, paragraphs. 183-84, new section 2.903(c).)
The Commission also provided certain guidance for purposes of implementing the prohibition on authorization of “covered” equipment. This included guidance on what constitutes “covered” communications equipment in assessing applicability of the equipment authorization prohibition – specifically, what constitutes “telecommunications equipment” and “video surveillance equipment.” (See Report and Order, paragraphs 194-207.) In addition, the Commission placed additional conditions on authorization of equipment produced by Hytera, Hikvision, and Dahua, or by their subsidiaries and affiliates. (See Report and Order, paragraphs 176-77, 180, 208-14.) The Commission decision and guidance on each of these matters is summarized below.
The Commission recognized the importance of providing guidance to applicants, Telecommunication Certification Bodies (TCBs), and other interested parties with respect to administering and implementing the prohibition on authorization of “covered” equipment through the attestation process, the TCBs’ assessment of the applications, and the Commission’s implementation and monitoring of the equipment authorization process to ensure that “covered” equipment is not authorized for marketing or sale. (See Report and Order, paragraph 190.)
- Applicant responsibilities. Applicants for equipment certification are required, when attesting that their equipment is not “covered,” to take into consideration the Commission’s definitions and guidance regarding what constitutes “covered” equipment. (See Report and Order, paragraph 58.)
- TCB responsibilities. Pursuant to the requirements for TCBs, as set forth in §§ 2.960 and 2.962, TCBs are responsible for determining compliance with the Commission’s requirements and for certifying equipment in accordance with the Commission’s rules and policies. As an integral part of their responsibilities in assessing applications for equipment certification, TCBs must take into consideration the Commission’s definitions and guidance regarding what constitutes “covered” equipment in order to ensure that “covered” equipment is not authorized.
Subsidiaries and affiliates.
“Covered” equipment produced by subsidiaries or affiliates of the entities specifically identified on the current Covered List as producing “covered” equipment (specifically, subsidiaries or affiliates of Huawei, ZTE, Hytera, Hikvision, and Dahua) also is prohibited from equipment authorization. The following definitions apply for purposes of this prohibition (see Report and Order, paragraphs 183-84, new section 2.903(c)):
- Affiliate. The term “affiliate” means an entity that (directly or indirectly) owns or controls, is owned or controlled by, or is under common ownership or control with, another entity; for purposes of this paragraph, the term ‘own’ means to have, possess, or otherwise control an equity interest (or the equivalent thereof) of more than 10 percent.
- Subsidiary. The term “subsidiary” means any entity in which another entity directly or indirectly (1) holds de facto control or (2) owns or controls more than 50 percent of the outstanding voting stock.
The Commission’s decision requires that each entity named on the Covered List as producing “covered” equipment must provide the Commission (by 30 days after effective date, February 6, 2023) information on the name and address of each of that entity’s subsidiaries and affiliates that produce equipment that requires an equipment authorization, and to keep that information up-to-date; such information will be posted on the Commission’s website. (See Report and Order, paragraph 186; new rule § 2.903(b).)
Telecommunications equipment.
The Commission’s Report and Order includes discussion of what constitutes “telecommunications equipment” for purposes of the prohibition. (See Report and Order, paragraphs 194-203.) The Commission interprets “telecommunications equipment” broadly.
- Telecommunications equipment means any equipment used in fixed or mobile networks that provides advanced communications service, provided the equipment includes or uses electronic components. This encompasses any equipment that can be used in a fixed or mobile broadband network to enable users to originate and receive high quality voice, data, graphics, and video telecommunications using technology with connection speeds of at least 200 kbps in either direction. (See Report and Order, paragraph 195.)
Such “covered” equipment includes equipment associated with different layers of communications networks (see Report and Order, paragraph 197), specifically –
- “Access layer” equipment – such as equipment associated with providing and controlling end-user access to the network over the “last mile,” “local loop,” or “to the home” (e.g., optical terminal line equipment, optical distribution network devices, customer premises equipment (to the extent owned by the advanced services provider), coaxial media converters, wavelength-division multiplexing (WDM) and optical transporting networking (OTN) equipment, and wireless local area network (WLAN) equipment);
- “Distribution layer” equipment – such as middle mile, backhaul, and radio area network (RAN) equipment (e.g., routers, switches, network security equipment, WDM and OTN equipment, and small cells); and
- “Core layer” equipment – such as equipment associated with the backbone infrastructure (e.g., optical networking equipment, WDM and OTN, microwave equipment, antennas, RAN core, Cloud core, fiber, and data transmission equipment).
“Covered” telecommunications equipment also includes –
- Handsets designed for operation over fixed or mobile networks providing advanced communications services. These devices incorporate electronic components, could enable users to originate and receive high quality voice, data, graphics, and video telecommunications with connection speeds of at least 200 kbps in either direction, and may be the end points of most broadband networks which makes them part of the network. (See Report and Order, paragraph 201.)
- Many consumer premises equipment (CPE) and Internet of things (IoT) devices that meet the Commission’s broad interpretation of telecommunications equipment insofar as these devices incorporate electronic components, could enable users to originate and receive high quality voice, data, graphics, and video telecommunications with connection speeds of at least 200 kbps in either direction, and may be the end points of most broadband networks which makes them part of the network. (See Report and Order, paragraph 201.)
Further guidance may be forthcoming. The Commission recognized that given the wide array and variety of devices in the marketplace, it has not in the Report and Order identified all of the categories or types of equipment that could constitute telecommunications equipment. It has delegated authority to and directed the Office of Engineering and Technology and the Public Safety and Homeland Security Bureau to develop and finalize additional clarifications as needed and appropriate. (See Report and Order, paragraph 202.) Such additional guidance is not included in this initial guidance, and may be forthcoming in the future.
Video surveillance equipment
The Commission’s Report and Order includes discussion of what constitutes “video surveillance equipment” for purposes of the prohibition. (See Report and Order, paragraphs 204-07.) As the Commission notes, considering the importance of prohibiting authorization of “covered” equipment that poses an unacceptable risk to national security, the Commission interprets “video surveillance equipment” broadly.
- Video surveillance equipment includes any equipment that is used in fixed and mobile networks that provides advanced communications service in the form of a video surveillance service, provided the equipment includes or uses electronic components. This encompasses any equipment that can be used in a fixed or mobile broadband network to enable users to originate and receive high quality voice, data, graphics, and video telecommunications using technology with connection speeds of at least 200 kbps in either direction. (See Report and Order, paragraph 205.)
“Covered” video surveillance equipment includes –
- Video surveillance cameras;
- Body cameras; and
- Video surveillance equipment associated with video surveillance services that make use of broadband capabilities, such as video recorders, video surveillance servers, and video data storage devices – which are capable of storing and sharing their content over broadband networks. (See Report and Order, paragraph 206.)
Further guidance may be forthcoming. The Commission recognized that given the wide array and variety of devices in the marketplace, it has not, in the Report and Order, identified all of the categories or types of equipment that could constitute video surveillance equipment. It has directed the Office of Engineering and Technology and the Public Safety and Homeland Security Bureau to develop and finalize additional clarifications as needed and appropriate. (See Report and Order, paragraph 207.) Such additional guidance is not included in this initial guidance, and may be forthcoming in the future.
Section Four
In the Report and Order, the Commission discussed particular conditions that apply to the approval of any application for “covered” equipment produced by Hytera, Hikvision, or Dahua, or by their subsidiaries or affiliates.
- At this time the Commission is prohibiting equipment authorization of any telecommunications equipment or video surveillance equipment produced by Hytera, Hikvision, or Dahua or by their subsidiaries or affiliates. (See Report and Order, paragraph 180.)
As the Commission explained in the Report and Order (see Report and Order, paragraph 180) –
- The Commission is requiring that, before it will permit an equipment authorization of such equipment, these entities must each seek and obtain Commission approval for its respective plan that will ensure that such equipment will not be marketed or sold “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” Any such plan must demonstrate that effective measures are in place that will ensure that equipment distributors, equipment dealers, or others in the supply and distribution chains associated with marketing or sale of such equipment are aware of this restriction and do not market or sell such equipment to entities for the purposes mentioned above. Such a plan must include well-articulated and appropriate measures at the distributor and dealer levels to ensure that the entity does not market or sell for prohibited purposes.
- Such respective plan(s) will be reviewed by the full Commission and only approved if the measures that are and will be taken are sufficient to prevent the marketing and sale of the equipment for those prohibited purposes.
- The applicant seeking approval for authorization of any telecommunications or video surveillance equipment produced by any of these entities must submit the specific plan associated with such equipment.
The Commission also noted that if authorization of telecommunication equipment or video surveillance equipment produced by Hytera, Hikvision, or Dahua (or by their subsidiaries or affiliates) ultimately is permitted, such equipment would be subject to stringent conditions to prevent marketing or sale of such equipment “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.”
- These would include conditions on the equipment authorization noting the prohibition on marketing and sale of such equipment, as well as labeling requirements stating limitations on marketing or sale of the equipment. These conditions would apply not only with respect to Hytera, Hikvision, and Dahua (and their subsidiaries and affiliates), but also to their equipment distributors, dealers, or re-sellers, i.e., every entity throughout the supply chain that markets or offers the equipment for sale or that markets or sells the equipment to end-users. (See Report and Order, paragraphs 176-77.)
The Commission also provided guidance on the scope of its prohibition on the marketing or sale of such equipment “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” The Commission emphasized the broad scope of this prohibition, noting that each of the terms encompassed – public safety, government facilities, critical infrastructure, and national security – are construed broadly. (See Report and Order, paragraphs 208-13.) Specifically –
- Public safety includes services provided by State or local government entities, or services by non-governmental agencies authorized by a governmental entity if their primary mission is the provision of services that protect the safety of life, health, and property, including but not limited to police, fire, and emergency medical services. This includes the services provided by Federal law enforcement and professional security services, where the primary mission is the provision of services that protect the safety of life, health, and property.
- Government facilities are buildings, located in the United States and overseas, that are owned or leased by federal, state, local, and tribal governments, whether open to the public or not open to the public due to those locations containing highly sensitive information, materials, processes, and equipment. Government facilities include, and are not limited to, general-use office buildings and special-use military installations, embassies, courthouses, national laboratories, and structures that may house critical equipment, systems, networks, and functions. In addition to physical structures, the sector includes cyber elements that contribute to the protection of sector assets (e.g., access control systems and closed-circuit television systems) as well as individuals who perform essential functions or possess tactical, operational, or strategic knowledge.
- Critical infrastructure means any systems and assets, whether physical or virtual, so vital to the United States that their disruption, corruption, dysfunction, incapacity or destruction would have a debilitating impact on security, national economic security, national public health or safety, or any combination thereof. Examples are systems or assets connected to any of the sixteen critical infrastructure sectors identified in Presidential Policy Directive 21: chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, health care and public health, information technology, nuclear reactors/materials/waste, transportation systems, and water/waste water systems.
- National security means related to the national defense or foreign relations of the United States and encompasses a variety of high-profile government, commercial, and military assets.
Further guidance may be forthcoming. The Commission also directed the Office and Engineering and Technology and the Public Safety and Homeland Security Bureau to develop further clarifications, and coordinate as necessary with relevant federal agencies, to inform applicants for equipment authorization, TCBs, and other interested parties with more specific and detailed information. (See Report and Order, paragraph 214.) Such additional guidance is not included in this initial guidance, and may be forthcoming in the future.
[1] We note that the Commission also included an Interim Freeze Order in FCC 22‐84, which prohibited authorization of any “covered” equipment, beginning on November 25, 2022 (the date that FCC 22‐84 was released to the public), until the revised rules became effective. (See Report and Order, paragraphs 264‐66).