AGENCY:
Federal Communications Commission.
ACTION:
Proposed rule.
SUMMARY:
In this document, the Federal Communications Commission (Commission) proposes to strengthen requirements and oversight relating to telecommunications certification bodies and measurement facilities to help ensure the integrity of these entities for purposes of the equipment authorization, to better protect national security, and to advance the Commission's comprehensive strategy to build a more secure and resilient communications supply chain.
DATES:
Comments are due on or before September 3, 2024 and reply comments are due on or before October 3, 2024.
ADDRESSES:
You may submit comments, identified by ET Docket No. 24-136, by any of the following methods:
Federal Communications Commission's Website: https://www.fcc.gov/ecfs/. Follow the instructions for submitting comments. See Electronic Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1988).
- Mail: Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail (although the Commission continues to experience delays in receiving U.S. Postal Service mail). All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.
- People with Disabilities: Contact the Commission to request reasonable accommodations (accessible format documents, sign language interpreters, CART, etc.) by email: FCC504@fcc.gov or phone: 202-418-0530 or TTY: 202-418-0432.
For detailed instructions for submitting comments and additional information on the rulemaking process, see the SUPPLEMENTARY INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT:
Jamie Coleman of the Office of Engineering and Technology, at Jamie.Coleman@fcc.gov or 202-418-2705.
SUPPLEMENTARY INFORMATION:
This is a summary of the Commission's Notice of Proposed Rulemaking, ET Docket No. 24-136; FCC 24-58, adopted on May 23, 2024, and released on May 24, 2024. The full text of this document is available for public inspection and can be downloaded at https://docs.fcc.gov/public/attachments/FCC-24-58A1.pdf. Alternative formats are available for people with disabilities (Braille, large print, electronic files, audio format) by sending an email to fcc504@fcc.gov or calling the Commission's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).
Comment Period and Filing Procedures. Pursuant to sections 1.415 and 1.419 of the Commission's rules, 47 CFR 1.415, 1.419, interested parties may file comments and reply comments on or before the dates provided in the DATES section of this document. Comments must be filed in ET Docket No. 24-136. Comments may be filed using the Commission's Electronic Comment Filing System (ECFS). See Electronic Filing of Documents in Rulemaking Proceedings,63 FR 24121 (1998).
- All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.
- Electronic Filers: Comments may be filed electronically using the internet by accessing the ECFS: https://www.fcc.gov/ecfs/.
Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing. If more than one docket or rulemaking number appears in the caption of this proceeding, filers must submit two additional copies for each additional docket or rulemaking number.
○ Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701.
○ U.S. Postal Service first-class, Express, and Priority mail must be addressed to 45 L Street NE, Washington, DC 20554.
Ex Parte Presentations. These proceedings shall be treated as “permit-but-disclose” proceedings in accordance with the Commission's ex parte rules. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter's written comments, memoranda or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with rule 1.1206(b). In proceedings governed by rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format ( e.g.,.doc, .xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the Commission's ex parte rules.
Procedural Matters
Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980, as amended (RFA), requires that an agency prepare a regulatory flexibility analysis for notice and comment rulemakings, unless the agency certifies that “the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.” 5 U.S.C. 603, 605(b). The RFA, 5 U.S.C. 601-612, was amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA), Public Law 104-121, Title II, 110 Stat. 857 (1996). Accordingly, the Commission has prepared an Initial Regulatory Flexibility Analysis (IRFA) concerning the possible/potential impact of the rule and policy changes contained in this document. The IRFA is found in Appendix B of the FCC document, https://docs.fcc.gov/public/attachments/FCC-24-58A1.pdf. The Commission invites the general public, in particular small businesses, to comment on the IRFA. Comments must have a separate and distinct heading designating them as responses to the IRFA and must be filed by the deadlines for comments on the Notice of Proposed Rulemaking indicated in the DATES section of this document.
Paperwork Reduction Act: This document may contain proposed or modified information collection requirements. Therefore, the Commission seeks comment on potential new or revised information collections subject to the Paperwork Reduction Act of 1995. If the Commission adopts any new or revised information collection requirements, the Commission will publish a notice in the Federal Register inviting the general public and the Office of Management and Budget to comment on the information collection requirements, as required by the Paperwork Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), the Commission seeks specific comments on how it might further reduce the information collection burden for small business concerns with fewer than 25 employees.
Accessing Materials
Providing Accountability Through Transparency Act: Consistent with the Providing Accountability Through Transparency Act, Public Law 1189-9, a summary of the Notice of Proposed Rulemaking will be available at https://www.fcc.gov/proposed-rulemakings.
OPEN Government Data Act. The OPEN Government Data Act, requires agencies to make “public data assets” available under an open license and as “open Government data assets,” i.e., in machine-readable, open format, unencumbered by use restrictions other than intellectual property rights, and based on an open standard that is maintained by a standards organization. 44 U.S.C. 3502(20), (22), 3506(b)(6)(B). This requirement is to be implemented “in accordance with guidance by the Director” of the OMB. (OMB has not yet issued final guidance. The term “public data asset” means “a data asset, or part thereof, maintained by the Federal Government that has been, or may be, released to the public, including any data asset, or part thereof, subject to disclosure under [the Freedom of Information Act (FOIA)].” 44 U.S.C. 3502(22). A “data asset” is “a collection of data elements or data sets that may be grouped together,” and “data” is “recorded information, regardless of form or the media on which the data is recorded.” 44 U.S.C. 3502(17), (16).
Synopsis
I. Introduction
1. From 5G networks and Wi-Fi routers to baby monitors and fitness trackers, a wide array of radio-frequency (RF) devices are ubiquitous in Americans' daily lives and across our economy. The FCC's equipment authorization program is tasked with ensuring that all of these devices available to American businesses and consumers comply with our rules regarding, among other things, interference, radio-frequency (RF) emissions, and hearing aid compatibility. To ensure the efficient and effective review of tens of thousands of equipment authorizations annually, the Commission delegates certain important responsibilities to telecommunications certification bodies (TCBs) and measurement facilities (test labs) with regard to implementing our equipment authorization program. Now, as part of ongoing efforts to promote national security and protect our nation's communications equipment supply chain, the Commission has placed significant new national security related responsibilities on TCBs and test labs. By establishing new equipment authorization program rules that prohibit authorization of communications equipment that has been determined to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons, these entities now must help ensure that such prohibited equipment is kept out of our nation's supply chain. Further, these entities are entrusted with receiving and maintaining sensitive and proprietary information regarding communications equipment. In light of these new and ongoing responsibilities and the persistent and evolving threats posed by untrustworthy actors seeking, among other things, to compromise our networks and supply chains, today the Commission seeks to strengthen its requirements for and oversight of TCBs and test labs by proposing new rules that would help ensure the integrity of these entities for purposes of the equipment authorization program, better protect national security, and advance the Commission's comprehensive strategy to build a more secure and resilient communications supply chain. It is vital for the Commission to ensure that these entities are not subject to influence or control by foreign adversaries or other untrustworthy actors that pose a risk to national security.
2. Specifically, the Commission proposes to prohibit from recognition by the FCC and participation in its equipment authorization program, any TCB or test lab in which an entity identified on the Covered List has direct or indirect ownership or control, and prohibit reliance on or use of, for purposes of equipment authorization, any TCB or test lab that is directly or indirectly owned or controlled by any entity on the Covered List or by any third party in which an entity identified on the Covered List has any direct or indirect ownership or control. Considering the national security concerns about entities identified on the Covered List, the Commission also directs the Office of Engineering and Technology (OET) to take swift action to suspend the recognition of any TCB or test lab directly or indirectly owned or controlled by entities identified on the Covered List, thereby preventing such entities from using their owned or controlled labs to undermine its current prohibition on Covered Equipment. Next, the Commission seeks comment on prohibiting recognition of any TCB or test lab directly or indirectly owned or controlled by a foreign adversary or any other entity that has been found to pose a risk to national security. To that end, and consistent with Commission action in other recent national security proceedings, the Commission seeks comment on whether and how it should consider national security determinations made in other Executive Branch agency lists in establishing eligibility qualifications for FCC recognition of a TCB or a test lab in its equipment authorization program. In addition, the Commission proposes that the prohibition would be triggered by direct or indirect ownership or control of 10% or more and, to help ensure that it has the information to enforce this requirement, TCBs and test labs would be required to report direct or indirect equity and/or voting interest of 5% or greater by any entity. Further, to implement the proposed national security prohibition, to ensure the integrity of the equipment authorization program and the impartiality of the TCBs and test labs within it, the Commission proposes to collect additional ownership and control information from TCBs and test labs. The Commission also seeks comment on other revisions concerning TCBs and test labs as the Commission seeks to address these issues.
II. Background
3. The Commission's equipment authorization program, codified in the Commission's part 2 rules, plays a critical role in enabling the Commission to carry out its responsibilities under the Communications Act. Under section 302 of the Communications Act, the Commission is authorized to make reasonable regulations governing the interference potential of equipment that emit radiofrequency (RF) energy and that can cause harmful interference to radio communications, which are implemented through the equipment authorization program. In addition, the equipment authorization program helps ensure that communications equipment comply with certain other policy objectives—which include protecting the communications networks and supply chain from equipment that poses an unacceptable risk to national security.
4. Communications equipment must comply with the requirements under part 2 before they can be marketed in or imported to the United States. Under 47 U.S.C. 302a(e), the Commission has delegated certain important responsibilities to TCBs and test labs with regard to implementing the Commission's equipment authorization program.
A. Telecommunications Certification Bodies and Test Labs
5. Telecommunications Certification Bodies (TCBs). The Commission's rules specify the qualification criteria for TCBs and assign TCBs responsibility for issuing equipment certifications under Commission direction and oversight. In authorizing the use of TCBs, the Commission sought to speed the process for bringing new technologies to market while also adopting an oversight framework to ensure that the TCBs act impartially and consistent with their responsibilities. The creation and use of TCBs in the equipment authorization process allowed the Commission to implement Mutual Recognition Agreements (MRAs) with the European Union, the Asia-Pacific Economic Cooperation, and other foreign trade partners.
6. TCBs are responsible for reviewing and evaluating applications for equipment certification for compliance with the Commission's applicable requirements (including technical compliance testing and other requirements) and determining whether to grant or to dismiss the application based on whether it is in accord with Commission requirements. TCBs must meet all the appropriate specifications in the ISO/IEC 17065 standard, which include requirements to ensure that TCBs carry out their responsibilities in a “competent, consistent, and impartial manner.” Commission rules also impose certain obligations on each TCB to perform post-market surveillance, based on “type testing a certain number of samples of the total number of product types” that the TCB has certified.
7. To carry out their prescribed equipment certification responsibilities, under current rules TCBs must be accredited based on determinations made by a Commission-recognized accreditation body and recognized by the Commission before they are authorized to evaluate applications for equipment authorization. Under Commission rules, TCBs must be located in the United States or in countries that have entered into applicable Mutual Recognition Agreements (MRAs) with the United States.
8. For TCBs located outside of the United States, designation is authorized in accordance with the terms of an effective bilateral or multilateral MRA to which the United States is a party. Pursuant to each MRA, participating countries agree to accept the equipment authorizations performed by the TCB-equivalent conformity assessment body of the other country. There are 15 FCC-recognized Designating Authorities in MRA-partnered countries. These Designating Authorities are governmental organizations associated with MRA-partnered economies. Currently there are 40 FCC-recognized TCBs, the majority of which are located in the United States and the rest are located in nine MRA-partnered countries.
9. Finally, the Commission will withdraw recognition of a TCB if the TCB's designation or accreditation is withdrawn, the Commission determines that there is “just cause,” or the TCB requests that it no longer hold a recognition. The Commission's rules also set forth specific procedures, including notification requirements, that the Commission will follow if it intends to withdraw its recognition of a TCB.
10. Test labs. Test labs ensure that subject equipment complies with the Commission's applicable technical rules to minimize the risk of harmful interference, promote efficient use of spectrum, and advance other policy goals, such as ensuring hearing aid compatibility and controlling the environmental effects of RF radiation. The role and responsibilities of test labs specifically concern the development of technical reports on testing equipment for which authorization is sought for compliance with the Commission's applicable technical requirements. Applicants for equipment certification provide the testing data to a TCB to show compliance with the FCC requirements.
11. For all granted applications, the TCBs must send to the FCC any test lab data and other information relied upon by the TCB. This information is made publicly available on the FCC website upon grant of the equipment authorization. Under the Commission's rules, test labs do not have any role or responsibility for making any certification decision on whether the equipment would be in compliance, nor do they have any role with respect to any other certification determination, including on whether the equipment constitutes “covered” equipment; all certification activities (evaluation, review, and decisional determinations) are reserved for TCBs.
12. Under Commission rules, testing for equipment certification can only be performed by a test lab that has been accredited by an FCC-recognized accreditation body and recognized by the Commission. Applicable rules require that these test labs be accredited based on ISO/IEC 17025. The Commission's rules require that entities wishing to become a recognized laboratory accreditation body must submit a written request to the Chief of OET and submit evidence concerning their credentials and qualifications to perform accreditation of laboratories that test equipment to Commission requirements, consistent with the technical requirements set forth under section 2.948(e). Applicants must successfully complete and submit a peer review. Under the ISO/IEC 17011 standard, accreditation body applicants must meet specified impartiality, management, and accreditation requirements, and otherwise meet accreditation body responsibilities. OET publishes its findings and maintains a web page on FCC-recognized accreditation bodies.
13. The Commission notes, however, that its rules do not currently require accreditation and FCC recognition of test labs that are relied upon as part of the Supplier's Declaration of Conformity (SDoC) process for obtaining an equipment authorization. In 2017, the Commission revised its rules to no longer require testing by accredited and FCC-recognized test labs for equipment with a reduced potential to cause harmful interference authorized in the SDoC process. The SDOC process applies, generally, to equipment that does not contain a radio transmitter and contains only digital circuitry—such as computer peripherals, microwave ovens, ISM equipment, switching power supplies, LED light bulbs, radio receivers, and TV interface devices.
14. The Commission recognizes four accreditation bodies in the U.S. that can designate test labs that operate in the United States. As for accreditation of test labs outside of the United States in countries that have entered into an MRA, § 2.948(f)(1) provides that test lab accreditation will be acceptable if the accredited laboratory has been designated by a foreign designating authority and recognized by the Commission under the terms of an MRA. Currently there are 24 such FCC-recognized test lab accreditation bodies outside the United States, located in 23 different MRA-partnered countries.
15. The Commission has a separate rule provision concerning the accreditation bodies that are permitted to accredit test labs in countries that do not have an MRA with the United States. If the test lab is located in a country that does not have an MRA with the United States, then the test lab must be accredited by an organization recognized by the Commission to perform accreditations in non-MRA countries. Currently, the Commission has recognized three such accrediting bodies. In response to requests from industry for clarifying the process by which test labs are accredited in non-MRA countries, the Commission in 2016 directed OET to provided clearer guidance on accreditation of test labs in non-MRA-partnered countries. Current rules do not preclude an accreditation body that is not in an MRA-partnered country from submitting a request to be recognized, but, to date, no accreditation body outside of an MRA-partnered economy has submitted a request for FCC recognition.
16. Under the Commission rules, if a test lab has been accredited for the appropriate scope for the types of equipment that it will test, then it “shall be deemed competent to test and submit test data for equipment subject to certification.” Test labs must be reassessed at least every two years. Under current procedures, if the accreditation body re-assesses the test lab and concludes that it continues to meet the requirements set forth under ISO/IEC 17025, the accreditation body will update the expiration date for the test lab's accreditation in the FCC's Equipment Authorization Electronic System (EAS) for a period of up to two years. While the Commission's rules currently provide procedures for FCC recognition of test lab accreditation bodies, its rules do not currently include specific Commission rules or procedures for withdrawing recognition of a test lab accreditation body.
17. The Commission maintains a list of FCC-recognized accredited test labs on its website, which currently lists nearly 640 test labs. Currently, MRA- partnered economies have the most FCC-recognized test labs, while there are also are many test labs in countries in economies that have not entered an MRA with the United States.
B. Recent Commission Actions
18. The EA Security R&O and FNPRM. On November 11, 2022, the Commission adopted the EA Security Report and Order, Order, and Further Notice of Proposed Rulemaking. ( Final Rule, 88 FR 7592 (February 6, 2023); Notice of Proposed Rulemaking, 88 FR 14312 (March 8, 2023)). Specifically, the Commission established several new rules to prohibit authorization of communications equipment identified on the Commission's Covered List (“covered” equipment) developed pursuant to the Secure Networks Act. The Covered List identifies certain types of communications equipment produced by particular entities—currently, Huawei, ZTE, Hytera, Hikvision, and Dahua (and their respective subsidiaries and affiliates), as well as certain services provided by particular entities. This list is derived from specific determinations made by enumerated sources, including certain Executive Branch agencies and Congress, under the Secure Network Act, that certain equipment poses an unacceptable risk to national security. The EA Security R&O revised part 2 of the Commission's rules concerning equipment authorization requirements and processes. To help implement the prohibition on authorization of any “covered” equipment, applicants seeking equipment authorization are required to make certain attestations (in the form of certifications) about the equipment for which they seek authorization. These include attesting that the equipment is not prohibited from receiving authorization and whether the applicant is an entity identified on the Covered List as an entity producing “covered” communications equipment. TCBs, pursuant to their responsibilities as part of the Commission's equipment authorization program, review the applications and must ensure that only applications that meet all of the Commission's applicable technical and non-technical requirements are ultimately granted, and that none of these grants are for prohibited equipment.
19. In affirming in the EA Security R&O its authority to prohibit authorization of communications equipment that had been placed on the Covered List, the Commission also noted that it has broad statutory authority, predating the Secure Networks Act and the Secure Equipment Act, under sections 302 and 303(e) of the Communications Act and other statutory provisions, to take into account national security concerns when promoting the public interest.
20. Other Recent Commission Actions. Since adoption of the EA Security R&O, Order, and FNPRM in November 2022, the Commission has taken several additional steps to address evolving national security concerns to protect the security of America's critical communications networks and supply chains. In April 2023, in the Evolving Risks Order and NPRM ( Final Rule, 88 FR 85514 (December 8. 2023), Proposed Rule, 88 FR 50486 (August 1, 2023)), the Commission took additional steps to protect the nation's telecommunications infrastructure from threats in an evolving national security and law enforcement landscape by proposing comprehensive changes to the Commission's rules that allow carriers to provide international telecommunications service pursuant to section 214 of the Communications Act. The Commission proposed, among other things, to adopt a renewal framework or, in the alternative, a formalized periodic review process for all international section 214 authorization holders. The Commission stated that, in view of the evolving national security and law enforcement concerns identified in its recent proceedings revoking the section 214 authorizations of certain providers controlled by the Chinese government, it believes that a formalized system of periodically reassessing international section 214 authorizations would better ensure that international section 214 authorizations, once granted, continue to serve the public interest. In the Evolving Risks Order, the Commission required all international section 214 authorization holders to respond to a one-time collection to update the Commission's records regarding their foreign ownership, noting that “the information will assist the Commission in developing a timely and effective process for prioritizing the review of international section 214 authorizations that are most likely to raise national security, law enforcement, foreign policy, and/or trade policy concerns.” In the Evolving Risks NPRM, the Commission proposed, among other things, to prioritize the renewal applications or any periodic review filings and deadlines based on, for example, “reportable foreign ownership, including any reportable foreign interest holder that is a citizen of a foreign adversary country,” as defined in the Commerce Department's rule, 15 CFR 7.4. The Commission also sought comment on whether to revise its ownership reporting threshold, currently set at 10% or greater direct and indirect equity and/or voting interests, to 5%, noting that the current 10% threshold may not capture all of the foreign interests that may present national security, law enforcement foreign policy, and/or trade policy concerns in today's national security and law enforcement environment. The Commission also proposed, among other things, to require applicants to certify in their application whether or not they use equipment or services identified in the Commission's Covered List. The Commission stated that it intends to continue to collaborate with the relevant Executive Branch agencies and refer matters to the Executive Branch agencies where warranted.
21. On March 14, 2024, the Commission adopted the Cybersecurity IoT Labeling R&O to strengthen the nation's cybersecurity protections by adopting a voluntary cybersecurity labeling program for wireless Internet of Things (IoT) products. Through this IoT Labeling Program, the Commission will provide consumers with an FCC IoT label that includes the U.S. government certification mark (referred to as the Cyber Trust Mark) that provides assurances that an IoT product that bears the FCC IoT Label meets certain minimum cybersecurity standards and strengthens the chain of connected IoT products in their own homes and as part of a larger national IoT ecosystem. The Order established a new administrative framework and regulatory structure to implement this voluntary program, with the Commission having program oversight while delegating certain responsibilities to new Cybersecurity Labeling Administrators and FCC-recognized testing labs ( e.g., Cybersecurity Testing Labs) to evaluate whether particular IoT devices and products meet the prescribed criteria for obtaining the Cyber Trust Mark. Among other things, the Commission also determined that entities that are owned, controlled by, or affiliated with “foreign adversaries,” as defined by the Department of Commerce, should be ineligible for purposes of the Commission's voluntary IoT Labeling Program. The Commission also generally prohibited entities that produce equipment on the Covered List, as well as entities named on the DOD's list of Chinese military companies or the Department of Commerce's Entity List, from any participation in the IoT Labeling Program. Also, the Commission specifically prohibited any of these entities from serving as a Cybersecurity Label Administrator or serving as an FCC-recognized test lab for testing products for compliance with forthcoming cybersecurity technical standards. The Commission concluded that these lists represent the determination of relevant Federal agencies that entities on these lists may pose a national security threat within their respective areas, and that it is not in the public interest to permit these entities to provide assurance to the public that their products meet the new cybersecurity standards for obtaining a Cyber Trust Mark.
III. Discussion
22. In this NPRM, the Commission proposes and seeks comment on potential revisions to the Commission's rules designed to promote the integrity of its equipment authorization program and ensure that it serves the Commission's goals in protecting the communications equipment supply chain from entities posing unacceptable national security concerns. First, the Commission proposes to prohibit from recognition by the FCC and participation in the equipment authorization program, any TCB or test lab in which an entity identified on the Covered List ( i.e., any named entity or any of its subsidiaries or affiliates) has direct or indirect ownership or control. Second, the Commission seeks comment on the extent to which it should impose eligibility restrictions for TCBs and test labs based on lists developed by Executive Branch agencies that reflect expert determinations about entities that pose national security risks. Third, the Commission proposes and seeks comment on collecting various ownership information from TCBs and test labs to strengthen our oversight and implement any affiliation prohibitions that may be adopted. Fourth, the Commission seeks comment on other aspects associated with implementation of its proposals as well as other considerations to strengthen the Commission's oversight of TCBs and test labs. These include clarification of current rules and applicable standards to ensure the impartiality and integrity of TCBs.
A. Prohibiting Recognition of TCBs and Test Labs in Which Entities Identified on the Covered List Have Direct or Indirect Ownership or Control
23. In 2022 in the EA Security R&O the Commission adopted rules to prohibit authorization of certain equipment produced by entities named on the Covered List and adopted supply chain protections that include new informational requirements that seek to ensure that these untrustworthy entities do not adversely influence certification of equipment that poses unacceptable national security risks. The Covered List is derived from specific determinations made by certain enumerated sources (particular Executive Branch agencies with national security expertise and Congress) under the Secure Networks Act that certain equipment poses an unacceptable risk to national security. Congress has also made determinations in the Secure Networks Act that certain of these entities and their equipment pose an unacceptable risk to national security. In the future, Executive Branch agencies may add to the Covered List. Even before the Secure Networks Act, the Commission designated Huawei and ZTE (along with their parents, affiliates, and subsidiaries) as “covered companies” that pose a unique threat to the security and integrity of the nation's communications networks and supply chains because of their close ties to the Chinese government and military, and the security flaws in their equipment.
24. In light of these determinations from expert Executive Branch agencies and Congress about the serious national security risks posed by entities with equipment on the Covered List, the Commission tentatively conclude that the Commission should not recognize or permit reliance on TCBs, test labs, or their accrediting bodies, or permit them to have any role in the Commission's equipment authorization program, if they have sufficiently close ties with Covered List entities. Accordingly, the Commission proposes to restrict the eligibility of entities that may serve as TCBs or test labs based on, at a minimum, the Covered List. Specifically, the Commission proposes to prohibit from recognition by the Commission and participation in its equipment authorization program, any TCB or test lab in which an entity identified on the Covered List ( i.e., any named entity or any of its subsidiaries or affiliates) has direct or indirect ownership or control. The Commission's proposed prohibition would preclude the use of such TCBs and test labs, as part of any equipment authorization-related reliance or testing, not only with regard to certification of equipment, but also authorization of equipment pursuant to SDoC procedures. The Commission seeks comment on this proposal.
25. Further, in the interest of national security, and out of an abundance of caution, the Commission finds that it is imperative that it not allow entities identified on its Covered List to use test labs they own or control to circumvent or otherwise undermine the Commission's prohibition on authorization of equipment identified on the Covered List or undermine the integrity of its supply chain. To that end, the Commission notes that OET has taken action to deny the re-recognition of a test lab apparently owned by an entity on the Covered List—Global Compliance and Testing Center of Huawei Technologies—while allowing this test lab to provide additional information on whether it is owned or controlled by Huawei Technologies Company or any other entity on the Covered List, and to show cause why it should be allowed re-recognition. Accordingly, the Commission directs OET to suspend, pending the outcome of this proceeding, recognition of any TCB or test lab for which there is sufficient evidence to conclude such TCB or test lab is owned or controlled by an entity identified on the Covered List, while allowing such TCB or test lab thirty days from the date of such suspension to certify, and provide supporting documentation, that no entity identified on the Covered List holds a 10% or more direct or indirect ownership interest or controlling interest in the TCB or test lab. The Commission believes this action is necessary to protect against additional national security risks to its equipment authorization program and supply chain, including protecting existing manufacturers from unknowing reliance on untrustworthy entities, pending the implementation of the additional ownership disclosures and transparency requirements the Commission proposes in this proceeding. Any burden on existing recognized TCBs or test labs should be minimal, as only those entities for whom OET has reason to question their ownership or control by an entity or entities identified on the Covered List will be impacted, and those TCBs or test labs will be given an opportunity to show cause why their FCC recognition should not be revoked for just cause. As the Commission weighs the importance of its national security against these minimal measures to prevent entities on the Covered List from owning or controlling FCC-recognized TCBs or test labs, the Commission finds that the compelling interest outweighs any burden imposed by such temporary suspension.
B. Prohibiting Recognition of TCBs and Test Labs in Which Other Entities That Raise National Security Concerns Have Direct or Indirect Ownership or Control
26. The Commission also seeks comment on whether there are other types of direct or indirect ownership or control, or other types of influences beyond the Covered List determinations that potentially could adversely affect a TCB's or test lab's trustworthiness, or otherwise undermine the public's confidence. In recognition that TCBs and test labs have access to proprietary, sometimes sensitive information about suppliers and their devices, the Commission seeks comment on whether, and to what extent, the Commission should apply other lists developed by Executive Branch agencies that reflect expert determinations about entities that pose national security concerns.
27. The Covered List is only one source that identifies entities that raise national security concerns that potentially affect the communications equipment supply chain. Several Executive Branch agencies with particular national security responsibilities, and based upon specific statutory authorities, have recently developed or updated lists that identify entities, technologies, or services that they have determined raise national security concerns.
28. For example, the Department of Commerce maintains a list of “foreign adversary” countries that identifies any foreign government or foreign non-government person that the Secretary of Commerce has determined to have engaged in a “long-term pattern or serious instances of conduct significantly adverse to the national security interest of the United States or security and safety of United States persons.” The Department of Commerce's list of foreign adversaries currently includes several foreign governments and foreign non-government persons, including China (including Hong Kong), Cuba, Iran, and Russia. As discussed above, the Commission has recently relied in part on this foreign adversary list (as well as the Covered List) in both the Evolving Risks Order and NPRM and the Cybersecurity IoT Labeling R&O, when making proposals and taking particular actions, respectively, that serve to promote the Commission's national security goals in those proceedings.
29. The Department of Defense (DOD), pursuant to section 1260H of the NDAA of 2021, has identified each entity that the Secretary of Defense has determined is a “Chinese military company” that is “operating directly or indirectly in the United States” and is “engaged in providing commercial services, manufacturing, producing, or exporting.” This DOD list (1260H List) currently includes 73 entities, including three of the five equipment manufacturers listed on the Covered List. Beginning in 2026, pursuant to other statutes, the DOD is prohibited from procurement from companies identified on the 1260H list.
30. Meanwhile, the Department of Commerce's Entity List identifies entities that are reasonably believed to be involved in, or to pose a significant risk of being or becoming involved in, activities contrary to U.S. national security or foreign policy interests. Among other things, the Entity List seeks to ensure that sensitive technologies do not fall into the hands of known threats. As discussed above, in its Cybersecurity IoT Labeling R&O the Commission prohibited entities named on DOD's 1260H List or the Department of Commerce's Entity List (as well as entities producing equipment on the Covered List) from any participation in the Commission's IoT Labeling Program.
31. Further, there are various other Executive Branch agency lists that address national security concerns in addition to those above. For instance, the Commerce Department also publishes a Military End User List, which identifies foreign parties that pursuant to the Export Administration Regulations (EAR) are prohibited from receiving particular items, including certain telecommunications equipment and software, unless the exporter secures a license. These parties have been determined by the U.S. Government to be “military end users,” and represent an unacceptable risk of use in or diversion to a “military end use” or “military end user” in China, Russia, or Venezuela. The Department of Treasury's Office of Foreign Assets Control, in coordination with the Department of State and DOD, administers various sanctions programs, including the Non-Specially Designated Nationals Chinese Military-Industrial Complex Companies List (CMIC List), which identifies individuals and companies as operating or having operated in the defense or surveillance technology sector of the People's Republic of China and from which U.S. persons are generally prohibited from purchasing or selling publicly traded securities. In section 5949 of the NDAA for FY 2023, Congress prohibited executive agencies from procuring, obtaining, or contracting with entities to obtain any electronic parts, products, or services that include “covered semiconductor chips” produced by three Chinese companies (and their subsidiaries or affiliates). The legislation authorizes DOD and the Commerce Department to designate other “covered products or services” if they determine them to be owned, controlled by, or connected to the government of a foreign country of concern, including China, Russia, North Korea, and Iran.
32. The Commission seeks comment on whether, and if so, the extent to which, the Commission should rely upon any of the various lists developed by the Executive Branch agencies that involve particular determinations relating to national security as a source to identify entities that raise national security concerns warranting a prohibition on participation in the Commission's equipment authorization program. While each list is designed to support specific prohibitions or agency objectives, the national security objectives common throughout each may warrant that the Commission take a cautious approach, especially with respect to those products for which relevant Federal agencies have expressed other security concerns. Are any such lists particularly suitable, or ill-fitting, for the equipment authorization context? The Commission also seeks comment on whether it should consider any other Executive Branch agency lists to rely upon as a source to identify entities that raise national security concerns and to restrict participation of those entities in the Commission's equipment authorization program. What other lists or sources of information should the Commission consider?
33. The Commission notes that it has a longstanding policy of according deference to the Executive Branch agencies' expertise in identifying risks to national security and law enforcement interests. With regard to each of these lists, to the extent that commenters recommend consideration of any of these lists with regard to eligibility for recognition of a TCB or test lab, the Commission asks that commenters explain why such eligibility should be restricted based on the list, as well as any other considerations the Commission should take into account in implementing such a restriction. The Commission invites comment on any other issues concerning consideration of any of these lists of Executive Branch determinations.
34. Further, the Commission seeks comment on other determinations on which it should rely to prohibit participation in its equipment authorization program. Specifically, should any “foreign entity of concern” as defined by the CHIPS Act be prohibited from participation? What about entities subject to exploitation, influence, or control by the government of a foreign adversary, such as foreign adversary state-owned enterprises, including their U.S.-based subsidiaries, or entities that conduct research, development, testing, and evaluation in support of the military or intelligence apparatus of a foreign adversary ( i.e. defense contractors)? What about entities with ownership interests by municipal, state, or other governmental entities within a foreign adversarial country? Are there any other determinations reflecting national security risks and/or practices contrary to U.S. interests, such as entities with documented evidence of human rights abuses, forced labor, and similar practices, including entities who meet the criteria established by the Uyghur Forced Labor Prevention Act? Are there any other determinations the Commission should consider that would indicate the untrustworthiness of an entity in terms of its equipment authorization program?
C. Ownership, Control, or Influence by Entities That Pose an Unacceptable Risk to National Security
35. To further protect the nation's telecommunications infrastructure and communications equipment supply chain from threats in an evolving national security landscape and to ensure the integrity of the equipment authorization program, the Commission proposes and seeks comment on collecting various ownership and control information from TCBs and test labs.
36. The Commission notes that, outside the context of the equipment authorization program, the Commission and other government agencies have routinely adopted rules to identify direct or indirect ownership or control of entities by third parties in order to address national security, competition, or other concerns. The Commission in many cases has required regulated entities to disclose information regarding related parties, whether those other parties control the entity, or have an ownership interest in it, or have some other relationship with the entity that is relevant to the public interest. For example, applicants seeking a new FCC satellite license, a modification of a satellite license, or the assignment or transfer of a satellite license, must disclose certain information both about foreign ownership and corporate ownership. The Commission's rules also require the disclosure of ownership information and corporate ownership information that would assist the Commission's public interest review of applications for international section 214 authority. The Commission notes that in the recent Evolving Risks Order and NPRM, the Commission sought comment on revising its ownership reporting threshold, currently set at 10% or greater direct and indirect equity and/or voting interests, to 5%, noting that the current 10% threshold may not capture all of the foreign interests that may present national security, law enforcement foreign policy, and/or trade policy concerns in today's national security and law enforcement environment. With respect to wireless licenses, there are a number of rules requiring applicants and/or licensees to disclose certain information on ownership and control. Similarly, with respect to radio and local television licenses, the Commission's media ownership rules require extensive disclosure of information. The Commission likewise requires that entities seeking small business bidding credits in Commission spectrum license auctions have attributed to them revenues of parties with controlling interests in the entity, as well as other entities that those parties control and other entities within its own control. In addition, such entities will have the revenues of parties with an interest in their spectrum licenses beyond a specified threshold attributed to them as well, to assure that those other parties are not using the entities as a conduit for spectrum access obtained with a bidding credit. In order to enforce these ownership rules, the Commission requires applicants for such licenses to supply certain information.
37. Additionally, the Commission notes that other Executive Branch agencies also require entities to supply information on ownership and control so that the agencies can carry out their statutory responsibilities. For example, in the 2021 Standard Questions Order,86 FR 68428 (December 2, 2021), the Commission adopted a set of standardized national security and law enforcement questions (Standard Questions) that certain applicants and petitioners with reportable foreign ownership will be required to answer as part of the Executive Branch review process of their applications and petitions. With respect to such applications or petitions that the Commission accepts for filing and refers to the relevant Executive Branch agencies for their review of any national security, law enforcement, and other concerns related to the foreign ownership, as part of the Commission's public interest review of the application or petition, the applicants and petitioners will be required to provide to the Committee information regarding all entities that hold or will hold an ownership interest of five percent or more in the applicant or petitioner in question. The Commission has noted that this information is important to the Committee's review of applications and petitions referred by the Commission for national security and law enforcement concerns and will assist the Committee's determination whether to recommend to the Commission that grant of the application or petition is consistent with U.S. national security and law enforcement interests. Similarly, the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR) requires certain companies to file premerger notifications with the Federal Trade Commission and the Antitrust Division of the Department of Justice. Companies required to submit a HSR pre-merger notification must supply certain information, including, inter alia, information on subsidiaries of the filing entity and minority shareholders of the filing entity and its ultimate parent entity.
38. TCB and test lab ownership and control reporting requirements. In order to more effectively protect the Commission's equipment authorization program from the direction or influence of untrustworthy entities and ensure the integrity of the program, the Commission proposes to require any entity seeking to become an FCC-recognized TCB or test lab to submit to the Commission sufficient information for the Commission to determine the TCB's or test lab's ownership and control, consistent with any threshold determinations the Commission may adopt, as proposed in this proceeding.
39. The Commission believes that collection of certain general ownership and control information places the Commission in the best position to evaluate any ownership interest concerns that potentially may be raised regarding an entity's impartiality or trustworthiness, particularly with regard to potential influence by entities that raise national security concerns. Further, the Commission also believes that such ownership information could be relevant to establishing appropriate “qualifications and standards” under section 302(e) regarding private entities to which the Commission has delegated and entrusted certain responsibilities as part of its equipment authorization program. The Commission has broad authority under section 302, when delegating certification responsibilities to private organizations such as TCBs and test labs, to “establish such qualifications and standards as it deems appropriate” for certification and testing activities. In particular, such data can be instructive in efforts to bolster the integrity of the equipment authorization program, such as ensuring that TCBs are complying with applicable impartiality requirements and rules targeted at ensuring they are not owned or controlled by a manufacturer whose equipment they must examine.
40. The Commission proposes that each TCB or test lab be required to report direct or indirect equity and/or voting interest in the TCB or test lab of 5% or greater. In other similar information collections, the Commission has agreed with Executive Branch determinations that a 5% threshold is appropriate because in some instances less-than-ten percent foreign ownership interest—or a collection of such interests—may pose a national security or law enforcement risk. The Commission seeks comment on this proposal. Alternatively, the Commission seeks comment on other levels and on whether it should raise or lower the ownership threshold for purposes of disclosure. If the Commission were to require submission of any such ownership information, how should such information be collected ( e.g., what particular information in what kind of submissions) and how frequently should this information be reported to the Commission? Should there be a distinction between foreign private ownership vs. foreign governmental ownership? The Commission also seeks comment on evolving ownership and how to ensure that the Commission is timely informed of changes in ownership of TCBs and test labs. Should additional reporting requirements apply to changes in ownership? If so, what thresholds of change should trigger such reporting? The Commission seeks comment on relevant aspects to the information that should be collected.
41. Further, to implement the proposed prohibition of Covered List entities discussed above and align the prohibition with the Commission's equipment authorization program rules regarding prohibited equipment, the Commission proposes to prohibit from recognition by the FCC and participation in its equipment authorization program any TCB or test lab in which an entity identified on the Covered List controls or holds a 10% or more direct or indirect ownership interest. The Commission seeks comment on this proposal. The Commission also invites comment on any other threshold interest level that commenters may believe appropriate, and requests that they provide support for their views. The Commission makes this proposal while noting that, in the EA Security R&O, the Commission prohibited authorization of equipment produced by “affiliates” of entities named on the Covered List and defined an “affiliate” as “an entity that (directly or indirectly) own or controls, is owned or controlled by, or is under common ownership or control with another entity,” and defined the term `own' in this context as to “have, possess, or otherwise control an equity interest (or the equivalent thereof) of more than 10 percent.” The Commission therefore proposes to revise the term “own” in this context to reflect ten percent or more, rather than more than 10 percent. The Commission seeks comment on this proposal. The Commission further proposes to require that TCBs and test labs that are currently recognized by the FCC must: (1) no later than 30 days after the effective date of any final rules adopted in this proceeding, certify that no entity identified on the Covered List or otherwise specified in the Commission's final rules has direct or indirect ownership or control of the relevant TCB or test lab, and (2) no later than 90 days after the effective date of any final rules adopted in this proceeding identify any entity (including the ultimate parent of such entities) that holds such ownership or control interest as the Commission's final rules require, currently proposed as 5% or more ownership, as discussed above. The Commission proposes to adopt the definition of “ultimate parent entity” used in the rules governing pre-merger notifications under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, which defines the ultimate parent entity as “an entity which is not controlled by any other entity.” The Commission seeks comment on this proposal. In keeping with this proposal, the Commission also proposes to clarify the requirement that every entity specifically named on the Covered List must provide to the Commission, pursuant to § 2.903(b), information regarding all of its subsidiaries and affiliates, not merely those that produce “covered” equipment. Further, the Commission proposes that, if a relevant TCB or test lab does not so certify, or provides a false or inaccurate certification, the Commission would suspend the recognition of any such TCB or test lab and commence action to withdraw FCC recognition under applicable withdrawal procedures, as discussed further below. The Commission seeks any additional comment on these proposals and their implementation.
D. Rule Revisions Concerning TCBs and Test Labs
1. Telecommunications Certification Bodies
42. As discussed above, the Commission proposes to prohibit from recognition by the FCC and participation in its equipment authorization program, any TCB or test lab in which an entity identified on the Covered List controls or holds a 10% or more direct or indirect ownership interest and seeks comment on a similar prohibition with regard to other entities that raise national security concerns. The Commission also proposes to collect certain ownership information from TCBs and test labs. In this section, the Commission proposes and seeks comment on additional issues regarding implementation of its proposed prohibition as well as any other revisions the Commission may adopt in this rulemaking.
43. Post-market surveillance. The Commission invites comment on whether it should revise the post-market surveillance rules, policies, or guidance to expressly require such surveillance of granted authorizations, not only with respect to compliance with technical and attestation requirements, but also regarding compliance relating to the prohibition on authorization of “covered” equipment. The Commission seeks comment on reasonable practices TCBs could implement to identify erroneous authorizations of “covered” equipment. Are there best practices or analogous legal frameworks that could be leveraged here? Should the Commission change the post-market surveillance requirements to require that TCBs review certification grants by other TCBs? Should the Commission require that any post-market surveillance testing be done only by FCC-recognized labs in the United States and/or MRA countries? What other measures should the Commission take to strengthen the integrity of the post-market surveillance process to ensure that prohibited equipment has not been erroneously authorized? The Commission also invites comment on any other revisions that it should consider in light of any revisions that the Commission adopts in this proceeding.
44. TCB accrediting bodies. In order for a TCB that is recognized by the FCC to remain so recognized, the TCB's accreditation body must perform an assessment at least every two years to determine that the TCB remains competent to perform the work for the scopes for which it has been recognized. Upon successful completion of the re- assessment by the accreditation body, the information is sent to the TCB's designating authority, which then updates this continued accreditation in the FCC's EAS database. Neither the ISO/IEC standards nor Commission rules include any specific restrictions on the ownership or control of an accreditation body. MRAs generally focus on the capability of accreditation bodies, and do not include specific provisions or restrictions on ownership other than impartiality.
45. The Commission seeks comment on potential revisions concerning its rules and procedures for recognition and re-recognition of TCB accrediting bodies in light of any revisions that the Commission may adopt in this proceeding. What revisions are needed, if any, to ensure that the accreditation body's assessment of entities seeking to become TCBs includes a review of the TCB's ownership and compliance with any requirements the Commission may adopt in this proceeding?
46. Accreditation and reassessment of TCBs. The Commission seeks comment on whether it should clarify or revise its rules or procedures concerning the accreditation of TCBs to ensure that the TCBs can meet their responsibilities. The Commission seeks comment on what particular steps or procedures in the accreditation process could be implemented to examine how TCBs are structured, owned, or managed to safeguard impartiality and otherwise ensure that commercial, financial, or other pressures do not compromise impartiality on certification activities concerning prohibited equipment authorization. Under the Commission's rules, each TCB must be reassessed for continued accreditation at least every two years. If the Commission were to decide to revise any rules or procedures to address impartiality or untrustworthiness concerns along the lines indicated above, the Commission similarly proposes to require any reassessment for continued accreditation to take those issues into account. Accordingly, the Commission seeks comment on the potential clarifications or revisions to the process for the periodic reassessment of TCBs for continued recognition by the Commission. Should, for instance, the Commission provide additional clarity on the reassessment process for submitting the request for reassessment or the review by the accrediting body? Are there other requirements that the Commission should adopt consistent with the issues raised above and the Commission goals in this proceeding?
47. The Commission also seeks comment on whether any clarifications or revision of rules or procedures, either for a new accreditation or a continued accreditation, may implicate or affect U.S. international agreements such as MRAs concerning TCBs and TCB accreditation. Finally, to the extent any commenter proposes further clarification or revisions, the Commission asks that they address any implications under the existing MRAs and whether and how to implement any suggested changes.
48. FCC recognition of TCBs. Considering the proposals and approaches the Commission discusses above, the Commission seeks comment on whether it should consider potential revisions to the rules or processes by which the Commission recognizes a TCB following its initial accreditation, and/or the process by which accreditation is subsequently extended on a periodic basis, including any further review the FCC would do to continue to recognize an accredited TCB. Under the Commission's current rules, it will recognize as a TCB any organization in the United States that meets the qualification criteria and is accredited and designated by NIST or NIST's recognized accreditor. Additionally, the Commission will recognize as a TCB any organization outside the United States that meets the qualification criteria and is designated pursuant to the applicable bilateral or multilateral MRA. The Commission seeks comment on whether it should consider making any clarifications or changes to the FCC recognition process to better ensure that TCBs have the capacity and procedures to meet their obligations under Commission rules, including any requirements the Commission adopts in this proceeding. The Commission invites comment on its rules and procedures regarding recognition of TCBs as qualified for authorizing equipment. Are there any changes that should be considered, either to the rules or procedures concerning the FCC's initial recognition of a TCB, or its continued recognition following any periodic reassessment or reaccreditation of TCBs? To the extent that commenters suggest any changes to the rules or procedures, the Commission asks that they address any implications for MRAs applicable to equipment certification.
49. Withdrawal of FCC recognition. In addition, the Commission seeks comment on tits rules and policies regarding withdrawal of FCC recognition of a TCB. Under the Commission's rules it will withdraw recognition of a TCB if its designation or accreditation is withdrawn, if the Commission determines that there is “just cause” for withdrawing the recognition, or if the TCB requests that it no longer be designated or recognized.
50. The Commission invites comment on the procedures by which it would withdraw recognition of a TCB. The Commission's rules require that it notify a TCB in writing when it has concerns or evidence that the TCB is not certifying equipment in accordance with the Commission rules and policies, and request that the TCB explain and correct any deficiencies. The rules also provide particular procedures for withdrawal, including notification requirements such as providing TCBs at least 60 days to respond. To the extent the TCB was designated and recognized pursuant to an MRA, the Commission must consult with the U.S. Trade Representative, as necessary, concerning any disputes involving the Telecommunications Trade Act of 1988. In light of the Commission's proposals and issues raised above, the Commission invites comment on whether it should consider clarifications or revisions to the Commission's rules or policies, including the current notification requirements and procedures, and if so whether and to what extent such changes would affect the MRAs.
2. Measurement Facilities (Test Labs)
51. In this section, the Commission proposes and seeks comment on additional issues regarding implementation of its proposed prohibition, as well as any other revisions the Commission may adopt in this rulemaking, concerning test labs.
52. Transparency. With the existing transparency requirements and public availability requirements regarding any test lab data and information that TCBs rely upon, are there additional transparency requirements that would be necessary or appropriate in light of the proposal above? The Commission asks that commenters recommending any particular changes address the implications of such changes for existing Commission rules and policies, including the consistency of such changes with ISO/IEC 17025, as well as any potential MRA-related implications.
53. Test lab accrediting bodies. The Commission also invites comment on whether additional clarifications or modifications to the current processes regarding the accreditation of test labs are appropriate in light of the Commission proposals and discussion above and its goals in this proceeding. The Commission asks that commenters discuss what changes may be needed with regard to the accreditation body's expertise were the Commission to adopt its proposals to preclude the accreditation of any test labs associated with entities identified on the Covered List, as well as what changes may be needed in the event that the Commission concludes that other indicia about test labs affect their eligibility. Commenters should address the specific reasons for making changes that are not already addressed by Commission rules and policies. Finally, the Commission asks that commenters address any other implications of their suggestions, including the extent to which MRAs may be affected.
54. Also, in light of evolving national security risks, such as those that may be reflected in the Commerce Department's “foreign adversaries” list, the Commission proposes to preclude accreditation bodies associated with any such foreign adversary and seeks comment. How would such association be determined? The Commission also seeks comment on whether test lab accreditation bodies should be located only in the United States or other MRA-partnered countries.
55. Accreditation of test labs. The Commission also seeks comment on the responsibilities and procedures by which FCC-recognized accreditation bodies conduct their assessment of prospective test labs and determine whether to accredit particular test labs. Should the Commission clarify its recognition requirements with regard to any of the ISO/IEC 17025 standards into its rules and procedures to ensure that the accreditation process for test labs is sufficiently robust to ensure that the requirements that labs be competent and impartial, are managed to safeguard impartiality, and generate valid test results, and that effective procedures are in place include ensuring that labs meet the ownership and control requirements adopted in the proceeding?
56. The Commission also requests comment on whether any of these Commission rules or policies concerning reassessment of test lab accreditation every two years should be clarified or revised in order to help ensure that untrustworthy labs are not recognized and do not be continued to be recognized by the Commission. The Commission notes that if it were to adopt clarifications of any ISO/IEC 17025 principles ( e.g., on personnel, training, or effective management) to ensure that test labs conduct testing in a competent and impartial manner, the Commission proposes to require that the accreditation bodies reassess test labs under the new requirements or procedures. Should OET establish additional specific procedures for reassessment and FCC re-recognition of test labs? The Commission seeks comment on other potential revisions of its procedures for reassessment of test labs every two years, as well as potential revisions of the Commission's procedures for recognition and revocation of recognition. The Commission also seeks comment on any MRA-related issues/concerns that could arise from adoption of any of these possible rule revisions.
57. Finally, the Commission seeks comment on whether, in light of evolving national security concerns, the Commission should revisit its rules and procedures for recognizing test labs with regard to some or all of the countries in economies that do not have an MRA with the United States. For instance, should the Commission no longer recognize any test lab that is located within a “foreign adversary” country that does not have an MRA with the United States? To date, the Commission has recognized three accreditation bodies, all located in the United States, to designate test labs that are located in non-MRA countries. Under the Commission's current rules, these bodies accredit test labs based on ISO/IEC 17025, the same standard by which test labs located in the United States and other MRA-partnered countries are accredited. The Commission has recognized numerous test labs located in economies that do not have an MRA with the United States. The Commission also notes that a number of these test labs also are owned and controlled by TCBs, which must be located in economies that have entered into MRAs with the United States.
58. FCC recognition. The Commission seeks comment on revisions to its rules concerning eligibility restrictions on entities that will be recognized by the Commission as a test lab in its equipment authorization program. The Commission invites comment on whether any other clarifications or revisions to these Commission rules, policies, or guidance would be appropriate. For example, the Commission seeks comment on any necessary clarifications or revisions to the Commission's process for its initial recognition of test labs and to continued Commission recognition following any re-accreditation that occurs on a periodic basis at least every 2 years. The Commission also invites comment on whether it should adopt a more formal FCC review process before initially recognizing a test lab or continued recognition of test labs, and, if so, ask that commenters provide any suggestions they may have as to what such new procedures should look like. The Commission also seeks comment on any MRA-related issues or concerns that may arise from any changes to the current TCB recognition process.
59. Withdrawal of recognition. The Commission proposes and seeks comment on clarifying or modifying the steps that the Commission should take when it determines whether to withdraw recognition of a test lab if the Commission were to adopt changes regarding the type of entities that it will recognize as test labs, or continue to recognize, under the equipment authorization program.
60. To the extent that the Commission ultimately adopts any of the proposals discussed above ( e.g., making test labs associated with entities identified on the Covered List ineligible) or takes other actions to restrict eligibility on entities ( e.g., based on other ownership interests or controlling issues that the Commission may prohibit), the Commission proposes that it withdraw recognition of any test lab that cannot meet the revised requirements for an FCC-recognized test lab. The Commission seeks comment on this proposal, and on the procedures that the Commission should employ with regard to withdrawing continued recognition of such test labs.
61. As with the Commission's discussion of TCBs above, the Commission also believes that repeated failure of a test lab to provide accurate test results, or a test lab's lack candor with regard to interactions with the Commission, would constitute sufficient basis for withdrawal of recognition, and propose that were such circumstances to be presented, the Commission would move forward with withdrawing any existing FCC recognition of such a test lab. The Commission seeks comment on this proposal. The Commission also invites comment on other bases that would merit the Commission proceeding with withdrawing recognition of any existing test lab.
62. Use of accredited, FCC-recognized test labs in SDoC process. As discussed above, the Commission's current rules on authorization of equipment through the SDoC process do not require that any requisite testing of equipment be conducted by an accredited, FCC-recognized test lab. As the Commission seeks to ensure the integrity of its equipment authorization program, including ensuring test labs in which entities identified on the Covered List have certain direct or indirect ownership interests or control do not participate in the Commission's equipment authorization program, the Commission seeks comment on whether it also should require that all equipment authorized pursuant to the SDoC process be tested by accredited and FCC-recognized test labs. Such action could serve to further promote the integrity of the program in precluding untrustworthy test labs from participation and the Commission's national security goals addressed in the proceeding. The Commission seeks comment on this approach.
63. Other issues. Finally, to the extent not specifically asked above, the Commission asks that commenters address whether and, if so, how any of the Commission's proposals herein might affect existing MRAs and/or necessitate further action regarding existing or potential MRAs. Commenters should address any legal authority issues that may arise and the extent to which MRAs or other trade policies may be affected by these proposals.
IV. Ordering Clauses
64. Accordingly, it is ordered, pursuant to the authority found in sections 1, 4(i), 229, 301, 302, 303, 309, 312, 403, and 503 of the Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 229, 301, 302a, 303, 309, 312, 403, and 503, section 105 of the Communications Assistance for Law Enforcement Act, 47 U.S.C. 1004; the Secure and Trusted Communications Networks Act of 2019, 47 U.S.C. 1601-1609; and the Secure Equipment Act of 2021, Public Law 117-55, 135 Stat. 423, 47 U.S.C. 1601 note, that this Notice of Proposed Rulemaking is hereby adopted.
65. It is further ordered that the Commission's Office of the Secretary, shall send a copy of this Notice of Proposed Rulemaking, including the Initial Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration.
List of Subjects in 47 CFR Part 2
- Administrative practice and procedures
- Communications
- Communications equipment
- Disaster assistance
- Radio
- Reporting and recordkeeping requirements, and Telecommunications
Federal Communications Commission.
Marlene Dortch,
Secretary.
Proposed Rules
For the reasons discussed in the document, the Federal Communications Commission proposes to amend 47 CFR part 2 as follows:
PART 2—FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL RULES AND REGULATIONS
1. The authority citation for part 2 continues to read as follows:
Authority: 47 U.S.C. 154, 302a, 303, and 336, unless otherwise noted.
2. Section 2.903 is amended by revising paragraph (b), and the definition of “Affiliate” in paragraph (c) to read as follows:
(b) Each entity named on the Covered List, as established pursuant to § 1.50002 of this chapter, must provide to the Commission the following information: the full name, mailing address or physical address (if different from mailing address), email address, and telephone number of each of that named entity's associated entities ( e.g., subsidiaries or affiliates).
(1) Each entity named on the Covered List must provide the information described in paragraph (b) of this section no later than [30 DAYS AFTER PUBLICATION OF FINAL RULES IN THE FEDERAL REGISTER ];
(2) Each entity named on the Covered List must provide the information described in paragraph (b) of this section no later than 30 days after the effective date of each updated Covered List; and
(3) Each entity named on the Covered List must notify the Commission of any changes to the information described in paragraph (b) of this section no later than 30 days after such change occurs.
(c) * * *
Affiliate. The term “affiliate” means an entity that (directly or indirectly) owns or controls, is owned or controlled by, or is under common ownership or control with, another entity; for purposes of this paragraph, the term `own' means to have, possess, or otherwise control an equity or voting interest (or the equivalent thereof) of 10 percent or more.
3. Section 2.938 is amended by revising paragraph (b)(1)(ii) to read as follows:
(b) * * *
(1) * * *
(ii) State the name of the test laboratory, company, or individual performing the testing. The Commission may request additional information regarding the test site, the test equipment, or the qualifications of the company or individual performing the tests, including documentation identifying any entity that holds a 5% or greater direct or indirect equity or voting interest in the test laboratory, company, or individual performing the testing;
4. Section 2.948 is amended by:
a. Adding paragraphs (b)(1)(viii) and (b)(1)(ix);
b. Redesignating paragraph (c)(9) as paragraph (c)(10), and adding new paragraph (c)(9);
c. Adding paragraphs (g), and (h).
The revisions and additions read as follows:
(b) * * *
(1) * * *
(viii) Certification from each measurement facility that no entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more in the measurement facility; and
(ix) Documentation identifying any entity that holds a 5% or greater direct or indirect equity or voting interest in the measurement facility.
(c) * * *
(9) Each recognized laboratory must certify to the Commission, no later than [30 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later than 30 days after any relevant change in the required information takes effect, that no entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more in the laboratory;
(g) No equipment will be authorized under either the certification procedure or the Supplier's Declaration of Conformity if such authorization is reliant upon testing performed at a laboratory or measurement facility in which any entity identified on the Covered List, as established pursuant to § 1.50002 of this chapter, has, possesses, or otherwise controls an equity or voting interest of 10% or more.
(h) Regardless of accreditation, the Commission will not recognize any test lab:
(1) In which any entity identified on the Covered List, as established pursuant to § 1.50002 of this chapter, has, possesses, or otherwise controls an equity or voting interest of 10% or more;
(2) That fails to provide, or provides a false or inaccurate, certification as required in paragraph (c)(9) of this section; or
(3) That repeatedly fails to provide accurate test results or lacks candor with regard to interactions with the Commission.
5. Section 2.949 is amended by adding paragraph (c) as follows:
(c) The Commission will not recognize a laboratory accreditation body that has any affiliation with a foreign adversary as designated by the U.S. Department of Commerce at 15 CFR 7.4.
6. Section 2.960 is amended by adding paragraph (d) as follows:
(d) The Commission will not recognize any TCB for which any entity identified on the Covered List, as established pursuant to § 1.50002 of this chapter, has, possesses, or otherwise controls an equity or voting interest of 10% or more.
7. Section 2.962 is amended by revising paragraph (e)(2) and adding paragraphs (e)(6) through (e)(9) as follows:
(e) * * *
(2) The Commission will notify a TCB in writing of its intention to withdraw or limit the scope of the TCB's recognition and provide at least 60 days for the TCB to respond. In the case of a TCB designated and recognized pursuant to an bilateral or multilateral mutual recognition agreement or arrangement (MRA), the Commission shall consult with the Office of the United States Trade Representative (USTR), as necessary, concerning any disputes arising under an MRA for compliance with the Telecommunications Trade Act of 1988 (Section 1371-1382 of the Omnibus Trade and Competitiveness Act of 1988).
(i) The Commission will withdraw its recognition of a TCB if:
(A) The TCB's designation or accreditation is withdrawn, if the Commission determines there is just cause for withdrawing the recognition;
(B) The TCB requests that it no longer hold its designation or recognition;
(C) The TCB fails to provide the certification required in paragraph (8); or
(D) The TCB fails to fulfill its obligations to the Commission to ensure that no authorization is granted for any equipment that is produced by any entity identified on the Covered List, established pursuant to § 1.50002 of this chapter.
(ii) The Commission will limit the scope of equipment that can be certified by a TCB if its accreditor limits the scope of its accreditation or if the Commission determines there is good cause to do so.
(iii) The Commission will notify a TCB in writing of its intention to withdraw or limit the scope of the TCB's recognition and provide at least 60 days for the TCB to respond. In the case of a TCB designated and recognized pursuant to an bilateral or multilateral mutual recognition agreement or arrangement (MRA), the Commission shall consult with the Office of the United States Trade Representative (USTR), as necessary, concerning any disputes arising under an MRA for compliance with the Telecommunications Trade Act of 1988 (Section 1371-1382 of the Omnibus Trade and Competitiveness Act of 1988).
(6) The Commission will not recognize as a TCB any organization in which any entity identified on the Covered List, as established pursuant to § 1.50002 of this chapter, has, possesses, or otherwise controls an equity or voting interest of 10% or more.
(7) A TCB must have an organizational and management structure in place, including personnel with specific training and expertise, to verify that no authorization is granted for any equipment that is produced by any entity identified on the Covered List, established pursuant to § 1.50002 of this chapter.
(8) Each recognized TCB must certify to the Commission, no later than [30 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later than 30 days after any relevant change in the required information takes effect that no entity identified on the Covered List has, possesses, or otherwise controls an equity or voting interest of 10% or more of the TCB.
(9) Each recognized TCB must provide to the Commission, no later than [90 DAYS AFTER THE EFFECTIVE DATE OF A FINAL RULE], and no later than 30 days after any relevant change in the required information takes effect, documentation identifying any entity that holds a 5% or greater direct or indirect equity or voting interest in the TCB.
[FR Doc. 2024-14491 Filed 7-3-24; 8:45 am]
BILLING CODE 6712-01-P