On September 9, a new EU regulation on trade in dual-use items (“PDAs”) came into force. Dual-use products are hardware, software, or technology that can be used for both civilian and military purposes. Examples of products that PDAs can consist of include surveillance cameras, semiconductors, valves, laboratory equipment, chemicals, and also knowledge, such as technical drawings. Regulations are in many ways not adapted to how companies conduct their activities and are difficult to enforce. Many companies are also not aware that they are covered and may be subject to severe penalties.
The new regulation entails increased control capabilities for the authorities as well as the possibility of introducing permit requirements for the export of electronic monitoring products, as well as two additional general export permits.
The aim is to strengthen protection and action for the non-proliferation of weapons of mass destruction, contribute to the protection of human rights and international humanitarian law, and contribute to regional peace, security and stability. Reworking the PDA regulation has been deemed essential in order to be able to adapt to the ever-changing technology, economy and politics. The new regulation replaces, after a very long legislative process, the previous PDA Regulation No. 428/2009 and becomes directly applicable in all EU Member States.
companies do not know
Swedish companies that release products, software, or technologies labeled PDAs are required to review their operations and policies to meet the requirements. We have seen that many Swedish companies are not aware that they are covered by the regulations and/or what obligations they have. The penalty for violating the PDA regulation is up to six years in prison and/or a fine.
The main rule, for both the old and the new regulation, is that in principle an export permit should not be required to export PDA classified products within the EU, except for those products classified as particularly sensitive. However, when exporting PDA products to countries outside the European Union, permission is required from the Swedish Inspection Authority for Strategic Products (ISP) or from the Swedish Radiation Safety Authority.
Monitor electronic monitoring products
The regulation does contain some noteworthy changes. First, the so-called mass control was introduced, which focuses on electronic monitoring products, which can be used for internal repression or for gross human rights abuses. The purpose of the new control is to better manage the risks of individuals or companies participating in this type of abuse.
In addition, two new EU general permits will be introduced to facilitate the administration’s need to apply for individual or global export licenses for both authorities and companies. The first is an in-group transfer permit for technology and software classified as a PDA. The permit permits the transfer of certain software and technology from a parent company within the European Union, to a wholly owned subsidiary outside the European Union and to sister companies outside the European Union, but only to certain specified countries.
Restrictions on the countries in which the permit can be used is a major practical obstacle for many Swedish companies. Here, the EU had to go further and extend the permit to more countries, similar to what authorities have done in the US and UK, where regulations are better adapted to how businesses operate.
The second is a general permit from the European Union to export a number of products with encryption function. The permit includes an opportunity to export these products to several countries. But this condition is also very limited in relation to the needs of many companies. The permit does not cover many countries to which Swedish companies export, for example China and Russia, as exporters must apply for individual or global licenses instead. This is unfortunate and involves management and additional work for companies.
With the results in hand, we can say that regulation involves fewer innovations and its practical impact on companies will be more limited than initially anticipated. Companies must review their operations and assess whether and what changes are needed. For non-compliant companies, the consequences can be dire.
Technology and software companies covered by the PDA regulation must also assess their IT infrastructure in particular, as the new regulation may also provide opportunities for flexible trade in dual-use items.
Lawyer, Baker McKenzie Law Firm
Assistant Attorney, Baker McKenzie Law Firm
“Extreme tv maven. Beer fanatic. Friendly bacon fan. Communicator. Wannabe travel expert.”