EU Dual-Use Reform

In 2016, the EU started a process to reform its dual-use regulation. The goal is to limit the availability of so-called information and communications technologies (ICT) in regions where these could be used to violate fundamental human rights. The Federation of German Industries (BDI) expressly supports this goal and has again positioned itself on the issue in October 2020. BDI calls for an EU-autonomous list for certain ICT-goods.

The purpose of dual-use controls is to restrict the access to those commercial goods, which by their design can have either civil or military applications. For these controls to work, the international community has institutionalized a regime, the Wassenaar-Arrangement, through which member states coordinate their non-proliferation efforts and agree upon mandatory international control standards and items. Collective controls effectively prevent that some actors capitalize on the export control efforts of some states and, thereby, fill the void purposefully created on the global market.

Wassenaar’s procedure is straightforward: experts gather information about goods. Threat scenarios are analyzed and, eventually, member states agree on additions or withdrawals from the common list of controlled items. The European Union (EU) transfers these changes into Annex I of its dual-use regulation (EC) 428/2009. Equipped with this information, companies can, more or less clearly, identify the goods for which they will need an export license – or in which cases the application for an export license has no reasonable chance of success.

Adapting Export Controls to a New Security Environment

It is undisputed that trade controls must meet the challenges of today’s technological and security-policy environment. During the Arab Spring, ICT was employed by authorities to systematically access and monitor social media networks with the express purpose of suppressing demonstrators by using kidnappings, torture and targeted killings.

Europe is united in its aim to prevent such abuses in the future. However, disagreement persists on how to reach this goal. Up until today, the European Commission and the European Parliament (EP) have favored a paradigm shift in the EU’s system of trade controls. According to this, so-called catch-all controls are to filter out all ICT-items that might pose a risk to fundamental human rights.

Catch-All Rules will not improve human security

Catch-all controls originated in 1990s Germany. The original nomenclature literally translates into “end-use-related export controls”. Accordingly, the very purpose of such controls is to make sure nuclear, biological or chemical agents as well as unmanned systems capable of delivering such weapons of mass destruction do not fall into the wrong hands. Catch-all controls, therefore, serve national security interests.  

Catch-all rules inhibiting the illegitimate use of ICT-items would push this system of controls towards a human-security approach. To be clear, BDI does not question the concept as such or its relevance in trade controls. German industry explicitly supports the protection of human rights. BDI has fully backed the EU’s anti-torture regulation as well as new listings in the international control regimes and EU-embargoes.

How Catch-All Controls Work

BDI opposes catch-all controls for functional reasons, however. A common misunderstanding is that everything could be controlled – or caught. However, contrary to listed positions that identify controlled items by providing technical descriptions, catch-all rules are unspecified backup-rules relying on economic operators’ obligation to self-control.

The effectiveness of such controls relies on a one-stop mechanism that synchronizes the production of an item and its technological risk assessment. Engineers can clearly evaluate if an order placed poses a risk to the non-proliferation of weapons of mass destruction (WMD). Evaluating potential human rights threats posed by ICT-items – i.e. an unwanted end-use – cannot be assessed by technical parameters alone. Companies are specialists for their products. However, companies do not have intelligence details or security assessments from regions undergoing political change. Without such information, economic operators should not be asked to conduct autonomous risk-assessments and carry the substantial risk associated.

A human-rights catch-all would create legal uncertainty. For German companies, the responsibility for export control issues is directly linked to the executive floor. A Chief Export Control Officer is required to be part of the body authorized to represent a company (member of the board, managing director or a representative shareholder) and is personally responsible to ensure export control compliance. Violations can entail severe legal and criminal consequences. Globally, compliance standards practiced in German companies constitute the gold standard. Imprecise regulations would do damage to the export control environment as a whole.

EU-autonomous List and Strengthening Wassenaar Arrangement

As a compromise, BDI proposes an EU-autonomous list. This list should contain ICT-items with dual-use applicability specially designed for the covert extraction of information- and communications data from natural persons. To be effective, the list should be governed by qualified majority including the blocking minority recognized in European law.

By its nature, an autonomous list will constitute a unilateral measure and is as such not entirely unusual. German law provides for limited interferences through Paragraph 6, Clause 1 of the Foreign Trade and Payments Act (AWG). To ensure that a unilateral measure taken by the EU does not damage the legitimacy of the multilateral non-proliferation regimes, EU governments represented in the Wassenaar Arrangement should be obligated push in unison for a multilateral position of respective items on the common control list. This mechanism would ensure that European export controls and the multilateral control regimes stay joined at the hip.