Strategic competition and Russia’s conflict in Ukraine are likely to have important implications for multilateral export controls. Some have muted the possibility of creating new multilateral export control regimes to address these challenges, for example.[49] It is understandable that many states will not wish to take a position in relation to strategic competition. Regardless, states should ensure that they at least have instruments, systems and processes to provide visibility of potentially problematic transfers and cooperation with states such as Russia and China – and indeed any other country viewed as being of concern.
The toolset needed to monitor and manage strategic trade is different now than it has been in recent decades when the principle threats were non-state actors and so-called rogue states such as Iran, and North Korea. In the case of China, in particular, the country is so integral to the global market and supply chains that controls must be carefully calibrated so as not to unduly harm the implementing state. This said, at the same time, the aperture of what should fall within scope of controls is broader given the approaches to technology acquisition as detailed elsewhere in this guidance.
Export controls based on the existing regimes will not be sufficient alone to manage risks under great power competition. This is for a few reasons. Firstly, regime-based control lists have bureaucratic hurdles for modifications and additions which frequently lag behind the rate of innovation in tech sectors. Secondly, regimes are dictated by the actors engaging in strategic competition with each other, including Russia and China, potentially undermining the legitimacy of the regime’s response to risks posed by its own members. Lastly, due to the number of acquisition methods being utilized to obtain strategic goods, states may need to take unilateral action to protect its domestic industry beyond standard export controls.
In this context, and in the course of the work to generate this guidance, CNS has identified the following elements that states should implement.
- Enact a military end use control which can be used in relation to Russia and China. Globally, the existence of military end use controls have generally lagged behind weapons of mass destruction end use control perhaps because the latter is an expressed requirement of UNSCR 1540.
- Promulgate lists of entities of concern in Russia and China such that companies and financial institutes must refer cases involving such entities to authorities. In Russia, for example, it is known which institutes are thought to be involved in the Novichok program, for example. And in China, it is known which organizations and institutes are involved in the nuclear and missile programs. These lists of organizations include military linked universities, for example.
- Set out standards for cybersecurity of export-controlled information that technology holders and exporters must meet. Presently, few countries address the cybersecurity of export-controlled information.
- Ensure nonproliferation controls are being implemented in universities and research institutes. Consider implementing vetting and deemed export controls in pursuit of this objective. Presently, many countries do not have adequate controls in place to safeguard sensitive technology held in universities and research institutes. Furthermore, in many countries, these actors have not been adequately engaged with regards to export controls.
Each of these elements is complex in its own right. In several areas, CNS has been working to develop additional guidance and training materials which may be added to the present guidance in the future as this guidance is expanded from its present private sector focus to a state-centric scope.
The trends and tactics being employed as a result of strategic competition also carry important implications for companies. The remainder of this guidance focuses on what companies should know and what additional due diligence steps should be taken by companies. This includes a section on trends in technology acquisition, a section on acquisition methods, a list of red flags, a section on due diligence elements, and a section on potential additions to internal compliance programs. Additionally, the guidance also contains a number of case studies and how-to guides.