FCC Seeks To Strengthen Oversight Of The Equipment Authorization Program In The Latest Effort To Safeguard Wireless Supply Chains From National Security Threats

The FCC – in the latest iteration of its expanding role as a regulator in the national security space – recently adopted a Notice of Proposed Rulemaking ("NPRM") proposing to fortify the security of the wireless supply chain by imposing heightened requirements on the Telecommunication Certification Bodies ("TCBs") and Measurement Facilities ("Test Labs") that approve devices marketed and sold in the U.S.

Key Takeaways: The FCC continues to take action against potential national security threats to wireless supply chains.

• TCBs and Test Labs occupy a critical role in overseeing the equipment authorization program, which governs the approval process for a broad class of devices ranging from Wi-Fi routers to wearable fitness trackers.
• Given the continued reliance of many original equipment manufacturers ("OEMs") on overseas supply chains and testing labs, OEMs should take care to conduct diligence and carefully consider any national security risks posed by these vendors.
• Going forward, OEMs should be aware of the FCC's more robust approach to overseeing the approval of telecommunications equipment marketed and sold in the U.S.

Background and Proposed Rule Changes: The FCC is authorized to adopt and enforce regulations governing the interference potential of equipment that emit RF energy that can cause harmful interference to radio communications.¹ To expedite the equipment authorization process, the FCC delegates certain responsibilities to TCBs and Test Labs. TCBs are responsible for reviewing and evaluating equipment applications for compliance with FCC requirements. Test Labs oversee the development of technical reports covering equipment undergoing the authorization application process.

To address the potential for national security risks arising from this framework, the FCC has proposed several changes to its rules:

• Restrictions on direct or indirect ownership. The proposed rule would prohibit any TCB or Test Tab from participating in the FCC's equipment authorization program if an entity identified in the FCC's Covered List has direct or indirect ownership or control of 10% or more of the TCB or Test Lab. Empowered by the Secured and Trusted Communications Network Act of 2019, ² the FCC created the Covered List to identify certain types of equipment produced by particular entities that pose an unacceptable risk to national security. ³ Moreover, this proposal would direct the FCC's Office of Engineering and Technology to suspend the participation of TCBs/Test Labs in the equipment authorization program that are found to be directly or indirectly owned by entities on the Covered List.
• Reliance on information from other Executive branch agencies. The NPRM seeks comment on how the FCC should consider national security determinations from other Executive branch agencies when constructing eligibility qualifications for TCBs and Test Labs. In recent proceedings, the FCC has relied on lists created by other Executive branch agencies (e.g., the Department of Commerce's "Foreign Adversary" list). While the FCC highlights certain Executive branch-compiled lists as potentially useful in making national security determinations for TCBs and Test Labs, ⁴ the NPRM seeks comment on any other lists that could be useful under this framework. ⁵
• Reporting requirements. The proposed rule would require TCBs or Test Labs to report any entity that holds a 5% or greater indirect equity and/or voting interest in them.
• Operationalizing the new ownership restrictions and reporting requirements. The proposed rule would require TCBs and Test Labs that are currently authorized by the FCC to: (1) no later than 30 days after the effective date of any final rules flowing from this proceeding, certify that no entities on the Covered List or otherwise specified in the final rule have direct or indirect ownership in the TCB/Test Lab in question; (2) no later than 90 days after the effective date of any final rules flowing from this proceeding, identify any entity (including the ultimate parent of such entities) that holds ownership or control interest beyond a threshold stipulated in the final rules (currently proposed as 5% or more ownership).
• Expanded surveillance rules. The NPRM seeks comment on whether the FCC should revise the additional post-market surveillance rules, policies, or guidance to expressly require such surveillance of granted authorizations.
• Revise SDoC Rules. The NPRM seeks comment on whether the FCC should also require that all equipment pursuant to the Supplier's Declaration of Conformity ("SDoC") process be tested by accredited and FCC-recognized Test Labs. Currently, FCC rules do not require accreditation and FCC recognition of Test Labs that are relied upon as part of the SDOC process for obtaining equipment authorization. The SDoC generally applies to equipment that does not have a radio transmitter and contains only digital circuitry (e.g., computer peripherals, ISM equipment, TV interface devices).

*****

Comments on the NPRM are due 60 days after the date of publication in the Federal Register. If you have any questions about the implications of this NPRM on TCBs or Test Labs or have comments on the proposed rule changes, please contact Sheppard Mullin's telecommunications group.

Footnotes

1 47 U.S.C. § 302a. Section 302(b) states that "[n]o person shall manufacture, import, sell, offer for sale, or ship devices or home electronic equipment and systems, or use devices, which fail to comply with regulations promulgated pursuant to this section."

2 47 U.S.C. §§ 1601-1609; 47 CFR §§ 1.50002, 1.50003.

3 See Public Safety and Homeland Security Bureau Announces Additions to the List of Equipment and Services Covered by Section 2 of the Secure Networks Act, WC Docket No. 18-89, ET Docket No. 21-232, EA Docket No. 21-233, Public Notice (2022) (see appendix).

4 The FCC cites the Department of Commerce ("DOC") "Foreign Adversary" list, DOC Entity List, DOC Military End User List, Department of Defense Chinese, Department of Treasury CMIC list, and the Department of Defense 1260H list,Promoting the Integrity and Security of Telecommunications Certification Bodies, Measurement Facilities, and the Equipment Authorization Program, ET Docket No. 24-136, Notice of Proposed Rulemaking, ¶¶ 28-31 (2024).

5 See generally Review of International Section 214 Authorizations to Assess Evolving National Security, Law Enforcement, Foreign Policy, and Trade Policy Risks, Amendment of the Schedule for Application Fees Set Forth in Sections 1.1102 through 1.1109 of the Commission's Rules, IB Docket No. 23-119 and MD Docket No. 23-134, 38 FCC Rcd 4346 (2023).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.