US Department of Commerce Significantly Expands Controls Targeting Indigenous Production of Advanced Semiconductors in China

On December 2, 2024, the US Department of Commerce’s Bureau of Industry and Security (“BIS“) issued long anticipated and extensive new controls to impair China’s indigenous production of advanced semiconductors and other items that can be used in advanced weapon systems, AI, and advanced computing in support of China’s military-civil fusion program. The new rules have a particular focus on the tools used in semiconductor manufacturing and on certain high bandwidth memory (“HBM“), and this is also reflected in the type of entities newly-designated on the Entity List.

The new controls come in the form of (1) an interim final rule, “Foreign-Produced Direct Product Rule Additions, and Refinements to Controls for Advanced Computing and Semiconductor Manufacturing Items” (“IFR“) and (2) a final rule, “Additions and Modifications to the Entity List; Removals from the Validated End-User (VEU) Program” (“Final Rule“) (collectively the “Rules“). The IFR in particular is lengthy, complex, and broad-ranging, and requires careful consideration as it builds on three previous waves of semiconductor export controls published in October 2022, October 2023, and April 2024, which we covered in past blogs here, here, and here, respectively. This blog post only summarizes key aspects of the Rules. Please reach out to the authors or a member of the Baker McKenzie global trade team if you have any questions on the IFR or Final Rule. Comments on the IFR are due by January 31, 2025.

Effective date, compliance date, and savings clause (Updated)

The new restrictions are largely “effective” as of December 2, 2024, although some provisions have a delayed “compliance date” of December 31, 2024. BIS is expected to issue FAQs clarifying these dates.

For example, in the Entity List Final Rule, the license requirements and other Entity List-related requirements linked to a Footnote 5 designation (e.g. license requirements for items now subject to the EAR only as a result of the new Footnote 5 foreign direct product rule, which is relevant only to the 16 Entity List parties with an associated Footnote 5 designation) do not have to be complied with until December 31, 2024 to give companies time to make the necessary compliance and jurisdictional assessments. By contrast, all other new Entity List requirements, including with respect to items subject to the EAR for reasons other than the new Footnote 5 foreign direct product rule destined for Footnote 5 designated Entity List parties and for all items subject to the EAR for non-Footnote 5 Entity List parties, are effective, and have to be complied with, as of December 2, 2024. Under the IFR, other than the new Red Flags and the clarification on software license keys which are effective as of December 2, 2024, the other regulatory changes do not have to be complied with until December 31, 2024.

BIS has also provided for a savings clause under both Rules. Under the Entity List FR, again except for those Entity List-related requirements linked to a Footnote 5 designation (for which the savings clause is pushed out based on the later compliance date), shipments of items that could previously have been shipped without a license that were en route aboard a carrier to a port of export, reexport, or transfer on December 2, 2024 pursuant to actual orders, may proceed under the rules in existence prior to the Entity List designation, provided the export, reexport, or transfer is completed no later than January 2, 2025. For the Entity List requirements linked to Footnote 5 designations (e.g., for items now subject to the EAR only on account of the new Footnote 5 foreign direct product rule destined for Footnote 5 Entity List parties), the saving clause dates are later – January 2, 2025 and January 31, 2025, respectively. Similarly, under the IFR, for many of the requirements, shipments of items that could previously have been shipped without a license that were en route aboard a carrier to a port of export, reexport, or transfer on January 2, 2025 pursuant to actual orders, may proceed under the rules in existence prior to the IFR, provided the export, reexport, or transfer is completed no later than January 31, 2025.

New controls on additional types of semiconductor manufacturing equipment (“SME”), software tools, and HBM

The IFR imposes new controls on the following items:

• 24 additional types of SME, including certain etch, deposition, lithography, ion implantation, annealing, metrology, and inspection equipment for use with patterned 300mm wafers, and cleaning tools. Some SME previously controlled under 3B001 have been slightly decontrolled to new ECCN 3B993/3B994 due to their established usage in non-advanced-node fabrication (e.g., DUV).
• 3 types of software tools for developing or producing semiconductors, including software that increases the productivity of advanced SME or allows less-advanced SME to produce advanced chips. These are controlled in new ECCNs 3D992 and 3D993.
• Certain advanced HBM stacks (with a memory bandwidth density greater than 2 GB per second per square mm) . This technology is found in almost all advanced AI data centers, used in AI training, and is a key component of advanced computing and now controlled under new ECCN 3A090.c. Such HBM are not eligible for License Exception NAC or ACA, but some HBM with lower parameters are eligible for a new License Exception HBM limited to packaging sites that are owned and operated by US or allied headquartered companies and under various conditions, including reporting, to prevent diversion.

Entity List—140 Additions and 14 Modifications

The Final Rule makes the following changes to the Entity List:

• Designates 140 new entities, including China-based indigenous tool manufacturers, semiconductor fabs, and investment companies involved in advancing China’s military modernization. The newly-designated entities are located in China, Japan, South Korea, and Singapore. BIS states that all of these parties are involved in the development and production of advanced-node integrated circuits (“ICs“) and/or SME and/or to have supported the Chinese Government’s military-civil fusion program, and are being designated to help companies identify problematic advanced-node IC and SME production facilities targeted by the October 2022 and October 2023 rules.
• Modifies 14 entities already on the Entity List to add new addresses and to revise licensing review policies.
• Designates 16 entities (9 newly listed entities; 7 existing Entity List entities) with a new footnote 5 (“FN5“)—subjecting them to specific restrictions covering the supply of certain additional foreign-produced items under a new Entity List FN5 Foreign-Direct Product (“FDPR“) ruleand de minimis provision (see explanation below). Entities with a FN5 designation have been determined to be involved in, or risk becoming involved in, the development or production of advanced-node ICs at facilities in Macau or in County Group D:5.

Expansion of EAR jurisdiction with the addition of two new FDPRs and corresponding de minimis provisions

• FN5 Entity List FDPR (new § 734.9(e)(3) of the EAR) (“FN5 FDPR”): The FN5 FDPR extends EAR jurisdiction over specified foreign-produced SME in certain ECCNs in Category 3 of the Commerce Control List (excluding certain types of SME and masks and reticles) and related items if there is “knowledge” of involvement of a FN5 Entity List entity, specifically, “knowledge” that (i) such foreign-produced items will be incorporated into any “part,” “component,” or “equipment” produced, purchased, or ordered by a FN5 Entity List entity, or (ii) any FN5 Entity List entity is a “party” to a transaction involving the foreign-produced items. The FN5 FDPR only applies to those (currently 16) entities designated on the Entity List under FN5; it does not apply to other Entity List parties with only footnote 1 or footnote 4 designations, to other Entity List parties, or other non-listed parties.
• SME FDPR (new § 734.9(k) of the EAR): The SME FDPR extends EAR jurisdiction over specified foreign-produced SME and related items if there is “knowledge” that the foreign-produced commodity is destined to Macau or a destination in Country Group D:5, including China. The SME FDPR targets SME essential to, or that supports, production of “advanced-node ICs” (as that term is defined under the EAR).
• FN5 Entity List and SME FDPR de minimis expansion: In a novel and expansive change, both the SME FDPR and the FN5 FDPR extend jurisdiction over the specified foreign-produced items not only when they are (i) the direct product of specified technology or software subject to the EAR, or (ii) produced by a plant or ‘major component’ of a plant that is itself the direct product of specified US-origin technology or software, but also (iii) when the foreign-produced item contains a commodity that is produced by a complete plant or ‘major component’ of a plant located outside the United States which are themselves a direct product of certain US-origin technology or software.
  • This measure has the effect of capturing SME or a commodity that simply contains any other foreign-produced component (like an IC) that is itself captured under an FDPR. BIS has clarified that if a foreign-produced item contains an IC, where that IC was itself produced with a foreign tool and this tool itself was a direct product of specified US-origin technology or software, then this foreign-produced item will be caught under the product scope of these FDPRs.
  • BIS also made corresponding changes to the de minimis rule at EAR §§ 734.4(a)(8) and (9) by specifying that there is no de minimis level of US-controlled content in certain items in Category 3B that contain a US-origin IC caught under the SME FDPR or FN5 FDPR. This appears to be to ensure that foreign-produced SME containing US-origin ICs or other components, but which are not otherwise captured by the SME FDPR or the FN5 FDPR, are controlled to the same extent as foreign-produced SME containing items controlled by the SME FDPR and FN5 FDPR.
  • This expansive type of “see-through” rule will make FDPR analyses for foreign-produced SME tools containing third party components incredibly challenging. Indeed, BIS comments that, based on its review of supply chain data, “[i]t can thus be presumed that any integrated circuit has been produced using at least one US tool qualifying as a ‘major component’ under …. the FN5 FDPR.” Correspondingly, BIS added Red Flag 26 to Supplement No. 3 to Part 732 of the EAR stating that if a foreign-produced item contains at least one IC that is a red flag that the product scope of the SME FDPR or the FN5 FDPR is met.
• Licensing requirements for items caught under the FN5 FDPR and SME FDPR: To determine whether licenses are actually required for foreign-produced items subject to the EAR under the FN5 FDPR and SME FDPR, you have to refer to the licensing requirements set out in a new EAR § 742.4(a)(4) (national security controls), a new EAR § 742.6(a)(6)(i) (regional stability controls), as well as a new EAR § 744.11(a)(2), respectively. These licensing requirements are more calibrated than for other FDPR rules, include various exclusions, and are thus quite complex. For example, there are exclusions for certain FDPR items when exported by entities located in allied countries in a new Supplement No. 4 to Part 742 of the EAR or in a country that has implemented similar controls, provided in each case that entity is not headquartered or have an ultimate parent headquartered in Macau or a Country Group D:5 country.

Clarification and expansion of SME end use licensing requirement in EAR § 744.23(a)(4)

In response to comments received on the October 2023 rules, BIS has clarified and expanded the SME end use licensing requirement in EAR § 744.23(a)(4), as follows:

• The SME end use control may apply to any item subject to the EAR and specified on the Commerce Control List when (1) that item—either in its original form or as subsequently incorporated into a foreign item—is for the “development” or “production” of any foreign-made item specified in the end use control, and (2) the “development” or “production” is by an entity headquartered in or whose ultimate parent is headquartered in Macau or a County Group D:5 destination. In this manner, BIS makes clear this end use licensing requirement applies to items for the “development” or “production” of any foreign-made item specified in the end use control (whether initial or subsequent).
• The exclusions from this end use license requirement, e.g., for certain masks, apply to both the direct and indirect export licensing requirements.
• The qualification for ‘front-end integrated circuit “production” equipment’ was removed in response to questions regarding challenges in determining end-use for front-end vs. back-end items. BIS still welcomes comments on which ‘back-end’ equipment might be excluded.
• The product scope was also expanded to cover newer controlled ECCNs 3B903, 3B992, 3B993, and 3B994.

Temporary General License (TGL)—extensions and expanded coverage

• The TGLs in Supplement No. 1 to Part 736 of the EAR that were originally introduced to minimize immediate disruptions to IC supply chains of US or allied country headquartered recipients are being extended and expanded in some cases:
  • until December 31, 2025 (unchanged) for advanced computing items controlled under .z ECCNs and related software and technology; and
  • until December 31, 2026 for:
    • lesser restricted SME items controlled only for anti-terrorism reasons;
    • newly-controlled SME items under ECCNs 3B993 and 3B994 (even though not AT-controlled) (added to TGL1); and
    • newly-controlled HBM items under ECCN 3A090.c (added to TGL 2).

New end-use controls on ECAD and TCAD software and technology

The IFR imposes new end use controls under EAR § 744.23(a)(2) on Electronic Computer Aided Design (“ECAD“) and Technology Computer Aided Design (“TCAD“) software and technology where there is “knowledge” that the items will be used for the design of advanced-node ICs to be produced in Macau or a Country Group D:5 destination.

New License Exception Restricted Fabrication Facility (RFF) (EAR § 740.26)

New License Exception RFF will allow certain facilities of Entity List entities that would otherwise be subject to end-user license requirements to continue to receive certain legacy SME and other items to produce non-advanced-node ICs subject to certain guardrails. The guardrails include:

• pre-shipment notifications to BIS;
• notification 30-days after installation of SME;
• end use monitoring;
• annual reporting;
• record keeping; and
• restrictions on operation, installation, maintenance, repair, overhaul, or refurbishment of installed base.

Items exported under License Exception RFF cannot be used to produced advanced-node ICs. Only Wuhan Xinxin/XMC is currently eligible for License Exception RFF.

New License Exception HBM (EAR § 740.25)

As noted above, new License Exception HBM authorizes certain lower capacity HBM for certain packaging sites that are owned and operated by US or allied (Country Group A:5) headquartered companies and under various conditions, including reporting, to prevent diversion.

Clarification regarding remote access via controls on software license keys (effective December 2, 2024)

BIS clarified that the EAR controls the export, reexport, or transfer (in-country) of software license keys that allow access to the use of specific other hardware or software, as well as renewal of existing software and hardware use licenses (i.e., where the recipient already has the software, but needs a new software key) to the same degree as such accessed software or hardware. For example, a software key that allows use of hardware classified under ECCN 5A992 would be classified under ECCN 5D992 and controls would apply accordingly. This clarification appears to be an attempt to address recent concerns over unauthorized remote access to controlled software or hardware and to expand existing provisions in EAR § 734.19 that only address transfer of “access information.”

Addition of new “Red Flags” (effective December 2, 2024)

BIS is adding eight new Red Flags to Supplement No. 3 to Part 732 of the EAR to assist exporters in their due diligence checks for potential diversion to unauthorized end uses, end users, or destinations. In addition to Red Flag 26 discussed above, these include, for example:

• Red Flag 24 addressing the scenario where a request for an item or service comes from a new customer whose senior management or technical leadership overlaps with an entity on the Entity List (a common scenario where companies split off operations into new entities in anticipation of a potential Entity List designation, but where the same management and leadership remain in control of both entities); and
• Red Flag 27 addressing scenarios where production occurs across separate, but physically connected, buildings. Although these are separate “facilities,” this raises the red flag that production of advanced-node ICs occurs in each one of the connected facilities. Notably, resolving this Red Flag requires submission of an advisory opinion request to BIS; otherwise the connected buildings must be treated as a single “facility.”

Removal of three entities from Validated End-User (“VEU”) program

Three entities (CSMC, HHGrace, and AMEC) were removed as eligible end-users from the VEU program, which allows exports, reexports, and in-country transfers of eligible items subject to the EAR under a general VEU authorization (subject to various conditions) rather than a specific license.

*          *          *

More corrections and clarifications from BIS can be expected as BIS notes that it is continuing to review comments from the October 2023 rules, as well as the April 2024 rules, and anticipates comments on the latest Rules reported on in this blog.