The EU has formally enacted sanctions against Russia. They can affect IT companies and it is important to guard against breach. Brian Mulier and Roger Bickerstaff explain the current state of the EU sanctions and add a warning about the impact of the recent extension of the US sanctions for IT businesses.
1. an embargo on the trade, import and export of arms and related material from/to Russia (which covers all items on the EU Common Military List);
2. a prohibition on providing, directly or indirectly, technical assistance, financing or financial assistance (eg grants, loans, export credit insurance, etc) related to goods and technology listed in the EU Common Military List, including for any sale, supply, transfer or export of such items, to any person in Russia or for use in Russia;
3. a prohibition on selling, supplying, transferring or exporting, directly or indirectly, dual-use items (as listed in Annex I of the Council Regulation (EC) No 428/2009) to any person in Russia where those items are or may be intended for military use or for a military end-user - this applies also to providing, directly or indirectly, technical assistance, brokering services, financing or financial assistance (eg grants, loans, export credit insurance, etc) related to such dual-use items;
4. any sale, supply, transfer or export of listed energy (oil and gas) related equipment and technology, whether or not originating in the EU, to any person in Russia or any other country is subject to prior authorisation by competent authorities of EU Member States if such equipment or technology is for use in Russia - export authorisations will not be granted if the concerned equipment and technology are destined for deep water oil exploration and production, Arctic oil exploration and production or shale oil projects in Russia;
5. a prohibition on purchasing, selling or providing brokering services or assistance in relation to transferable securities (eg shares, bonds, etc) and money-market instruments (eg treasury bills, certificates of deposit, etc) with a maturity exceeding 90 days, issued after the entry the sanction regime by listed (major) state-owned Russian banks, development banks, institutions, their subsidiaries and those acting on their behalf.
These prohibitions may not apply (subject to prior authorisation) to obligations arising from a contract that was concluded before 1 August 2014.
Further, it is of importance to note that it is prohibited to participate, knowingly and intentionally, in activities the object or effect of which is to circumvent the above prohibitions, including by acting as a substitute of those listed by the EU-Russia sanction regime.
These restrictive measures are directly applicable in all EU Member States. The measures apply:
· within the EU territory;
· on board any aircraft or any vessel under the jurisdiction of an EU Member State;
· to any person inside or outside the EU territory who is a national of an EU Member State;
· to any legal person, entity or body, inside or outside the EU territory, which is incorporated or constituted under the law of an EU Member State;
· to any legal person, entity or body in respect of any business done in whole or in part within the EU.
Effect on IT Companies
Clearly these sanctions are capable of affecting the operations of IT companies that conduct business activities in Russia. The main prohibitions having an impact on the operation of IT companies in Russia are those that restrict the import of 'dual use' technology into Russia.
The fact that an IT product or service could have a military use or could be used in a military context does not automatically bring the IT product or services within the scope of the sanctions. In any case, the export of dual-use items is subject to control and dual-use items may not leave the EU customs territory without an export authorisation. Where the items 'are or may be intended for military use or for a military end user', the sanctions are applicable. Where the sale is made to a non-military end user or where the intention is clearly for non-military use, the EU sanctions do not apply unless, since 12 September, they are covered by the Extended Sanctions (see below).
The items that are regarded as being 'dual use goods and technology' are defined by reference to a list which is extensive and complex, and includes sections dealing individually with electronics, computers, telecommunications and information security.
The 'dual-use' list includes a wide range of electronic components, general purpose electronic equipment and specialist equipment, such as spray cooling thermal management systems, thermal batteries, frequency changers, high-power and high voltage direct currency supplies, switching devices and many other devices. If electronic equipment is being exported to Russia, specialist legal advice should be obtained in order to determine if it could be regarded as being 'dual-use' goods or services.
Computers and Software
There is a general exclusion in the list for software which is 'generally available to the public' or which is 'in the public domain'. The term 'generally available to the public' is further defined and requires that software is sold from stock at retail selling points, without restriction, by means of: over-the-counter transactions mail order transactions; electronic transactions; or telephone order transactions; and is designed for installation by the user without further substantial support by the supplier.
Providers of package software that is designed for customer installation will benefit from this exclusion from the definition of 'dual-use' goods and services provided that they sell their products directly to end-users and the software is available, for example, by download from an Internet site. However, if a distribution network is used in Russia for the software sales then the benefit of this exemption will not be available. Open source software has the benefit of the exemption.
Various special purpose computers and related equipment categories are included on the 'dual-use' list, including where the computers are rated for low or high temperature operations, are radiation-hardened, designed for 'fault tolerance' or have an 'Adjusted Peak Performance' in excess of 1.5 Weighted TeraFLOPS. Again, if computer equipment is to be exported to Russia, particularly if it has any unusual characteristics, specialist legal advice should be obtained in order to determine if it could be regarded as being 'dual-use' goods or services.
Telecommunications and information security
Certain telecommunications equipment is included in the 'dual-use' list, including telecommunications equipment that can withstand transitory electronic effects or electromagnetic pulses effects, underwater untethered communications systems, radio equipment in certain 'military' bands, optical fibres of more than 500 meters, high frequency radio direction finding equipment, jamming equipment, and telemetry and telecontrol equipment.
Information security systems are included in the list of 'dual-use' items, including where the systems are designed or modified to use 'cryptography' (other than authentication and digital signatures) which either uses a 'symmetric algorithm' with a key length in excess of 56 bits or an asymmetric algorithm in certain circumstances, or cryptanalytic functions, cryptographic techniques to generate the spreading code for 'spread spectrum' systems, or cryptographic techniques to generate certain channelising codes, scrambling codes or network identification codes.
On 12 September 2014, the EU extended the scope of the sanctions against Russia. According to European Council President, Herman Van Rompuy, the extended sanctions aim to promote a change of course in Russia's actions destabilising eastern Ukraine and are in response to the increasing inflows of fighters and weapons from Russia into the Eastern Ukraine and the aggression by Russian armed forces on Ukrainian soil.
Under the extended EU sanctions, the restrictions on activities relating to dual use items have been extended to any sale, supply, transfer or export to a list of entities identified in an Annex to the Regulation, irrespective of whether there is any military connection. The entities that are listed in the Annex are mainly weapons and armaments manufacturers, but it also includes JSC Sirius (provider of optoelectronics for civil and military purposes, including medical equipment), OJSC Stankoinstrument (a holding company with operations in electrical, machine-tool and fuel engineering) and OAO JSC Chemcomposite (materials for civil and military purposes).
The items that are regarded as being 'dual use goods and technology' have not been changed in the extended sanctions.
It should be noted that the scope of the extended EU and US sanctions is different. Updated US sanctions were also introduced on 12 September 2014 that could have an impact on IT companies. Directive 4 of Executive Order 13662 prohibits 'the provision, exportation, or reexportation, directly or indirectly, of goods, services (except for financial services), or technology in support of exploration or production for deepwater, Arctic offshore, or shale projects that have the potential to produce oil in the Russian Federation, or in maritime area claimed by the Russian Federation and extending from its territory, and that involve any person determined to be subject to this Directive, its property, or its interests in property.'
This US Directive appears to have the effect of prohibiting the export of any technology (not just items that are classified as 'dual use') that could support elements of oil production in Russia. As a result, companies that are seeking to export general IT products (software and hardware) for use in the Russian oil industry should be aware that they may be caught by the US sanctions. Companies that may be affected should take expert US legal advice in this area.
Brian Mulier is a Partner at Bird & Bird (Netherlands) and Roger Bickerstaff is Chair of SCL and a Partner at Bird & Bird (UK).