Review of EU export controls of dual use items



2018 may witness an important overhaul of the EU’s export control regime on dual use items. This regime aims to control exports of items that could be used for purposes other than their legitimate civilian applications.

On 17 January 2018, the European Parliament cast its vote on a proposal of the European Commission to change certain aspects of the EU’s export control system on dual use items. The Council Working Party on Dual-Use Goods is also looking into the Commission’s proposal. The outcome of the legislative process will depend in large part on the interinstitutional negotiations that will take place between the Parliament and the Council.

The ongoing discussions in the Parliament and the Council follow a lengthy process which started with a Green Paper published by the Commission in 2011. The EU export control system was set up in the 1990s and strengthened in 2000. The EU regulation presently in force, Regulation 428/2009, significantly improved the EU export control regime. The novelties introduced in 2009 were mainly driven by the 2003 EU strategy against the proliferation of weapons of mass destruction. The current reform is in large part driven by a different perspective, in particular an increased focus on the protection of fundamental rights and freedoms by subjecting exports of surveillance items to specific controls.

This article touches on these and other changes that are currently being envisaged, taking into account the proposal by the Commission as well as the amendments proposed by the Parliament.

Focus on human rights – surveillance items

The present reform will introduce the concept of “human security” in EU export controls. Until now, the EU dual use controls related to items that could also be used for military purposes. The ongoing reform process complements this with a focus on human rights. It intends to tackle the proliferation of cyber surveillance items that could be misused in violation of human rights and could threaten the EU’s digital infrastructure.

The text approved by the Parliament further strengthens the importance of human security as compared to the Commission proposal. The Parliament’s rapporteur for the proposed reform, Mr Klaus Buchner, has often stressed that the protection of human rights is at the core of the proposed dual use reform: “[t]he European Parliament has delivered on its promise to strengthen the EU’s human rights policy by making exports of surveillance technology stricter. The European Union has a responsibility to make sure that its exports are not used by governments to limit fundamental rights and freedoms. We must not be complicit in human rights violations abroad. We have already seen how dangerous these technologies can be when they are abused by governments, most notably in the clamp down on the Arab Spring. At a time when the space for civil society and human rights activists is being put under threat by repression, and warfare is increasingly based on dual-use items, this is a much needed reform.”

Once adopted, the proposal would extend the notion of dual use items to include, in addition to the traditional concept covering items that can be used for both civil and military purposes, certain cyber surveillance items. The definition would also explicitly refer to the commission of serious violations of human rights law or international humanitarian law.

The Commission had initially listed in the draft legislation 10 cyber surveillance technologies. The proposal published on 28 September 2016, and not amended by the Parliament, refers explicitly to five items: mobile telecommunications interception equipment, intrusion software, monitoring centres, lawful interception systems and data-retention systems, and digital forensics. The Parliament refers in this context also explicitly to devices for the de-codification of encryption, the recovery of hard disks, the circumvention of passwords and the analysis of biometric data as well as IP network surveillance systems.

Whereas three of those items were already covered by internationally agreed dual-use controls, two items – monitoring centres and data retention systems – have been added to the control list by the current proposal. These latter two types of cyber surveillance technology are not covered by the dual use controls that have been agreed at the international level.

Alongside the extension of the notion of dual use items, the proposed reform extends the scope of the catch-all controls. Under the already existing catch-all control clause, exports of non-listed dual use items are subject to restrictions in specific circumstances. Further to the reform, one of those circumstances would relate to the exporter’s awareness of the use of cyber surveillance items in connection with violations of international human rights law or international humanitarian law in countries where serious violations of human rights have been identified, and when there is reason to suspect that this or similar items may be used for the purpose of directing or implementing such violations by the proposed end-user.

The Commission also proposed to extend this catch-all provision to include an awareness of ‘use in connection with acts of terrorism’, but the text approved by the Parliament rejected this proposed amendment. Instead, the Parliament proposed to add the prevention of acts of terrorism to the considerations that may allow Member States to impose additional controls on non-listed dual use items.

The Commission’s proposal already inserted a reference to the respect for human rights as one of the elements to be taken into consideration by Member States when granting individual or global export authorisations. The Parliament strengthens this wording and suggests introducing a specific wording with respect to authorisations for the export of cyber surveillance items. For the assessment of an application for such authorisations, the Parliament suggests specifying that the authorities have to consider, inter alia, the risk of violation of the right to privacy, the right to data protection, freedom of speech and freedom of assembly and association.

Other notable changes

The focus on surveillance items is not the only relevant element of the proposed reform. Some of the other changes that are of interest include those addressed below.

The proposal would, for instance, amend the circumstances under which a transmission of software or technology by electronic media would be considered as an export operation that requires a licence. Currently, the regulation refers to the transmission thereof to a destination outside the EU. As a result, technically speaking the uploading of information on a server outside the EU would trigger an authorisation requirement, even if nobody can access that server from outside the EU. The proposed revised definition would refer to a transmission to legal and natural persons or partnerships outside the EU, with a view to limiting the administrative burden for exporters and licensing authorities.

The proposed reform would also clarify to a certain extent the compliance burden incumbent on exporters of dual use items. It would provide for a requirement to have a compliance policy and procedures – referred to as an “internal compliance programme” – as a condition to be able to benefit from certain authorisations. The Parliament suggests allowing exporters to request authorities to certify their compliance policy. It also suggests that the Commission should issue a reference internal compliance programme.

Questions often also arise as to the level of due diligence required by economic operators to identify instances in which the catch-all controls – which subject exports of non-listed items to restrictions – may be triggered. Also, the Parliament voiced these concerns, and proposed to insert a reference to the guidance issued by the Organisation for Economic Co-operation and Development (OECD) and the United Nations (UN) – the OECD Guidelines for Multinational Enterprises, the OECD Due Diligence Guidance for Responsible Business Conduct, and the UN Guiding Principles for Business and Human Rights – in the recitals of the regulation. The Parliament has also called on the Commission to issue comprehensive guidance in this respect by the time the revised regulation would enter into force.

The proposed reform also introduces a number of new EU general export authorisations, for instance for encryption, in particular to mirror available licence exceptions in other jurisdictions, low value shipments and intra-group transmissions of software and technology. The proposed authorisation for intra-group transfers of dual-use technology would relate to transfers to non-sensitive countries, in particular for R&D purposes, and would require the technology to remain under the ownership or control of the parent company. The latter general authorisation would be a valuable tool for companies that have affiliates outside the EU, with whom technology is currently very often shared without the required authorisations. The proposal also introduces a project-based authorisation that would cover all exports related to a specific large, multiannual project, for the duration of that project. This would be particularly relevant for projects like the construction of a nuclear power plant.

The reform also aims at harmonising to a certain extent the licensing processes in the different Member States. The proposal also tries to enhance regulatory convergence by improving the exchange of information among, first, EU Member States and the Commission, for instance by interconnected electronic licensing systems, and second, between the EU and other jurisdictions.


Renato Antonini is a partner and Eva Monard and Byron Maniatis are associates at Jones Day. Mr Antonini can be contacted on +32 (2) 645 1419 or by email: Ms Monard can be contacted on +32 (2) 645 1510 or by email: Mr Maniatis can be contacted on +32 (2) 645 1413 or by email:

© Financier Worldwide


Renato Antonini, Eva Monard and Byron Maniatis

Jones Day

©2001-2019 Financier Worldwide Ltd. All rights reserved.