Congress Passes Secure and Trusted Communications Networks Act of 2019; Creates Program To Fund The Rip-And-Replace Of Huawei & ZTE Equipment
February 27, 2020 – The U.S. Senate has passed the Secure and Trusted Communications Networks Act of 2019, and it now goes to the President for his signature to become law.[1]
The Secure and Trusted Communications Networks Act is intended to facilitate the removal of communications equipment and services that pose a threat to U.S. national security from U.S. communications networks by providing reimbursements to communications providers that remove such equipment.[2]
The Act first directs the Federal Communications Commission (FCC or Commission) to compile, publish, and periodically update a list of covered communications equipment or services – those that pose a threat. The FCC has already started this process, initially designating Huawei and ZTE as “covered companies” in its November 2019 National Security Supply Chain Order.[3]
Next, the Act prohibits communications providers from using universal service fund support to purchase or maintain covered communications equipment or services.[4] This essentially duplicates or gives added support to the FCC’s rule, adopted in the National Security Supply Chain Order, that prospectively prohibits the use of Universal Service Fund support to purchase or obtain any equipment or services produced or provided by a covered company posing a national security threat to the integrity of U.S. communications networks or the U.S. communications supply chain.[5]
For those communications providers that currently have Huawei and ZTE equipment in their networks, the most important part of the Secure and Trusted Communications Networks Act is the section creating the Reimbursement Program. Let’s take a look at the general details...
$1 Billion Secure And Trusted Communications Networks Reimbursement Program
The Secure and Trusted Communications Network Act requires the FCC to establish a “Secure and Trusted Communications Networks Reimbursement Program” to make reimbursements to communications service providers to rip-out and replace covered communications equipment or services from their networks.
Only communications service providers with 2,000,000 or fewer customers are eligible for reimbursements from the program. These providers must comply with the application and certification requirements to receive reimbursements.[6]
The FCC is required to make reasonable efforts to ensure that reimbursement funds are distributed equitably among all applicants for reimbursements under the Program according to the needs of the applicants, as identified by the applications of the applicants.[7]
The following limitations apply to the use of funding from the reimbursement program:
Covered Equipment & Services On Initial Threat List. The reimbursement funding may not be used to replace covered equipment and services obtained on or after August 14, 2018.[8]
Covered Equipment & Services Not On Initial List. The reimbursement funding may not be used to replace covered equipment and services obtained on or after the date that is 60 days after the date on which the equipment or service is placed on the list of covered equipment.[9]
One Year To Rip-And-Replace
A recipient of reimbursement funding must permanently remove, replace, and dispose of covered communications equipment or services within one year after the date on which the FCC distributes reimbursement funds to the recipient.[10] The FCC may grant an extension of the deadline for six months to all or individual recipients of reimbursements under the Program if certain conditions are met.
List Of Suggested Replacement Equipment & Services
The FCC is required to develop a list of suggested replacements of both physical and virtual communications equipment, software, and services.[11] The list must be technology neutral and may not advantage the use of reimbursement funds for capital expenditures over operational expenditures.
Application Process For Reimbursement
The FCC is required to develop an application process for the Reimbursement Program. Applicants will be required to provide an initial reimbursement cost estimate at the time of application, with supporting materials substantiating the costs.
Unless the FCC requires an applicant to provide additional cost information, the FCC is required to approve or deny an application for a reimbursement not later than 90 days after the date of the submission of the application.[12] However, if the FCC determines that, because an excessive number of applications have been filed at one time, FCC staff needs additional time to process the applications, the FCC may extend the deadline for not more than 45 days.[13]
Curing Application Defects
If the FCC determines that an application is materially deficient, such as by lacking an adequate cost estimate or adequate supporting materials, the FCC will provide the applicant a 15-day period to cure the defect before denying the application.[14] Denial of an application for a reimbursement, however, will not preclude an applicant from resubmitting the application or submitting a new application for a reimbursement under the Program at a later date.[15]
Applicant Certifications
An applicant for a reimbursement under the Program must make the following certifications to the FCC in its application:
as of the date of the submission of the application, the applicant has developed a plan for the permanent removal and replacement of any covered communications equipment or services that are in the applicant’s communications network;
as of the date of the submission of the application, the applicant has developed a plan for the disposal of the equipment or services removed in accordance with prescribed FCC guidelines;
as of the date of the submission of the application, the applicant has developed a specific timeline for the permanent removal, replacement, and disposal of the covered communications equipment or services, and has submitted the timeline to the FCC as part of the application;
beginning on the date of the approval of the application, the applicant will not purchase, rent, lease, or otherwise obtain covered communications equipment or services, using reimbursement funds or any other funds, including funds derived from private sources); and
beginning on the date of the approval of the application, in developing and tailoring the risk management practices of the applicant, the applicant will consult and consider the standards, guidelines, and best practices set forth in the cybersecurity framework developed by the National Institute of Standards and Technology.[16]
Status Updates From Reimbursement Recipients
Reimbursement recipients will be required to provide status updates to the FCC on the work to permanently remove, replace, and dispose of the covered communications equipment or services. Status updates must be provided not less frequently than once every 90 days beginning on the date on which the FCC approves the application for a reimbursement.[17] These status update reports will be made available to the public on the FCC’s website.
Spending Reports
Reimbursement recipients will be required to submit to the FCC, on a regular basis, reports regarding how reimbursement funds have been spent, including detailed accounting of the covered communications equipment or services permanently removed and disposed of, and the replacement equipment or services purchased, rented, leased, or otherwise obtained, using reimbursement funds.[18]
Audits & Random Field Investigations Of Reimbursement Recipients
The FCC will conduct regular audits and reviews of reimbursements to confirm that recipients are complying with Program requirements.[19] And, the FCC will conduct random field investigations to ensure that reimbursement recipients are performing all required work, including the permanent removal, replacement, and disposal of the covered communications equipment or services.[20]
Final Certifications
A recipient of a reimbursement under the Program will be required to submit a final certification to the FCC stating that the applicant has completed the following:
has fully complied with (or is in the process of complying with) all terms and conditions of the Reimbursement Program;
has fully complied with (or is in the process of complying with) the commitments made in the application of the recipient for the reimbursement;
has permanently removed from its communications network, replaced, and disposed of (or is in the process of permanently removing, replacing, and disposing of) all covered communications equipment or services that were in the recipient’s network as of the date of the submission of the application for the reimbursement; and
has fully complied with (or is in the process of complying with) the rip-and-replace timeline submitted by the recipient.[21]
************
[1] Secure and Trusted Communications Networks Act of 2019, H.R.4998, 116th Cong., 2nd Sess. (passed Senate on Feb. 27, 2020), https://www.congress.gov/116/bills/hr4998/BILLS-116hr4998enr.pdf. The bill was passed by the House of Representatives on Dec. 16, 2019.
[2] Secure and Trusted Communications Networks Act of 2019, Sec. 2(a).
[3] Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs, WC Docket No. 18-89, Huawei Designation, PS Docket No. 19-351, ZTE Designation, PS Docket No. 19-352, Report And Order, Further Notice Of Proposed Rulemaking, And Order, FCC 19-121 (Nov. 26, 2019), https://www.fcc.gov/document/protecting-national-security-through-fcc-programs-0.
[4] A Federal subsidy that is made available through a program administered by the Commission and that provides funds to be used for the capital expenditures necessary for the provision of advanced communications service may not be used to: (A) purchase, rent, lease, or otherwise obtain any covered communications equipment or service; or (B) maintain any covered communications equipment or service previously purchased, rented, leased, or otherwise obtained. Secure and Trusted Communications Networks Act of 2019, Sec. 3(a)(1).
[5] Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs, WC Docket No. 18-89, Huawei Designation, PS Docket No. 19-351, ZTE Designation, PS Docket No. 19-352, Report And Order, Further Notice Of Proposed Rulemaking, And Order, FCC 19-121 (Nov. 26, 2019), https://www.fcc.gov/document/protecting-national-security-through-fcc-programs-0.
[6] Secure and Trusted Communications Networks Act of 2019, Sec. 4(b).
[7] Secure and Trusted Communications Networks Act of 2019, Sec. 4(d)(5)(A).
[8] Secure and Trusted Communications Networks Act of 2019, Sec. 4(c)(2)(A)(i).
[9] Secure and Trusted Communications Networks Act of 2019, Sec. 4(c)(2)(A)(ii). Also, a recipient of a reimbursement under the Program may not purchase, rent, lease, or otherwise obtain any covered communications equipment or service, using reimbursement funds or any other funds (including funds derived from private sources). Sec. 4(c)(2)(B).
[10] Secure and Trusted Communications Networks Act of 2019, Sec. 4(d)(6)(A).
[11] Secure and Trusted Communications Networks Act of 2019, Sec. 4(d)(1)(A).
[12] Sec. 4(d)(3)(A)(i).
[13] Sec. 4(d)(3)(A)(ii).
[14] Sec. 4(d)(3)(B).
[15] Sec. 4(d)(3)(C).
[16] Sec. 4(d)(4).
[17] Sec. 4(d)(8)(A).
[18] Sec. 4(e)(2).
[19] Sec. 4(e)(3)(A).
[20] Sec. 4(e)(3)(B).
[21] Sec. 4(e)(4)(A). If, at the time when a recipient submits a final certification, the recipient has not fully complied, the FCC shall require the recipient to file an updated certification when the recipient has fully complied. Sec. 4(e)(4)(B).