Over the course of the past two years, the Australian government has been working to strengthen export controls in Australia, which includes placing new controls on intangible “exports” such as publications, emails, data access channels, and other “supplies” of technology listed on the Defence and Strategic Goods List (DSGL). These new controls will have a significant impact on the way in which the Australian defence industry conducts business across borders.
Australian companies that are not currently managing U.S. origin inventory, which has for years required export permits for the transfer and export of intangible technology controlled by the ITAR and EAR, may find the new controls on Australian origin intangibles daunting.
To understand the impact of this new legislation in Australia, industry must first become familiar with the Government’s terminology, specifically what is meant by ‘publication’ and ‘supply’ in the Defence Trade Controls Act 2012 (the Act).
The definition of “publication” that the Australian Government uses in the Act is not the layman’s definition. In the course of university research, you may be disseminating information in a way that is considered to be an intangible “supply”, instead of a “publication”.
A “publication” is considered to be placing controlled technology or information in the “public domain” by publishing it on the internet or otherwise. Publication controls apply to anyone located in Australia, or an Australian citizen or resident located outside Australia.
Where a person in Australia provides DSGL controlled technology, or access to DSGL controlled technology, to a person outside of Australia in a non-physical form such as an email, fax, phone conversation or password to a database is making an intangible “supply”. The stringency of the need to obtain a permit before the making of supplies to overseas parties depend on whether the technology is listed in Part 1 or Part 2 of the DSGL. DSGL Part 2 supplies are less stringently controlled and it is important to have a good understanding of the Act to understand where the lines are drawn. DECO has said that they will be issuing guidance later this year, possibly in September or October.
Whether or not your company is familiar with running a compliance program that ensures intangible exports are properly managed, there are some steps you will need to take to ensure compliance with the new Australian legislation:
1. Know your exposure
It is important to read and understand the act and determine where your company is making ‘publications’ (i.e. your company website, marketing materials, etc) and supplies (i.e. providing file access to an overseas party, sending emails containing controlled technology overseas, etc.). You will need to understand the frequency and extent of these activities and whether current activities will now require permits.
2. Educate your staff
Once your exposure is determined, it is imperative that staff is educated about where caution must be taken to avoid violating the Act. It is easy for employees to operate ‘business as usual’ and forget that a permit is now required where for decades no permission was needed to send a particular email overseas or grant an overseas affiliate login credentials to a database containing DSGL technology.
3. Update your compliance policies and procedures
You will need to create policies and procedures to ensure compliance with the Act and ensure your staff is familiar with these. It will be especially important to have subject matter experts in the company that staff can go to with curly questions, or to report inadvertent violations. One point of contact in the company or business unit for permit applications with DECO may also be prudent where possible.
4. Document and monitor your compliance efforts
The only way to prove compliance with the Act is to document important compliance efforts such as surveying staff to determine exposure, creating policies and procedures, attending awareness training, keeping records of permit applications, permits, permit conditions and audit results, etc.
Offence provisions for non-compliance with the new controls will not come into effect in 2016. However, training staff to understand the new regulations and updating your company’s compliance program may take a significant amount of time. Taking steps now to ensure compliance with the regulations before offence provisions come into effect will be critical to maintaining a successful record of compliance.