Export Compliance Daily is a Warren News publication.
Chinese, Russian Restrictions

Commenters Say Proposed Rules for Connected Cars Require More Time

Commerce’s proposed restrictions on sales or imports of connected vehicles using hardware or software tied to Russia or China (see 2409220001) is seeing pushback from communications and tech industry and adjacent groups over the compliance deadlines. Comments in the NPRM (docket 240919-0245) were due Monday. Some see the Commerce Bureau of Industry and Security (BIS) NPRM as pointing toward a wider eventual campaign against all connected Chinese and Russian devices (see 2409250006).

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

Commerce must avoid requirements that could hurt U.S. leadership on connected vehicles or impede deployment of cellular vehicle-to-everything technology, with its safety-of-life and other benefits, the 5G Automotive Association said. The proposed rules give insufficient time to comply. The NPRM's proposal allowing noncompliant software only in vehicles manufactured before model year 2027 isn't feasible because those cars are already very far along in the development cycle, said the association. It urged BIS to extend the timeline for implementing software restrictions to at least model year 2030 and hardware restrictions to no earlier than model year 2031.

Consumer Technology Association said vehicle connectivity systems hardware importers might not have enough time to vet their current supply chains and find alternatives, if need be, under the NPRM. Software product development is a yearslong process, it argued. CTA asked BIS to extend deadlines from one to three years for software, and from four to six years for hardware, "as these timelines would be better aligned with the realities of automotive manufacturing."

While the implementation deadlines in the NPRM now will avoid sudden disruptions for autonomous vehicle manufacturers and operators, extending them further "to align with automotive development cycles would be beneficial," said Chamber of Progress. Given the review process manufacturers will have to undertake, including due diligence reviews of suppliers, "ensuring compliance with the rule will take time." A manufacturer needing to change suppliers and the resulting onboarding, testing and certification process "can take several years," it said. "Aligning the compliance deadlines to the industry’s typical development cycle, which ranges from 5-7 years, would ensure a stable supply chain."

In the future, should BIS examine other connectivity applications, it should engage with original equipment manufacturers in those industries to determine the minimum, reasonable length of time for those industries to come into compliance, the Telecommunications Industry Association said. In addition, BIS should consider how standards developed for other industries, such as telecommunications, can help address supply chain risks. It said multiple companies on the FCC's covered entities list -- including Huawei, ZTE and Datang -- participate in the connected vehicles market. Commerce action to block transactions relating to those vendors in connected vehicles would help enhance action by the FCC and other agencies to protect U.S. national security, TIA said.

Warning of unintended consequences, the National Association of Manufacturers said information and communications technology and services that the proposed rules target are used beyond the auto industry. Regulating those technologies' use in U.S. vehicles "would have potentially profound effects beyond the automotive industry and its supply chains." NAM said the NPRM is overly broad and should instead focus on "mitigating the most significant or high-level risks."

ACT | the App Association said any Commerce rules should avoid data localization rules and preserve the ability to secure data and supply chains using encryption.