Cloud Computing and Export Controls
|
|
- James Murphy
- 5 years ago
- Views:
Transcription
1 Cloud Computing and Export Controls By Richard Tauwhare, Dechert LLP 1 Uploading software or technology to the cloud can risk breaching export controls or sanctions and potentially incurring heavy civil and criminal penalties. This article looks at the law, how it applies to cloud computing and how organisations can comply. The legal framework Restrictions may apply as part of the general controls on what may be exported or as part of a package of trade sanctions adopted in relation to a particular country. General Export Controls Export controls aim to prevent items which can have military or security applications from being acquired by those who might misuse them. The three main legal instruments applicable in the UK are: The Export Control Act 2002 empowers the Government to make Orders (a type of secondary legislation) to control the export of strategic goods, the transfer of technology, the provision of technical assistance overseas and trade in militaryrated equipment between overseas countries; The Export Control Order 2008 provides for the control of exports from the UK of listed military, paramilitary and certain other goods, technology and software. Most require a licence for export outside the UK, including to other countries within the EU. The licensing process is administered by the Export Control Organisation, a unit within the Department for Business, Innovation and Skills; The EU Dual Use Regulation establishes similar controls on exports of listed goods, software and technology considered to be dual-use 3. Most require licences only if exported outside the EU but particularly sensitive items need a licence for transfers within the EU. Taken together, these instruments impose licence requirements which are broader than is often appreciated. The controls apply: not only to exports of physical goods but also of software or technology 4 by any means including, in some cases, by face-to-face meeting, by paper, by , fax or phone (if information is communicated so as to achieve substantially the same result as if the 1 Richard Tauwhare is a Senior Director in the London office of Dechert LLP, a global law firm. He specialises in advice on ensuring compliance with export controls and sanctions. He was formerly head of export controls policy in the Foreign and Commonwealth Office. 2 Council Regulation (EC) No 428/ Dual use items are defined by the EU Dual Use Regulation as items, including software and technology, which can be used for both civil and military purposes, and shall include all goods which can be used for both non-explosive uses and assisting in any way in the manufacture of nuclear weapons or other nuclear explosive devices. 4 Technology is defined by the UK Export Control Order 2008 as information (including but not limited to information comprised in software and documents such as blueprints, manuals, diagrams and designs) that is capable of use in connection with the development, production or use of any goods.
2 recipient had read it), carrying overseas on a laptop or storage device and the key point relevant to cloud computing - giving access to software or technology in electronic form to someone overseas; not only to military items but also to dual-use civilian items in a wide range of fields including: nuclear engineering; biological sciences and pharmaceuticals; chemicals with toxic properties; high strength materials; high specification electronics, computers, and telecommunications; automation and control systems; lasers, optics and sonar; navigation and avionics; submersible equipment; aerospace; and the main basis for the controls on software encryption; potentially to the export or transfer of any goods, software or technology, even if they are not listed. In most cases, the controls are defined by the lists of military and dual-use items which are annexed to the Order and the EU Dual Use Regulation and which reflect regular discussion in international groups 5. But the regulations also provide for end use controls which are defined not on the basis of the exported item itself but on how it will ultimately be used. In the EU, there are two main categories of end-use which require a non-listed item to be licensed: if the exporter has been informed, is aware or has reason to suspect that it will be used for WMD purposes 6 outside the EU; or if it may be intended for military use in a country subject to an arms embargo; not only to exports outside the EU but also in some cases to transfers within it and even within the UK if the transferor knows or has been informed that the item will be used for WMD purposes outside the EU. But the controls are not intended to interfere unduly with normal commercial or academic practices, and there are exemptions for information already in the public domain 7, basic scientific research 8 and the technology required for the installation, operation, maintenance and repair of controlled items whose export has been previously authorised. Other major exporting countries impose similar controls, notably the US. But a significant difference in the US regulations, both for sensitive military items (ITAR) 9 and for less sensitive military and all dual use items (EAR) 10, is that the controls apply not only to the original export from the US but also to any subsequent transfer within the UK or re-export from the UK, notwithstanding that this entails a significant stretching of the traditional notion of extraterritorial jurisdiction. The US definition of re-export includes the release within the UK of controlled software and technology to a dual or foreign national from a country to which restrictions apply for the item (termed a deemed re-export ). US-controlled items therefore require particularly careful handling to avoid unintended, unauthorised re-exports. 5 The Export Control Regimes : the Wassenaar Arrangement addresses conventional military and dual use items; the Australia Group covers items which could be used in programmes for chemical or biological weapons; the Nuclear Suppliers Group does the same for nuclear weapons; and the Missile Technology Control Regime covers ballistic and cruise missiles, as well as Unmanned Aerial Vehicles potentially capable of delivering WMD. 6 WMD purposes are defined by the Export Control Order 2008 as use in connection with the development, production, handling, operation, maintenance, storage, detection, identification or dissemination of chemical, biological or nuclear weapons or other nuclear explosive devices, or the development, production, maintenance or storage of missiles capable of delivery such weapons. 7 in the public domain is defined by the Export Control Order 2008 as technology or software which has been made available without restriction upon its further dissemination (copyright restrictions do not remove technology or software from being in the public domain). 8 basic scientific research is defined by the Export Control Order 2008 as experimental or theoretical work undertaken principally to acquire new knowledge of the fundamental principles of phenomena or observable facts, not primarily directed towards a specific practical aim or objective. 9 The International Traffic in Arms Regulations, administered by the US Department of State 10 The Export Administration Regulations, administered by the US Department of Commerce
3 Export controls in sanctions programmes Sanctions put pressure on target governments, entities and individuals to change their behaviour and, by restricting their access to certain goods and services, help to contain the threats which they may pose to international peace and security. Sanctions take a variety of forms but often involve some kind of export control, including: embargoes on exporting weapons, equipment that might be used for internal repression, and associated technical assistance, training and financing; restrictions on making goods or services available to named individuals or entities; and bans on trade in specified categories of goods (e.g. dual use goods, oil and gas equipment) or services (e.g. financial transfers, insurance, investment), either to designated individuals and entities or to a whole country. All countries are obliged to give effect to UN Security Council sanctions resolutions. But some, particularly the EU and US, commonly adopt further measures. Firms and individuals need to be aware not only of the EU measures (which apply to all EU persons and entities incorporated under the law of a Member State wherever they are located, as well as to anyone located in the EU) but also of which other countries sanctions may apply. In particular, the US asserts a very broad jurisdiction for its sanctions. Cloud Computing (i) Users For the purposes of this article, cloud computing is broadly defined as using shared rather than private local computing resources to store software or technology and handle applications. This includes: public clouds (networks open for public use); private clouds (which restrict access to only those authorised by the subscriber); community clouds (a specific group of users with common requirements); hybrid clouds (a mix of public, community and private systems); and Software-as-a-Service, Infrastructure-as-a-Service and Platform-as-a-Service, in which subscribers access a range of computing resources. By using these services, a user s software or technology may be routed through and stored in multiple physical locations and countries, often without the knowledge or intent of the user (except in the case of private clouds). How do export controls apply? General export controls The key is what is meant by export and exporter. The definition of export in the EU Dual Use Regulation includes transmission of software or technology by electronic media... to a destination outside the EU; it includes making available in an electronic form such software and technology to natural and legal persons and partnerships outside the EU.
4 The definition of exporter includes any natural or legal person or partnership which decides to transmit or make software or technology by electronic media... to a destination outside the EU. Based on these definitions, the act of making controlled technology or software available to anyone outside the UK or EU (as appropriate), whether through a cloud service or indeed by any other means, requires a licence. The controls apply: irrespective of who owns the server on which the software or technology is made available, e.g. whether it is on an organisation s own servers or on those of any type of cloud service; irrespective of the nationality of the person in the UK who makes the software or technology available. The regulations apply not only to all EU but also to all non-eu persons conducting business in the EU; irrespective of the nationality or employment status of the person able to access the software or technology overseas, e.g. they could be a UK member of staff travelling overseas, a member of staff of a subsidiary overseas, an established customer with access rights, or anyone else; whether or not a UK employee abroad with access to the software or technology has any intention of passing it on to another person abroad. This corresponds to the rules for physical exports, where taking controlled technology abroad, even if only for personal use and not for onward transmission while abroad, still requires a licence; whether the transfer is between two parts of the same company or to a different entity; for the purposes of UK controls, it is also irrelevant where the software or technology is stored or routed, provided that adequate measures are in place to prevent unauthorized foreign nationals (e.g. system administrators) from having access to it. But note that the act of routing controlled software or technology through a non-eu country or storing it on a server on their territory, for however short a time, may render it subject to their export control laws. The timing of when a licence is required depends on the arrangements made for granting access. If software or technology is to be fully accessible to members of a company, group, or dedicated collaborative user-group situated abroad from the time when it is saved to a site, then a licence is needed before it is saved to the site. But if individual permissions are required for employees or other approved users overseas before they can access the site, then it is only necessary to obtain a licence before that permission is given. Export controls in sanctions programmes Export controls may also apply if the software or technology is made available to a person or entity overseas who is either: located in a country subject to sanctions and the export of the software or technology contravenes the terms of the embargo established by the sanctions (e.g. if military technology is made available to a person located in a country under an arms embargo); or themselves included on a list of sanctioned persons or entities, and the provision of the software or technology to them contravenes the sanctions. (ii) Service Providers
5 The key is again in the definition of exporter. The EU Dual Use Regulation states that this includes any natural or legal person or partnership which decides to transmit or make software or technology by electronic media... to a destination outside the Union. Unlike the US authorities 11, the European Commission has not provided specific guidance on this. But on the basis of this definition, the exporter is generally understood to be the user of a cloud service and not the provider. This again reflects the rules applicable to physical exports, for which it is the exporter - not the freight forwarder or shipper - who is responsible for securing a licence before any licensable activity may take place. Sanctions, on the other hand, may apply to providers (as well as users) if they give a service to individuals, entities or countries in contravention of sanctions. Neither the US nor the EU authorities have published formal guidance on this so service providers must interpret and apply each set of sanctions measures as they are drafted. Compliance The European Commission has recognised 12 the challenges which the development of cloud services poses to regulators and to companies working to implement export controls. It may examine options to address such challenges, potentially including a review of legal provisions, providing guidance and/or introducing specific tools such as new types of licence. But that process is likely to take several years. In the meantime, the following offers some basic pointers for users and providers or cloud services: be clear which if any of your software and technology is subject to export controls (under UK, EU and any applicable third country laws); consider limiting controlled software or technology to only private servers, or to a private cloud, or to cloud services specifically developed to be compliant with export controls; conduct due diligence of cloud service providers and consider negotiating terms into contracts providing for: restrictions on the locations through which controlled software or technology may be routed; where it may be stored; how access by any unauthorised person (including system administrators) will be prevented; the right to audit the provider s compliance; and obligations for providers to notify promptly any known or suspected breaches. UK and EU regulators have not defined what they consider to be adequate measures to prevent unauthorised access; this remains the exporter s responsibility 13 ; if export licences are necessary, consider what type(s) would be most appropriate and register or apply for them at an early stage. Note that all licences require records of transfers to be maintained, which is clearly more challenging in cases where software or technology is being accessed remotely rather than actively transmitted from the UK, and some require formal undertakings to be signed by the end user or consignee; 11 The US Department of Commerce has made clear that it is the user, not the provider, who has responsibility for export controls, unless the provider is aware of nefarious activities by the user. Permitting a foreign national to maintain a provider s servers and software does not constitute a deemed export unless the foreign national has access to the controlled technology itself. Operating software as a service does not constitute an export of the software to the user so no licence is required. 12 Sections 2.2 and 3.1 of the Communication from the Commission to the Council and the European Parliament on The Review of export control policy: ensuring security and competitiveness in a changing world published on 24 April One option is to encrypt the technology. There is no EU guidance on this but the US authorities have not accepted that encrypting technology to established US government standards gives adequate protection to controlled technology, except if access is limited to US persons abroad who are directly employed by the same US corporation that sent the technology and the technology can only be used by US persons.
6 note that if there are any substantive modifications to licensed software or technology, a new licence may be needed; transfers of controlled dual use technology and software within the EU should be marked as subject to controls if exported from the EU ; if acquiring software or technology which is subject or may be subject to US export controls, ensure that the supplier provides detailed information on what controls apply to it and includes, in their US export licence, authorisation for any proposed re-exports. Put in place all measures necessary to ensure that the US control requirements are fully met; screen all those to be given access to controlled software or technology and their locations, for possible sanctions. Cloud providers should similarly screen all users of their services, their partners and the locations of their servers and other facilities. Screening should be repeated regularly to take account of the frequent changes in the sanctions rules and lists. review internal compliance policies, procedures and training on export controls and sanctions to ensure cloud computing issues are fully incorporated. Conclusion Using cloud computing services can create risks for those handling software or technology that is subject to export controls or whose transfer could breach sanctions. The key is to recognise that making controlled software or technology available to anyone located outside the UK or EU, however this is done, requires a licence and could breach sanctions, so appropriate procedures need to be put in place to manage the risks.
Internal Compliance Plan Standard Operating Procedures Trade Controls
Internal Compliance Plan Standard Operating Procedures Trade Controls Version 3.0: March 2017 Review date: March 2018 Internal Compliance Plan Standard Operating Procedures Trade Controls Page 1 Revision
More informationREPUBLIC OF SERBIA RES. 68/44 - NATIONAL LEGISLATION ON TRANSFER OF ARMS, MILITARY EQUIPMENT AND DUAL-USE GOODS AND TECHNOLOGY
REPUBLIC OF SERBIA RES. 68/44 - NATIONAL LEGISLATION ON TRANSFER OF ARMS, MILITARY EQUIPMENT AND DUAL-USE GOODS AND TECHNOLOGY The Republic of Serbia continues to strengthen the export control of conventional
More informationBUSINESS ETHICS CONDUCT GUIDE Export Control CHORUS GOV-GRP-EN CREATION JUNE
www.thalesgroup.com BUSINESS ETHICS CONDUCT GUIDE Export Control CHORUS 87211948-GOV-GRP-EN-001 - CREATION JUNE 2017 1 2 THALES EXPORT CONTROL CONTENTS Introduction WHAT YOU NEED TO UNDERSTAND Framework
More informationExport Compliance and Controls
Export Compliance and Controls Massachusetts Export Center Evening Export School May 15, 2002 Barry Hurewitz Hale and Dorr LLP Washington, DC Overview What is an export? Export Control Authorities Treasury
More informationSANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP
SANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP MIKRO KAPITAL MANAGEMENT S.A. 10, Rue C.M. Spoo- 2546 LUXEMBOURG G.-D. of Luxembourg APPROVED ON 12 OCTOBER 2018 Vincenzo Trani, Director Pape Sliou Ndao,
More informationEXPORT CONTROLS EXPORT CONTROL COMPLIANCE AND RISK: FOR BUSINESS OFFICES
EXPORT CONTROLS EXPORT CONTROL COMPLIANCE AND RISK: FOR BUSINESS OFFICES U. S. laws that regulate the distribution of items, technology, services, and information, including items and technology used in
More informationMaterial Transfer Agreements Export Controls
Material Transfer Agreements Export Controls Sean Hayes, J.D., Ph.D. Research Advisor June 13, 2017 Material Transfer Agreements Establishes rights and obligations of parties when research material is
More informationHaving regard to the Treaty on the Functioning of the European Union, and in particular Article 207 thereof,
12.6.2014 Official Journal of the European Union L 173/79 REGULATION (EU) No 599/2014 OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL of 16 April 2014 amending Council Regulation (EC) No 428/2009 setting up
More informationExport Management and Compliance Program Guide
Export Management and Compliance Program Guide The UAMS Export Management and Compliance Program Guide attempts to provide relevant information about export controls and how they affect the academic and
More informationTechnology Control Plan
Part I: Project Supervisor and Project Information Project Supervisor: Technology Control Plan Office Phone: Location Facility(Building): Title of project: Projected start date: Email: Room: Projected
More informationbe subject to controls. 2. Research fields, such as those that can be linked to WMDs, where controls are likely to apply The primary purpose of securi
Security Trade Control Guidelines for Researchers (Concise Version) Japan Society for Intellectual Production This is a concise version of the Security Trade Control Guidelines for Researchers. These guidelines
More informationGOVERNMENT S EMERGENCY ORDINANCE on the control regime of exports, imports and other operations with military goods. CHAPTER I General provisions
GOVERNMENT S EMERGENCY ORDINANCE on the control regime of exports, imports and other operations with military goods CHAPTER I General provisions Article 1 (1) The following operations with military goods
More informationImport export and transit of weapons/ammunition and dual used goods in MONTENEGRO
M O N T E N E G R O Ministry of Defence Material Resources Sector Import export and transit of weapons/ammunition and dual used goods in MONTENEGRO Bled, Slovenia, 4th April 2013 National legislation LAWS
More informationB COUNCIL REGULATION (EC) No 1412/2006 of 25 September 2006 concerning certain restrictive measures in respect of Lebanon (OJ L 267, , p.
2006R1412 EN 01.07.2013 003.001 1 This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents B COUNCIL REGULATION (EC) No 1412/2006 of 25 September
More informationExports and other party audits
Registration Management Committee Exports and other party audits A presentation at the 2012 AAQG RMC Auditor Workshop July 19-20, 2012 By Don Buehler, President DISCLAIMER The information contained herein
More informationStrengthening UN sanctions on proliferators Lessons from the reports of UN Sanctions Panels
Strengthening UN sanctions on proliferators Lessons from the reports of UN Sanctions Panels Summary This paper considers how to strengthen United Nations Security Council sanctions which have been imposed
More informationU.S. Export Control System
International Nonproliferation Export Control Program (INECP) U.S. Export Control System Interagency Awareness and Cooperation Workshop Overview International Commitments U.S. Control Lists Roles of U.S.
More informationInternal Compliance Programmes
www.pwccustoms.com Internal Compliance Programmes Day to Day Operational Challenges & Best Practices 13 th January 2011 METI & OSETC Joint Seminar Manila Agenda Introduction Company Obligations METI s
More informationExport of Commercial or Dual-Use items - EAR
The Department of Commerce Bureau of Industry and Security ( BIS ) regulates the export of commercial products and technology under the Export Administration Regulations, 15 C.F.R. 730-774 ( EAR ). 1 While
More informationOFFICE OF EXPORT CONTROL
THE UNIVERSITY OF NEW MEXICO MAIN CAMPUS OFFICE OF EXPORT CONTROL GUIDELINES FOR PURCHASING, INVENTORY CONTROL, AND UNIVERSITY SERVICES (SURPLUS PROPERTY) ADELICIA GUNN PROGRAM SPECIALIST INTRODUCTION
More informationThe legal framework for the control on trade in dual-use items in Flanders
The legal framework for the control on trade in dual-use items in Flanders Sara Depauw Background note 25 May 2011 Colophon Author Sara Depauw Editors Tomas Baum Wies De Graeve Lay-out Gramma nv Printed
More informationA Smarter Way to Work Drones and Export Controls
Drones and Export Controls Brent Connor Thompson Hine LLP Washington, D.C. Brent.Connor@ThompsonHine.com 202.263.4188 April 20, 2017 Introduction Enforcement Agencies Export Controls Pertaining to Drones
More informationcloser look at Definitions The General Data Protection Regulation
A closer look at Definitions The General Data Protection Regulation September 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute
More informationMemorandum of understanding between the Competition and Markets Authority and NHS Improvement
1 April 2016 Memorandum of understanding between the Competition and Markets Authority and NHS Improvement Contents Page Foreword... 2 Summary points of the MoU... 3 Memorandum of understanding between
More informationInternal Compliance Programme Guidelines for compiling an Internal Compliance Programme for strategic goods, torture goods, technology and sanctions
Le Quy Don Technical Univ., Ha Noi Factsheet Ministry of Foreign Affairs Internal Compliance Programme Guidelines for compiling an Internal Compliance Programme for strategic goods, torture goods, technology
More informationAnnex I Political Principles of the Government of the Federal Republic of Germany for the Export of War Weapons and Other Military Equipment (2000)
Annex I Political Principles of the Government of the Federal Republic of Germany for the Export of War Weapons and Other Military Equipment (2000) The Government of the Federal Republic of Germany, desiring
More informationHE Ambassador Oh Joon Chair Security Council Committee established under UNSCR 1540 By
May 6, 2014 HE Ambassador Oh Joon Chair Security Council Committee established under UNSCR 1540 By Email: sc-1540-committee@un.org Your Excellency, The Permanent Mission of Australia to the United Nations
More informationEND USER UNDERTAKING (EUU) Form (for SIEL/SITCL applications required by Export Control Organisation)
END USER UNDERTAKING (EUU) Form (for SIEL/SITCL applications required by Export Control Organisation) Guidance for UK Licensees An undertaking is required when applying for a Standard Individual Export
More information22 July another relevant criterion under the national law concerned for establishing the nationality of a company.
Expert Meeting of Governmental and Other Experts on Private Military and Security Companies, 13-14 November 2006, Montreux, Switzerland Chair s Summary 22 July 2007 Executive Summary On 13 and 14 November
More information14093/14 KP/mvh 1 DGC 2B
Council of the European Union Brussels, 23 October 2014 (OR. EN) 14093/14 COVER NOTE from: COMER 213 PESC 1026 CONOP 91 ECO 139 UD 229 ATO 72 DELACT 210 Secretary-General of the European Commission, signed
More informationPOLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018
POLICY Document Title Data Breach Notification Policy Version Version 1.0 Equality Impact Assessment Status TBC Approved by Senior Management Team Date approved 23 rd May 2018 Effective date 25 th May
More informationDIRECTIVE 2012/34/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 21 November 2012 establishing a single European railway area (recast)
02012L0034 EN 24.12.2016 001.001 1 This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions
More informationAuditing of Swedish Enterprises and Organisations
Auditing of Swedish Enterprises and Organisations March 1st 2018 version 2018:1 1 General Application 1.1 These General Terms govern the relationship between the auditor ( the Auditor ) and the client
More informationPublic Consultation Guidelines - Electricity, Gas & Water Licences and Electricity & Gas Standard Form Contracts
Public Consultation Guidelines - Electricity, Gas & Water Licences and Electricity & Gas Standard Form Contracts April 2016 Public Consultation Guidelines - Electricity, Gas & Water Licences and Electricity
More informationCOMMUNICATION FROM THE EUROPEAN COMMISSION TO THE COUNCIL
EN EN EN EUROPEAN COMMISSION Brussels, 12.3.2010 COM(2010)88 final COMMUNICATION FROM THE EUROPEAN COMMISSION TO THE COUNCIL An assessment of the link between the IMO Hong Kong Convention for the safe
More informationTuff Torq Corporation Security Export Control Operations Standards
Tuff Torq Corporation Security Export Control Operations Standards Tuff Torq Corporation Corporate Policy of Export Control: In alignment with Yanmar Co., Ltd., the Tuff Torq Corporation will insure that
More informationGDPR APPLICABILITY TO EXPATRIATE EMPLOYEES
Aon Global Benefits GDPR APPLICABILITY TO EXPATRIATE EMPLOYEES EU General Data Protection Regulation for Expatriates. March 2018 Table of Contents Introduction... 3 1. GDPR Scope of Applicability... 4
More informationTHE WASSENAAR ARRANGEMENT AND SMALL ARMS AND LIGHT WEAPONS
ANNEX THE WASSENAAR ARRANGEMENT AND SMALL ARMS AND LIGHT WEAPONS July 2005 For further information please consult also the website of the WA at www.wassenaar.org TABLE OF CONTENTS Page Best Practice Guidelines
More informationPrivacy and Data Protection Policy
Privacy and Data Protection Policy I. INTRODUCTION This Privacy and Data Protection Policy ( Policy ) outlines the standards that the companies within the GuestTek organization ("GuestTek") adhere to when
More informationCode of Ethics for Financial Advisers
Financial Adviser Standards and Ethics Authority Code of Ethics for Financial Advisers Exposure Draft of Proposed Standard CONSULTATION OPEN Exposure Draft issued March 2018 Consultation closes 1 June
More informationEXPORT ESSENTIALS. DHL Express The International Specialists. Phillip Poland Boston, 2015
EXPORT ESSENTIALS DHL Express The International Specialists Phillip Poland Boston, 2015 Agenda 1 Customs Trinity Classification, Valuation, Rules of Origin 2 Documents Needed Information, Document 3 Commercial
More informationNorthcliffe Surf Life Saving Supporters Association Inc. Privacy Policy
Northcliffe Surf Life Saving Supporters Association Inc. Privacy Policy Privacy Policy of Northcliffe Surf Life Saving Supporters Association Inc., Liquor License 80338 Application The Privacy Policy applies
More informationCase T-306/01. Ahmed Ali Yusuf and Al Barakaat International Foundation v Council of the European Union and Commission of the European Communities
Case T-306/01 Ahmed Ali Yusuf and Al Barakaat International Foundation v Council of the European Union and Commission of the European Communities (Common foreign and security policy Restrictive measures
More informationAudit. Committee. Guide
Version 1.1 May 2018 1 Audit Committee Guide 1 Case 2017-7987 Contents 1. Introduction... 3 2. Setting up an Audit Committee... 5 2.1. Independent Audit Committee... 5 2.2. Audit Committee Functions Undertaken
More informationAustralian Trusted Trader
Australian Trusted Trader Self-Assessment Questionnaire Australian Trusted Trader Self-Assessment Questionnaire (April 2016) 1 Table of Contents 1. Introduction to the Self-Assessment Questionnaire...
More informationThe Mission would be grateful if the action plan could be circulated to the members of the Committee and published on the Committee's website.
Translated from Spanish Permanent Mission of Spain to the United Nations No. 106/JGBN-mma The Permanent Mission of Spain to the United Nations presents its compliments to the Chair of the Security Council
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP265 Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data Adopted on 11 April
More informationLAO PEOPLE S DEMOCRATIC REPUBLIC PEACE INDEPENDENCE DEMOCRACY UNITY PROSPERITY
LAO PEOPLE S DEMOCRATIC REPUBLIC PEACE INDEPENDENCE DEMOCRACY UNITY PROSPERITY President s Office No. 35/PO DECREE of the PRESIDENT of the LAO PEOPLE'S DEMOCRATIC REPUBLIC On the Promulgation of the Land
More informationLAO PEOPLE S DEMOCRATIC REPUBLIC PEACE INDEPENDENCE DEMOCRACY UNITY PROSPERITY
LAO PEOPLE S DEMOCRATIC REPUBLIC PEACE INDEPENDENCE DEMOCRACY UNITY PROSPERITY President s Office No. 35/PO DECREE of the PRESIDENT of the LAO PEOPLE'S DEMOCRATIC REPUBLIC On the Promulgation of the Land
More informationThe European Union Dual-Use Items Control Regime
The European Union Dual-Use Items Control Regime Comment of the Legislation Article-by-Article Pr. Dr. Quentin MICHEL Lia CAPONETTI January 2019 (DUV5Rev8) Please, do not hesitate to send comments, remarks
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationImportant information:
Important information: Please complete the form fully and conscientiously. You can easily upload the form on our website at http://www.misumi-europe.com/en/upload-enduser-agreement. The MISUMI customer
More informationNational Implementation Measures for the Biological Weapons Convention
National Implementation Measures for the Biological Weapons Convention Angela Woodward Programme Director Rocío Escauriaza Leal Legal Officer Regional Workshop on National Implementation of the BWC 27-28
More informationPrivacy Policy 1. Introduction 2. What personal information does Paperless Warehousing collect and why?
1. Introduction 1.1. Paperless Warehousing respects people's privacy. Paperless Warehousing is bound by the Australian Privacy Principles in the Privacy Act, as well as other applicable laws protecting
More informationE X PO R T C O N T R O L S C O M PL I A N C E M A N U A L
Page 1 of 12 EXPORT CONTROLS COMPLIANCE MANUAL 2014 Page 2 of 12 EXPORT CONTROLS COMPLIANCE POLICY Many nations, like the United Kingdom and the United States, have laws to control the export of strategic
More informationPrivacy Policy PURPOSE SCOPE POLICY. Data Collection
Privacy Policy PURPOSE 1. To ensure Training & Assessment Mentor maintains the privacy of personal information provided to Training & Assessment Mentor from Staff and Students. SCOPE 2. This document describes
More informationRegulatory Compliance and Enforcement Framework
Contents 1. About us... 3 1.1 Our Mission and Values... 3 2. Relevant Legislation and Obligations... 4 3. Approach to Regulatory Compliance and Enforcement... 4 3.1 Our Approach... 4 3.2 Working with Stakeholders...
More informationGUIDANCE ON CONTACTS WITH PRIVATE MILITARY AND SECURITY COMPANIES
GUIDANCE ON CONTACTS WITH PRIVATE MILITARY AND SECURITY COMPANIES 1. This document gives revised guidance on contacts with and official support for the operations of Private Military and Security Companies
More informationDHL PARCEL EUROPE GENERAL TERMS & CONDITIONS OF CARRIAGE ( Terms and Conditions )
DHL PARCEL EUROPE GENERAL TERMS & CONDITIONS OF CARRIAGE ( Terms and Conditions ) 1 Scope 1.1 When ordering DHL PARCEL s services you, as Sender, are agreeing, on your behalf and on behalf of the receiver
More informationInformation Collection & Privacy Policy
The Privacy Act 1988 (Cth) (Privacy Act) seeks to protect individuals against interferences with their privacy by regulating the way in which personal information is collected, handled, disclosed, used
More informationOverview. Requirements: Legislation and Enforcement. A Focus on Operative Paragraph 3 of the resolution: border and export controls
United Nations Security Council Resolution 1540: Can Compliance be easy? by Olivia Bosch PhD 1540 Committee Expert OSCE Workshop on Customs Procedures and Licensing Issuance: Integrating the National Processing
More informationTESTING AUTONOMOUS VEHICLES IN NEW ZEALAND
TESTING AUTONOMOUS VEHICLES IN NEW ZEALAND TESTING IN NEW ZEALAND Increasing levels of automated vehicle technologies are already making a dramatic impact on the transport sector. The future possibilities
More informationarm.org/smallarms/reporting/reporting/reportingtemplateprint.aspx?reportingpoa_id= /7
2016 Ireland SECTION 1: POINTS OF CONTACT PoA II.4 1. Has your country established a National Coordination Agency or other body responsible for policy guidance, research and monitoring of efforts to prevent,
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationEUROPEAN COMMISSION TO THE PRESIDENT AND MEMBERS OF THE COURT OF JUSTICE OF THE EUROPEAN UNION WRITTEN OBSERVATIONS
Ref. Ares(2015)1505777-08/04/2015 EUROPEAN COMMISSION Brussels, 8th April 2015 sj.h(2015)1240258 TO THE PRESIDENT AND MEMBERS OF THE COURT OF JUSTICE OF THE EUROPEAN UNION WRITTEN OBSERVATIONS submitted
More informationPrivacy Policy of Townsville Motor Boat & Yacht Club Limited - Liquor Licence Number 84145
Privacy Policy of Townsville Motor Boat & Yacht Club Limited - Liquor Licence Number 84145 Application The Privacy Policy applies to personal information collected by the club, as the club is an applicable
More informationBill C-47 and Canadian Accession to the Arms Trade Treaty Civil Society Concerns and Recommendations
Bill C-47 and Canadian Accession to the Arms Trade Treaty Civil Society Concerns and Recommendations Submission by Canadian civil society organizations to the House Standing Committee on Foreign Affairs
More informationPrivacy Policy of Brothers Leagues Club Ipswich Inc. Community Club Licence No
Privacy Policy of Brothers Leagues Club Ipswich Inc. Community Club Licence No. 80331. Application The Privacy Policy applies to personal information collected by the club, as the club is an applicable
More informationIBM Clinical Trial Management System for Sites
Service Description IBM Clinical Trial Management System for Sites This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized users
More informationProposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Brussels, 19.12.2018 COM(2018) 891 final 2018/0435 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Council Regulation (EC) No 428/2009 by granting
More informationThe Riddle of the Exporter
The Riddle of the Exporter Exporting Regulatory Compliance Topics We Will Cover: Legal Right to Export USPPI Government Agencies That Control Exports The EAR-Export Administration Regulations Types of
More informationOfficial Journal of the European Union. (Non-legislative acts) REGULATIONS
28.2.2017 L 50/1 II (Non-legislative acts) REGULATIONS COUNCIL REGULATION (EU) 2017/330 of 27 February 2017 amending Regulation (EC) No 329/2007 concerning restrictive measures against the Democratic People's
More informationStrategic policy. International Relations
Strategic policy International Relations Corporate Plan reference: A smart economy A prosperous, high-value economy of choice for business, investment and employment - Strong local to global connections
More informationNational Implementation Measures for the Biological Weapons Convention and UNSCR 1540
National Implementation Measures for the Biological Weapons Convention and UNSCR 1540 Scott Spence Senior Legal Officer What is VERTIC? VERTIC is an independent, non-profit making, non-governmental organization
More informationP a g e 1 FINANCE SECTOR CODE OF CORPORATE GOVERNANCE
P a g e 1 FINANCE SECTOR CODE OF CORPORATE GOVERNANCE September 2011 P a g e 2 CONTENTS Page Introduction 5 Principles and Guidance 1. THE BOARD 8 Companies should be headed by an effective Board of directors
More informationCANDIDATE DATA PROTECTION STANDARDS
CANDIDATE DATA PROTECTION STANDARDS I. OBJECTIVE The aim of these Candidate Data Protection Standards ( Standards ) is to provide adequate and consistent safeguards for the handling of candidate data by
More informationIAP the road forward // Intelligent Access Program Overview Guideline
IAP the road forward // Intelligent Access Program Overview Guideline IAP the road forward // Intelligent Access Program Overview Guideline TCA-G01-2.00 First published November 2005 Transport Certification
More informationTRADE COMPLIANCE PROGRAM MARCH 7, 2018 CHANDLER S. LEONARD DIRECTORATE OF DEFENSE TRADE CONTROLS JEREMY K. HUFFMAN HUFFMAN RILEY PLLC
IMPLEMENTING AN EFFECTIVE TRADE COMPLIANCE PROGRAM MARCH 7, 2018 CHANDLER S. LEONARD DIRECTORATE OF DEFENSE TRADE CONTROLS BRYCE BEWLEY BUREAU OF INDUSTRY AND SECURITY JEREMY K. HUFFMAN HUFFMAN RILEY PLLC
More information(Non-legislative acts) REGULATIONS
11.12.2010 Official Journal of the European Union L 327/13 II (Non-legislative acts) REGULATIONS COMMISSION REGULATION (EU) No 1169/2010 of 10 December 2010 on a common safety method for assessing conformity
More informationINTERNATIONAL TRADE COMPLIANCE PROGRAM at GE
INTERNATIONAL TRADE COMPLIANCE PROGRAM at GE Yi Jiang, Trade Compliance Manager, APAC General Electric Company. 26 th ASIAN EXPORT CONTROL SEMINAR, Feb 26-28, 2019, Tokyo, Japan The organization structure
More informationRecent developments in. EU dual-use export controls
Recent developments in EU dual-use export controls 25th Asian Export Control Seminar 26 February 2018 Tokyo, Japan Stéphane CHARDON DG TRADE European Commission 1 Updating Council Regulation (EC) No 428/2009
More informationCOUNCIL COMMON POSITION 2003/495/CFSP of 7 July 2003 on Iraq and repealing Common Positions 96/741/CFSP and 2002/599/CFSP (OJ L 169, , p.
2003E0495 EN 23.07.2014 008.001 1 This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents B COUNCIL COMMON POSITION 2003/495/CFSP of 7 July
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) The EU General Data Protection Regulation (GDPR) What is the GDPR? The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) was adopted on 27 April,
More informationInformation Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationSPECTARIS Statement: Commission Proposal for a New EU Dual-Use Regulation. March Contact person:
SPECTARIS Statement: Commission Proposal for a New EU Dual-Use Regulation March 2017 Contact person: Jennifer Goldenstede Head of Foreign Trade & Export Promotion David Santorum Project Manager Foreign
More informationCommission Proposal for a New EU Dual-Use Regulation
SPECTARIS Statement: Commission Proposal for a New EU Dual-Use Regulation June 2017 Contact person: Jennifer Goldenstede Head of Foreign Trade & Export Promotion Alexander Strempel Project Manager Foreign
More information(Non-legislative acts) REGULATIONS
18.10.2015 L 274/1 II (Non-legislative acts) REGULATIONS COUNCIL REGULATION (EU) 2015/1861 of 18 October 2015 amending Regulation (EU) No 267/2012 concerning restrictive measures against Iran THE COUNCIL
More informationNATIONAL LEGISLATION ON TRANSFER OF ARMS, MILITARY EQUIPMENT AND DUAL-USE GOODS AND TECHNOLOGY
NATIONAL LEGISLATION ON TRANSFER OF ARMS, MILITARY EQUIPMENT AND DUAL-USE GOODS AND TECHNOLOGY GERMAN REPLY TO THE REQUEST FOR A STATEMENT BY THE SECRETARY- GENERAL OF THE UNITED NATIONS With reference
More informationREPUBLIC OF LITHUANIA
REPUBLIC OF LITHUANIA Law on The Management of Radioactive Waste* adopted on 20 May 1999 No. VIII-1190 Chapter I GENERAL PROVISIONS Article 1 Purpose of the Law This Law shall regulate relations of legal
More informationInformation Governance Clauses Clinical and Non Clinical Contracts
Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All
More informationNational Harmonisation of WHS Legislation
National Harmonisation of WHS Legislation Considerations for Schools Update No. 2 Roles and Structure July, 2011 Michael Shorter, CAHRI, CPMSIA, RSP (Aust) Grad. Dip. Occ. Health Prac. This update contains
More informationThe Authority s responses to the key comments received and any other substantive changes are outlined below.
8 th October 2013 Dear Stakeholders: Re: Consultation Paper on the Corporate Governance Policy for Trust (Regulation of Trust Business) Act 2001, Investment Business Act 2003, and Investment Funds Act
More informationNuclear Trade Regulation in the European Union. Ispra March 29th, 2012 Pr. Dr. Quentin MICHEL
Nuclear Trade Regulation in the European Union Ispra March 29th, 2012 Pr. Dr. Quentin MICHEL I. International Trade Principle Ispra March 29th, 2012 Pr. Dr. Quentin MICHEL Export control is an exception
More informationData Breach Notification Policy
Data Breach Notification Policy Agreed: At SMT 27 June 2018 To be reviewed May 2019 CONTENTS 1. SCOPE AND PURPOSE... 3 2. ACCOUNTABILITY... 3 3. DEFINITIONS... 3 4. WHAT IS A PERSONAL DATA BREACH... 4
More informationAVSEC Doc 8512 / SAGAS S8116
Version 30.4.2015 TAXUD/MOVE AVSEC Doc 8512 / SAGAS S8116 DRAFT REFERRAL PROTOCOLS FOR AIR CARGO AND MAIL UNDER THE EU PRE-LOADING ADVANCE CARGO INFORMATION (PLACI) RISK ANALYSIS PROCESS This working paper
More informationIBM Operational Decision Manager on Cloud
Service Description IBM Operational Decision Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized users and
More informationNIUE LAWS LEGISLATION AS AT DECEMBER 2006 ENVIRONMENT BIOSAFETY (GENETICALLY MODIFIED ORGANISMS) REGULATIONS /4 4 July 2006
NIUE LAWS LEGISLATION AS AT DECEMBER 2006 ENVIRONMENT BIOSAFETY (GENETICALLY MODIFIED ORGANISMS) REGULATIONS 2006 1 Short title 2 Interpretation 3 Objectives 4 The precautionary approach 2006/4 4 July
More informationGuidelines on the management body of market operators and data reporting services providers
Guidelines on the management body of market operators and data reporting services providers 28 September 2017 ESMA70-154-271 Table of Contents 1 Scope... 3 2 Definitions... 4 3 Purpose... 5 4 Compliance
More information