The New Dual Use Regulation In Force From 9 September 2021
The EU Regulation 2021/821 for the recast of the Dual Use goods circulation regime was published in the Official Gazette of the EU on 11 June 2021 and will come into force on 9 September 2021, which will definitively replace the (EC) Regulation. n. 428/2009.
The update, made necessary by technological developments and increasing security risks, aims to further strengthen the Union’s action on the non-proliferation of weapons of mass destruction, contributing to international peace, security and stability.
In view of this objective, the new Regulation updates definitions (such as those of exporter and export) and regulatory
parameters and introduces numerous and relevant innovations.
Without prejudice to the need to obtain authorization for export, brokering, transit, technical assistance and, in limited circumstances, intra-Union transfers of products included in Annex I, the new regulation expands the cases of application, to dual goods not included in the aforementioned annex, of the catch all clause.
This clause allows the authority to subject to prior authorization also the export or transfer of goods (or technologies)
not included in the list referred to in Annex I to the regulation, in the event that they are connected to prohibited uses.
The extension of the cases of application of the catch-all clause mainly concerns the new cyber surveillance technologies, which may be subject to authorization, even if not included in Annex I, if use of the same emerges in violation of human rights or international humanitarian law.
Furthermore, Member States may independently prohibit or authorize the export of goods not included in Annex I for
reasons of public security (including the prevention of terrorist acts), or for considerations relating to human rights.
With reference to the types of authorizations that can be granted, the update leaves the individual and global authorizations substantially unchanged, expanding the number of cases that can be authorized in a facilitated way, through the provision of two new EU general authorizations (so called AGEU) that can be used by operators. In fact, when certain requirements are met, it is possible to use the AGEU for intragroup transfers of technology and software (AGEU 007) and for the export of certain control codes relating to category 5, in terms of encryption (AGEU 008).
2 9 L U G L I O 2 0 2 1 1 4 L U G L I O 2 0 2 1
An important novelty on the subject is represented by the possibility of obtaining the so-called “Major project authorizations”: these are individual or global authorizations, granted to an exporter for a type or category of dual-use items, valid for exports to one or more end-users and to specific third countries, in order to carry out large-scale projects. These authorizations may have a duration of no more than four years, unlike individual and global authorizations, which will have a maximum validity of two years. The new regulation gives operators a central role in the self) determination of the risks that trade in dual-use products or technologies entails for international security. A corollary of this principle is the new importance attributed to the Internal Compliance Programs (so-called PIC), expressly defined as effective, appropriate and proportionate policies and procedures to the size and organizational structure of the company, capable of facilitating compliance with the provisions and the objectives of the regulation as well as the terms and conditions of the authorizations granted pursuant to it.
The preparation and implementation of Internal Compliance Programs may be considered mandatory if operators want to take advantage of the most interesting authorization facilities (such as global authorizations or new EU general authorizations).
All operators who want to make use of the simplifications granted by the new legislation, therefore, will be required to implement the PIC, taking the opportunity to carry out an accurate gap analysis aimed at assessing the impact of the new legislation on their business and to define internal procedures appropriate to the company and effective in guaranteeing compliance with the Dual Use discipline, avoiding the related risks, both criminal and administration.