When it comes to critical infrastructure such as electricity, water treatment, internet connectivity, and hazardous waste management, many fear that foreign governments may find ways to infiltrate those systems. To proactively prevent this sort of hacking, the U.S. federal government and states like Texas have instituted regulations and laws that prohibit businesses or individuals from engaging in commercial transactions with certain foreign nations. This episode of Jackson Walker’s Fast Takes podcast features Robert Soza discussing the Lone Star Infrastructure Protection Act (LIPA) and regulations from the U.S. Department of Commerce on the Information and Communications Technologies (ICT) supply chain. Tune in as Robert shares what businesses need to understand regarding their potential liability for installing and using technology components manufactured in countries like China and Russia.
For additional information, see the Jackson Walker article “Texas and Federal Government Seek to Protect U.S. Infrastructure From Disruption by Foreign Adversaries.” Also, for questions related to LIPA, ICTS regulations, and international trade laws, please contact Robert Soza or any member of Jackson Walker’s International Transactions team.
Greg Lambert: Hi, everyone. I’m Greg Lambert, and this is Jackson Walker Fast Takes. Back in June 2021, the Lone Star Infrastructure Protection Act, or LIPA, went into effect here in Texas in order to protect Texas’ critical infrastructure against certain individuals, companies, and foreign governments. I asked Jackson Walker San Antonio partner Robert Soza to come on in discuss LIPA and its implications on businesses here within the state of Texas.
Robert, thanks for taking the time to talk with me.
Robert Soza: Thank you for inviting me.
Greg Lambert: What exactly does the Lone Star Infrastructure Act do, and can you talk us through a little bit about the reasoning for the Texas government to put such a new law into effect?
Robert Soza: Sure. For a number of years now, there has been considerable concern that buying components of our infrastructure—be it electricity, be it communications, be it cloud source or satellite—that those components come with software or hardware that allows foreign governments to interfere, surveil, or disrupt the service that’s being provided. There has been some evidence that in fact, on our electric grid, there have been some components that contain what they call backdoor hardware that allows for remote access. So, I think it’s very clear that both the U.S. federal government and many of our states’ governments are a little behind the curve on this. So, this act in particular and federal acts, which I will talk about here shortly, are meant to address this particular problem.
Greg Lambert: You mentioned the federal regulations, as well. What are some of those federal regulations, and how would they also affect businesses and, say, landowners here in Texas?
Robert Soza: Yeah – and let me contrast what’s going on at the federal level with the Lone Star Infrastructure Protection Act. So, LIPA has waded into a territory that has been extensively regulated by the federal government. There are many things that LIPA covers that have been, for many years now, covered by the federal regulations, and I’ll talk a little bit about that later. But one thing that LIPA does not do is it does not have an enforcement provision. It doesn’t have fines or penalties for violating the law. It doesn’t have a regulatory agency that’s going to enforce the law. It doesn’t even have a delegation to regulatory agency to issue regulations. So all we have is this law that prohibits certain activity. Specifically, what it prohibits is purchasing infrastructure parts from primarily China and Russia; it includes North Korea, Venezuela, and some other countries as well. We’re not going to talk about those because transactions with those countries are already prohibited under very old federal regimes.
So, what LIPA does is it prohibits critical infrastructure in the state of Texas from buying parts or components from, for example, China or Russia that provide the Chinese or the Russians the ability to remotely control the critical infrastructure. LIPA defines “critical infrastructure” as our electronic grid, our telecommunications and cybersecurity grid, water systems, and hazardous waste management systems.
When we look at the information grid, when we look at the communications grid, in March 2021, the U.S. Commerce Department issued regulations prohibiting companies – beginning in March – from buying critical infrastructure components that go into what they term “information and communication technologies and services” supply chain (ICTS). And regulations are still being developed. The Commerce Department has subpoenaed information from Chinese companies specifically that service this industry, and they’re going to be determining which of those components that may have already been purchased, that may have already been installed on U.S. systems, are now going to have to come out of those systems, are now going to have to be ripped out of those systems. And then they’re also going to look at prospective transactions and block those transactions. These regulations do have fines, penalties, enforcement. They have an agency that has prosecutors that will go after people who do not abide by their decision. So, when we look at the cost of complying with this ICTS regulation, it is in the billions of dollars for our U.S. technology industry, and it covers everything from cloud computing, to cybersecurity, to telephone, to wireless, to wired, to cable, satellite—it would take me 10 or 15 minutes to describe all the different technologies that are listed under the definitions of this regulation. But it’s going to be extensive.
What’s really kind of unique about it from a regulatory perspective is, normally, you’re given advanced warning that you’re going to be regulated. Well, now these regulations were effective as of March, we still don’t know what technology it’s going to cover. So, you will have violated the regulation even though the regulation isn’t very clear yet in March when you purchase and install this technology, and you won’t know whether or not it’s in violation until the Commerce Department starts coming out and telling you that this technology that you purchased needs to come out of your infrastructure.
Greg Lambert: Well, given the broad implications here, what exactly should an individual landowner or company do to understand what’s going on and protect themselves from any potential violations?
Robert Soza: So, let’s break it down into two buckets. You’ve got the people that are owning the technology, the infrastructure. Right now, they need to start studying what components they have acquired from foreign vendors. You can acquire technology from a foreign vendor that’s not in China, but the components were manufactured in China partially or wholly. So, it’s not just enough to know where they came from, but really where they originated from, and make a determination whether those items might be those that provide a foreign manufacturer the right to have backdoor access or have the right to interfere with the normal operations. Then you look at it from a mergers and acquisitions perspective. So you’re the buyer, you found a target, you think you understand what the targets liabilities are, but unless you lift the hood on this and look underneath and see whether or not they have any of this technology that might get implicated under these new regulations, you may find a bunch of unstated, unliquidated liabilities that you’re not yet aware of. So, it really is an area that deserves a lot of study, both for those that own and manage the technology right now, the infrastructure right now, and those that are looking to expand their footprint in this area as they acquire new companies in the United States.
Greg Lambert: Robert Soza, thank you very much for walking us through some of these issues around the federal regulations and the Texas law of LIPA.
Robert Soza: Thank you for the opportunity, Greg.
The music is by Eve Searls.
This podcast is made available by Jackson Walker for informational purposes only, does not constitute legal advice, and is not a substitute for legal advice from qualified counsel. Your use of this podcast does not create an attorney-client relationship between you and Jackson Walker. The facts and results of each case will vary, and no particular result can be guaranteed.