On January 5, 2021, President Trump issued Executive Order 13971 “Addressing the Threat Posed By Applications and Other Software Developed or Controlled By Chinese Companies” (“EO 13971”), which targets certain Chinese connected software applications. Specifically, EO 13971 prohibits transactions by any person, or with respect to any property, subject to the jurisdiction of the United States, with persons that develop or control the following Chinese connected software applications, or with their subsidiaries: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office. The prohibition will take effect 45 days after the date of the Executive Order (i.e., on February 19, 2021). EO 13971 does not identify which transactions will be prohibited, but rather requires the Secretary of Commerce to identify the transactions and persons that will be covered by the prohibition not earlier than 45 days after January 5, 2021 (i.e., February 19, 2021).
EO 13971 was issued pursuant to the national emergency declared in Executive Order 13873 “Securing the Information and Communications Technology and Services Supply Chain” (the “Supply Chain EO”), which granted the Secretary of Commerce the authority to prohibit or modify certain transactions involving information and communications technology and services designed, developed, manufactured, or supplied by persons owned, controlled, or directed by “foreign adversaries” of the United States. Please see our prior blog posts on the Supply Chain EO and its implementation here and here.
EO 13971 reinforces the authorities granted to the Secretary of Commerce to manage broader efforts to address the national security risks, articulated by the Trump Administration, associated with the collection of personal and other sensitive data by the Government of China and the Chinese Communist Party. In keeping with this purpose, EO 13971 also directs the Secretary of Commerce to (1) evaluate whether to impose restrictions in accordance with the Supply Chain EO on additional “connected software applications” (defined as software or a group of software “designed to be used by an end user on an end-point computing device, and designed to collect, process, or transmit data via the Internet as an integral part of its functionality”) and to (2) provide a report no later than 45 days after January 5, 2021 with recommendations to prevent the sale or transfer of US user data to “foreign adversaries,” including through regulations and licensing policies.