Catch-all control and cyber-surveillance items
Export control and sanctions regulation is more stringent on catch-all and cyber-surveillance situations than regulation applicable on dual-use items in general. Catch-all control applies when non-listed dual-use items (i.e., items that are not listed in Annex I) are exported to a military use contrary to the interests of Finland and EU. Cyber-surveillance controls apply when non-listed dual-use items that are specially designed to enable the covert surveillance of natural persons by monitoring, extracting, collecting or analysing data from information and telecommunication systems are exported in situations where they are or may be intended, in their entirety or in part, for use in connection with internal repression and/or commissioning of serious violations of human rights and international humanitarian law.
The following controls make regulation more stringent in catch-all and cyber-surveillance situations:
- The Ministry for Foreign Affairs of Finland may impose authorization requirement for export of non-listed dual-use items (i.e. items that are not listed in Annex I). Non-listed dual use items do not meet the technical specification of Annex I (i.e. such non-listed items have less developed performance levels, characteristics or functions than listed dual-use items but are nonetheless sensitive due to their technical possibilities or suspected end-use of concern). Authorization requirement becomes valid when the Ministry for Foreign Affairs of Finland informs University of catch-all or cyber-surveillance situation.
- If University or a member of Aalto community is aware of or has reasons to suspect catch-all or cyber-surveillance situation, based on its due diligence findings, University has an obligation to notify the Ministry for Foreign Affairs of Finland. Following receipt of such notification the Ministry for Foreign Affairs of Finland decides whether or not to make the export concerned subject to authorization.
- In order to satisfy the notification requirement of University mentioned in the above bullet point, University and members of Aalto community have the obligation to be diligent so that they may identify circumstances where catch-all and cyber-surveillance situations are at hand. This obligation calls for conduct of due diligence (e.g. obligation to know the collaboration partner) on the part of University and members of Aalto community who engage in activity that may lead to catch-all or cyber-surveillance situation.
Due diligence related to catch-all and cyber-surveillance situations is focused on end-users (i.e. University’s collaboration partners) and the end-uses to which such collaboration partners, directly or indirectly, may put the items received from University. If any member of Aalto community is aware or suspects that an activity or project in which University is involved entails catch-all or cyber-surveillance situation, such member must abstain from engaging further to such research and immediately inform the relevant person(s) at University in accordance with instructions given here.
Following receipt of the above-mentioned notification University will internally review the matter and, if necessary, inform the Ministry for Foreign Affairs of Finland who will conclude whether a license application is necessary. Please see End-use and end-user control for more information.