An applicant must certify to the following in the initial application for a cable landing license:
(a) That the applicant accepts and will abide by the routine conditions specified in § 1.70007.
(b) Whether or not it exhibits any of the criteria set out in the presumptive disqualifying conditions per §§ 1.70002(c) and 1.70004(a) and (b):
(1) Character presumptive disqualifying condition. An applicant seeking a cable landing license or modification, assignment, transfer of control, or renewal or extension of a cable landing license, shall also certify in the application whether or not the applicant has the requisite character qualifications as set out in § 1.70002(c). In an application for an assignment or transfer of control, the licensee, assignee/transferee, and assignor/transferor must submit this certification;
(2) Foreign adversary presumptive disqualifying condition. An applicant seeking a cable landing license or modification, assignment, transfer of control, or renewal or extension of a cable landing license, shall certify in the application whether or not it exhibits any of the criteria set out in the presumptive disqualifying condition under § 1.70004(a); and
(3) Foreign adversary cable landing presumptive disqualifying condition. An applicant seeking a cable landing license or modification or renewal or extension of a cable landing license, shall certify whether or not it exhibits any of the criteria set out in the presumptive disqualifying condition under § 1.70004(b).
(c) That the applicant has created and will implement and update a cybersecurity and physical security risk management plan, and:
(1) That the plan describes how the applicant will take reasonable measures to employ its organizational resources and processes to ensure the confidentiality, integrity, and availability of its systems and services that could affect its provision of communications services through the submarine cable system;
(2) That the plan identifies the cybersecurity risks the applicant faces, the controls it uses or plans to use to mitigate those risks, and how the applicant will ensure that these controls are applied effectively to its operations;
(3) That the plan addresses both logical and physical access risks, as well as supply chain risks;
(4) That the plan has been signed by the entity's Chief Executive Officer, Chief Financial Officer, Chief Technology Officer, Chief Information Security Officer, or similarly situated senior officer responsible for governance of the organization's security practices;
(5) That the applicant will submit cybersecurity and physical security risk management plans to the Commission upon request; and
(6) That the applicant will preserve data and records related to its cybersecurity and physical security risk management plans, including documentation necessary to demonstrate how those plans are implemented, for a period of two years from the date the related risk management plan certification is submitted to the Commission.
(d) That the submarine cable system will not use equipment or services identified on the Covered List that the Commission maintains on its website pursuant to the Secure Networks Act, 47 U.S.C. 1601 through 1609.
[90 FR 48695, Oct. 27, 2025]