Feeble rules: one dual-use sanctions regime, multiple ways of implementation and application?

ABSTRACT Export controls of dual-use products and sanctions on respective items are highly regulated in the European Union (EU). However, we find multiple instances of implementation and application problems of dual-use control in the Member States. To explain this puzzling observation, we investigate the relationship between the institutional design of sanctions and their subsequent implementation and application. Drawing on rational design theory, we argue that even if coherence is the EU’s stated goal, the institutional design of the current dual-use export control regime is inadequate to provide for coherence. National licensing decisions and a constant need for the interpretation of contingent rules in the implementation and application of dual-use sanctions are structural challenges to establish a coherent European policy. The relationship between institutional design and coherence, which we investigate in the context of sanctions, is not specific to the EU. Instead, we offer a novel conceptual and analytical tool to study the expected degree and causes of (in-)coherence in the implementation and application of any regime of international sanctions.


Introduction
Dual-use items and technology are primarily designed to serve civilian purposes. They play an important role also in the construction of weapons of mass destruction and other military or shady activities. Accordingly, several multilateral export control regimes (e.g. the Australia Group, the Nuclear Suppliers Group, the Wassenaar Arrangement) seek to counter proliferation. To implement these internationally agreed dualuse controls and introduce coherent European trade standards, the EU established a separate dual-use export control regime.
The regulatory basis for European dual-use export control, Regulation 2021/821, (henceforth, Dual-Use Regulation), became effective in September 2021. The Dual-Use Regulation ought to establish "[a]n effective common system of export controls on dual-use items" (preamble of Regulation 2021/821) and is directly applicable in all the Member States. It defines a comprehensive list of items subject to export authorisation, specifies the licensing criteria for the granting of such authorisations, and obliges the Member States to inform and consult one another on critical exports. Despite the Dual-Use Regulation's binding nature, the implementation of several provisions depends on national legislation and administrative measures.
The Dual-Use Regulation is also the primary legal basis for the implementation of European dual-use sanctions. The EU adopts only a few dual-use sanctions through the Common Foreign and Security Policy (CFSP), which is why respective measures are typically adopted indirectly as a result of European arms embargoes (Urbanski 2020). The majority of dual-use sanctions thus blend with regular export control governed by the Dual-Use Regulation. Public security concerns, human rights considerations and the intended end-user may also justify dual-use export restrictions. Since the revised Dual-Use Regulation of 2021 strengthens the human security dimension of export control, it might also serve as a legal basis for dual-use sanctions more frequently in the future (Urbanski and Meissner 2020).
Although the EU has established an unprecedented level of regulation, considerable national differences in the implementation and application of European dual-use export control rules persist (Commission 2015, Micara 2012. In 2017, for instance, the British defence company, BAE Systems, obtained a Danish export authorisation for selling mass surveillance technology to six Arab statesagainst the expressed security concern of British export authorities (BBC 2017). The most prominent case of incoherent dual-use sanctions is the diverging implementation of the export control regime against China (Bräuner 2013). Given the high level of regulation and various information exchange requirements, incoherent implementation and application of European dual-use sanctions are empirically puzzling and undesired from the perspective of EU Member States.
This article aims to explain incoherence in European dual-use governance and analyse the discrepancy in the implementation and application of European dual-use sanctions. We conceive coherence as the absence of variation and contradiction in how the Member States interpret and implement European rules through national legislation and how national authorities apply those rules in practice (see also Portela and Orbie 2014, pp. 64-65; and our theory section below).
We argue that inconsistencies in the European export control regime can be explained by its institutional design. Our central theoretical claim is that the interplay between sanctions complexity and governance mode determines the prospects for coherence in the implementation and application of international sanctions. Starting from the basic tenets of rational design theory, we identify two modes of governance that classify institutionalised cooperation. Whereas collective governance is based on coordinated national implementation of international rules, corporate governance involves a transfer of respective authorities to the international level. To specify sanctions complexity, we introduce the conceptual pair of definite and contingent rules. Sanctions based on definite rules define the target, the measures, and possible exemptions, whereas sanctions based on contingent rules leave some room for interpretation regarding at least one of these criteria. We argue that sanctions based on contingent rules are prone to incoherence if they are governed collectively rather than corporately.
We show that European dual-use sanctions are primarily based on contingent rules whose implementation and application depend on collective governance. Although it is too early to assess the precise effects of the revised Dual-Use Regulation of 2021, we argue that its institutional design is fundamentally similar to its forerunner (i.e. Council Regulation 428/2009). The Dual-Use Regulation was adopted under the supranational Common Commercial Policy (CCP) making export control a corporate policy. Adopting a common European control list, the definition of export licensing criteria and the exchange of information should have led to a coherent European dual-use export policy. However, the Dual-Use Regulation "re-delegates" important authorities back to the Member States. The implementation and application of joint dual-use sanctions are thus dependent on national interpretations of European rules and varying resources of local authorities. Problematically, neither the control list nor the licensing criteria are exhaustive. The institutional design of the European export control regime thus promotes incoherence.
Our contribution is threefold. Whereas previous research explains sanctions' incoherence primarily with defective state action and sanctions busting by private actors (e.g. Moore 2010, Early 2015, Weber and Stępień 2019, we, first, identify the institutional design of sanctions regimes as a potential source of incoherence. Second, the distinction between the governance mode and sanctions complexity introduces a new conceptual perspective to analyse the institutional design of international sanctions. Our theoretical framework can be used to study the causes for incoherent implementation and application practices in a variety of international sanctions regimes. Finally, our case study contributes to the growing empirical literature on EU sanctions (e.g. Portela 2010, Giumelli et al. 2020) by offering a systematic analysis of national implementation patterns in the field of dual-use sanctions.
The article proceeds in four steps. First, we review the sanctions literature focusing on EU restrictive measures and identify the systematic investigation of (in-)coherent implementation and application dynamics as a blind spot. Second, we introduce a rational design argument to distinguish between the two modes of governance. We show how collective Member State governance and corporate EU governance in combination with the varying complexity of sanctions differ in their capability to ensure coherence. Third, we reconstruct the institutional history of the European dual-use export control regime and analyse and discuss recurring problems of incoherent sanctions implementation and application. Finally, we summarise our findings and reflect on the implications for research on international sanctions.

State of the art
Ever since the EU established itself as "a new actor on the sanctions scene" (de Vries and Hazelzet 2005) in the 1990s, the scholarly literature on European restrictive measures (the official lingo for European sanctions) has evolved into a sophisticated body of research. While most of this research focus on the effectiveness of sanctions (e.g. Portela 2010, Boogaerts 2018a, Weber and Schneider 2020, scholars also investigate other aspects of EU restrictive measures, such as their legal design (Koutrakos 2001, Eckes 2014, Cardwell 2015, the way the EU responds to human rights violations (e.g. Kreutz 2015, Boogaerts 2018b or the impact and consequences of European sanctions (e.g. Giumelli 2017).
A recurring research theme in the study of EU sanctions is the degree of coherence. We conceive coherence as a convergence of external action where the EU takes a common approach, and different activities do not undermine each other (Art. 21 TEU;Szymanski and Smith 2005). Horizontal coherence thereby refers to the absence of contradiction among different EU policies or instruments (Carbone 2008). For instance, Portela and Orbie (2014) find a remarkable coherence of restrictive measures under the CFSP and sanctions under the Generalised Scheme of Preferences. In contrast, vertical coherence refers to the relations between the EU and its Member States and convergence of actions on both levels (Carbone 2008). This article focuses on vertical coherence and understands it as the absence of variation and contradiction in how the Member States implement and apply sanctions (Portela and Orbie 2014, pp. 64-65). Across the EU and its Member States, scholars typically find vertical coherence: Restrictive measures adopted within the framework of the CFSP display a "reasonably high level of coherence" (Portela 2010, p. 171) and the Member States rarely undermine these measures (Portela 2015, p. 60).
Although scholars discern a high level of vertical coherence across the EU and its Member States (Portela 2010, Portela and Orbie 2014, there is still evidence for incoherencies in the EU's sanctioning activities. First, if the consensus in the CFSP is unattainable, the Member States occasionally resort to unilateral sanctions. For instance, in the wake of the Russian annexation of Crimea in 2014 and the Saudi Arabian murder of Jamal Khashoggi in 2018, we have witnessed an uncoordinated suspension of European arms sales (Kranz 2016, pp. 985-986, McAuley andNoack 2018). In such instances, the EU does not act as a single coherent sanctions sender. Second, exemptions in the context of EU sanctions decisions on financial restrictions and restrictions of admission have been identified as possible sources of incoherence (Golumbic and Ruff III 2013, pp. 1038-1051. Since such exemptions are advocated and administered by the Member States, they can potentially undermine EU measures. Hence, while scholars have documented implementation problems in anecdotes and case studies (e.g. Druláková and Zemanová 2020), no systematic investigation into general patterns and causes of incoherence, as described above, hitherto exists.
To date, we know little about the institutional preconditions for the (in-)coherence of European sanctions regimes (see, however, Portela and Orbie 2014). Some studies suggest that the involvement of international organisations like the EU positively affects the success of sanctions regimes (Drezner 2000, Bapat and Morgan 2009), because they may be effective in keeping up a coherent sanctioning coalition (see also Early and Spice 2015). Most studies investigating the role of coherence of multilateral sanctions emphasise "spoiler behavior" which undermines sanctions by private rentseeking actors (e.g. Early 2009, Weber andStępień 2019) or backsliding by politically and economically motivated states (e.g. Moore 2010, Early 2015; see also Drezner 2000, p. 74).
Yet, the very design of international sanctions regimes might also be a source of incoherence. Sanctions-busting and backsliding certainly undermine coherence, unintended and constructive ambiguities in the formulation of sanctions (Byers 2020, p. 3, Giumelli 2018. But, lack of legal and executive capacity to implement, apply and enforce restrictive measures (Ward 2005) and high coordination requirements might also result in incoherent sanctions practices. Since the EU is typically considered a coherent sanctions sender (Portela 2010, Portela andOrbie 2014), the institutional basis of the CFSP and the CCP seems to provide an adequate response to many of these issues. However, recurring incoherencies in the implementation and application of some types of restrictive measures, as described above, suggest that European sanctions regimes still suffer from institutional flaws. We argue that the institutional design of sanctions may (dis-)favour a coherent implementation and application of sanctions decisions.

Institutional design and coherence
International organisations like the EU help states solve collective action problems (Koremenos et al. 2001, Koremenos 2008) and international sanctions primarily involve two such problems (Drezner 2000, p. 83). First, the sender states find themselves in a coordination game over which measures to adopt. Second, the implementation of international sanctions is subject to a prisoner's dilemma because unilateral defection might have favourable economic implications. Institutionalised cooperation facilitates the coordination game and "[…] prevent[s] backsliding by giving wavering states the means to resist domestic pressures and by reassuring states that a cooperative equilibrium will be maintained" (Drezner 2000, p. 98).
The coordination game in the adoption phase of restrictive measures and the prisoner's dilemma in the implementation phase are two potential sources of incoherence in European sanctions. Diverging assessments of a sanctions target's misdemeanour, heterogeneous preferences, and a "redistributive impact of restrictive measures" (Giumelli 2017) may easily result in a fragmented European sanctions policy. When the coordination game fails, some Member States might adopt separate national measures, whereas others keep up their normal international relations. Likewise, the prisoner's dilemma incentivises defective behaviour resulting in backsliding and sanctions-busting.
Yet, the coherence of any European sanctions regimes depends not only on mastering the coordination game but also the prisoner's dilemma. We argue that incoherence emanates from several other sources. To distinguish between different sources of incoherence, we parse the process of imposing European restrictive measures into four phases: (1) adoption, (2) implementation, (3) application, and (4) enforcement.
In the (1) adoption phase, the Member States bargain over whether or not to establish a European sanctions regime (see also Sjursen andRosén 2017, Boogaerts 2018b). Since we are primarily interested in explaining how inconsistencies emerge after the Member States have agreed upon the imposition of sanctions, the coordination game of the adoption phase is beyond the scope of this article. However, we assume that any unanimous establishment of EU sanctions indicates the Member States' desire for a coherent European sanctions policy.
In the (2) implementation phase, sanctions are transposed into practical directives. This takes the form of a collective action problem because the transposition is accomplished by legislative rules. Since the Member States have not clothed the EU with a unified competence to implement restrictive measures, these rules can be established either on the European or the national level. For instance, trade measures and financial sanctions are typically implemented through a Council Regulation. On the contrary, arms embargoes and travel bans are implemented through national legislation.
Differences in the implementation may lead to differences in (3) application. The application of sanctions provisions is in the hands of national authorities. For example, national authorities deny export permissions for sanctioned items, and border guards repel blacklisted individuals. Since the authorities must interpret the implementing rules, there is a third coordination game. Implementation decisions must be interpreted consistently across all Member States to ensure a coherent application.
The enforcement phase (4) effectuates sanctions. Compliance monitoring and the introduction of penalties minimise sanctions-busting. However, monitoring and penalties may differ across the Member States, which makes sanctions-busting less attractive in some states than in others.
The focus of this article is on phases 2 and 3. We start from a situation where a European sanctions regime is in place and assume that the Member States are generally interested in a coherent implementation and application.

Collective vs. corporate governance
A key property of international organisations is centralisation (Abbott and Snidal 1998). Centralisation covers "[…] a wide range of centralized activities" that are "[…] performed by a single focal entity" interfering "[…] directly on national sovereignty" (Koremenos et al. 2001, p. 771). Centralisation reduces the costs of cooperation by facilitating collective decision-making and credibly committing to joint policies. In international sanctions, the United Nations Security Council and the EU's Foreign Affairs Council are clothed with authority to impose mandatory restrictive measures. Legal oversight of certain targeted EU measures is centralised. The Court may review the legality of financial sanctions against companies and private individuals.
A special variant of centralisation has been discussed under pooling (Lake 2007, Hooghe andMarks 2015). By pooling competencies on the level of the EU, the Member States deliberately abandon the right to exercise these authorities unilaterally. Instead, pooled authorities are exclusively governed by jointly agreed-upon decision-making bodies and procedures (Urbanski 2020). These institutions of corporate governance may consist of the Member States themselves (e.g. the Council) or specialised agents (e.g. the Commission). Whereas the Council is closely aligned with the interests of the Member States, other corporate bodies, like the Court, enjoy certain autonomy from state preferences. In any case, pooling establishes authoritative decision-making structures constraining how the Member States can articulate and realise their own interests and goals (Kenis and Schneider 1987, p. 441).
Although pooling is prevalent in many international organisations, it is not a prerequisite for successful cooperation. In particular, states generally prefer not to transfer authorities in the area of security (Koremenos, 2008, pp. 160-161). Accordingly, entire international security organisations like the North Atlantic Treaty Organisation rely on the coordination of national policies rather than the joint governance of a common pool. Hence, different international organisations constrain member-state activities in different ways. To distinguish between cooperation based on the coordinated use of national authorities and cooperation based on the joint use pooled authorities, we use the conceptual pair of collective and corporate governance (see also Urbanski 2020).
The presence (or absence) of a common pool has substantial implications for the course and scope of European sanctions. If the Member States keep sovereign control over national authorities, they can use them at their discretion. Consequently, coherence in European sanctions depends on collective governance that is, close coordination of national policies. On the contrary, if authority resides with a common pool, the Member States cede control to institutions of corporate governance. Whether and how corporate governance translates into European restrictive measures depends on the type of pooled authorities and the assigned decision-making institutions.
The advantages of corporate EU over collective state governance are obvious. Pooling reduces the cost of cooperation and helps the Member States "[…] to achieve goals that they cannot accomplish on a decentralized basis" (Abbott and Snidal 1998, p. 29). The creation of corporate structures secures credible commitment, solves problems of incomplete contracting and facilitates decision-making through voting procedures and the employment of agenda-setters (e.g. Pollack 1997, Hawkins et al. 2006, Tallberg 2010. Hence, pooling is a rational solution that backs up international cooperation. The corporate structure of the EU is highly functional regarding well-defined policy objectives.
Yet, corporate governance also involves costs for why the Member States frequently prefer retaining national authority. A policy area that is, to a large extent, governed by the coordination of national policies, is the CFSP. As noted above, matters of security touch upon the core of state sovereignty and are thus rarely put under corporate control. Since restrictive measures are a policy tool that is typically employed in tense situations entailing security-related implications, the Member States are generally not expected to cede comprehensive authorities to the EU. Nevertheless, many European restrictive measures are adopted by the Council, acting by unanimity.
From an intergovernmental perspective, the CFSP is an institutionalised forum in which the Member States adopt and coordinate policies on issues of high politics. Yet, the contrasting of corporate governance with collective governance prises open the intergovernmental perspective and offers new insight into how European foreign policies come into existence. The pooling argument aims at the locus of the right to exercise authority and determines whether CFSP decisions are a corporate or a collective product. Depending on the nature of a distinct policy, the Council is either a forum to coordinate national policies or a corporate body that manifests the EU as a separate acting entity.
To illustrate that collective and corporate governance have different practical implications, the European sanctions against Syria serve as an example. Council Decision 2011/273/CFSP established, inter alia, an arms embargo and a sales ban on equipment, which might be used for internal repression. Although both measures were adopted in the same Council session and are mentioned in the same document, the two types of measures are based on different modes of governance. The arms embargo relies on intergovernmental coordination of national policies. Article 346 Treaty on the Functioning of the European Union (TFEU) explicitly excludes trade in arms from the EU's exclusive authority. The arms embargo is thus a collective Member State decision. Coherence, regarding its implementation, depends entirely on the coordination of national legislation. In contrast, sanctions on equipment that can be used for internal repression (e.g. anti-riot water cannons, razor barbed wire, etc.), are based on pooled competencies. The adoption of these measures is a corporate authority because the CCP does not allow for separate national trade measures. Contrary to arms embargoes, which can be also imposed by individual Member States, the authority to adopt and implement restrictive trade measures has been ceded to the EU (Art. 215 TFEU). Consequently, the sales ban on equipment for internal repression is a corporate EU measure. The implementation was based on Council Regulation 442/2011.

Governance mode and sanctions coherence
To explain (in-)coherence in European restrictive measures, we focus on the relationship between sanctions complexity and governance mode. We argue that, collective Member State and corporate EU governance can, in principle, ensure the coherent adoption, implementation, and application of international sanctions. However, we also argue that with increasing sanctions complexity, collective governance becomes less adequate to ensure coherence.
The complexity of sanctions regimes varies considerably across different types of sanctions. Whereas some restrictive measures require only a few straightforward implementation decisions, others come along with a constant stream of decision-making. To grasp the complexity dimension of restrictive measures, we distinguish between two types of sanctions instruments. The implementation of sanctions is determined by definite or contingent rules.
Sanctions based on definite rules establish restrictive measures that clearly define target, measures, and possible exemptions. Respective sanctions regimes are based on a comprehensive and definite set of rules leaving no room for diverging interpretations on whom to target with which instruments. An example of definite restrictive measures is the arms embargo. A typical formulation in CFSP arms embargoes states that "[t]he sale, supply, transfer or export of arms and related materiel of all types, including weapons and ammunition, military vehicles and equipment, paramilitary equipment and spare parts for the aforementioned […] shall be prohibited" (e.g. Council Decisions 2011/423/CFSP and 2017/2074/CFSP). While respective provisions never define the scope of "arms and related products", the Member States, by and large, implement and apply European arms embargoes coherently (Kranz 2016, p. 990). Coherence is primarily promoted through a comprehensive European arms trade regime that defines minimum standards for the export of arms and war material (see esp. Common Position 2008/944/ CFSP). The European arms trade regime includes the so-called Common Military List of the European Union (2020/C 85/01) which is updated annually includes a comprehensive and exhaustive list of what is considered as "arms and related materiel". Although the Member States implement European arms embargoes nationally, the Common Military List enables coherence because the scope of the embargo is clear to governments and weapon manufacturers.
Restrictive measures based on contingent rules establish European sanctions regimes that leave some room for interpretation regarding at least one of the three criteria of target, measures, and exemptions. The most prominent example of restrictive measures based on contingent rules is dual-use sanctions. To establish an effective European dual-use export control regime, the Council set up the Dual-Use Regulation, which promotes the harmonisation of licensing procedures and establishes a common list of dual-use items. However, the list of dual-use items is not conclusive. The Member States may unilaterally extend the scope of the regulation to cover virtually any product. There is thus certain contingency regarding the scope of dual-use sanctions. Moreover, the target of dual-use sanctions is frequently identified only indirectly. As we will elaborate in more detail below, the design of the Dual-Use Regulation leaves considerable interpretative flexibility to the Member States.
The prospects for a coherent implementation of European restrictive measures are determined by the interplay between the mode of governance (collective vs. corporate governance) and the type of sanction (definite vs. contingent measures).
Sanctions based on definite rules can be easily implemented and applied through collective governance. Pooling is not required because the scope and the target of respective measures are clear to all parties involved. Since pooling is tantamount to giving up sovereignty, the Member States have little incentive to empower the EU to govern sanctions regimes that are based on definite rules. Yet, there are still sanctions featuring definite rules which are nonetheless governed by corporate procedures. For instance, European trade sanctions are corporately governed through the EU. Although restrictive trade measures could also be coherently implemented and applied through collective governance, functional linkages between the communitarised CCP and economic sanctions induced a transfer of respective competencies to the EU (Urbanski 2020).
The coherence of sanction implementation and application is potentially low if a sanctions regime is based on contingent rules and if a respective regime is implemented nationally. Contingent rules require that national legislators specify which items or entities are under what conditions subsumed under a sanctions regime. The implementation of contingent sanctions typically delegates sanctions decisions to national authorities, which must decide upon a constant stream of requests. The national coordination of 27 decision-making streams is a challenging task and is likely to produce an incoherent sanctions practice.

The European dual-use export control regime
To investigate the theorised link between institutional design and (in-)coherent national implementation and application practices regarding dual-use sanctions, we rely on a triangulation of three data sources. First, we outline the institutional design of the current Dual-Use Regulation by looking at its central provisions. Second, we draw on a systematic analysis of national implementation patterns in the EU based on data released from the European Commission (2019) and the Member States (OJ C 16/4). Third, we rely on information from semi-structured interviews and background talks conducted with six officials directly involved in national decision-making on dual-use matters from the German Federal Foreign Office and the German Federal Ministry for Economic Affairs and Energy in September 2019.
Starting from a brief account of the Dual-Use Regulation's institutional history, we examine implementation and application practices across EU Member States. Although we separate implementation and application analytically, the two phases are empirically interlocked: cross-country variation in the implementation of the Dual-Use Regulation is likely to produce variation in the application of dual-use export control. These incoherencies might be further enhanced by the fact that national authorities are equipped with varying administrative resources.

The institutional design
The institutional design of the current European dual-use export control regime reflects an enduring conflict between national prerogatives in matters of security and the highly communitarised CCP. The first Dual-Use Regulation (Council Regulation 3381/94) was adopted under the CCP and the basic rules for trade in dual-use items were defined: licensing and customs procedures and the obligation to exchange information. However, not all aspects of export control were based on pooled authorities. The regulation was accompanied by Council Decision 94/942/CFSP, which initially defined the list of products covered by the first Dual-Use Regulation. The Council Decision also established criteria to guide national licensing. However, the regulation of trade is a genuine EU competence, national licensing "re-delegated" implementation back to the Member States (Urbanski 2020). All crucial decisions at adopting, implementing, and applying European dual-use export control rules remained under national control. While the Member States collectively agreed upon common proceedings, they did not want to give up their competencies in the area of export control (Alavi and Khamichonak 2017, p. 62). Hence, collective rather than corporate governance prevailed.
The interpretation of licensing criteria is crucial for the granting of export authorisations, and the delegation of respective tasks to national authorities enabled a potentially incoherent European export policy in the first place: The criteria on the basis of which national authorities were to assess requests for export authorisations constituted the very core of the mechanism laid down in Regulation 3381/94: to exclude them from its scope was tantamount to depriving the mechanism of its modus operandi and seriously impairing its effectiveness (Koutrakos 2006, p. 424).
Moreover, the Dual-Use Regulation also included a so-called "catch-all" clause which enabled the Member States to restrict the export of non-listed products if these are or may be intended to be used in weapons of mass destruction programmes (Koutrakos 2001, pp. 96-97).
Due to two rulings by the Court of Justice of the European Union (CJEU), i.e. the cases of Leifer (C-83/94) and Werner (C-70/94), the Commission presented a new proposal which eventually resulted in a revised regulation. The new Council Regulation 1334/2000 was based entirely on the CCP and all matters previously subject to the CFSP Council Decision were transferred to it (Micara 2012, pp. 583-584). More specifically, the list of dual-use items and the criteria to guide national licensing became subject to the Council Regulation and were thereby subsumed under the CCP. At first glance, this seems like a major change in favour of establishing a corporate authority in matters of dual-use export control. However, even under the new regulation, implementation and application still remained a national authority and the licensing criteria were not exhaustive, providing the Member States with significant discretion (Eeckhout 2004, Alavi andKhamichonak 2017). Hence, the coherent implementation and application of the Dual-Use Regulation continued to be based on collective governance.
The Member States' discretion in the implementation and application of European export control rules was further broadened by the adoption of separate national export restrictions. Article 36 (TFEU) permits the restriction of export relations due to public security concerns even for CCP matters outside of the dual-use domain: "[…] restrictions on imports, exports […] justified on grounds of public morality, public policy or public security" are not prohibited. A recent example of the use of this provision is the introduction of French and German export controls for protective medical gear at the beginning of the Corona pandemic. Yet, contrary to other goods falling under the CCP, dual-use items are security-relevant by definition. The CJEU generally confirms a broad interpretation of public security concerns in the area of dual-use goods in its Leifer ruling. According to CJEU case law, Article 36 (TFEU) covers the internal and external security of a Member State. The court holds that it cannot draw a hard distinction between foreign and security policy. Since dual-use goods are pertinent to a Member State's foreign and/or security policy, virtually any item may be restricted by national authorities due to public security concerns.
In 2009, Council Regulation 1334/2000 was subject to another revision, which resulted in Council Regulation 428/2009. As Micara (2012) explains, the 2009 regulation strengthened the EU in matters of coherence: Member States, for instance, must exchange information on all denials and conduct consultations on controversial export decisions. However, this only applied to negative export decisions while information on the granting of licenses was not systematically exchanged. In 2014, the Commission was empowered to update the control list, which constituted a further pooling of resources on the level of the EU. Yet, the Commission's activity was restricted to updating information from international export control regimes like the Wassenaar Arrangement.
While the Dual-Use Regulation was formally tied to the corporate CCP and is considered one of the most unified export control regimes (Alavi and Khamichonak 2017, p. 65), its substance left significant discretion to the Member States. This is particularly relevant at implementing and applying dual-use sanctions. Importantly, the authority over export licensing largely remained with the Member States and was not pooled at the EUlevel. This implies that although the EU's Dual-Use Regulation of 2009 was a supranational product rooted in the CCP, it maintained a system characterised by collective member state action. Collective governance rested on the coordination of national export licensing, which remained the cornerstone of the EU's dual-use export control regime. Without the close coordination of licensing decisions, national export authorities contributed to a potentially incoherent export control policy.
The latest Dual-Use Regulation (2021/821) became effective only in September 2021. In the beginning of the process to recast Council Regulation 428/2009, the Commission published a legislative proposal laying out its preferences with a view to the EU's dual-use trade regime (COM(2016) 616). In fact, the Commission's proposal did not tackle the core of previous Dual-Use Regulations, which operated through national export licensing. Anticipating the Member States' opposition, the Commission declared that a "centralisation of the implementation of controls and the establishment of a central licensing agency at EU level" (COM(2016) 616, p. 5) would incur too many costs and would not get the necessary support. For this reason, the Commission's approach followed a combination of regulatory adjustments and modernisation of the EU's control list by including the cyber-surveillance technology and by introducing a human rights catch-all clause. Yet, the Commission's proposal did not address the manifest and potential problems in the implementation and application of sanctions caused by collective governance.
Although the intended revisions of the Dual-Use Regulation were clearly limited, they led to a controversy among the Member States. Especially the human rights catch-all clause proved highly controversial, as an interviewee (Interview #1) pointed out. According to the interviewee (Interview #1), a catch-all clause targeting human rights violation would create a massive administrative burden and is practically impossible to implement because virtually any product and exporter could be subject to this clause. The adjusted regulatory framework, which sought to streamline the administration of export controls and improve their consistency, was also controversial. Although the link between dual-use technology and human security was eventually mitigated in Regulation 2021/821 (Urbanski and Meissner 2020: p. 6), the new Dual-Use Regulation will not back away from national export licensing. It will continue to leave the implementation of export controls to the Member States.

Implementing European dual-use export control
Although the Dual-Use Regulation falls under the supranational CCP, its institutional design takes the form of collective rather than corporate governance because the Member States did not pool the relevant authorities. Specifically, export licensing still resides with the national authorities. Incoherent implementation of the Dual-Use Regulation is already reflected in the varying resources of Member States' national authorities: they vary in number, institutional setting, size, and expertise. In some countries, like Finland, the Ministry for Foreign Affairs is in charge of export authorisations, while other countries, like Germany, delegate this task to a separate national agency, i.e. the Federal Office for Economic Affairs and Export Control. Some countries have more than one national authority as, for example, Belgium with its regional offices (OJ C 16/35). In addition to the size and institutional setting, the budget is radically different among the Member States: the budgetary situation ranges from 70,000 to 5.9 million EUR, as the incoming export applications range from 26 to 16,000 (in 2013) (Commission 2015). Indeed, national authorities identified a lack of resources as a key challenge in implementing the Dual-Use Regulation (Commission 2015). This makes the dual-use export control regime vulnerable to incoherent implementation and the vast variation gives rise to incoherencies in how dual-use sanctions are applied in practice.
Inadequate resources in some national authorities are one problem for the implementation of the Dual-Use Regulation. However, this is amplified by the fact that EU Member States have not pooled any authorities regarding national licensing decisions to the European level to date. Hence, the application of the Dual-Use Regulation resides entirely with the national authorities, so that Member States' activities are de facto based on collective governance. In fact, 60 per cent of stakeholders surveyed by the Commission found that the EU Member States differ significantly in the interpretation and application of the Dual-Use Regulation (Commission 2015). They find that licensing decisions lack predictability due to their divergence across the EU member states (Commission 2013b, p. 8). Stakeholders identify the catch-all clause as particularly problematic to the degree that "export approval can be unpredictable and non-comparable among member states" (Commission 2015, p. 121). This resembles the view of national authorities, which identified the establishment of implementation convergence across the Member States as a key challenge (Commission 2015) and which accounted for past incoherencies (Commission 2013a, 2013b). Similarly, our interviewees reported a strong need for consultation among the Member States (Background talks) partly due to diverging implementation practices of dual-use exports. With the strengthened human security dimension and the inclusion of cyber-surveillance technology in the current Dual-Use Regulation, the need for information exchange will certainly increase.
National export licensing is no trivial process. In fact, national authorities have a wide room for manoeuvre due to their decision-making competencies on export controls. This includes brokering and export controls on non-listed dual-use items, requirements for transit of dual-use goods, authorisation requirements for non-listed dual-use items due to public security or human rights protection, the granting of national general export authorisations, and the administration of customs formalities with regard to dual-use goods (OJ C 16/46). In all these dimensions, we find considerable regulatory differences in the implementation practice (Table 1).
As evident from Table 1, about half of the Member States apply extended brokering controls for non-listed dual-use products or dual-use items with a military end-use (15 yes; 13 no). Exactly 50 per cent of the countries implement transit controls with a view to dual-use goods as opposed to 50 per cent which do not apply such controls (14 yes; 14 no). These balanced numbers indicate a de facto incoherent implementation where half of the EU Member States handle brokering and transit controls differently from the other half. Most interesting are the numbers related to additional controls due to public security concerns and national general export authorisations, both of which arguably impede a harmonised implementation of the Dual-Use Regulation. Most countries do not add further controls on dual-use items or, on the opposite, grant a general export authorisation, 13 and 9 countries respectively add additional controls due to public security concerns. Looking into the countries which add their own national controls or grant their own general national export authorisations, we find France, Germany, the Netherlands and the United Kingdom and, thus, some of the most important EU Member States in the area of CFSP sanctions. During the application of the previous Dual-Use Regulation (2009Regulation ( -2021, these numbers have remained largely stable (OJ C 67/1, OJ C 51/8, OJ C 304/3, OJ C 16/4). The revised Dual-Use Regulation of 2021 will likely establish greater coherence with regard to the listed cyber-surveillance technology because the control list now includes items for which some Member States had previously introduced separate national regulations.
According to the Dual-Use Regulation and in conformity with the Leifer and Werner judgments, national authorities may apply additional controls on dual-use goods for public security reasons or human rights considerations (was Article 8, now Article 9). As Table 1 illustrates, Member States are divergent in how they use this possibility. Even among the 13 countries that apply additional controls, we find variation in how this legal possibility is put into practice. As evident from the notice from the Member States in 2020 (OJ C 16/4), some Member States, like France or the United Kingdom, require authorisation for an entire set of dual-use goods not listed in Annex I regardless of the importing country: in France, this applies to certain helicopters and tear gas; the United Kingdom set up an entire catalogue of controlled dual-use goods, including software and technology. The other Member States like Germany or the Netherlands make authorisations mandatory for specific export destinations. The Netherlands, for example, applies this rule to the export of items used for internal repression to Egypt, Syria and Ukraine and chemical substances addressed to Iraq. Germany, in turn, has a much more extensive list of specific products which require authorisation if sent to specific countries such as Iran, North Korea, Syria, Sudan, South Sudan, Cuba, Libya, Myanmar, Pakistan and Somalia. On top, Germany put a general halt to export licenses to Saudi Arabia (Background talk). Furthermore, it had a strict export control policy on dual-use goods in telecommunication, something that did not exist to the same degree in the other EU Member States (Background talk). In a public consultation launched by the Commission, stakeholders indeed pointed out the different political approaches by the Member States regarding their national foreign policy and security concerns (Commission 2013b, p. 9).
At the same time, nine countries grant general national export authorisations. If such a general export authorisation exists, exporters obtain a license for respective dual-use goods. Nine countries apply general national export authorisations (Table 1), but they greatly differ between the Member States. The Netherlands, for instance, grants a general export authorisation for certain dual-use goods to all third countries except for a negative list of states (OJ C 16/4). The United Kingdom also granted a general export authorisation for dual-use items addressed to Hong Kong and Turkey (OJ C 16/4). France and Germany, in contrast, apply general national export authorisations for the export of certain dual-use products like frequency changers, chemical products or graphite (OJ C 16/4). Germany stands out as it also grants a general national export authorisation for certain dual-use items below a specific value threshold (OJ C 16/4). These general national export authorisations vary among the EU Member States, but they also partly undermine other countries' additional controls for public security reasons.
On top, national general export authorisations are not recognised by some EU Member States (Commission 2013b, p. 10).

Applying European dual-use export control
In addition to a varying implementation of the EU's dual-use export control regime, national authorities differ in how they interpret and apply the Dual-Use Regulation even where no legally endowed possibility of national discretion exists. This divergence is due to the contingent rules specified on dual-use goods.
A major challenge in applying the Dual-Use Regulation is the so-called catch-all clauses. Article 4 of the Dual-Use Regulation specifies that an authorisation for the export of a dual-use item shall be required even if it is not listed on the EU control list. This is the case when one of the following circumstances is present: items in connection with weapons of mass destruction; items for a military end-use in countries under an arms embargo; or certain items to be used as parts or components of other military items. A similar chat-all clause was recently introduced in Article 5. This new provision stipulates that non-listed cyber-surveillance items require an export authorisation if respective items are or may be intended for use in connection with internal repression or serious human rights violations. Given that the catch-all clauses are indiscriminate to specific items but aim at the intended end-use, virtually any product can, in theory, be subject to Articles 4 and 5. This provides national authorities with a wide room for manoeuvre in interpreting and applying catch-all clauses. Indeed, stakeholders surveyed by the Commission complained about the divergent applications and differing requirements across the EU Member States (Commission 2013b, p. 11). Companies reported that a specific dual-use good was prohibited by one national authority, while it was authorised in another Member State (Commission 2013b, p. 11). Even within a Member State, licensing decisions typically rest on a case-by-case basis (Background talk). With the introduction of the human security dimension in the Dual-Use Regulation of 2021, the assessment of the human rights situation in countries seeking to import the cyber-surveillance technology will certainly add more contingency to national decision-making processes.
The EU Member States even diverge in the interpretation and application of the annexed control list. Stakeholders made clear that they face heterogeneous interpretations regarding authorisation criteria, entries on the EU control list, concepts such as end-user requirements and the classification of items (Commission 2013b, pp. 13-14). One problem is the non-exhaustive list of considerations relevant to the processing of export licenses that is now specified in Article 15. The non-exhaustive character of the respective criteria allows national authorities to apply additional or different criteria when assessing and deciding on export requests (Commission 2013b, p. 13). The criteria's contingency thus provides national authorities with a certain discretion in applying the rules of the European dual-use export control regime.
In summary, the implementation and application of the Dual-Use Regulation rest on collective governance and contingent rules regarding catch-all clauses and licensing criteria. In combination with under-specified rules, collective governance makes the European dual-use export control regime vulnerable to incoherent implementation and application practices in the Member States. This applies to ordinary export control and dual-use sanctions. EU countries implement varying brokering and transit controls.
They have diverse additional controls due to public security reasons and differing national general export authorisations. The national authorities interpret and apply the Regulation's catch-all clause (Article 4) in such diverging ways that export licensing decisions might become unpredictable in the different EU Member States. The newly introduced human rights catch-all clause (Article 5) will probably complicate matters further. On top, the possibility for national authorities to apply licensing criteria different from those specified in the Dual-Use Regulation gives them discretion in how to interpret and put into practice export controls. These incoherencies in the implementation and application of the Dual-Use Regulation can best be understood by looking at the export control regime with a view to its institutional design. Hence, even though the Dual-Use Regulation rests on the communitarised CCP, collective Member State action in deciding on export licensing in combination with contingent rules on the criteria and the catch-all clauses make the export control regime prone to incoherent national practices at the implementation and application stage.

Conclusion
At the outset of this article, we aimed to explore why incoherent implementation and application practices in the context of a sanctions regime arise even if this regime is highly regulated through the EU. An example is the European dual-use export control: the EU Dual-Use Regulation rests on the highly regularised CCP, and we observe multiple instances of incoherent implementation and application activities among the Member States. We argued that this incoherence resides in the very institutional design of the EU's dual-use export control regime, which persists until the latest revision of the Dual-Use Regulation. Our conceptual framework distinguishes between corporate and collective governance, on the one hand, and the specificity of definite and contingent rules, on the other hand. The framework guided our analysis of implementation and application practices of EU dual-use sanctions by the Member States.
Our findings support the claim that a sanctions regime's institutional design affects (in-)coherence in the national implementation and application. While incoherencies are amplified by the radically different capacities and resources among national authorities, the core problem in implementation and application resides in the institutional characteristics of the dual-use export control regime. The regime rests, firstly, on collective Member State action by issuing national licensing decisions, and secondly, on contingent rules of the licensing criteria and a so-called "catch-all clause". The combination of collective governance and contingent rules makes dual-use sanctions' implementation and application vulnerable to incoherencies. Empirically, the Member States and their national authorities diverge in how they implement brokering and transit controls, in their additional controls due to public security concerns, and their general national export authorisations. They even vary in how they interpret and apply the European licensing criteria and the scope of the catch-all clause. Hence, we find great variation, and therefore incoherence, in national implementation and application practices across the EU Member States. To be sure, the EU's export control regime is one of the most sophisticated in the dual-use domain worldwide, and if it were absent, we would likely observe the Member States' practices to diverge even more. Still, the EU expressly strives for coherence in European export control to advance international security. The institutional design of the European export control regime has thus inherent implications for European and international security.
Our findings have implications for scholarly and public understanding of sanctions regimes adopted by the EU and actors beyond Europe. First, our empirical results show that sanctions incoherence is not necessarily the result of strategic behaviour by the Member States, which pursue economic or security interests (e.g. Moore 2010), and also emanate from the institutional design of international sanctions regimes. Incoherent implementation and application may even arise under the condition of intended compliance by the Member States and their domestic actors. Second, and relatedly, institutional design choices are particularly important when sanctions are adopted by international organisations like the EU or the UN. As our argument and empirical evidence suggest, sanctions regimes are vulnerable to incoherent implementation when they rest on collective governance and contingent rules. Incoherence in the national implementation and application of sanctions is problematic as it may undermine the objective of a sanctions regime, i.e. to systematically restrict the export of goods to a target state by a coalition of states. To avoid these problems, states must formulate sanctions in a definite fashion or adapt the institutional design to cope with contingent measures. Since the security implications of dual-use items and technology depend on the affected items and the intended end use, it is questionable whether dual-use sanctions can ever be formulated as definite rules.
As our empirical study is limited to the EU's dual-use export regime, this article is meant as a starting point for further exploration of implementation and application patterns against the background of a sanction's institutional design. To this end, our framework offers a conceptual tool that can be applied to actors beyond the EU, like the UN, and sanctions other than dual-use export restrictions such as arms embargoes or commodity sanctions. A more systematic perspective on the (in-)coherence in how Member States implement sanctions using this theoretical framework would enhance scholarly understanding of the institutional characteristics of restrictive measures and the consequences for their implementation and application on the ground.
Beyond the empirics of sanctions, our conceptualisation and findings are also relevant for the broader debate on the (in-)coherent implementation and application of EU law. First, the vast majority of this body of research focuses on the transposition of EU directives into national law while being oblivious to the implementation of EU regulations (e.g. Treib 2014). Second, the literature identifies the sources of diverging implementation patterns in the Member States in either domestic politics, varying administrative capacities, or cultural dynamics (e.g. Falkner et al. 2005, Börzel et al. 2010. The institutional design of EU law has been neglected as a possible factor influencing the implementation and application in the Member States.

Disclosure statement
No potential conflict of interest was reported by the author(s).

Funding
This work was supported by Austrian Science Fund (FWF) [grant number M-2573].