On May 26, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) published a final rule revising the restrictions on the export, reexport and transfer (in-country) of certain “cybersecurity items” used for malicious cyber activities (“final rule”). Effective immediately upon publication, the final rule amends the October 21, 2021, interim final rule

On May 6, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) designated crypto mixer Blender.io as a Specially Designated National (“SDN”), marking the first time a virtual currency mixer has been sanctioned. The move is the latest in a series of sanctions designations and enforcement actions in the virtual currency

Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Executive action has been a key tool in the Biden administration’s cyber policymaking toolkit.

On October 20, 2021, the US Department of Commerce Bureau of Industry & Security (“BIS”) published a long-awaited interim final rule announcing new restrictions on the export, reexport or in-country transfer of certain cybersecurity items used for malicious cyber activities.

In particular, it establishes:

  • new controls and licensing requirements on a range of “cybersecurity items”

On September 21, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced several actions intended to “advance the United States government’s broader counter-ransomware strategy,” including an update to OFAC’s October 2020 advisory on ransomware payments and the first Specially Designated National (“SDN”) designation of a virtual currency exchange. OFAC’s action

Colorado has become the third state to enact a comprehensive consumer data privacy statute. Passed by the Colorado General Assembly on June 8, 2021, and signed into law by Colorado Governor Jared Polis on July 7, 2021, the Colorado Privacy Act (“CPA”) is slated to come into effect on July 1, 2023. This Legal Update

President Biden issued the Executive Order on Improving the Nation’s Cybersecurity (“Cyber EO”) on May 12, 2021. The Cyber EO is ambitious in scope and sets aggressive timelines for its implementation. It seeks to both strengthen the cybersecurity of the federal government and push the private sector to further strengthen its approach to cybersecurity. Indeed,

On April 15, 2021, the Biden administration announced an expansion of existing sanctions against the Russian government, notably including the intelligence service and affiliated parties identified as being responsible for the SolarWinds cyber-attack and other “specified harmful foreign activities,” and signaled a potential willingness to impose additional measures relating to Information and Communications Technology and

On January 19, 2021, the US Department of Commerce (“Commerce”) issued a long-awaited interim final rule (“Interim Final Rule”),1 which would enable Commerce to prohibit or otherwise restrict transactions involving the information and communication technology and services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,”