On May 26, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) published a final rule revising the restrictions on the export, reexport and transfer (in-country) of certain “cybersecurity items” used for malicious cyber activities (“final rule”). Effective immediately upon publication, the final rule amends the October 21, 2021, interim final rule
Department of Commerce (DOC)
BIS Announces New Export Controls on Cybersecurity Items Used for Malicious Cyber Activity
On October 20, 2021, the US Department of Commerce Bureau of Industry & Security (“BIS”) published a long-awaited interim final rule announcing new restrictions on the export, reexport or in-country transfer of certain cybersecurity items used for malicious cyber activities.
In particular, it establishes:
- new controls and licensing requirements on a range of “cybersecurity items”
…
US Commerce Issues Rules for Review of ICTS Transactions for National Security Threats
On January 19, 2021, the US Department of Commerce (“Commerce”) issued a long-awaited interim final rule (“Interim Final Rule”),1 which would enable Commerce to prohibit or otherwise restrict transactions involving the information and communication technology and services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,”…
US Commerce Department Identifies Prohibited Transactions with WeChat But Implementation Delayed
On September 18, 2020, the United States Department of Commerce announced prohibitions on certain transactions relating to the mobile application (“app”) WeChat that were slated to take effect on September 20, 2020.1 These prohibitions would ban new downloads of the app by consumers in the United States and effectively disable the functionality of the…
BIS Considering New Export Restrictions on Facial Recognition Devices and Other Biometric Surveillance Equipment
On July 17, 2020, the US Department of Commerce, Bureau of Industry & Security (“BIS”), published a Notice of Inquiry (“Notice”)1 seeking public comments on potential changes to items controlled for crime control and detection (“CC”) reasons under the Export Administration Regulations (“EAR”)2 and the related licensing requirements. Among other possible changes, BIS…
EU-US Privacy Shield Undergoes Second Review by EU Commission and (Re)Passes the Test—For Certifying Companies, Santa Has Come to Town
On December 19, the EU Commission (“Commission”) published its report to the European Parliament and the Council on the second review of the functioning of the EU-US Privacy Shield (the “Report”).
To the relief of the 3,850 US companies who have certified to the Privacy Shield, and those entities transferring personal data to them, the…
EU Commission: Privacy Shield Framework Adequate but More Can Be Done
On October 18, 2017, the EU Commission published a report (“Report”) on the first annual joint review of the EU-US Privacy Shield framework (“Privacy Shield”), which took place on September 18-19, 2017, in Washington DC. The Report, which reflects input from the US federal government and feedback gathered from relevant stakeholders, found the…
EU Commission: Privacy Shield Framework Adequate but More Can Be Done
On October 18, 2017, the EU Commission published a report (“Report”) on the first annual joint review of the EU-US Privacy Shield framework (“Privacy Shield”), which took place on September 18-19, 2017, in Washington DC. The Report, which reflects input from the US federal government and feedback gathered from relevant stakeholders, found the…
National Cyber Commission Releases Report on Recommendations
On December 1, 2016, the US Commission on Enhancing National Cybersecurity (the “Commission”) presented its final report to President Obama, Report on Securing and Growing the Digital Economy. While directed to President Obama, the report is also intended to be a helpful guide for the next administration on “strengthening cybersecurity in the public and…
The Internet of Things: Questions for Policymakers and Implications for Businesses
In a bylined article, Cybersecurity & Data Privacy counsel Kendall Burman and associate Stephen Lilley (both Washington DC) discuss essential federal policymakers’ actions to date, as well as five aspects of the Internet of things that are likely to inform future policymaking.