New security rules designed to protect the connected vehicle supply chain will take effect in March unless they are withdrawn.
The U.S. Department of Commerce Bureau of Industry and Security (BIS) published the final rule...more
3/3/2025
/ Automotive Industry ,
Bureau of Industry and Security (BIS) ,
China ,
Compliance ,
Enforcement Actions ,
Executive Orders ,
Export Controls ,
Final Rules ,
National Security ,
Regulatory Agenda ,
Regulatory Freeze ,
Russia ,
Supply Chain ,
Technology Sector ,
Trade Relations ,
Trump Administration
Executive Order (EO) 14117 is a national security rule intended to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data.
The EO directed the U.S....more
2/3/2025
/ Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
Final Rules ,
National Security ,
Regulatory Requirements ,
Trump Administration
President Donald Trump has issued a presidential memorandum, which has the effect of an Executive Order, titled “Regulatory Freeze Pending Review“ (the Regulatory Freeze). This Regulatory Freeze puts a hold on new agency...more
As of January 23, 2025, the regulation discussed below has not been withdrawn by the Trump administration and is not subject to automatic withdrawal under President Trump’s Executive Order freezing regulations. It currently...more
1/24/2025
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Compliance ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Executive Orders ,
Final Rules ,
National Security ,
NPRM ,
Pending Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Trump Administration
The U.S. Department of Justice (DOJ) published a Notice of Proposed Rulemaking (NPRM) to update regulations under the Foreign Agents Registration Act of 1938 (FARA) on January 2, 2025. If adopted, DOJ’s proposed changes would...more
1/3/2025
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Corporate Governance ,
Department of Justice (DOJ) ,
Foreign Agents Registration Act (FARA) ,
Foreign Governments ,
Foreign-Owned Corporations ,
Lobbying Disclosure Act ,
NPRM ,
Registration Requirement ,
Regulatory Requirements ,
Reporting Requirements ,
Trump Administration
On January 2, 2025, the U.S. Department of the Treasury’s (Treasury) regulation restricting U.S. outbound investments in certain advanced technology sectors in China (the Final Rule) takes effect. Thereafter, investments by...more
12/31/2024
/ Artificial Intelligence ,
CFIUS ,
Covered Transactions ,
Final Rules ,
Foreign Investment ,
Foreign Persons ,
Lawful Permanent Residents ,
National Security ,
Outbound Transactions ,
Private Equity ,
Prohibited Transactions ,
Technology ,
U.S. Treasury
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS), issued its much anticipated Final Rule under Executive Order 13873, Securing the Information and Communications Technology and Services Supply Chain (EO...more
12/27/2024
/ Bureau of Industry and Security (BIS) ,
Critical Infrastructure Sectors ,
Cross-Border Transactions ,
Executive Orders ,
Final Rules ,
National Security ,
New Regulations ,
Prohibited Transactions ,
Regulatory Agenda ,
Supply Chain ,
Technology ,
Telecommunications ,
U.S. Commerce Department
U.S. federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) (in coordination with similar agencies in Australia,...more
12/16/2024
/ Australia ,
Canada ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
FBI ,
FCC ,
National Security ,
National Security Agency (NSA) ,
New Zealand ,
Telecommunications ,
USTelecom
In October 2024, the U.S. Department of Justice (DOJ) issued a 420-page Notice of Proposed Rulemaking (NPRM) to implement Executive Order (EO) 14117, which directed DOJ to issue implementing regulations and directed the U.S....more
12/4/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Comment Period ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
Notice of Proposed Rulemaking (NOPR) ,
Privacy Laws ,
Public Comment ,
Sensitive Personal Information
President Joe Biden issued Executive Order (EO) 14117 in February 2024 to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data. The EO directed the U.S....more
12/4/2024
/ Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Data Transfers ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
New Rules ,
NPRM ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management
As the holiday shopping season kicks into high gear, it also becomes a prime opportunity for cybercriminals to target retailers, their suppliers, and their customers. As The Hacker News reports, criminal use of artificial...more
11/22/2024
/ Artificial Intelligence ,
Bots ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Protection ,
Holidays ,
Incident Response Plans ,
Retail Market ,
Retailers ,
Risk Management ,
Scams ,
Suppliers ,
Technology Sector
The U.S. Department of Justice (DOJ) announced criminal charges in five cases in connection with the Disruptive Technology Strike Force (Strike Force) on September 16, 2024. Launched in February 2023, the Strike Force is...more
President Biden issued a long-awaited executive order, “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern” (the Executive Order or E.O.), on August 9, 2023,...more
8/17/2023
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Compliance ,
Corporate Governance ,
Covered Person ,
Exceptions ,
Executive Orders ,
Foreign Direct Investment ,
Investment ,
Investors ,
National Security ,
Popular ,
Technology Sector ,
U.S. Treasury ,
White Collar Crimes
International cooperation and welcoming foreign academics are critical to the success and leadership of U.S. institutions of higher education. These interactions enhance fundamental scientific research and promote the...more
The U.S. Securities and Exchange Commission (SEC) adopted final rules on July 26, 2023, requiring public companies to provide current disclosure, within what may be a short time window, about material cybersecurity incidents...more
8/8/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
XBRL Filing Requirements
The Biden Administration recently reaffirmed its continued focus on cybersecurity by announcing an Implementation Plan for the National Cybersecurity Strategy (the Plan). The Plan provides a roadmap covering the policies and...more
8/2/2023
/ Biden Administration ,
Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Domain Names ,
Environmental Protection Agency (EPA) ,
Internet of Things ,
National Security ,
Personal Data ,
Reporting Requirements ,
TSA
Following the release of President Biden’s National Cybersecurity Strategy, Acting National Cyber Director Kemba Walden explained that the Biden Administration is “expecting more” from owners and operators in critical...more
3/24/2023
/ Aviation Industry ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Environmental Protection Agency (EPA) ,
Government Entities ,
NIST ,
Private Sector ,
Risk Assessment ,
Risk Management ,
Technology ,
TSA ,
Water
Deputy Attorney General (DAG) Lisa Monaco once again delivered groundbreaking remarks at the American Bar Association (ABA) National Institute on White Collar Crime (ABA White Collar Conference) on March 2, 2023, this time...more
In late January, the Federal Energy Regulatory Commission (FERC) published a final rule directing the North American Electric Reliability Corporation (NERC) to develop and submit modified reliability standards for internal...more
3/8/2023
/ Bulk Electric System ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Electricity ,
Energy Policy ,
FERC ,
Final Rules ,
NERC ,
Regulatory Agenda ,
Risk Management
“Continued disruptions of critical infrastructure and thefts of personal data make clear that market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience.”
National...more
3/3/2023
/ Biden Administration ,
Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Environmental Protection Agency (EPA) ,
Legislative Agendas ,
National Security ,
New Legislation ,
Private Sector ,
Regulatory Authority ,
TSA
Background Critical infrastructure providers confront unique cyber threats. The use of operational technology (OT) introduces risks that arise from, for example, legacy equipment that cannot readily be patched, updated, or...more
2/10/2023
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Railroad Administration ,
Mitigation ,
Owner-Operators ,
Popular ,
Railways ,
Regulatory Authority ,
Regulatory Requirements ,
TSA
As U.S.-based companies await a decision by the European Union (EU) regarding data transfers, the European process for approving the EU-U.S. data privacy framework has progressed a step. The European Commission released a...more
This is the second in a series of updates addressing the bilateral data access agreement (Data Access Agreement or agreement) between the United States and the United Kingdom under the Clarifying Lawful Overseas Use of Data...more
President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who...more
10/11/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Critical Infrastructure Sectors ,
Cybersecurity ,
EU ,
Executive Orders ,
General Data Protection Regulation (GDPR) ,
National Security ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Surveillance
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
9/13/2022
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Joe Biden ,
National Security ,
New Legislation ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
Rulemaking Process