On January 12, 2022 the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a federal register notice delaying the effective date of new controls on cybersecurity items and an accompanying new license exception. The rules are now set to take effect on March 7, 2022.

The new controls were published in an interim final rule on October 21, 2021, please see our earlier client alert on this. Broadly speaking, they cover (a) items, including software, for the generation, command and control, or delivery of intrusion software and (b) internet protocol (IP) network communication surveillance equipment. BIS delayed the implementation to give industry additional time to comply with the new restrictions as well as update internal compliance procedures, and to provide BIS itself time to provide additional guidance on the rule. BIS may also consider some modifications to the rule, but is not reopening the comment period and these modifications based on the latest comments will most likely be made, if at all, sometime after the new effective date for the interim final rule.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kate M. Growley, CIPP/G, CIPP/US Kate M. Growley, CIPP/G, CIPP/US

Kate M. Growley (CIPP/US, CIPP/G) is a director in Crowell & Moring International’s Southeast Asia regional office. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients navigate and shape the policy and regulatory…

Kate M. Growley (CIPP/US, CIPP/G) is a director in Crowell & Moring International’s Southeast Asia regional office. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients navigate and shape the policy and regulatory environment for some of the most complex data issues facing multinational companies, including cybersecurity, privacy, and digital transformation. Kate has worked with clients across every major sector, with particular experience in technology, health care, manufacturing, and aerospace and defense. Kate is a Certified Information Privacy Professional (CIPP) in both the U.S. private and government sectors by the International Association of Privacy Professionals (IAPP). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Photo of Chandler Leonard Chandler Leonard

Chandler S. Leonard is an associate in Crowell & Moring’s Washington, D.C. office and a member of the firm’s International Trade Group. Chandler’s practice focuses on export controls and economic sanctions issues, including voluntary disclosures and enforcement matters before the Departments of Commerce…

Chandler S. Leonard is an associate in Crowell & Moring’s Washington, D.C. office and a member of the firm’s International Trade Group. Chandler’s practice focuses on export controls and economic sanctions issues, including voluntary disclosures and enforcement matters before the Departments of Commerce, State, and Treasury. Chandler has experience analyzing and advising U.S. and non-U.S. companies with respect to proposed transfers of U.S. origin technology, software, hardware, and services. She has performed jurisdictional and classification analyses under the ITAR and EAR, including drafting Commodity Jurisdiction requests and CJ Reconsideration requests. She assists in developing and/or reviewing U.S. export and sanctions compliance programs, including risk assessments. Chandler also has experience training a wide variety of audiences, both U.S. and foreign, on compliance with U.S. export control and sanctions requirements.