As predicted earlier this year in our January update, the US Department of Justice (DOJ) has continued to ramp up enforcement of the Foreign Agents Registration Act (FARA) and related political laws through criminal...more
On August 15, 2024, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the Cybersecurity...more
On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS” or “Committee”) announced a $60 million penalty, “the largest penalty CFIUS has ever issued,” following its finding of material violations...more
On August 1, 2024, the US Department of Justice (“DOJ” or “Department”) released highly anticipated details of its new Corporate Whistleblower Awards Pilot Program (“Pilot Program”), with Principal Deputy Assistant Attorney...more
8/6/2024
/ CFTC ,
Corporate Crimes ,
Corporate Misconduct ,
Corruption ,
Department of Justice (DOJ) ,
Federal Pilot Programs ,
Financial Crimes ,
Money Laundering ,
Securities and Exchange Commission (SEC) ,
Whistleblower Awards ,
Whistleblowers
The US government could soon allow private US military contractors to operate in Ukraine to maintain and service weapons supplied by the United States (the “MC Policy”), according to a recent CNN news report. This type of...more
On June 20, 2024, the Department of Commerce's Bureau of Industry and Security (BIS) issued a Final Determination (“Determination”) prohibiting Kaspersky Lab, Inc.—the US subsidiary of the Russia-based antivirus software and...more
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
The deviation relates to contractors’ compliance with...more
On April 24, 2024, President Biden signed into law H.R. 815, the National Security Supplemental (the “Act”). While much of the focus centered on the foreign aid package for Israel, Ukraine, and the Indo-Pacific, the bill...more
4/30/2024
/ Biden Administration ,
Bureau of Industry and Security (BIS) ,
Cybersecurity ,
Economic Sanctions ,
Export Controls ,
Foreign Aid ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
National Security Supplemental ,
New Legislation ,
Office of Foreign Assets Control (OFAC) ,
Regulatory Reform ,
Statute of Limitations ,
TWEA
On April 15, 2024 the Criminal Division of the US Department of Justice (“DOJ”) launched a pilot program to encourage voluntary self-disclosures by offering mandatory non-prosecution agreements (“NPAs”) to individuals who...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Preservation ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
NPRM ,
Proposed Rules ,
Ransomware ,
Regulatory Agenda
On March 7, 2024, the US Department of Justice’s National Security Division (NSD) released a revised Voluntary Self-Disclosure (VSD) Policy (the “VSD Policy”). The VSD Policy substantially tracks the language of the previous...more
On March 1, 2024, the US Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) published an Advance Notice of Proposed Rulemaking1 (the “Notice”) seeking public comments on potential regulation of the...more
3/19/2024
/ Bureau of Industry and Security (BIS) ,
China ,
Comment Period ,
Connected Cars ,
Data Collection ,
Executive Orders ,
Foreign Adversaries ,
Information Technology ,
Motor Vehicles ,
National Security ,
OEM ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Rulemaking Process ,
U.S. Commerce Department
On March 6, 2024, the US Departments of Commerce (“Commerce”), Treasury (“Treasury”), and Justice (“DOJ”) released their latest Tri-Seal Compliance Note (“Note”), which focuses on the “Obligations of foreign-based persons to...more
3/14/2024
/ Department of Justice (DOJ) ,
Economic Sanctions ,
Export Controls ,
Extraterritoriality Rules ,
Foreign Relations ,
International Emergency Economic Powers Act (IEEPA) ,
Office of Foreign Assets Control (OFAC) ,
Self-Disclosure Requirements ,
U.S. Commerce Department ,
U.S. Treasury ,
US Trade Policies
On March 7, 2024, the Deputy Attorney General of the US Department of Justice (“DOJ” or “Department”) announced a pilot program to encourage whistleblowers to report evidence of high-priority white collar crimes with the...more
3/12/2024
/ CFTC ,
Corruption ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Pilot Programs ,
FinCEN ,
IRS ,
Qui Tam ,
Securities and Exchange Commission (SEC) ,
Voluntary Disclosure ,
Whistleblower Awards ,
Whistleblowers ,
White Collar Crimes
On February 28, 2024, President Joe Biden issued Executive Order (“EO”) 14117, empowering the Department of Justice (DOJ) to regulate the export of certain consumer data, in order to prevent certain countries’ governments...more
3/6/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements
Following the invasion of Ukraine by Russia on February 24, 2022, the United States ("US"), the European Union ("EU"), and the United Kingdom ("UK") adopted—together with their allies—successive waves of sanctions, in an...more
2/28/2024
/ Critical Infrastructure Sectors ,
Economic Sanctions ,
Entity List ,
EU ,
Export Controls ,
Foreign Policy ,
Foreign Relations ,
Foreign Trade Regulations ,
General Licenses ,
Military Conflict ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Russia ,
UK ,
Ukraine ,
Vladimir Putin ,
White Collar Crimes
On January 29, 2024, the US Department of Commerce’s Bureau of Industry and Security (the “Department”) issued a notice of proposed rulemaking seeking comment on a proposed regulation in response to the Executive Order (E.O.)...more
2/15/2024
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Cloud Computing ,
Comment Period ,
Customer Identification Program (CIP) ,
Cybersecurity ,
Executive Orders ,
Financial Institutions ,
IaaS ,
Machine Learning ,
National Security ,
NPRM ,
Proposed Regulation ,
U.S. Commerce Department
The FTC and DOJ’s Antitrust Division recently announced that they are updating their guidance regarding how parties in enforcement and investigative matters must preserve electronically stored information (“ESI”) from...more
On January 16, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) announced important updates to its Voluntary Self-Disclosure (“VSD”) process in a memorandum addressed to all export enforcement...more
On December 26, 2023, the Department of Defense (“DoD”) published the long-awaited Proposed Final Rule for the Cybersecurity Maturity Model Certification (“CMMC”) program. At a high level, the CMMC program is a mechanism by...more
With recent high-profile prosecutions continuing to draw attention to the Foreign Agents Registration Act (FARA) and related political laws, and a number of notable announcements by Department of Justice (DOJ) officials at a...more
On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and...more
12/13/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
New Guidance ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Engaging third-party providers for technology transactions involves a certain level of cybersecurity risk. In fact, most companies have been through a third-party incident. In this episode, partners Justin Herring and Adam...more