Sep 272024

U.S. Department of Commerce Issues Proposed Rule on ICTS Supply Chain for Connected Vehicles

, , , ,
Jen Fernandez, Elyssa R. Kutner, Aaron L. Flyer, Heather Hedges and Sophia E. Wallach

On September 26, 2024, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a long-awaited rule proposing to ban certain connected vehicles transactions involving hardware and software linked to the People’s Republic of China (China) and Russia. BIS also proposed extensive compliance obligations for importers and manufacturers of connected vehicles and related components, which come as the automotive industry continues to grapple with how to protect critical safety-related data as vehicle interconnectivity increases.

(more…)

Read more
Jen Fernandez

Washington, D.C.

jen.fernandez@sidley.com

Elyssa R. Kutner

Washington, D.C.

ekutner@sidley.com

Aaron L. Flyer

Heather Hedges

Washington, D.C.

hhedges@sidley.com

Sophia E. Wallach

Century City

swallach@sidley.com

Feb 92024

New Know-Your-Customer and Reporting Rules Proposed for Cloud Providers: Five Key Takeaways

, , , , ,
Jen Fernandez, Kayla M. Scott, Heather Hedges and Allison V. Reading

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking (NPRM) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S. IaaS products to steal intellectual property and sensitive data, engage in espionage activities, and threaten national security by attacking critical infrastructure.

(more…)

Read more
Jen Fernandez

Washington, D.C.

jen.fernandez@sidley.com

Kayla M. Scott

Washington, D.C.

kayla.scott@sidley.com

Heather Hedges

Washington, D.C.

hhedges@sidley.com

Allison V. Reading

Washington, D.C.

areading@sidley.com

Jul 122023

EU-U.S. Adequacy Once Again

, , , , , , , , , , ,
Alan Charles Raul, William RM Long, Maarten Meulenbelt and Lauren Kitces

On July 10, 2023, the European Commission issued its Final Implementing Decision granting the U.S. adequacy (“Adequacy Decision”) with respect to companies that subscribe to the EU-U.S. Data Privacy Framework (“DPF”).

(more…)

Read more
Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

William RM Long

London

wlong@sidley.com

Maarten Meulenbelt

Brussels

mmeulenbelt@sidley.com

Lauren Kitces

Washington, D.C.

lkitces@sidley.com

Apr 12022

Third Time’s a Charm? Privacy Shield Agreement Reached In Principle

, , , , , , ,
William RM Long and Francesca Blythe

The U.S. President and European Commission President announced in a joint press statement on March 25th, 2022 that an agreement “in principle” has been reached on a new Trans-Atlantic Data Privacy Framework (Privacy Shield Agreement 2.0). Once approved and implemented, the agreement would facilitate the transatlantic flow of personal data and provide an alternative data transfer mechanism (in addition to EU Standard Contractual Clauses and Binding Corporate Rules) for companies transferring personal data from the EU to the U.S. This is a welcome announcement for companies that have been dealing with the legal uncertainty of such data flows following the Schrems II decision in July 2020, which invalidated the EU-U.S. Privacy Shield 1.0 for international transfers of personal data.

(more…)

Read more
William RM Long

London

wlong@sidley.com

Francesca Blythe

London

fblythe@sidley.com