Jan 222025

U.S. Department of Commerce Finalizes Connected Vehicles Supply Chain Restrictions

, , , ,
Jen Fernandez and Alex Tritell

On January 16, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a Final Rule formalizing prohibitions on certain connected vehicles (CVs) transactions involving hardware and software linked to the People’s Republic of China (China) and Russia.1 The Final Rule is scheduled to take effect on March 17, 2025.  However, given that the Final Rule is one of several new regulatory frameworks on trade issued in the final days of the Biden administration, it remains to be seen what will happen with these regulations after January 20.

(more…)

Read more
Jan 212025

New U.S. Export Controls on Advanced Computing Items and Artificial Intelligence Model Weights: Seven Key Takeaways

, ,
Jen Fernandez and Lloyd Lyall

On January 15, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published in the Federal Register updated export controls on advanced computing items (including advanced integrated circuits (ICs) and related equipment, software, and technology) and, for the first time, controls on artificial intelligence (AI) model weights under the Export Administration Regulations (EAR). These new regulations were published as an interim final rule and took effect on January 13, 2025, although compliance is not required until May 15, 2025. BIS also published in the Federal Register a smaller companion rule on January 16, 2025, that expands licensing requirements on foundries and packaging companies seeking to export advanced computing equipment and requires compliance by January 31, 2025.

Read more
Jan 102025

U.S. Department of Commerce Seeks to Protect Drones Supply Chain From Foreign Adversaries

, , , ,
Jen Fernandez and Heather Hedges

On January 3, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published an Advance Notice of Proposed Rulemaking (ANPRM) on the national security risks posed by foreign adversary involvement in the supply chain for unmanned aerial systems (UAS) (i.e., drones), including risks to critical infrastructure and U.S. sensitive data. BIS seeks public input to inform regulations on the supply of certain UAS components developed by entities linked to the People’s Republic of China (China) and Russia.

(more…)

Read more
Sep 272024

U.S. Department of Commerce Issues Proposed Rule on ICTS Supply Chain for Connected Vehicles

, , , ,
Jen Fernandez, Elyssa R. Kutner, Aaron L. Flyer, Heather Hedges and Sophia E. Wallach

On September 26, 2024, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a long-awaited rule proposing to ban certain connected vehicles transactions involving hardware and software linked to the People’s Republic of China (China) and Russia. BIS also proposed extensive compliance obligations for importers and manufacturers of connected vehicles and related components, which come as the automotive industry continues to grapple with how to protect critical safety-related data as vehicle interconnectivity increases.

(more…)

Read more
Aug 92024

UK proposes New Cyber Security and Resilience Bill to Boost the UK’s Cyber Defences

, , , , , ,
William RM Long, Francesca Blythe and Denise Kara

During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure. In background briefing notes published together with the King’s Speech, the UK Government stated that the new Cyber Security and Resilience Bill will “strengthen our defences and ensure that more essential digital services than ever before are protected.” According to the briefing notes, the Cyber Security and Resilience Bill intends to address the concern that the UK has not kept up-to-date with recent legislative advancements made by the EU in the cybersecurity space, resulting in the UK being “comparably more vulnerable.” Although the form of the proposed Cyber Security and Resilience Bill has yet to be released, the UK Government has indicated that it plans to introduce the bill in the coming months.

(more…)

Read more
Jun 262024

U.S. Commerce Department Issues First-of-Its-Kind Determination Banning Certain Software Products and Services

, ,
Jen Fernandez, James Mendenhall and Heather Hedges

On June 20, 2024, the U.S. Department of Commerce (Commerce) Office of Information and Communications Technology and Services (OICTS) published a first-of-its-kind Final Determination against Kaspersky Lab, Inc., prohibiting the provision of its antivirus software and cybersecurity products in the United States or to U.S. persons. This Final Determination provides new insights into OICTS review of information and communications technology and services (ICTS) transactions and the prohibitions or restrictions that may result. The full text of the Final Determination is available here. OICTS also provides additional guidance on the new prohibition here.

(more…)

Read more
Apr 52024

FinCEN Seeks Input on Banks’ Collecting Partial Social Security Numbers for Customer Identification Programs

, , , ,
Joel D. Feinberg, David E. Teitelbaum and Stanley J. Boris

On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the U.S. banking agencies and the National Credit Union Administration, issued a request for information (RFI) regarding the customer identification program (CIP) requirement for depository institutions (referred to herein as banks) to collect tax identification numbers (TINs).Comments are due by May 28, 2024.

(more…)

Read more
Mar 272024

Cybersecurity Takeaways From White House Tech Report

, , ,
Alan Charles Raul, Stephen W. McInerney and Vishnu Tirumala

On Feb. 26, the White House’s Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” aligns with the Biden administration’s current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability. In this article, published by Law360 on March 26, Sidley lawyers Alan Charles Raul, Stephen McInerney and Vishnu Tirumala discuss the ONCD report and provide key take-aways for software developers and manufacturers, their senior management, and boards.

(more…)

Read more
Feb 92024

New Know-Your-Customer and Reporting Rules Proposed for Cloud Providers: Five Key Takeaways

, , , , ,
Jen Fernandez, Kayla M. Scott, Heather Hedges and Allison V. Reading

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking (NPRM) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S. IaaS products to steal intellectual property and sensitive data, engage in espionage activities, and threaten national security by attacking critical infrastructure.

(more…)

Read more
Nov 72023

President Biden Signs Sweeping Artificial Intelligence Executive Order

, , , , , , ,
Michael E. Borden, Colleen Theresa Brown, Sharon Flanagan, David A. Gordon, Robert D. Keeling, David Lashway, Glenn G. Nash, Rollin A. Ransom and Alan Charles Raul

On October 30, 2023, President Joe Biden issued an executive order (EO or the Order) on Safe, Secure, and Trustworthy Artificial Intelligence (AI) to advance a coordinated, federal governmentwide approach toward the safe and responsible development of AI. It sets forth a wide range of federal regulatory principles and priorities, directs myriad federal agencies to promulgate standards and technical guidelines, and invokes statutory authority — the Defense Production Act — that has historically been the primary source of presidential authorities to commandeer or regulate private industry to support the national defense. The Order reflects the Biden administration’s desire to make AI more secure and to cement U.S. leadership in global AI policy ahead of other attempts to regulate AI — most notably in the European Union and United Kingdom and to respond to growing competition in AI development from China.

(more…)

Read more