As expected, the Federal Communications Commission approved a rule that would close loopholes in the FCC’s Covered List, prohibiting certain devices that might have been previously authorized. The new rule also applies to covered parts in authorized devices. Details, rule inside.
The Department of Justice has published new guidance on its bulk sensitive data rule, which became effective earlier this month. The “Data Security Program” restricts certain transactions that would allow access to large volumes of data on U.S. citizens. Details, FAQ and guidance inside.
As we reported back December, the CFPB had proposed a rule aimed at reining in data brokers that sell sensitive personal data. That rule was quietly killed last week by the Trump administration, which said it had been applied in a way that as not aligned with the Fair Credit Reporting Act. Details inside
As expected, the Financial Crimes Enforcement Network issued its interim final rule on beneficial ownership information, massively narrowing the scope to exempt U.S. companies and individuals. The move is a significant change from the proposed rule, and could impact CFIUS’s search for non-notifieds.
In case this slipped by you during the holiday season, the Department of Justice has issued its final rule regarding bulk sensitive personal data. The final rule will be effective in early April, and experts say it could have “wide-ranging implications” for U.S. companies across a number of industries.
As the DoJ’s new data security regime is being finalized, we thought it prudent to explore steps that companies can take to prepare now. So we turned to two experts with experience addressing similar national security, compliance and oversight matters. Their recommendations are inside.
Last week, the Consumer Financial Protection Bureau proposed a rule aimed at reining in data brokers that sell sensitive personal data. The proposed rule, which would address “critical threats” from current data broker practices, is part of a broader initiative that may overlap with others.
Fresh on the heels of new rules from the DoJ and CFPB regarding sensitive personal data, the FTC has announced two enforcement actions against companies for collecting and selling location data on consumers. Experts say the actions drive home the government’s focus on protecting sensitive data.
As expected, Treasury has published its final rule that would increase penalties, define timelines regarding mitigation agreement negotiations, and expand CFIUS’s ability to request information from transaction parties. The final rule doesn’t stray far from the original proposal. Details, impact inside.
As expected, Treasury has issued a final rule that expands CFIUS’s ability to review real estate transactions near more than 60 military sites. We covered the original proposal back in July; Treasury Secretary Yellen says the move will “significantly expand” CFIUS’s real estate capabilities.
As expected, the Department of Justice has issued a proposed rule addressing threats from adversarial nations attempting to access and exploit the sensitive personal data of U.S. citizens. The rule was prompted by an Executive Order, and tweaks the DoJ’s advanced notice from March. Details inside.
Data centers have been top-of-mind: They were included in the latest White House CET list, and Pres. Biden recently prohibited the purchase of a data center near an Air Force Base in Wyoming. Now Commerce has expanded a pre-approval program to include data centers. Details inside.
As expected, the Bureau of Industry and Security has published its proposed rule that would prevent the import or sale of connected vehicles that use hardware or software “with a sufficient nexus” to China or Russia. Some of the prohibitions would take effect as early as Model Year 2027. Details inside.
As we mentioned in last week’s edition, the Treasury Department has proposed a new rule that would expand the number of military installations over which CFIUS has jurisdiction. This is the second expansion of the real estate provisions of FIRRMA in the last year, and it won’t be the last. Details inside.
The Treasury Department has proposed a rule that would “enhance certain CFIUS procedures” and sharpen its penalty and enforcement authorities. The proposed changes reflect the Committee’s evolution and increased focus on monitoring, compliance, and enforcement. Details are inside.
In our latest video conversation, we discuss the ANPRM on bulk sensitive personal data with Eric Johnson, Principal Deputy Chief of the DoJ’s Foreign Investment Review Section. We cover advisory opinions, overlap with CFIUS, timelines, and the “Four Knows” that every company should grasp.
Last week, the Bureau of Industry and Security announced it was seeking feedback and insights on issues involving “information and communications technology and services” in connected vehicles that are developed or supplied by foreign adversaries. Details, the ANPRM and more are inside.
As expected, the Bureau of Industry and Security has floated a rule that would require U.S. “Infrastructure as a Service” providers to verify the identity of foreign customers, and disclose when those entities train certain AI models. Experts say the rule could broadly impact the cloud market.
The Commerce Department has published its final version of the “Securing the Information and Communications Technology Supply Chain” rule, which was proposed back in 2021. The final rule tweaks some definitions, and clarifies what transactions Commerce can evaluate. Details inside.
As most readers know, CFIUS has jurisdiction over certain real estate transactions near some specific military installations. But the list of locations, which was created by the DoD, did not include sites like Grand Forks Air Force Base. Well, it looks like that’s about to change. Details and proposal are inside.