The Bureau of Industry and Security has issued an interim final rule that, effective Jan. 19, 2022, will impose controls on exports of cybersecurity items. Comments on the impact of this rule on U.S. industry and the cybersecurity community are due no later than Dec. 6. For more information on this rule and how it may affect your business, please contact attorney Kristine Pirnia via email.
The rule establishes a new export control on cybersecurity items for national security and anti-terrorism reasons. BIS explains that these items warrant control because they could be used for surveillance, espionage, or other actions that disrupt, deny, or degrade networks or devices on them.
The rule also establishes a new license exception ACE (authorized cybersecurity exports) that authorizes exports, reexports, and transfers (in-country) of these items to most destinations while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern. Countries subject to a U.S. arms embargo will also require a license.
BIS states that (with the exception of certain exclusions) restricted end-users targeted by this rule include government end-users (as defined in section 740.22 of the Export Administration Regulations) of countries of concern for national security reasons or those subject to an arms embargo. Furthermore, license exception ACE will impose an end-use restriction in circumstances where the exporter, re-exporter, or transferor knows or has reason to know at the time of export, reexport, or transfer (in-country), including a deemed export or reexport, that the cybersecurity item will be used to affect the confidentiality, integrity, or availability of information or information systems without authorization by the owner, operator, or administrator of the system (including the information and processes within such systems).
Copyright © 2021 Sandler, Travis & Rosenberg, P.A.; WorldTrade Interactive, Inc. All rights reserved.