On 16 May 2022, the Council of the EU (the Council) decided for the third time to prolong its restrictive measures against cyber-attackers threatening the EU, its Member states or its allies. The measures are set to remain in place for a further three years until May 18, 2025. The Council’s press release on this

They have been almost a decade in the making, but have finally arrived: new U.S. export controls on “cybersecurity items,” including products and technology involving “intrusion software” and IP network communications surveillance.  Published today but effective January 19, 2022, the interim final rule from the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) amends the Export Administration Regulations (“EAR”) to add these new cybersecurity export controls.  The interim final rule is highly technical and complex, but ultimately contains a mix of good news and bad for the cybersecurity community.  BIS states in its press announcement that the rule is only intended to restrict “malicious cyber activities,” but it nonetheless imposes compliance obligations and costs even when activities ultimately are not restricted.  At least in this sense, the rule will impact the entire cybersecurity sector.

Continue Reading Cybersecurity Community Beware: US Finally Enacts “Intrusion Software” Rule