They have been almost a decade in the making, but have finally arrived: new U.S. export controls on “cybersecurity items,” including products and technology involving “intrusion software” and IP network communications surveillance.  Published today but effective January 19, 2022, the interim final rule from the U.S. Commerce Department’s Bureau of Industry and Security (“BIS”) amends the Export Administration Regulations (“EAR”) to add these new cybersecurity export controls.  The interim final rule is highly technical and complex, but ultimately contains a mix of good news and bad for the cybersecurity community.  BIS states in its press announcement that the rule is only intended to restrict “malicious cyber activities,” but it nonetheless imposes compliance obligations and costs even when activities ultimately are not restricted.  At least in this sense, the rule will impact the entire cybersecurity sector.

Continue Reading Cybersecurity Community Beware: US Finally Enacts “Intrusion Software” Rule