Adam Berry, Steven Choi | Hogan Lovells
With cybersecurity dominating the headlines, the U.S. government has taken several recent steps to target the national security threat posed by cybercriminals and hackers with new regulations aimed at curbing malicious actors online. With a series of proposed rules and an Executive Order, the U.S. government has begun a concerted effort (i) to rein in malicious cyber actors using export controls and sanctions regulations; and (ii) to better align U.S. export control regulations with the realities of cloud computing and encrypted export-controlled data.
Harmonized Definitions in Proposed Rules Address Longstanding Issues for Internet Transfers and Cloud Computing
On June 3, 2015, the State Department’s Directorate of Defense Trade Controls (DDTC) and BIS proposed revisions to U.S. export control regulations that would permit cross-border electronic transfers of export-controlled data and software without a specific export authorization, provided certain conditions are met, including securing the data or software with end-to-end encryption and ensuring that foreign persons are not given the means to decrypt such data or software. The proposal, if adopted, could have implications for companies that (i) use or provide cloud computing services; (ii) have an overseas presence; (iii) have employees who travel internationally; or (iv) have foreign person employees in the United States.