United States of America: Interim final rule regarding Information Security Controls of Cybersecurity Items released and opening of consultation

On 21 October 2021, the U.S. Department of Commerce's Bureau of Industry and Security (BIS) published an interim final rule regarding the Information Security Controls of Cybersecurity Items. The interim final rule is effective immediately but might get altered if warranted by public comments handed in until 6 December 2021, when the consultation period closes. In particular, the order outlines the revised Commerce Control List implementation and introduces a new export control on cybersecurity items for national security and anti-terrorism reasons. Moreover, the order introduces a license exception for such items, including but not limited to hacking tools, intrusion software and network surveillance technology. This measure was taken in an effort to stop such equipment from being used for surveillance, espionage, or other actions with disrupting effect on digital devices and networks. The rule will become final on 19 January 2021.