United States of America: Implementation of interim final rule regarding Information Security Controls of Cybersecurity Items

On 19 January 2021, the interim final rules regarding the Information Security Controls of Cybersecurity Items is implemented, after being published by the U.S. Department of Commerce's Bureau of Industry and Security (BIS) published on 21 October 2021. The interim final rule was effective immediately but went through a public consultation that allowed the public to make some alterations to the rule if warranted. In particular, the order outlines the revised Commerce Control List implementation and introduces a new export control on cybersecurity items for national security and anti-terrorism reasons. Moreover, the order introduces a license exception for such items, including but not limited to hacking tools, intrusion software and network surveillance technology. This measure was taken in an effort to stop such equipment from being used for surveillance, espionage, or other actions with disrupting effect on digital devices and networks.