United States of America: Implemented Bureau of Industry and Security (BIS) Interim Final Rule on cybersecurity items regulation

Implemented Bureau of Industry and Security (BIS) Interim Final Rule on cybersecurity items regulation

On 19 January 2022, the interim final rule published by the US Bureau of Industry and Security (BIS) takes full effect. The Rule aims to implement controls against certain “cybersecurity items" that are used to pursue malicious cyber activities such as espionage or surveillance. This is done through amendments to the Commerce Control List (CCL). Furthermore, the Export Control Classification Numbers (ECCNs) are updated and a new License Exception Authorized Cybersecurity Exports (ACE) is created.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

central government

Complete timeline of this policy change

Hide details

2021-10-21

in consultation

On 21 October 2021, an interim final rule is published by the US Bureau of Industry and Security (B…

2021-12-05

processing consultation

On 5 December 2021, after being opened on 21 October 2021, the consultation on the possible effects…

2022-01-19

in force

On 19 January 2022, the interim final rule published by the US Bureau of Industry and Security (BIS…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.

producer / supplier

Type Private organisation

Economic activity cross-cutting

Category All