United States of America: Department of Justice issued compliance guide for Data Security Program

On 11 April 2025, the Department of Justice issued a compliance guide for the Data Security Program (DSP), which came into effect on 8 April 2025. The DSP was established under Executive Order 14117 to address the risk of foreign adversaries accessing and exploiting US government-related data and bulk sensitive personal data. The guide provides instructions for US persons and entities on compliance with the DSP, which includes prohibitions on certain data transactions with designated countries of concern such as China, Russia, and Iran. It outlines requirements for due diligence, auditing, recordkeeping, and reporting, as well as the need for risk-based procedures in data transactions involving sensitive information. The guide also explains the process for obtaining licences for certain transactions and details penalties for non-compliance, including fines and imprisonment.