On January 12, 2022, the Department of Commerce's Bureau of Industry and Security (BIS) announced it was delaying implementation of rules establishing new controls on certain cybersecurity items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception, Authorized Cybersecurity Exports (ACE). In October 2021, BIS released this Interim Final Rule to implement these export controls on certain cybersecurity items that can be used for malicious cyber activities, noting that it would become effective on January 19, 2022 (see Update of October 25, 2021). Since then, BIS received industry feedback which, among other issues, raised concerns about the necessary compliance measures and allowing industry sufficient time to update compliance procedures and requesting that BIS provide additional public guidance. As a result of these comments, BIS is delaying the effective date of implementing these cybersecurity controls until March 7, 2022.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.