On January 12, 2022 the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a federal register notice delaying the effective date of new controls on cybersecurity items and an accompanying new license exception. The rules are now set to take effect on March 7, 2022.
The new controls were published in an interim final rule on October 21, 2021, please see our earlier client alert on this. Broadly speaking, they cover (a) items, including software, for the generation, command and control, or delivery of intrusion software and (b) internet protocol (IP) network communication surveillance equipment. BIS delayed the implementation to give industry additional time to comply with the new restrictions as well as update internal compliance procedures, and to provide BIS itself time to provide additional guidance on the rule. BIS may also consider some modifications to the rule, but is not reopening the comment period and these modifications based on the latest comments will most likely be made, if at all, sometime after the new effective date for the interim final rule.