The proposed rule to implement the Cybersecurity Maturity Model Certification (“CMMC”) program in the Defense Federal Acquisition Regulation Supplement (“DFARS”) was published in the Federal Register on August 15, 2024 and will have a 60-day comment period (through October 15, 2024).
Continue Reading The CMMC Rule To Update the DFARS is Here!
Government
Export Control Shake-Up: Navigating the Expanded Export Restrictions
On July 29, 2024, the U.S. Department of Commerce, Bureau of Industry and Security (BIS) proposed a series of transformative new rules aimed at tightening controls related to military, intelligence, and security activities under the Export Administration Regulations (EAR). These proposed changes are set to impact how businesses manage exports and interact with end users, expanding the scope of restrictions to cover a broader range of activities and entities. These proposed changes further the U.S. government’s policy goals of using export control regulations to protect human rights around the globe.
Continue Reading Export Control Shake-Up: Navigating the Expanded Export Restrictions
There Are Limits! Reining In FCA Penalties Pursuant to the Excessive Fines Clause
In the high-stakes realm of False Claims Act (FCA) litigation per-claim penalties can reach daunting levels that dwarf even treble damages. A recent ruling from the Eighth Circuit Court provides valuable guidance on the limits of penalties under the Constitution’s Excessive Fines Clause (Clause). In Grant ex rel. United States v. Zorn the Eighth Circuit provides clarity applying the Clause in FCA litigation, specifically identifying when a penalty for purely economic loss offenses might be considered excessive. Of relevance, the Court held that:…
Continue Reading There Are Limits! Reining In FCA Penalties Pursuant to the Excessive Fines Clause
Summer Heat Ramping Up: FedRAMP Releases Final OMB Memo and Announces Update on Roadmap Progress, Automation Site Launch, and the Agile Delivery Pilot Launch
It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released the final Emerging Technology Prioritization Framework, which outlines the prioritization of certain artificial intelligence capabilities. In mid-July, FedRAMP announced its Agile Delivery pilot program, which is a new process for reviewing significant changes without the need for advanced approval. FedRAMP also announced a new technical documentation hub (automate.fedramp.gov) that focuses on provided support to cloud service providers in the development of digital authorization packages. Lastly, just…
Continue Reading Summer Heat Ramping Up: FedRAMP Releases Final OMB Memo and Announces Update on Roadmap Progress, Automation Site Launch, and the Agile Delivery Pilot Launch
Navigating the New Cybersecurity Regulatory Landscape Post-Chevron
On June 28, 2024, in a landmark decision, the Supreme Court overruled the four decade old case Chevron v. Natural Resources Defense Council. This pivotal decision should spur businesses to recalibrate their existing relationship with federal agencies. Indeed, we have already seen industry groups begin to use the overruling to influence agency rulemaking, signaling a future of significant shifts in the regulatory landscape. For those operating in regulated industries—including government contractors, and particularly those navigating the complex world of cybersecurity regulation—understanding the implications of the decision is crucial.
Continue Reading Navigating the New Cybersecurity Regulatory Landscape Post-Chevron
SoL Long to Short Limits: The Sequel — A Decade of Recordkeeping and Enforcement
On July 22, 2024, the Department of Treasury, Office of Foreign Assets Control (OFAC) announced a significant planned extension to its recordkeeping requirements, which will increase the retention period from five to ten years. OFAC expects to publish an interim final rule to provide an opportunity to comment. The change will increase compliance obligations for entities engaged in transactions subject to U.S. sanctions.
Continue Reading SoL Long to Short Limits: The Sequel — A Decade of Recordkeeping and Enforcement
Closing the Southern Border to Indirect Chinese Imports: U.S. Proclamations on Steel and Aluminum Imports from Mexico
Effective July 10, 2024, President Biden issued two Presidential Proclamations aimed at refining the tariff exclusions under Section 232 of the Trade Expansion Act of 1962 for steel and aluminum imports from Mexico. Together, the Proclamations close loopholes whereby steel and aluminum from outside North America could avoid tariffs by shipping through Mexico. Those Proclamations reflect a concerted effort between the United States and Mexico to refine tariff exclusions, enhance regulatory oversight, and ensure compliance with international trade agreements. Importers of steel and aluminum now face heightened compliance burdens under the new regulations. The measures aim not only to safeguard…
Continue Reading Closing the Southern Border to Indirect Chinese Imports: U.S. Proclamations on Steel and Aluminum Imports from Mexico
BIS Summer Update: Essential Reading for Your Next Beach Trip!
As we pass the midpoint of a year marked by assertive enforcement of dual use laws, the Department of Commerce’s Bureau of Industry and Security (BIS) published an updated version of its Don’t Let This Happen to You! Guide. That guide, which was last updated in March 2024, includes numerous case examples illustrating BIS’s criminal and administrative enforcement actions. The update also comes with two additional BIS publications addressing measures to reduce diversion risks and a six-year review of BIS’s licensing strategy.
Continue Reading BIS Summer Update: Essential Reading for Your Next Beach Trip!
Commerce Updates Boycott Requester List
On June 27, 2024, the U.S. Department of Commerce, Bureau of Industry & Security (BIS) announced its first update to the boycott requester list. The list contains entities that have been reported by a U.S. person as having made a boycott-related request in connection with a transaction in the interstate or foreign commerce of the United States. The latest update adds 57 entities to the list and removes 127 entities. Some notable additions include entities from Japan and Germany.
Continue Reading Commerce Updates Boycott Requester List
Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focus
On June 17, 2024, the Department of Justice (“DOJ”) announced the latest settlement under its Civil Cyber-Fraud Initiative (“CCFI”) (previously discussed here).[1] The settlement resulted in a total of $11,300,000 in payments from two consulting companies (Guidehouse, Inc., the prime contractor, which paid $7,600,000; and Nan Kay and Associates, the subcontractor, which paid $3,700,000) to resolve allegations the two companies violated the False Claims Act by failing to meet cybersecurity requirements in federally-funded contracts.
Continue Reading Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focus
Data, Deals, and Diplomacy: How the Bulk Data Executive Order Will Shape Future Contracts and Security Practices
For companies in the U.S. that hold certain personal data and U.S. Government-related data, rules stemming from recent Executive Order (“EO”) 14117 on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” may create obstacles and new compliance obligations. Under this EO, the Attorney General is charged with issuing regulations to either outright prohibit or impose restrictions on transactions involving bulk sensitive personal data or U.S. Government-related data when such transactions involve a “country of concern.”…
Continue Reading Data, Deals, and Diplomacy: How the Bulk Data Executive Order Will Shape Future Contracts and Security Practices
ITAR Fees Overhaul: Navigating the New Registration Costs
The U.S. State Department has proposed amendments to the International Traffic in Arms Regulations (ITAR) to increase the fees required for Directorate of Defense Trade Controls (DDTC) registration. The ITAR requires persons engaging in manufacturing, exporting, temporarily importing, or brokering of any defense articles or services register with DDTC. This proposed rule marks the first adjustment to the registration fee structure in over fifteen years.
Continue Reading ITAR Fees Overhaul: Navigating the New Registration Costs
Proposed Outbound Investment Regulations: Understanding the New Restrictions on U.S. Outbound Investments in Artificial Intelligence (AI), Semiconductors, and Quantum Computing
In an era where technological prowess and economic security are more entangled than ever, the United States has refined its approach towards restricting outbound investments. As we have been blogging since 2022, the past two years have seen efforts to restrict outbound investments for national security reasons. Those efforts come both from Congress through legislation and the White House through Executive Order.
Continue Reading Proposed Outbound Investment Regulations: Understanding the New Restrictions on U.S. Outbound Investments in Artificial Intelligence (AI), Semiconductors, and Quantum Computing
Now Including the Kitchen Sink: Expansion of Export Controls on Russia Adds Restrictions on Low-Level Items and Software
Last year, we published an update on BIS’s foray into prohibiting EAR99 items for export to Russia and Belarus. We noted (somewhat in jest) that kitchen sinks may one day be added. Well, that day has come. Stainless steel kitchen sinks are officially prohibited for export to Russia and Belarus.
Continue Reading Now Including the Kitchen Sink: Expansion of Export Controls on Russia Adds Restrictions on Low-Level Items and Software
Navigating the Solarscape: Our Handy Solar Tariffs Cheat Sheet
The solar industry is starting to get whiplash. Over the past year in particular, the industry has experienced a whirlwind of regulatory changes making solar tariffs some of the most complex tariffs in all of U.S. importing history. We should not expect the changes to lessen as the solar industry remains a focus for policymakers, industry stakeholders, and consumers. Given this frenetic pace (plus the upcoming June 28 deadline for public comments on the recent Section 301 duty increases), we provide this guide to current tariff and trade actions as a guide to help those in the industry keep afloat.
Continue Reading Navigating the Solarscape: Our Handy Solar Tariffs Cheat Sheet
OFAC Tightens Russia Sanctions; BIS Cracks Down on Diversion
On June 12, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced new measures targeting Russia’s financial infrastructure, including:…
Continue Reading OFAC Tightens Russia Sanctions; BIS Cracks Down on Diversion