cyber-security 13 January 2022

Effective date of cybersecurity products rule put back to March

The US Bureau of Industry and Security (‘BIS’) says that the effective date of an interim final rule that establishes ‘new controls on certain cybersecurity items for National Security (NS) and Anti-terrorism (AT) reasons’ has been delayed from 19 January to 4 March.

BIS says it has decided to postpone implementation while it considers, in the light of public comments, making some modifications. It explains:

‘Some of the comments described the necessary compliance measures that industry would have to complete to comply with the…rule and, on that basis, requested that BIS delay the rule’s effective date in order to allow industry sufficient time to update the requisite compliance procedures and for BIS to provide additional public guidance.

‘BIS agrees that it is important to allow enough time for industry to implement the compliance measures and procedures necessary to comply with the published interim final rule, as well as for BIS to provide the public with additional guidance.’

The long-anticipated rule is seen as the US government’s response to global calls for controls on intrusion software or ‘spyware’.

https://bis.doc.gov/index.php/regulations/federal-register-notices#fr1670

For detailed analysis of the new rule and its potential impact, see the forthcoming issue of WorldECR.