As of July 8, the U.S. Department of Justice (“DOJ”) is scheduled to begin full enforcement of its Data Security Program (“DSP”) and the recently issued Bulk Data Rule after its 90-day limited enforcement policy expires, ushering in “full compliance” requirements for U.S. companies and individuals.[1] Continue Reading Enforcement Countdown: Is DOJ Ready for the Bulk Data Rule “Grace Period” to End?
DOJ National Security Division Issues First Declination Under Merger-Related Safe Harbor Provisions
On June 16, 2025, the Department of Justice’s National Security Division (“NSD”) and the U.S. Attorney’s Office for the Southern District of Texas announced a landmark declination to prosecute private equity firm White Deer Management LLC following its voluntary self-disclosure of sanctions violations committed by an acquired company.[1] This marks the first application of the safe harbor provisions for voluntary self-disclosure in connection with mergers and acquisitions—a policy put in place during the previous administration—and demonstrates the benefits of NSD’s enforcement policies while highlighting continued enforcement priorities across administrations.Continue Reading DOJ National Security Division Issues First Declination Under Merger-Related Safe Harbor Provisions
DOJ National Security Division Issues Second Declination Under Corporate Enforcement Policy
On April 30, 2025, the Department of Justice’s (“DOJ”) National Security Division (“NSD”), alongside the U.S. Attorney’s Office for the Northern District of California, announced a declination to prosecute Universities Space Research Association (“USRA”) for criminal export control violations committed by a former employee.[1] This marks only the second declination issued by NSD under its Enforcement Policy for Business Organizations (the “Policy”), following voluntary self-disclosure.Continue Reading DOJ National Security Division Issues Second Declination Under Corporate Enforcement Policy
DOJ Issues Additional Guidance as Data Security Program Enters into Effect; Limits Enforcement for First 90 Days
For more insights and analysis from Cleary lawyers on policy and regulatory developments from a legal perspective, visit What to Expect From a Second Trump Administration.
On April 11, 2025, the U.S. Department of Justice, National Security Division (“DOJ”) issued a compliance guide (“Compliance Guide”), a set of frequently asked questions (“FAQs”), and a 90-day limited enforcement policy (“Enforcement Policy”) relating to implementation of the Data Security Program, codified at 28 C.F.R. Part 202 (“DSP”). The DSP is a regulatory program designed to prevent certain countries of concern—China, Cuba, Iran, North Korea, Russia, and Venezuela—and covered persons from having access to Americans’ bulk sensitive personal data and U.S. government-related data. The DSP largely went into effect on April 8, 2025. Continue Reading DOJ Issues Additional Guidance as Data Security Program Enters into Effect; Limits Enforcement for First 90 Days
U.S. Government Signals Intent to Increase Enforcement of U.S. Export Controls
For more insights and analysis from Cleary lawyers on policy and regulatory developments from a legal perspective, visit What to Expect From a Second Trump Administration.
Earlier this month, the U.S. Department of Commerce (Commerce), Bureau of Industry and Security (BIS) held its annual Update Conference on Export Controls and Policy (the Conference). During the Conference, key government officials signaled an intent to ramp up enforcement of the Export Administration Regulations (EAR) going forward. For example, in opening remarks to Conference attendees, U.S. Secretary of Commerce Howard Lutnick said there would be a “dramatic” increase in enforcement by BIS under the Trump administration, including increased fines and penalties for parties that violate the EAR.Continue Reading U.S. Government Signals Intent to Increase Enforcement of U.S. Export Controls