On February 2, 2017, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued Cyber-related General License (GL) 1, a general license that authorizes certain transactions with Russia’s Federal Security Service (Federalnaya Sluzhba Bezopasnosti or FSB). GL 1 authorizes U.S. persons (i.e., individuals and companies) to request, receive, use, pay for or deal in licenses, permits, certifications, or notifications issued or registered by the FSB for information technology (IT) products in Russia, provided that (i) the relevant IT goods or technology are subject to the U.S. Export Administration Regulations (EAR) and are licensed or otherwise authorized by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS); and (ii) payment of fees to the FSB for such licenses and other authorization or notification does not exceed $5,000 in any calendar year. GL 1 also authorizes transactions or activities that are necessary and ordinary incident to complying with law enforcement or administrative actions or investigations involving the FSB or rules and regulations administered by the FSB.
Overview of Actions Taken by the United States
On December 29, 2016, President Obama announced that he was sanctioning nine individuals and entities: the Main Intelligence Directorate (aka Glavnoe Razvedyvatel’noe Upravlenie) (GRU) and the Federal Security Service (aka Federalnaya Sluzhba Bezopasnosti) (FSB), two Russian intelligence services; four individual officers of the GRU; and three companies that were stated to have provided material support to the GRU’s cyber operations. In addition, two Russian individuals were sanctioned for using cyber-enabled means to cause misappropriation of funds and personal identifying information. These actions mark the first expansion of the Specially Designated Nationals (SDN) List to include entities and individuals under the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) cybersecurity program since it was established on April 1, 2015. The 2015 client alert can be found here.
On December 23, 2016, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a Final Rule amending the Iranian Transactions and Sanctions Regulations, 31 C.F.R. Part 560 (ITSR) to expand the scope of permissible exports/re-exports of medicine, medical devices and agricultural commodities to Iran.
The results of the U.S. presidential election are historic and unanticipated, and they will have significant economic, political, legal and social implications. As we prepare for the Trump presidency, many uncertainties remain regarding how the incoming administration will govern. President-elect Trump has stated that he will pursue vast changes in diverse regulatory sectors, including international trade, health care, and energy and the environment. These changes are likely to reshape the legal landscape in which companies must conduct their business, both in the United States and abroad.
On April 3, 2016, it became public that an anonymous source had leaked 11 million confidential documents, known as the “Panama Papers,” belonging to the Panama-headquartered international law firm Mossack Fonseca. As more of the Panama Papers become public over the coming months, they will raise a host of issues for parties identified in the papers, as well as the business partners, customers, suppliers and other entities connected to those parties. This alert summarizes key legal issues for consideration as companies attempt to understand, assess and mitigate the potential impact and exposure of the Panama Papers on their business.
Wednesday, February 3, brought additional developments pertaining to the transfer of personal data from the EU to the U.S. consistent with EU privacy law. Just one day prior, we reported on the announcement by the EU and U.S. of an agreement called the EU-U.S. Privacy Shield (Privacy Shield), which is intended to replace the Safe Harbor arrangements struck down by the Court of Justice of the EU in the Schrems decision. We noted that the “reaction of the Data Protection Authorities will also be watched, and important developments may come quickly.” Consistent with that advice, Working Party 29 (WP29), which includes the Data Protection Authorities (DPAs) from across the EU that conduct relevant enforcement, met on Wednesday and issued a statement affecting companies that have continued to depend on Safe Harbor to transfer data during this period while an agreement was being negotiated and reported several times to have been close at hand.
The European Union and United States announced today that they reached a new agreement, referred to as the EU-U.S. Privacy Shield (“Privacy Shield”), to replace the Safe Harbor Agreement struck down by the European Court of Justice in the Schrems decision, which more than 4,000 companies were able to use for the transfer of personal information concerning European citizens to the United States in the course of business.