Volkov – Many “good government” initiatives continue to be enacted or implemented on Capitol Hill or in the Executive Branch — notwithstanding changes in political control. While working on Capitol Hill, the bulk of the legislative and oversight work was bipartisan in that both parties were committed to sensible initiatives needed to be keeping the government operational and effective.
The Justice Department recently implemented a final rule establishing the Data Security Program (DSP) to prevent countries of concern—China, Cuba, Iran, North Korea, Russia, and Venezuela—from accessing sensitive U.S. data. Effective April 8, 2025, the DSP prohibits or restricts U.S. persons and companies from transactions involving government-related data or bulk sensitive personal data with these countries or covered persons (including entities majority-owned by countries of concern or with primary business there). The program identifies prohibited and restricted transactions, establishes exemptions, defines bulk data thresholds, and creates licensing processes. While additional requirements must be implemented by October 6, 2025, the DOJ has instituted a 90-day enforcement hiatus until July 8, 2025, allowing companies time to ensure compliance with these new data security regulations. Entities with activities in countries surrounding China, Iran, or Russia should take note of current and evolving DSP restrictions and exemptions given the role these countries and their nationals play in providing internet, telecommunications, IT expertise, cloud-
based services, etc. throughout their regions.
