Commerce to Publish Proposed Regulations to Implement EO on "Securing the Information and Communications Technology and Services Supply Chain"
Client Alert | 1 min read | 11.26.19
The Commerce Department will publish, in proposed form, long-awaited regulations to implement the sweeping language of the May 2019 Executive Order entitled “Securing the Information and Communications Technology and Services Supply Chain.”
The proposed regulations, to be promulgated under the authority of the International Emergency Economic Powers Act (IEEPA) and the EO, would establish a case-by-case process, by which the Secretary of Commerce could initiate (at its discretion, or at the request of another agency, or even a private party, via a dedicated web portal for “credible” tips) a review of any specific transaction (meaning “any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service”) that is: (1) initiated, pending, or to be completed after May 15, 2019; (2) involves persons or property subject to US jurisdiction; (3) involves any property in which a foreign country or national has an interest; (4) “involves information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary” (with the definition of “foreign adversary” adopted from the EO, not narrowed to identify any specific foreign governments or persons); and (5) that poses either:
- Undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States;
- Undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or
- Otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.
The parties to a transaction under review would receive a preliminary determination of the Secretary’s findings and would then have 30 days to present “an opposition,” or proposed measures for mitigation in lieu of an outright prohibition of the transaction. Commerce will accept public comments on all aspects of the proposed regulations for 30 days (until December 27, 2019).
Contacts
Insights
Client Alert | 2 min read | 07.15.26
CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations
As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements (Level I and II self assessments are still permitted). Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights.
Client Alert | 3 min read | 07.15.26
Client Alert | 3 min read | 07.14.26
Client Alert | 3 min read | 07.13.26
Amici Rally Behind Liberty Global, Urging Tenth Circuit to Rein in Economic Substance Doctrine


