Communications Litigation Today was a Warren News publication.

BIS Seeing 'Very Little' License Activity for Cyber Rule, Official Says

The Bureau of Industry and Security has received very few license applications and questions related to its cybersecurity export control rule since it took effect in March (see 2110200036 and 2201110025) but is open to issuing more guidance to industry if needed (see 2205050023), a Commerce Department official said during the BIS annual update conference last week.

“We’ve seen very little licensing activity and not as many questions about the rule,” said the official, speaking on background under a conference policy for certain career personnel. “So it seems to be working in the sense that it doesn't seem to be overly broad, and we’re not getting flooded with licenses or questions.”

BIS issued the new rules after proposing a similar set of restrictions in 2015, which were withdrawn after nearly 300 commenters criticized their scope. The final controls, announced in October, aligned U.S. cybersecurity restrictions with controls previously agreed to at the multilateral Wassenaar Arrangement and created new License Exception Authorized Cybersecurity Exports.

The Commerce official said the agency knew the rule was “complicated” before it was published and is open to issuing more frequently asked questions if it receives requests from industry. “I think one of the things that came out from the 2015 rule is that there's a lot of people in this area who really didn’t have to deal with export controls in the past,” the official said. “We are trying to find ways to give a plain English explanation of the rule.”

The official also said industry shouldn’t expect a new rule proposing export controls on specific artificial intelligence technologies in the immediate future. BIS mentioned an AI rule in its spring 2022 regulatory agenda (see 2206270007), but the agency is still working through “a lot of ideas about what should and should not be controlled under there,” the official said. The rule mentioned in the regulatory agenda will ask for public comments on potential areas for AI controls.

“We don't really have a rule to control AI stuff that is ready to come out,” the official said. “We've been working with AI, and obviously it's a very big topic. There's a lot of different technologies in there.”