C-suite officials need to be more involved in their companies’ export compliance programs, the Bureau of Industry and Security’s top export enforcement official said this week. He also urged businesses to review -- and potentially expand -- their current programs to keep pace with export controls risks, especially as various government agencies work more closely together on investigations, indictments and sanctions.

The Commerce Department is proposing new rules that could require U.S. cloud service providers and their foreign resellers to follow know-your-customer (KYC) requirements, a step the agency said would prevent those services from being used to aid cyberattacks and to train artificial intelligence models that threaten U.S. national security. The proposed regulations are specifically aimed at preventing “foreign malicious cyber actors” from using U.S. infrastructure-as-a-service products to steal American intellectual property and sensitive data, commit espionage, and train large AI models for cyberattacks on U.S. critical infrastructure.

The U.S. and the EU are making progress on more closely aligning their encryption-related export controls, a senior Bureau of Industry and Security official said last week, along with differences in export licensing and classification.

The Bureau of Industry and Security is preparing to announce more “significant” export penalties and corporate resolutions this year, said Matthew Axelrod, the agency’s top export enforcement official. He also said exporters should see more export-related indictments as part of a joint effort with DOJ, and he continued to pitch a BIS funding boost, which would help it hire more export enforcement agents.

The Bureau of Industry and Security has been experiencing delays in semiconductor-related export license applications due to a higher number of disagreements with the other agencies that also review those licenses, a senior BIS official said this week.

The Bureau of Industry and Security will likely issue more penalty announcements this year for export control violations, a former senior BIS enforcement official said, suggesting the current state of enforcement is unprecedented.

Companies should avoid internal policies that require them to disclose all potential sanctions and export control violations to the government, lawyers with Foley Hoag said this week. Although it may seem like a sound compliance policy, the lawyers said that language can backfire, including in cases where a voluntary disclosure may not be the best option.

Companies should expect the Bureau of Industry and Security to announce new export controls this year restricting certain U.S. person activities involving military and military intelligence end uses and end users, a former BIS official said.

The two authors of a bipartisan bill to boost U.S. technology competitiveness were lukewarm this week about the prospect of allocating more export control resources to the Commerce Department and stopped short of promising it more money, with one calling on the agency to be more efficient with what it has. And while they said they support Commerce’s updated China-related semiconductor export controls, they also said the U.S. should devote as much attention to expanding trade with close allies as it does to restricting trade with adversaries.

The leaders of the Senate Homeland Security and Governmental Affairs Subcommittee on Emerging Threats and Spending Oversight have asked the Government Accountability Office to assess the effectiveness of new export controls aimed at preventing China from obtaining advanced computing chips and the equipment to manufacture them.