DOJ Data Export Control Rule Enforcement Effective Today

The Department of Justice’s new data export control rule introduces restrictions on data transfers to certain countries and persons. The rule originally went into effect on April 8,  followed shortly by an enforcement pause for those engaging in “good faith efforts” to comply. That pause is over as of today, July 9, and now the DOJ expects full compliance. A recent Wiley memo discusses the end of the enforcement pause:

“The DSP reflects growing national security concerns over dealings with China and other countries of concern, which are being increasingly incorporated into policy by the Trump Administration and Congress. With the expiration of the pause in civil enforcement after July 8, U.S. companies should pay close attention to expanding obligations related to certain international data transactions.”

More key dates for the Rule are on the horizon as due diligence, audit, and reporting requirements become effective on October 6, 2025. The DOJ has also issued a compliance guide and an FAQ on the rule, which John wrote about here. If you haven’t come into full compliance with the Rule, it is now past time to do so. For those who are in compliance, reviewing the upcoming requirements phasing in on October 6 is a top priority. The administration has signaled that combating cyber threats from foreign adversaries is a major policy goal, so we can expect the DOJ to actively enforce the new Rule.