Disharmony in the Cyber Acquisition Patchwork
Client Alert | 1 min read | 05.07.15
While Executive Order No. 13636 asked for a review of "what steps can be taken to harmonize" existing cyber regulations governing federal acquisitions, a patchwork of more than a dozen different agency regulations – and dozens upon dozens of unpublished cyber policies – impose heavy burdens upon contractors seeking to build cost-effective cybersecurity compliance programs. On May 11, C&M's David Z. Bodenheimer will discuss this analysis and lead a co-sponsored program for the ABA Public Contract Law Section's Cybersecurity, Privacy, and Information Security Committee and the Science & Technology Law Section's Homeland Security Committee on "The Cybersecurity Patchwork of Federal Agency Rules & Unpublished Policies: How Do Contractors Comply?"
Insights
Client Alert | 7 min read | 06.24.26
On June 17, 2026, the U.S. Department of Justice’s (DOJ( National Security Division (NSD) announced that it had issued a declination for Robert Bosch GmbH (Bosch) relating to potential violations of the Export Control Reform Act, 50 U.S.C. § 4819 (ECRA). Specifically, the DOJ declined to criminally prosecute Bosch’s violations of the Export Administration Regulations’ (EAR) Foreign Direct Product Rule (FDPR), which apparently resulted from two Bosch subsidiaries’ export of products and software manufactured with equipment that was the direct product of U.S. software or technology to Huawei Technologies Co., Ltd. and its “Entity List” affiliates, including Huawei Tech. Investment Co., Ltd., Hong Kong (collectively, Huawei). The same day, the U.S. Department of Commerce Bureau of Industry and Security (BIS) announced a parallel civil administrative settlement with Bosch.
Client Alert | 3 min read | 06.24.26
Client Alert | 4 min read | 06.23.26
EPA Hands Over AI Data Center Regulation to States and Communities to Develop Best Practices
Client Alert | 3 min read | 06.22.26
