Insights

On May 23, 2025, the U.S. Departments of State (“State”) and the Treasury (“Treasury”) took actions that resulted in immediate sanctions relief for Syria. Specifically, Treasury’s Office of Foreign Assets Control (“OFAC”) issued General License 25 (“GL 25”) pursuant to the Syrian Sanctions Regulations (“SySR”), the Weapons of Mass Destruction Proliferators Sanctions Regulations (“NPWMD”), the Iranian Financial Sanctions Regulations (“IFSR”), the Global Terrorism Sanctions Regulations (“GTSR”), and the Foreign Terrorist Organization Sanctions Regulations (“FTOSR”). In parallel, Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and State took supporting actions outlined below.

The UK’s new Procurement Act 2023 (the “Act”) took effect on 24 February 2025. More information on this can be found in our alerts: Understanding the UK’s New Procurement Regime in 2025 and Changes to the UK Procurement Regime in 2025: An Introduction to the Debarment List.

On February 4, 2025, President Trump issued a National Security Presidential Memorandum (NSPM-2) on “Imposing Maximum Pressure on the Government of the Islamic Republic of Iran, Denying Iran All Paths to a Nuclear Weapon, and Countering Iran’s Malign Influence.” NSPM-2 directs U.S. government agencies to take a range of measures to reimpose “maximum pressure” sanctions on Iran. 

On January 2, 2025, the U.S. Department of Defense (DoD) updated the 1260H List of entities identified as “Chinese military companies” (CMC) operating in the United States, as required by section 1260H of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2021 (Section 1260H), adding new entities and removing others.  The updated 1260H List now includes 76 entities. 

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued new guidance (“BIS Guidance”) for financial institutions (“FIs”) on October 9, 2024, recommending that FIs undertake specific compliance practices to minimize their risk of violating General Prohibition (“GP”) 10 of BIS’s Export Administration Regulations (“EAR”).  GP 10 prohibits any person (U.S. or otherwise) from selling, transferring, exporting, reexporting, financing, ordering, buying, removing, concealing, storing, using, loaning, disposing of, transporting, forwarding, or otherwise servicing an item “subject to the EAR” with knowledge that that item was, or will be, exported, reexported, or transferred in violation of the EAR.  Knowledge in this context goes beyond actual knowledge, and can be inferred from circumstances surrounding a transaction; in other words, a “known or should have known” standard.  Although BIS has published several joint alerts with FinCEN encouraging financial institutions to look for potential red flags of evasion of export controls, this guidance goes further in establishing specific export compliance best practices for financial institutions and suggests that financial institutions that finance or otherwise service prohibited exports risk liability under the EAR.

On June 20, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) announced a Final Determination, pursuant to the Securing the Information and Communications Technology and Services Supply Chain (ICTS) regulations, prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons (wherever located) because it poses undue and unacceptable risk to U.S. national security. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries and parent companies (collectively Kaspersky). This is the first time that BIS’s Office of Information and Communications Technology and Services (OICTS) has issued a determination pursuant to the ICTS regulations.

On May 22, 2024, the U.S. Department of Justice’s National Security Division (NSD) announced its first declination to prosecute a company under its Enforcement Policy for Business Organizations (Enforcement Policy).

On April 24, 2024, President Biden signed into law the National Security Supplemental fiscal package, which includes significant new sanctions and export controls authorities. Although the U.S. foreign aid commitments for Ukraine, Israel, and Taiwan headline the new law, it also (1) expands the statute of limitations for U.S. sanctions violations; (2) includes new authorities for the President to coordinate sanctions efforts with the European Union and the United Kingdom; (3) expands sanctions and export controls on Iran (including some targeted at Chinese financial institutions); and (4) includes new sanctions authorities targeting terror groups.

On April 11, 2024, the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) announced proposed amendments to its enforcement and mitigation regulations, marking the first substantive update to CFIUS’s mitigation and enforcement provisions since the enactment of the Foreign Investment Risk Review Modernization Act of 2018.  The Committee issued a notice of proposed rulemaking ("NPRM”) that would modify the regulations that apply to certain investments and acquisitions, as well as real estate transactions, by foreign persons as follows:

While not new, Congressional investigations have certainly been receiving increased press coverage in recent years, raising questions about their scope and potential risk for organizations and individuals. Congressional investigations have some similarities to other law enforcement and regulatory investigations, but are distinct in many respects. This alert will provide guidance about the unique nature of congressional investigations, and how to respond if you are the target of one.

Artificial intelligence (AI) has been at the forefront of public debate since the release of OpenAI’s ChatGPT in November 2022. Since then, numerous AI applications have been released to the public that serve a wide variety of functions, exacerbating the need for governance, as many technical, ethical, and legal questions remain unanswered. As the AI landscape continues to rapidly evolve, the Biden Administration has taken proactive efforts to develop a National Artificial Intelligence Strategy that seeks to mitigate the risks associated with the transformative technology. These efforts include the establishment of guidelines and standards, investments in research and development (R&D) initiatives, collaborative partnerships with major technology companies, and even a national competition with nearly $20 million in awards.

On September 11, 2023, the U.S. Department of Justice (“DOJ”)’s National Security Division (“NSD”) announced the appointment of its first-ever Chief Counsel and Deputy Chief Counsel for Corporate Enforcement, fulfilling a commitment made by DOJ in March 2023. Both appointees are prosecutors with significant experience prosecuting large-scale, international corporate crimes, commensurate with DOJ’s recent emphasis on holding accountable corporate actors that violate national security laws, including sanctions and export controls.

The Outbound Investment Program will be implemented through regulations issued by Treasury that will require notification for, or will otherwise prohibit U.S. persons from undertaking, certain transactions involving “covered national security products or technologies” and entities connected to a “country of concern.” Accordingly – concurrent with the Executive Order – Treasury released an Advance Notice of Proposed Rulemaking that provides some potential definitions of these terms, but the exact definitions and the details of the regulations will be developed through public notice and comment that concludes on September 28, 2023. Treasury also published a Fact Sheet that provides additional information on the proposed details and scope of the outbound investment prohibitions and notification requirements, which will likely not be finalized until 2024 sometime after Treasury has published draft regulations and gathered another round of public comments.

On July 26, 2023, the U.S. Department of Justice (“DOJ”), the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”), and the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued a Tri-Seal Compliance Note outlining their respective voluntary self-disclosure (“VSD”) procedures for potential violations of U.S. export controls and sanctions.  This announcement highlights the agencies’ focus on compliance with export controls, sanctions, and other U.S. national security laws, and reminds industry of the incentives for voluntarily disclosing potential violations, including mitigation of civil and criminal penalties. 

On July 25, 2023, the Senate overwhelmingly approved a measure to add mandatory notifications of certain investments in China to the National Defense Authorization Act (“NDAA”).  The Outbound Investment Transparency Act, authored by Senators John Cornyn (R-TX) and Bob Casey (D-PA), would require U.S. companies to notify the government of investments in certain Chinese sectors, but does not allow for blanket investment bans.  Last year, a more expansive version of the bill[i] that would have established an interagency process for reviewing investments in China involving critical supply chains and specific critical and emerging technologies sectors was ultimately dropped from the CHIPS and Science Act[ii].

Last week, the U.S. Department of Defense (“DoD”) issued a memorandum explaining new requirements in its efforts to “Counter[] Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education” (the “Memorandum”). The Memorandum discusses DoD’s new processes to review proposals from higher education institutions for fundamental research opportunities, with a focus on security threats posed by China, Russia, and other malign actors.

Following a meeting of the G7 Summit Leaders, on May 19, 2023, the United States and the United Kingdom announced a new round of sanctions and export controls against the Government of the Russian Federation (“Russia”) to continue their efforts against key sectors of Russia’s military-industrial base. These actions target procurement and evasion networks to curtail the flow of necessary resources Russia needs to maintain and fund its campaign against Ukraine. In this alert, Crowell & Moring attorneys based in our U.S. and UK offices provide a comprehensive overview of the recent multi-jurisdictional actions taken by the respective countries’ government agencies.

On May 16, 2023, the U.S. Senate Committee on the Judiciary, Subcommittee on Privacy, Technology, and the Law held a hearing titled “Oversight of A.I.: Rules for Artificial Intelligence.” This hearing is the first in a series intended to provide a forum for industry leaders to discuss and provide an understanding of the implications of A.I. with an eye toward facilitating the development of appropriate guidelines and regulations.

While the Biden’s administration’s recent corporate enforcement actions and initiatives have garnered significant press attention, China has engaged in recent months in a series of less-publicized corporate enforcement actions and initiatives against non-Chinese companies (mostly, but not exclusively, U.S.-based) operating in the country, including through new investigations, raids of China-based offices, and even detention of employees. China has taken many of these actions based on alleged violations of laws established or updated in the last five years, some of which were issued in response to actions taken by the United States in the ongoing U.S.-China Strategic Competition.

On March 24, 2023, the Financial Crimes Enforcement Network (“FinCEN”) released much-anticipated public guidance materials regarding its new beneficial ownership information reporting requirements, which will take effect January 1, 2024, pursuant to a final rule promulgated by FinCEN on September 30, 2022 (the “BOI Final Rule”).  87 Fed. Reg. 59,498. The BOI Final Rule requires certain U.S. companies and foreign companies registered to do business in the U.S. to file reports with FinCEN that identify the entity’s beneficial owners and the persons who applied to create or register the entity. The BOI Final Rule implements the beneficial ownership information (“BOI”) reporting provisions of the Corporate Transparency Act (“CTA”), enacted by Congress as part of the Anti-Money Laundering Act of 2020 in the National Defense Authorization Act for Fiscal Year 2021.