Department of Commerce Issues First Enforcement Action Protecting Information and Communications Technology and Services Supply Chain
By Jessica Varda, J.D. Candidate, Class of 2026, Louis D. Brandeis School of Law at the University of Louisville
On June 20, 2024, the Department of Commerce’s Bureau of Industry and Security (BIS) issued its first enforcement action pursuant to Executive Order No. 13873 (issued on May 15, 2019) to deter foreign adversaries from creating and exploiting vulnerabilities in information and communications technology and services (ICTS), particularly targeting vulnerabilities that could affect the ICTS supply chain.
The Final Determination announced on June 20 prohibits Russian company Kaspersky Lab, Inc., and its affiliates, subsidiaries, and parent companies (“Kaspersky”) from directly or indirectly providing antivirus software and cybersecurity products or services in the United States or to U.S. persons due to national security risks uncovered in an investigation. The Final Determination prohibits the resale, integration into other products and services, or licensing for resale or integration, of Kaspersky cybersecurity or antivirus software, with civil or criminal penalties for violations.