
On April 11, 2025, the Department of Justice (“DOJ”) released additional detail regarding the Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”), which went into effect on April 8, 2025. The release included additional guidance, frequently asked questions, and an enforcement policy for the first 90 days. Much of the material re-articulated language in the Final Rule, but the release did include some notable new information for organizations assessing their compliance, key points of which we summarize below.
Earlier this year, Ropes & Gray published an Alert providing an overview of the Final Rule, material changes from the DOJ’s Notice of Proposed Rulemaking (“NPRM”), and guidance on steps organizations should take to come into compliance. (Ropes & Gray also published Alerts on the NPRM and the Advance Notice of Proposed Rulemaking).
To read the full Ropes & Gray client alert, click here.