[Federal Register Volume 87, Number 8 (Wednesday, January 12, 2022)]
[Rules and Regulations]
[Pages 1670-1671]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-00448]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

Bureau of Industry and Security

15 CFR Parts 740, 772, and 774

[Docket No. 220105-0004]
RIN 0694-AH56


Information Security Controls: Cybersecurity Items; Delay of 
Effective Date

AGENCY: Bureau of Industry and Security, Commerce.

ACTION: Interim final rule; delay of effective date.

-----------------------------------------------------------------------

SUMMARY: On October 21, 2021, the Bureau of Industry and Security (BIS) 
published an interim final rule that establishes new controls on 
certain cybersecurity items for National Security (NS) and Anti-
terrorism (AT) reasons, along with a new License Exception, Authorized 
Cybersecurity Exports (ACE), that authorizes exports of these items to 
most destinations except in the circumstances described in that rule. 
That rule was published with a 45-day comment period, which ended on 
December 12, 2021, and a 90-day delayed effective date (January 19, 
2022). This rule delays the effective date of the interim final rule by 
45 days.

DATES: As of January 12, 2022, the effective date for the interim final 
rule published October 21, 2021, at 86 FR 58205, is delayed to March 7, 
2022.

FOR FURTHER INFORMATION CONTACT: For questions regarding the Export 
Control Classification Numbers (ECCNs) included in this rule or License 
Exception ACE, contact Aaron Amundson at 202-482-0707 or email 
[email protected].

SUPPLEMENTARY INFORMATION:

Background

    In response to the interim final rule published on October 21, 2021 
(86 FR 58205), which implements new controls on certain cybersecurity 
items for National Security (NS) and Anti-terrorism (AT) reasons, along 
with a new License Exception, Authorized Cybersecurity Exports (ACE), 
BIS received twelve comments before the end of the comment period on 
December 12, 2021. The submitted

[[Page 1671]]

comments are posted at regulations.gov under ID BIS-2020-0038. Based on 
issues raised by some of the public comments, BIS may consider some 
modifications for the final rule. Some of the comments described the 
necessary compliance measures that industry would have to complete to 
comply with the October 21, 2021 rule and, on that basis, requested 
that BIS delay the rule's effective date in order to allow industry 
sufficient time to update the requisite compliance procedures and for 
BIS to provide additional public guidance. BIS agrees that it is 
important to allow enough time for industry to implement the compliance 
measures and procedures necessary to comply with the published interim 
final rule, as well as for BIS to provide the public with additional 
guidance. Therefore, BIS is delaying the effective date of the October 
21, 2021 interim final rule by 45 days, to March 7, 2022. This action 
does not extend or reopen the comment period for BIS's previous request 
for comments on the interim final rule.

Export Control Reform Act of 2018

    On August 13, 2018, the President signed into law the John S. 
McCain National Defense Authorization Act for Fiscal Year 2019, which 
included the Export Control Reform Act of 2018 (ECRA), 50 U.S.C. 
Sections 4801-4852. ECRA provides the legal basis for BIS's principal 
authorities and serves as the authority under which BIS issues this 
action.

Thea D. Rozman Kendler,
Assistant Secretary for Export Administration.
[FR Doc. 2022-00448 Filed 1-11-22; 8:45 am]
BILLING CODE 3510-33-P