Steptoe’s International Regulation & Compliance group today authored an advisory entitled: “A Detailed Look at the Countering America’s Adversaries Through Sanctions Act.” The advisory lays out President Trump’s newly signed Countering America’s Adversaries Through Sanctions Act targeting Russia, North Korea, and Iran.  An excerpt detailing the implications of this new law on cybersecurity follows:

The Russia section of the law, called the Countering Russian Influence in Europe and Eurasia Act of 2017 (CRIEEA), expands existing restrictions on US persons doing business with Russia, and adds some potentially significant secondary sanctions targeting non-US person activity involving Russia and certain operations outside of Russia. CRIEEA requires the president to impose blocking sanctions on “any person” determined to “knowingly” engage in “significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of” the Russian government, or to be owned or controlled by, or acting for or on behalf of, such a person.  The law also requires the president to impose five or more of the menu-based sanctions on “any person that the president determines knowingly materially assists, sponsors, or provides financial, material, or technological support for, or goods or services (except financial services) in support of” such activity.  Finally, CRIEEA requires the president to impose menu-based sanctions on “any person that the president determines knowingly provides financial services in support of” such activity.  This provision significantly expands OFAC’s existing cyber-related sanctions program, in particular by applying to cyber activity that does damage anywhere in the world, as opposed to only that which impacts the United States.

A link to our full advisory can be accessed here.