Commerce Dept.’s security bureau finalizes rule covering export controls related to cyber activities

The Commerce Department’s Bureau of Industry and Security has issued a rule tightening export controls on “malicious cyber activities,” implementing 2013 additions to the Wassenaar Arrangement.

The interim final rule, set to take effect 90 days from publication in the Federal Register, covers intrusion software and technology used to develop, produce or use intrusion software. BIS in 2015 initially proposed a rule to implement the 2013 Wassenaar Arrangement changes but received substantial pushback from stakeholders over its scope, licensing burdens...