FACT SHEET: Executive Order Protecting Americans’ Sensitive Data from Foreign Adversaries
The Biden Administration is committed to promoting an open, interoperable, reliable and secure Internet; protecting human rights online and offline; and supporting a vibrant, global digital economy. Certain countries, including the People’s Republic of China (PRC), do not share these values and seek to leverage digital technologies and Americans’ data in ways that present unacceptable national security risks while advancing authoritarian controls and interests.
Today, President Biden signed an Executive Order (E.O.) to further address the ongoing national emergency declared in E.O. 13873 of May 15, 2019 with respect to the threat posed to the United States’ information and communications technology and services (ICTS) supply chain. President Biden revoked and replaced three E.O.s that aimed to prohibit transactions with TikTok, WeChat, and eight other communications and financial technology software applications; two of these E.O.s are subject to litigation. In their place, this E.O. directs the use of a criteria-based decision framework and rigorous, evidence-based analysis to address the risks posed by ICTS transactions involving software applications that are designed, developed, manufactured, or supplied by persons that are owned or controlled by, or subject to the jurisdiction of a foreign adversary, including the People’s Republic of China, that may present an undue or unacceptable risk to the national security of the United States and the American people.
Specifically, the E.O. the President signed today:
Enables the U.S. to take strong steps to protect Americans’ sensitive data: This E.O. revokes and replaces E.O.s 13942, 13943, and 13971. The new E.O. directs the Department of Commerce to instead evaluate foreign adversary connected software applications under the rules published to implement E.O. 13873 and take action, as appropriate.
Provides criteria for identifying software applications that may pose unacceptable risk: This E.O. provides criteria for consideration, consistent with the criteria set forth in E.O. 13873 and the implementing regulations, for identifying and evaluating ICTS transactions involving foreign adversary connected software applications that may pose an unacceptable risk to U.S. national security and the American people. For example, ICTS transactions involving software applications may present a heightened risk when the transactions involve applications that are owned, controlled, or managed by persons that support foreign adversary military or intelligence activities, or are involved in malicious cyber activities, or involve applications that collect sensitive personal data.
Develops further options to protect sensitive personal data and address the potential threat from certain connected software applications: This E.O. directs the Department of Commerce, in consultation with other U.S. departments and agencies, to make recommendations to protect against harm from the sale, transfer of, or access to sensitive personal data, including personally identifiable information and genetic information – to include large data repositories – to persons owned or controlled by, or subject to the jurisdiction or direction of, foreign adversaries. Additionally, the Department of Commerce will make recommendations for additional executive and legislative actions to further address the risk associated with foreign adversary connected software applications.