On May 10, 2021, the EU adopted its new, revised version of Regulation (EC) No 428/2009 (the “Regulation”).  It is widely acknowledged to be the first major reform to the structure of the EU’s export control regime since 2009.

The text of the Regulation was approved by the European Parliament on March 26, 2021. In November 2020, the Council and European Parliament representatives reached a provisional political agreement on the Regulation. The reform of EU export controls had initially been proposed by the European Commission in September 2016.
Continue Reading A New Era of Export Controls Begins in the EU: The Revised EU Dual-Use Export Controls to Promote Human Rights

Imagine telling your company’s Board of Directors that the company will have to knowingly violate the law. Further, you might note, the American Law Institute’s Principles of Corporate Governance state that, with very limited exceptions, a director who knowingly causes the corporation to disobey the law violates his duty of care. The protections of the Business Judgement Rule may not be available to a board member who, charged with navigating the Scylla and Charybdis of a conflict of laws, steers right into the shoals of noncompliance.

Beginning August 6, that will be the situation facing the thousands of companies that are subject to U.S. sanctions on Iran and to EU regulations blocking those sanctions. While it appears to be a stark choice, some nuances to the regulations may make navigating the narrow straights of the conflict of laws a less Odyssean and more practically manageable.
Continue Reading Stuck in the Middle With You: EU Blocking Statutes, Iran Sanctions, and the Thousands of Businesses Caught In Between

EU food safety authorities are still feeling the repercussions of the insecticide-contaminated eggs crisis. That crisis highlights the many challenges of dealing with unsafe and non-compliant products in a single European market, such as a lack of cooperation between EU authorities, traceability difficulties and widely varied national safety and testing standards.
Continue Reading Scrambling After an Egg Crisis – EU Safety Guidance for Online Product Sales

On July 27, 2017, the U.S. Congress sent to President Trump’s desk a bill that imposes new financial sanctions against Russia, Iran, and North Korea. It appears nearly certain that the president will sign that bill, now called the “Countering America’s Adversaries Through Sanctions Act” (CAATSA). Edit: President Trump signed the bill on August 2, 2017.
Continue Reading In the Chaos of (Trade) War, Where Does Your Company Find Peace?

How The EU Data Privacy Regulation Will Affect American Companies’ Data Collection and Processing Practices – and Their Revenue

For American companies who do business in Europe or who process the personal data of EU residents, the world of data privacy and security is about to get much more complicated. While U.S. privacy law is unsettled, with rapidly proliferating state and federal laws and regulations and uncertainty as to how strictly they will be enforced, the rules in the European Union are tough and about to get much tougher. The General Data Protection Regulation (EU) 2016/679 (GDPR), slated to take effect in May 2018, will give consumers in the EU substantially more control over how their personal data is used. The increased control includes the right to:

  1. access any personal data that has been collected,
  2. obtain confirmation about whether an individual’s data is being processed, and
  3. require that the data be “erased” if the consumer withdraws consent.


Continue Reading The GDPR and The Bottom Line

On the morning of June 24, 2016, we woke up to a headline that had been much discussed, but still added a jolt to many people’s morning coffee: Britain to Leave the European Union.

The first response, almost inevitably, was fear and confusion. Global markets dropped precipitously (as did the Pound Sterling and the Euro) until the Bank of England spoke up to reassure investors, and even then the exchanges appeared jittery. Nevertheless, after bolting from bed in the first shocking instant, we propose a calmer moment to reflect on the new reality. Over breakfast (English breakfast tea with that, perhaps?), we may carefully examine how Brexit will impact global business.

To begin, we have taken that moment to analyze the implications of the UK’s separation from the European Union in the realm of sanctions, export controls, and foreign investment in the United States. We address those implications in the four questions below.
Continue Reading The Morning After: Waking up to Brexit and Its Impact on Your Business

On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The framework replaces the “Safe Harbour” mechanism, which enabled U.S. to transfer data from the EU to the United States by self-certifying that their practices ensured an adequate level of protection for personal data under the EU Data Protection Directive. In October, the “Safe Harbour” framework was declared invalid by the European Court of Justice in the Schrems decision covered earlier in this blog.
Continue Reading EU-US Privacy Shield: Brace Yourself . . . or Maybe Not

Privacy activists across Europe raised their data protection banner following the announcement by EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová on Tuesday 2 February 2016 that a political agreement had been reached between the EU and the US on a new framework for handling transatlantic data flows. This does not bode well, especially because the exact content of the new agreement which will replace the “Safe Harbour” mechanism is still unknown. We will expand on the indications provided by the Commissioner on some of the negotiated protection mechanisms. More importantly, we will highlight the risks that over 4.000 companies, mainly US tech companies, still face and the measures they should put in place to ensure compliance with EU data protection rules.
Continue Reading EU-US Privacy Shield: Still Awaiting Certainty

On January 16, 2016, two NFL playoff games and a historic revision of U.S. foreign policy took place. Many of us enjoyed the first two (did you see that last-second touchdown pass?!) but did not pay close attention as the United States lifted many of its secondary sanctions against Iran. Even those normally attentive to sanctions news had already heard (including by reading and excitedly discussing this blog) that things were not going to change that much for U.S. persons.
Continue Reading Airplanes, Pistachios, and a New Burger Joint in Tehran: What Changes for the United States Under Lighter Iran Sanctions

Like a needle to a balloon, the Schrems decision has drastically altered the data privacy landscape. Who is affected? Everyone – consumers, corporations, employees. But who needs to take action? Any company with offices in the European Union and the United States, any European company that outsources work to the United States (do you know where your cloud is?), and any company that sends information from the EU to the United States.
Continue Reading The Schrems Decision: How the End of Safe Harbor Affects Your FCPA Compliance Plan