The U.S. Department of Justice has taken a step in protecting Americans’ sensitive data from foreign adversaries by implementing the Data Security Program (DSP), effective April 8, 2025.
This initiative, led by the National Security Division (NSD) under Executive Order 14117, aims to curb espionage and counterintelligence activities by nations such as China, Russia, and Iran that exploit commercial channels to access U.S. government-related and personal data.
Deputy Attorney General Todd Blanche emphasized the importance of this program, stating, “The Data Security Program makes getting Americans’ sensitive data a lot harder for foreign adversaries who might otherwise exploit it for espionage or military development.”
The DSP establishes stringent controls to prevent foreign adversaries and entities under their jurisdiction from accessing bulk genomic, biometric, geolocation, financial, health, and other sensitive personal data.
This move aligns with President Trump’s previous initiatives under the America First Investment Policy and NSPM-2 on Imposing Maximum Pressure on Iran.
Guidance for Compliance and Enforcement Policy
To assist individuals and organizations in adhering to the DSP’s requirements, NSD has released a Compliance Guide and a comprehensive list of over 100 Frequently Asked Questions (FAQs).
These resources clarify key definitions, prohibited transactions, and best practices for building robust data compliance programs.
The guide also provides model contractual language and audit recommendations to ensure adherence to the program’s restrictions.
The FAQs address common concerns raised during public consultations and stakeholder engagements, offering insights into licensing processes, reporting violations, and navigating prohibited transactions.
NSD plans to update these FAQs regularly to accommodate emerging questions and refine guidance for regulated entities.
During the initial 90-day enforcement period ending July 8, 2025, NSD has adopted a limited enforcement policy to allow businesses and individuals time to adjust their practices in good faith.
Entities are encouraged to renegotiate contracts, review data flows, and implement cybersecurity measures aligned with the Cybersecurity and Infrastructure Security Agency (CISA) standards.
NSD clarified that civil enforcement actions will not be prioritized during this grace period unless there is evidence of bad faith or non-compliance efforts.
National Security Implications
The DSP reflects a growing recognition across political parties of the risks posed by foreign adversaries exploiting Americans’ sensitive data for surveillance or military advancements.
As outlined in the 2025 Annual Threat Assessment of the U.S. Intelligence Community, such activities pose an “unusual and extraordinary threat” to national security.
NSD’s primary mission is safeguarding U.S. national security by preventing countries of concern from weaponizing sensitive information.
Deputy Attorney General Blanche underscored this urgency: “Why go through complicated cyber intrusions when you can buy Americans’ data on the open market? The DSP ensures that option is no longer viable.”
Entities conducting business in or with the United States must comply with DSP regulations to mitigate risks associated with foreign exploitation of sensitive information.
The program also introduces an initial Covered Persons List identifying individuals or entities under foreign adversaries’ control or direction.
As businesses work toward full compliance by October 6, 2025—when affirmative due-diligence obligations take effect—the Justice Department encourages stakeholders to contact NSD for informal inquiries or feedback at [email protected].
This collaborative approach aims to refine future guidance while minimizing disruptions for businesses adapting to new regulations.
The DSP marks a pivotal moment in the U.S. efforts to protect citizens’ privacy and national security in an increasingly interconnected digital world.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The U.S. Department of Justice has taken a significant step in protecting Americans’ sensitive data from foreign adversaries by implementing the DSP.){kind=link}