The Justice Department took significant steps to move forward with implementing a critical program to prevent China, Russia, Iran, and other foreign adversaries from using commercial activities to access and exploit U.S. government-related data and Americans’ sensitive personal data to commit espionage and economic espionage, conduct surveillance and counterintelligence activities, develop AI and military capabilities, and otherwise undermine our national security.
The Data Security Program implemented by the National Security Division (NSD) under Executive Order 14117 addresses this “unusual and extraordinary threat…to the national security and foreign policy of the United States” that has been repeatedly recognized across political parties and by all three branches of government.
The Justice Department’s continued prioritization of the Data Security Program delivers on promises made by President Donald Trump in his America First Investment Policy and NSPM-2 on Imposing Maximum Pressure on Iran, addresses threats identified in the 2025 Annual Threat Assessment of the U.S. Intelligence Community and Trump’s 2017 National Security Strategy, and responds to the national emergency President Trump declared in Executive Order 13873.
“If you’re a foreign adversary, why would you go through the trouble of complicated cyber intrusions and theft to get Americans’ data when you can just buy it on the open market or force a company under your jurisdiction to give you access?” said Deputy Attorney General Todd Blanche. “The Data Security Program makes getting that data a lot harder.”
To address this urgent threat, the Data Security Program establishes what are effectively export controls that prevent foreign adversaries, and those subject to their control, jurisdiction, ownership, and direction, from accessing U.S. government-related data and bulk genomic, geolocation, biometric, health, financial, and other sensitive personal data.
To assist the public in coming into compliance with the Data Security Program, NSD has issued a Compliance Guide, an initial list of over 100 Frequently Asked Questions (FAQs), and an Implementation and Enforcement Policy for the first 90 days.
NSD will be taking additional steps over the coming weeks and months to implement the Data Security Program, including publishing an initial Covered Persons List that identifies and designates persons subject to the control and direction of foreign adversaries.
The Data Security Program went into effect on April 8, 2025.
