The US Department of Justice on Friday unveiled a "critical" new Data Security Program to prevent foreign adversaries from getting access to Americans’ sensitive information.
The program, which officially kicked in on April 8th, aims to crack down on foreign adversaries like China, Russia, and Iran from getting their hands on Americans’ sensitive data through commercial backdoors.
Foreign adversaries have been able to simply acquire swaths of Americans’ data through the commercial marketplace and then exploit that data for nefarious gain.
Led by the National Security Division (NSD), the new Data Security Program will prevent bulk access to highly sensitive information, including genomic, biometric, health, financial, geolocation data, and more.
“If you’re a foreign adversary, why would you go through the trouble of complicated cyber intrusions and theft to get Americans’ data when you can just buy it on the open market or force a company under your jurisdiction to give you access?” said Deputy Attorney General Todd Blanche.
“The Data Security Program makes getting that data a lot harder,” Blanche said.
Justice Department Implements Critical National Security Program to Protect Americans’ Sensitive Data from Foreign Adversaries
undefined National Security Division, U.S. Dept of Justice (@DOJNatSec) April 11, 2025
Department Answers Frequently Asked Questions, Provides Guidance, and Issues Limited Enforcement Policy for First 90 Days
🔗: https://t.co/bxDWJQ5mo5 pic.twitter.com/U63tyEAtXj
Categorizing both US government-related data and personally identifiable information (PII) as an “unusual and extraordinary threat,” the DoJ said this critical data can be exploited by adversaries for spying, surveillance, counterintelligence, or developing foreign military and AI capabilities, undermining US national security and foreign policy.
The program will put guardrails not just on foreign governments, but any companies they directly own, as well as any company operating under their jurisdiction or influence.
The DoJ said the new Data Security Program will run on a limited scale in the first 90 days, with updates and new measures expected over the next several months.
As part of the rollout, the NSD has issued a comprehensive Compliance Guide and detailed FAQ with over 100 questions answered. An initial list of “Covered Persons” – foreign individuals or entities considered high-risk – is also on the way.
Furthermore, to provide additional time for entities and individuals to come into compliance, “certain affirmative due-diligence obligations” will be delayed until October 6, 2025, it said.
The NSD said it “recognizes that individuals and companies may need to take a number of steps to determine whether the Program’s prohibitions and restrictions apply to their activities” before implementing any necessary policy changes.
Your email address will not be published. Required fields are markedmarked