Login
  • Client Advisory
  • E. Brian Alexander

DOJ DSP Compliance Enforcement Begins Today: Key Steps for Covered Entities

Print Article
SHARE

As reported in our previous advisories, effective provisions of the U.S. Department of Justice’s Data Security Program (DSP; 28 C.F.R. Part 202) will be fully enforced as of today, July 8, 2025, pursuant to the DOJ’s DSP: Implementation and Enforcement Policy. The Rule, effective April 11, 2025, restricts or prohibits access to bulk U.S. sensitive personal data by countries of concern (e.g., China, Russia, Iran) and covered persons (e.g., entities or individuals affiliated with countries of concern) and certain government-related data.

Prior to July 8, DOJ committed to prioritizing education over enforcement, provided companies could show good faith efforts to comply. As of July 8, companies can face civil and criminal penalties for noncompliance. Additional DSP provisions (e.g., implementation of data compliance programs, audits, and reporting) will take effect October 6, 2025.

Who Must Act Now?

  • Data Collectors (regardless of sector or intended use of the data): Companies that collect genomic, biometric, geolocation, health, financial, or large-scale personal identifiers may be subject to the DOJ DSP Rule.
  • Companies with Foreign Partners: Companies with vendor, employment, or investment relationships with foreign or covered persons must review those relationships for compliance.
  • Data Brokers: Transactions with countries of concern or covered persons involving access to U.S. personal data are prohibited unless exempt or licensed.
  • Telecom & Tech Providers: Companies must review exemptions to the DOJ DSP (e.g., the DSP exemption for certain data transactions that are, “ordinarily incident to and part of the provision of telecommunications services”) and ensure compliance measures are in place to protect against the onward transfer of covered data by foreign persons.

Immediate Action Items

  • Know Your Data: Understand whether covered data is collected or processed
  • Map Data Flows & Access Points to covered data
  • Review Agreements to ensure any covered data transactions are identified (including data brokerage transactions and also any vendor, employment and investment agreements that involves access to covered data)
  • Implement DSP Compliance Plans

The CommLaw Group Can Help

If your company needs support preparing for DOJ DSP compliance, please contact us today:

Brian Alexanderbal@commlawgroup.com

Ask An Attorney

Disclaimer: Please be advised that contacting our law firm through this contact form does not establish an attorney-client relationship. While we appreciate your interest in our services, we cannot guarantee the confidentiality of any information shared until an attorney-client relationship has been formally established. Therefore, we kindly request that you refrain from submitting any confidential or sensitive information through this form. Any information provided through this form will be treated as general inquiries and not as privileged or confidential communications. Thank you for your understanding.