Message to the Congress on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
TO THE CONGRESS OF THE UNITED STATES:
Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report that I have issued an Executive Order that expands the scope of the national emergency declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain), and further addressed with additional measures in Executive Order 14034 of June 9, 2021 (Protecting Americans’ Sensitive Data from Foreign Adversaries).
The continuing effort of certain countries of concern to access Americans’ sensitive personal data and United States Government-related data constitutes an unusual and extraordinary threat, which has its source in whole or substantial part outside the United States, to the national security and foreign policy of the United States. Access to Americans’ bulk sensitive personal data or United States Government-related data increases the ability of countries of concern to engage in a wide range of malicious activities, including espionage, influence, kinetic, or cyber operations, or to identify other potential strategic advantages over the United States.
To address this threat and to take further steps with respect to the national emergency declared in Executive Order 13873, the order authorizes the Attorney General, in coordination with the Secretary of Homeland Security and in consultation with the heads of relevant agencies, to issue, subject to public notice and comment, regulations to prohibit or otherwise restrict the large-scale transfer of Americans’ personal data to countries of concern and to provide safeguards around other activities that can give those countries access to sensitive data. Section 2(b) of the order authorizes the Attorney General, in consultation with the heads of relevant agencies, to take such actions, including the promulgation of rules and regulations, and to employ all other powers granted to the President by IEEPA, as may be necessary or appropriate to carry out the purposes of the order.
In addition, section 2(d) of the order authorizes the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, in coordination with the Attorney General and in consultation with the heads of relevant agencies, to propose, seek public comment on, and publish security requirements that address the unacceptable risk posed by restricted transactions, as identified by the Attorney General. Section 2(e) of the order authorizes the Secretary of Homeland Security, in coordination with the Attorney General, to take such actions, including promulgating rules, regulations, standards, and requirements; issuing interpretive guidance; and employing all other powers granted to the President by IEEPA as may be necessary to carry out the purposes described in section 2(d) of the order.
I am enclosing a copy of the Executive Order I have issued.
JOSEPH R. BIDEN JR.
THE WHITE HOUSE,
February 28, 2024.