- What changed on 24 July 2025 (supplemental DOJ draft)
- “Countries of concern” locked: China, Russia, Iran, North Korea, Cuba, Venezuela.
- Bulk thresholds finalised:
– ≥1 M unique biometric identifiers in 12 months
– ≥10 M precise geolocation pings (≤100 m accuracy) in 12 months
– ≥1 M consumer genomic records
– ≥$50 M revenue from selling any covered data to foreign persons - U.S.-Government-related data now includes contractor travel itineraries and ** cleared-personnel fitness-tracker logs**.
- Six new compliance duties (effective on rule finalisation—expected 15 Oct 2025)
表格
复制
| Duty | Penalty for breach |
|---|---|
| Pre-transfer licence from DOJ | $1 M per export + 10-year export-ban |
| Vendor due-diligence file | $250 k per missing document |
| Real-time bulk-sale ledger | $50 k per un-logged transaction |
| Geo-fence for covered data | $500 k per storage event outside approved shard |
| Board-level attestation | Personal civil penalty $100 k + claw-back bonuses |
| 24-hour breach notice to DOJ | $1 M + mandatory DOJ on-site inspection |
- Data-traffic light system—automate in 60 days
GREEN (approved) — storage & processing inside Five-Eyes or DOJ white-list
YELLOW (conditional) — encrypted + key remains in U.S. + ≤30 day retention
RED (prohibited) — any server or admin located in country-of-concern
Micro-service evaluates every IAM token, API call, S3 replication event—blocks RED in <200 ms.
- Architecture pattern: “In-country, in-crypto, in-time”
- Deploy sovereign enclaves (AWS US-West, Azure Gov, GCP FedRAMP) with:
– Post-quantum TLS (ML-KEM-768)
– HSM-backed key custody; root-of-trust stays on U.S. soil
– Secure erase after TTL expires (NIST SP 800-88 Rev. 1 crypto-shred)
- Sample bulk-sale ledger entry (DOJ XML schema v2.1)
xml
复制
<Transaction ts="2025-10-24T14:32:04Z" txId="US-2025-AB1234">
<DataCategory>Biometric-Face</DataCategory>
<Records>1 050 000</Records>
<Recipient country="DE" ownership="German-Foundation"/>
<ApprovedLicence id="DOJ-EXP-2025-67890"/>
<Hash>sha256/4fa3...</Hash>
</Transaction>API pushes entry to DOJ portal within 30 min of contract execution; fail = automatic $50 k ticket.
- 90-day sprint calendar (start today)
Week 0-2: Inventory
- Crawl all assets for covered categories; tag with bulk counter.
- Auto-classify genomic, biometric, geolocation, financial, fed-related data.
Week 3-4: Map & migrate
- Replicate covered datasets into sovereign enclaves; cut foreign admin access.
- Enable crypto-shred keys held only in FIPS 140-3 HSMs.
Week 5-6: Policy-as-code
- Write Rego rules: if (recipient.country IN list_of_concern) AND (recordCount >= threshold) → DENY.
- Git merge triggers CI simulation; fail build on policy violation.
Week 7-8: Vendor scrub
- Send 15-question due-diligence pack; require notarised repatriation undertaking.
- Terminate contracts that can’t provide clean file.
Week 9-10: Ledger & licence
- Stand-up API gateway; auto-post every export to DOJ sandbox.
- Apply for blanket licences where volume predictable (saves 30-day wait).
Week 11-12: Board & breach drill
- Draft board resolution; include personal liability acknowledgement.
- Table-top: simulated export to China blocked at API gateway; measure alert-to-triage time.
- Cost & penalty maths (mid-size data broker, 5 M biometric records)
表格
复制
| Scenario | Fine exposure | Mitigation cost | ROI |
|---|---|---|---|
| No controls, 1 export to China | $50 M (DOJ) + $20 M (class action) | — | — |
| Full automation (12 wk) | $0 | $2.8 M CapEx + $0.9 M OpEx / yr | 13× first year |
- Quick-reference checklist (screenshot for CFO)
✅ Covered data classes inventoried & bulk counters live
✅ Sovereign enclave deployed, keys in U.S. HSM
✅ Vendor due-diligence files notarised & uploaded
✅ Real-time ledger API wired to DOJ sandbox
✅ Board attestation signed & insurance rider updated
✅ 24-hour breach notification play-book tested
- Final thought
EO 14117 flips the script: data is no longer “the new oil”—it’s the new uranium.
Handle it inside the fence, log every gram, or pay the radiological price.
