Welcome to the Intel Report, Faegre Drinker's quarterly briefing on national security.
This quarter, we highlight significant developments across the financial services, food and agribusiness, health and life sciences, manufacturing, and technology sectors. Key updates include Treasury's new cybersecurity information-sharing initiative, the Department of Defense's proposed expansion of FOCI requirements, new sanctions announcements, growing supply chain compliance requirements, and recent FARA enforcement activity. We also briefly cover recent executive orders and federal directives related to AI and cybersecurity enforcement.
At a Glance
Financial Services
- Treasury Launches Cybersecurity Information Sharing Initiative for Digital Asset Industry
- China's Expan-ded Anti-Foreign Sanctions Efforts
- DoD's Updated Chinese Military Company Designations
- OFAC Issues New Financial Services General License for Venezuela
Food & Agribusiness
- FTO Designations of Comando Vermelho and Primeiro Comando da Capital
- The Farm, Food, and National Security Act of 2026
Health & Life Sciences
- CISA Announces Revised CIRCIA Town Hall Schedule for Critical Infrastructure Cyber Incident Reporting Rule
- President Trump Issues National Security Memorandum to President of Science and Technology and Other Federal Agencies
Manufacturing
- DOJ National Security Division Issues First Declination under New Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP)
- NIST Finalizes Enhanced Security Requirements
- Senate Panel Passes Bipartisan Satellite Cybersecurity Bills
Technology
- Quantum Innovation Executive Order Foreshadows New Opportunities and Future Enforcement Activity
- Executive Order: Promoting Advanced Artificial Intelligence Innovation and Security
- Iranian National Pleads Guilty to Smuggling Military Technology to Iran via China
Energy
- Revocation of Iran-Related General License X and New Wind Down License
- Iran-Related OFAC Enforcement Action
International Developments and Other Updates
- UK Recalibrates Its National Security Screening Perimeter
- Department of Defense Issues Proposed Rule to Expand FOCI Requirements Disclosure and Mitigation Requirements
- FARA Violations Updates
- Pending Removal of Syria from the State Sponsor of Terrorism List
Financial Services
Treasury Launches Cybersecurity Information Sharing Initiative for Digital Asset Industry
On April 9, 2026, the US Department of the Treasury's Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) announced a new initiative to strengthen cybersecurity across the digital asset industry. Under the initiative, eligible US digital asset firms and industry organizations will receive the same actionable cybersecurity information that Treasury regularly shares with traditional US financial institutions — including timely threat intelligence designed to help firms identify, prevent, and respond to cyber threats targeting their customers and networks. The initiative advances a key recommendation from the President's Working Group on Digital Asset Markets report, Strengthening American Leadership in Digital Financial Technology, which called for increased public-private cooperation in safeguarding the digital asset ecosystem.
The initiative represents a significant step in aligning cybersecurity resources for the digital asset sector with those long available to traditional financial institutions and fits within a broader suite of Treasury actions in this space, including a February 2026 public-private initiative on AI cybersecurity risk management for financial services and Treasury's March 2026 report to Congress on innovative technologies to counter illicit finance involving digital assets. In light of this initiative, companies operating in the digital asset space should assess whether their organization qualifies as an eligible US digital asset firm under Treasury's criteria, review internal cybersecurity programs, and consider enrolling in the cybersecurity information-sharing initiative to strengthen their incident response capabilities.
China's Expanded Anti-Foreign Sanctions Efforts
On April 7, 2026, the Chinese State Council issued two significant regulations further expanding China's legal framework for responding to foreign sanctions, export controls, and other measures viewed by China as having improper extraterritorial effect, including new rules on supply chain security and blocking improper foreign extraterritorial measures. Since then, Chinese authorities have taken further implementing steps, including a May 2026 prohibition order relating to certain US sanctions against Chinese companies and June 2026 Ministry of Commerce (MOFCOM) rules detailing procedures for supply chain security investigations.
Together, these measures expand the enforcement tools available to Chinese authorities. The blocking rules authorize "prohibition orders" restricting compliance with certain foreign measures and provide for enforcement consequences that may include restrictions affecting a noncomplying entity's China market access. The supply chain security rules authorize investigations and countermeasures against entities and individuals involved in foreign measures that adversely affect China's industrial or supply chains. Depending on the facts and circumstances, foreign companies conducting supply chain diligence, audits, or information-gathering for purposes of complying with foreign sanctions or export control regimes may face increased regulatory scrutiny. Companies with China operations or China-facing supply chains should consider whether their global sanctions, export control, and supply chain diligence procedures could create conflicts with these evolving requirements, particularly where China-based audits, information requests, or data collection are involved.
DoD's Updated Chinese Military Company Designations
On June 8, 2026, the US Department of Defense published a substantially expanded update to its list of "Chinese military companies" under Section 1260H of the Fiscal Year 2021 National Defense Authorization Act (NDAA). The updated list now identifies nearly 200 entities, spanning sectors including artificial intelligence, semiconductors, telecommunications, automotive and electric vehicles, e-commerce, biotechnology, and clean energy. While Section 1260H designation alone does not currently prohibit US companies from transacting with the listed entities, various laws and regulations have recently implicated the designation in more detail. For example, as of June 30, 2026, DoD is prohibited from entering into, renewing, or extending contracts with listed entities or entities under their control pursuant to Section 805 of the FY2024 NDAA. A more significant restriction will go into effect on June 30, 2027, prohibiting DoD from entering into contracts for the procurement of goods or services that include goods or services produced or developed by a listed entity, even when such goods or services are procured indirectly through a contractor's supply chain. Similarly, under the full implementation of the BIOSECURE Act (likely in 2028), federal agencies will be prohibited from entering into contracts and grants with companies that use biotechnology equipment or services from entities designated as "biotechnology companies of concern" by OMB, based on their 1260H designation.
These developments create a materially more complex compliance environment for American financial services firms and other US companies with exposure to Chinese counterparties, supply chains, or capital markets. The expansion of the 1260H List to include major publicly traded Chinese companies may increase the likelihood of future designations that could restrict securities or other transactions. At the same time, China's Blocking Regulations (discussed above) mean that compliance with US sanctions or even routine supply chain diligence could expose firms to retaliatory action by Chinese authorities, including prohibition orders, loss of market access, and data-related restrictions.
OFAC Issues New Financial Services General License for Venezuela
On April 14, 2026, the US Department of the Treasury, Office of Foreign Assets Control (OFAC) issued Venezuela-related General License (GL) 57, which authorizes a wide range of financial services transactions involving four Venezuelan banks, including the Banco Central de Venezuela and the Banco de Venezuela, S.A. Banco Universal (Banco de Venezuela), and transactions involving the Government of Venezuela (GOV) that are necessary for authorized transactions with such banks. GL 57 offers broad authorization for financial transactions between the United States and Venezuela and with GOV-related entities, including "maintaining, operating, or closing of accounts; loans; transfers; transfers of funds; banking services; money transfer services;…the acceptance of deposits; insurance; guarantees; cash withdrawals;…wire transfers; debit card;…transfers of funds; …and security services and technologies," among others.
The scope of GL 57 is significant, and companies interested in pursuing transactions pursuant to the general license should carefully review both the proposed transaction and the permitted activities and restrictions to ensure that all activity is conducted in compliance with US sanctions.
Food & Agribusiness
FTO Designations of Comando Vermelho and Primeiro Comando da Capital
On May 28, 2026, the US Department of State announced the designation of Comando Vermelho (CV) and Primeiro Comando da Capital (PCC) as Specially Designated Global Terrorists (SDGTs), with Foreign Terrorist Organization (FTO) designations taking effect on June 5, 2026. Both CV and PCC operations extend beyond trafficking activities and into various business sectors, including agriculture, logistics, transportation, financial services, and construction.
Accordingly, food and agribusiness companies with operations, sourcing, or supply chains in Brazil face increased risks related to these designations. The SDGT designation blocks any assets of CV and PCC within US jurisdiction and prohibits US entities from conducting any transactions with them. The FTO designation triggers criminal liability under 18 U.S.C. § 2339B for "knowingly" providing "material support or resources" to a designated organization — a term defined broadly to encompass financial services, property, transportation, lodging, and virtually any other service. Violations may carry penalties of up to 20 years' imprisonment, and the statute applies to conduct outside the United States where a sufficient jurisdictional nexus exists (e.g., US dollar transactions, US correspondent banking relationships, US-based email accounts, etc.) Companies may also face civil liability under the Anti-Terrorism Act (18 U.S.C. § 2333), which provides for treble damages.
Food and agribusiness companies with Brazil-facing operations should consider conducting risk assessments to identify potential direct or indirect exposure to PCC- or CV-linked entities across supply chains, vendors, logistics providers, and financial flows. Companies should also consider implementing enhanced due diligence protocols, including beneficial-ownership tracing, sanctions screening, and employee training on FTO red flags across procurement, finance, logistics, and security teams.
The Farm, Food, and National Security Act of 2026
On April 30, 2026, the House passed the Farm, Food, and National Security Act of 2026. The bill reauthorizes USDA programs through FY2031 and introduces several national security-focused provisions of direct relevance to food and agribusiness companies. The bill has been received in the Senate and awaits further action.
The bill includes expanded CFIUS authority, formally adding the Secretary of Agriculture as a permanent member of CFIUS for transactions involving agricultural land, agriculture biotechnology, and the agriculture industry, and creating a new mandatory CFIUS notification pathway for "reportable agricultural land transactions" involving acquisitions by persons of China, North Korea, Russia, or Iran. Separately, Section 9012 of the bill would impose restrictions on USDA financial assistance for solar projects on "covered farmland" (i.e., prime, unique, and farmland of statewide or local importance) and a bar on funding for projects with components produced, manufactured, or assembled by a foreign entity of concern. The bill also incorporates various "Buy American" provisions prohibiting various foreign food imports from being used in federally funded programs (e.g., school food programs).
While this bill remains pending, companies should consider evaluating their foreign investment, land acquisition, and partnership arrangements for potential CFIUS implications, particularly where transactions involve agricultural land, biotechnology assets, or counterparties connected to designated foreign adversaries. Companies sourcing inputs for USDA-funded projects should assess supply chain compliance with the new foreign entity of concern restrictions. Importers should also monitor the "Buy American" provisions for potential effects on sourcing from restricted countries.
Health & Life Sciences
CISA Announces Revised CIRCIA Town Hall Schedule for Critical Infrastructure Cyber Incident Reporting Rule
Between June 15 and 17, 2026, the Cybersecurity and Infrastructure Agency (CISA) held virtual town hall meetings to gather input on the process of rulemaking relating to the Cyber Incident Reporting Critical Infrastructure Act of 2022 (CIRCIA). CIRCIA is a federal law requiring the CISA to issue rules requiring covered entities to report certain cyber incidents to CISA within 72 hours.
Notably, in a proposed rule issued in April 2024, CISA defined the term "covered entity" to encompass entities within the health care and public health sector, including entities that provide direct patient care (such as certain types of hospitals and clinics), and certain types of drug and device manufacturers. Although CISA obtained sector-specific input before issuing the proposed rule, CISA received numerous requests for an opportunity to provide additional input once the proposed rule had been issued. During the meetings, stakeholders raised concerns about the proposed reporting requirements, which would require covered entities to report qualifying cyber incidents within 72 hours.
The proposed rule remains under consideration at CISA and may undergo further changes in the coming months based on stakeholder feedback. However, if the rule is finalized as proposed, health and life sciences entities may be subject to increased compliance costs related to cyber incident response plans and greater regulatory scrutiny. Companies should review and update their incident response protocols, identify which of their business units might fall within the scope of the proposed rule, and establish internal reporting channels to ensure timely notification of any cyber incidents.
President Trump Issues National Security Memorandum to President of Science and Technology and Other Federal Agencies
On June 5, 2026, President Trump issued a presidential memorandum directing the National Security Enterprise, which includes the Assistant to the President for Science and Technology (APST) and numerous other federal officers, to accelerate its adoption of artificial intelligence by identifying areas in which AI can be used in their missions. The memorandum directs members of the National Security Enterprise to adopt existing commercial or open-source technologies when possible or, if commercial technology is not appropriate, to use commercially or internally customized models. The memorandum also directs the director of National Intelligence, secretaries of War (Defense) and Energy, and the National Security Agency to initiate joint AI data and model exchanges for applications common to the members of the national security enterprise.
The memorandum also provides guiding principles as to how AI technologies should be adopted by agencies, specifying that they must be "reliable, robust, steerable, and controllable, and . . . operate, in accordance with applicable laws, government policies, and guidance." The memorandum also directs the heads of relevant agencies to terminate contracts with companies "that have repeatedly demonstrated a pattern of conduct that is inconsistent with policies laid out" in the memorandum itself.
Health and life sciences companies doing business under federal contracts or subcontracts (and those who hope to obtain such business in the future) should evaluate their adoption of AI technologies, and whether it is consistent with the principles set forth in the memorandum.
Manufacturing
DOJ National Security Division Issues First Declination under New Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP)
On June 17, 2026, the Department of Justice's National Security Division (NSD) announced that it had declined the prosecution of a leading German-based global engineering company for an alleged scheme to send certain sensor products and software to Huawei Technologies Co., Ltd. (Huawei) and certain affiliates in violation of US export laws and regulations. This is the first declination by NSD under the new DOJ-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP), which provides that, absent certain aggravating factors and exceptions, a company can obtain a declination where the company voluntarily self-discloses misconduct, fully cooperates, and timely remediates the alleged misconduct.
According to NSD, the German-based company, through two non-US based subsidiaries, exported over $70 million worth of these items and provided them to Huawei and others without an appropriate US export license. Notably, although the exported items at issue were made outside of the United States, the US alleged a violation of its export laws pursuant to "Foreign Direct Product Rule," which extends export controls to any items (wherever they are made) if they are the "direct product" of US technology, software, or equipment.
This declination decision highlights two important items for manufacturers. First, it is a reminder that, due to the expansive nature of US export laws and regulations, a company may have civil and criminal exposure under these laws even if the company is located in a foreign jurisdiction and entirely manufactures the product outside of the United States. Second, it underscores that, in appropriate circumstances, a decision to voluntarily disclose potential misconduct to the Department of Justice can lead to a substantial benefit to the corporate entity, up to and including a declination of prosecution.
NIST Finalizes Enhanced Security Requirements
As part of its most recent publication, the National Institute of Standards and Technology (NIST) has finalized enhanced security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. The revised requirements include enhanced multifactor authentication protocols, expanded incident response capabilities, and more rigorous supply chain risk management procedures. Federal contractors handling CUI must assess their current security posture against the new baseline and implement necessary upgrades within specified transition periods.
In particular, the update adds Appendix C to summarize the enhanced security requirements, and Appendix E for organization-defined parameters listed by requirement family (e.g., access control, supply chain risk management, etc.). Particularly for federal contractors seeking certification associated with the Cybersecurity Maturity Model Certification (CMMC) program, these updates represent important new controls that may be incorporated into contracts and grants moving forward. Entities should assess their current cybersecurity controls against the updated requirements, as noncompliance may affect contract eligibility under the CMMC program.
Senate Panel Passes Bipartisan Satellite Cybersecurity Bills
On April 14, 2026, the Senate Commerce, Science, and Transportation Committee passed and advanced to the floor the Satellite Cybersecurity Act. Among other things, the Satellite Cybersecurity Act would require the Department of Commerce, in coordination with other federal agencies, to develop voluntary cybersecurity recommendations tailored to satellites. It also directs the Department of Commerce to create a publicly available online clearinghouse so companies can easily access best practices and information to secure their systems. The legislation further requires the Government Accountability Office (GAO) to examine efforts to secure commercial satellites from cyber threats, identify any duplication of effort, and assess how satellite systems integrate into critical infrastructure sectors.
Although it establishes voluntary rather than mandatory requirements, the Satellite Cybersecurity Act is likely to shape industry-wide cybersecurity expectations for manufacturers supplying commercial satellite operators. Manufacturers should anticipate that the forthcoming Commerce Department recommendations and clearinghouse resources will influence procurement specifications, contractual cybersecurity obligations, and due diligence standards across the satellite supply chain. Manufacturing entities should proactively assess their cybersecurity posture, supply-chain risk exposure, and compliance readiness in the event the proposed legislation becomes law, particularly as satellite systems are increasingly treated as critical national security assets.
Technology
Quantum Innovation Executive Order Foreshadows New Opportunities and Future Enforcement Activity
On June 22, 2026, President Trump signed Executive Order 14413, seeking to accelerate US leadership in quantum information science and technology (QIST). The order declares it the policy of the administration to ensure the United States maintains a strategic technical advantage in QIST and leads the development of a "robust and trusted quantum ecosystem" spanning research, manufacturing, commercialization, and application. Key provisions include the establishment of the Quantum Computer for Application Development and Discovery Science (QC-ADDS) Effort — a national initiative to develop a quantum computer at a scale intended to enable scientific discovery, with at least one such system to be delivered to a Department of Energy facility. The order also directs several agencies to update the National Quantum Strategy within 180 days, prioritize quantum sensing and networking projects, and strengthen domestic QIST supply chains through public-private partnerships, prize challenges, and advance market commitments.
Of particular relevance to clients operating in the national security, international trade, and cybersecurity spaces, the order contains several protective and enforcement-oriented provisions. Section 7 directs the expansion of the Quantum Information Science and Technology Counterintelligence Protection Team (QCPT), tasked with coordinating protections against adversarial threats — including cybersecurity threats — to the US quantum ecosystem. Section 9 instructs the secretaries of State and Commerce to align international engagements to prevent "countries of concern" from acquiring critical quantum-enabling technologies, including through harmonized export controls, investment restrictions, and research security policies with allied nations. The order also calls for agencies to assess the national security implications of advancing quantum computing capabilities, including the migration to post-quantum cryptography — a signal of continued regulatory attention to long-term cryptographic vulnerabilities.
Taken together, EO 14413 reflects a whole-of-government effort to position the United States as a leader in the quantum technology landscape, while simultaneously tightening the protective framework around sensitive QIST assets. Companies engaged in quantum-related research, manufacturing, or commercialization — as well as those in adjacent sectors such as semiconductor supply chains, cryptographic services, and defense contracting — should monitor the forthcoming agency implementation actions, which are subject to staggered deadlines ranging from 60 days to one year. The order's emphasis on harmonizing export controls and investment restrictions with allied nations also suggests that multinational enterprises may face an evolving compliance landscape as coordinated multilateral frameworks take shape.
Executive Order: Promoting Advanced Artificial Intelligence Innovation and Security
On June 2, 2026, President Trump signed an executive order directing federal agencies to strengthen cyber defenses, establish an AI cybersecurity clearinghouse, and develop voluntary frameworks for benchmarking and secure development of frontier AI models. The order emphasizes collaboration with industry, facilitates access to AI-enabled cybersecurity tools for agencies and critical infrastructure operators, and expressly states that nothing shall authorize mandatory licensing or pre-clearance for AI model development.
Companies that contract with the federal government should anticipate new or accelerated cybersecurity procurement standards and contract requirements flowing from the agencies' implementation actions. In particular, companies deploying AI agents or autonomous systems should implement compliance guardrails to prevent unauthorized access to information systems, which could trigger criminal liability under existing federal statutes. AI developers should also closely monitor the forthcoming classified benchmarking criteria that will define "covered frontier models."
Iranian National Pleads Guilty to Smuggling Military Technology to Iran via China
On June 5, 2026, an Iranian national pleaded guilty in the US District Court of the Western District of Washington to two counts of export to an embargoed country and two counts of smuggling goods from the United States. Between 2010 and 2014, the defendant managed a company in Xi'an, China, that procured military sonar system parts in the US for companies in Iran while fraudulently claiming goods were destined for China. He was extradited from Panama in April 2026 and faces up to 20 years in prison.
The case represents the US government's heightened enforcement priorities surrounding export control and sanctions matters. For US businesses, particularly manufacturers and distributors of defense-related or dual-use technology, the case highlights the persistent risk of involvement in illicit procurement networks. Companies should implement rigorous know-your-customer protocols, end-use verification procedures, and red-flag screening for orders routed through transshipment hubs. Further, the involvement of the Bureau of Industry and Security, Homeland Security Investigations, and the Diplomatic Security Service underscores the multiagency enforcement posture now in place. Companies that fail to implement adequate compliance safeguards risk both criminal liability and reputational harm.
Energy
Revocation of Iran-Related General License X and New Wind Down License
On July 7, 2026, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) revoked Iran-related General License (GL) X, which had previously authorized certain transactions relating to the production, delivery, and sale of Iranian-origin crude oil, petrochemical, and petroleum products until August 21, 2026. OFAC replaced GL X with Iran-related GL) X1, which requires companies to "wind down" all transactions previously authorized by GL X by 12:01 AM EDT on July 17, 2026.
As of July 7, 2026, all OFAC prohibitions regarding the production, delivery, and sale of Iranian origin crude oil, petrochemical, and petroleum products have "snapped back" into place. The wind down general license does not authorize new transactions involving Iranian origin crude oil, petrochemical, and petroleum products, such as purchases or loading of such products on or after July 7, 2026. As such, any companies engaging in any such new business will face both primary and secondary sanctions risks.
This action highlights the continued volatility of US foreign policy regarding Iran and suggests we will likely see the administration continue its "maximum pressure" campaign on Iran with additional sanctions designations and enforcement actions.
Iran-Related OFAC Enforcement Action
On May 18, 2026, OFAC published a settlement agreement with a multinational, India-based company for $275,000,000. According to the settlement agreement, on 32 occasions, the company caused US financial institutions to process payments totaling approximately $192,104,044 relating to shipments of Iranian origin liquid petroleum gas. The total penalty amount reflects OFAC's conclusion that the apparent violations were "egregious and not voluntarily self-disclosed." Further, OFAC asserted that the company failed to identify and investigate red flags indicating the shipments of liquid petroleum gas were of Iranian origin.
This settlement agreement demonstrates the United States' commitment to enforcing US economic sanctions relating to Iranian origin oil and gas even against non-US persons. Further, it underscores the importance of completing Know Your Customer / Know Your Supplier due diligence to ensure that international transactions are compliant with US sanctions. Finally, companies engaged in the petroleum and petrochemical sector should be cognizant of red flags that call into question the origin of certain products, particularly in the wake of the revocation of Iran-related General License X described above.
International Developments and Other Updates
UK Recalibrates Its National Security Screening Perimeter
The UK government is preparing a series of targeted adjustments to the National Security and Investment Act's (NSIA) mandatory notification regime that clients operating in this space should have on their radar. On March 12, 2026, the government published its formal response to a 12-week public consultation that closed in October 2025, confirming the first major changes to the regime since it came into force in January 2022.
Most notably, a water sector will be added to the list of activities requiring mandatory pre-closing notification. Semiconductors and critical minerals will become standalone mandatory sectors, reflecting their growing strategic importance. The artificial intelligence schedule will be refocused on entities that create or modify AI systems, while excluding routine business use of nonconsumer AI, licensed third-party AI systems, and certain routine modifications and testing activities. Additional clarifications are anticipated for the Critical Suppliers to Government, Data Infrastructure, Energy, and Suppliers to Emergency Services schedules.
The UK government has also indicated its intention to exempt certain internal reorganizations and insolvency-related appointments from mandatory notification, though the March 2026 consultation response did not address this point, and the timing and scope remain to be confirmed. Overall, the reforms are not expected to meaningfully reduce the number of notifications which the UK government receives. Secondary legislation and updated guidance are expected later this year. The current rules remain in force in the interim, and clients should continue to treat national security screening as a front-end gating issue in transaction planning.
Department of Defense Issues Proposed Rule to Expand FOCI Requirements Disclosure and Mitigation Requirements
On May 7, 2026, the Department of Defense published a proposed rule that would significantly expand Foreign Ownership, Control, or Influence (FOCI) disclosure and mitigation requirements beyond their traditional application to classified contracts. In accordance with Sections 847 and 819 of the FY2020 and FY2021 NDAAs, respectively, the proposed Defense Federal Acquisition Regulation Supplement (DFARS) amendment would extend FOCI obligations to unclassified prime contracts and subcontracts in excess of $5 million involving critical defense programs.
Under the proposed rule, such contractors would be required to disclose foreign ownership interests, board representation, and other indicia of foreign control or influence that could affect contract performance or pose national security risks. The rule would establish new certification requirements and potential mitigation measures for affected contracts. However, the proposed rule would generally not cover commercial services or products, unless "a designated senior DoD official makes a determination that the contract involves a risk or potential risk to national security because of sensitive data, systems, or processes."
The proposal represents a significant expansion of the FOCI framework, which has historically applied primarily to contractors seeking facility security clearances for classified work. Notably, DoD estimates that over 37,000 entities would be potentially impacted by the rule, including over 21,000 small businesses. Defense contractors and subcontractors with any foreign ownership or investment should closely monitor the rulemaking and assess their corporate structures for potential FOCI concerns. Companies may wish to submit comments during the notice-and-comment period — ending July 6, 2026 — to address implementation concerns.
FARA Violations Updates
A former US congressman was convicted on multiple counts of violating the Foreign Agents Registration Act (FARA) for failing to disclose lobbying activities conducted on behalf of the Venezuelan government. The conviction represents one of the most significant FARA prosecutions in recent years and signals continued DOJ enforcement focus on unregistered foreign agent activities.
The defendant was found to have engaged in political activities on behalf of Venezuelan government interests without registering as a foreign agent, including efforts to influence US policy and public opinion. The defendant had received a significant contract with a subsidiary of Venezuela's state-owned and state-controlled oil company to advance the interests of the Venezuelan government, and further used funding from the contract to support his state congressional campaign. The defendant faces a maximum sentence of 60 years in prison.
The case demonstrates the broad reach of FARA's disclosure requirements and the serious consequences of noncompliance. Organizations and individuals engaged in activities that could benefit foreign governments or political parties should carefully evaluate their FARA registration requirements, as DOJ has made clear that FARA enforcement is a priority, and the statute's broad definitions may capture activities not traditionally viewed as "lobbying."
Pending Removal of Syria from the State Sponsor of Terrorism List
On July 8, 2026, the US Secretary of State issued a statement reporting the Trump administration's official statement to Congress of the administration's intent to remove Syria from the State Sponsor of Terrorism (SST) List. The intended removal will be preceded by a 45-day congressional review period, beginning July 8, 2026, and expiring on or about August 22, 2026, at which time (absent congressional passage of a joint resolution blocking removal), removal of the designation will take effect. The SST List removal will result in a further relaxation of US export controls relating to Syria that will facilitate US companies' engagement in transactions involving Syria.
For More Information
Faegre Drinker's national security team will continue to monitor additional regulatory and legislative developments in the coming months.