Agenda
Download Brochure
Flip through our 2024 conference brochure and discover what’s new this year.
- Jump to:
- At a Glance
- Day 1
- Day 2
- Add-Ons
- Print-friendly Format
Pre-Conference Workshops
Workshop A — Updating Your U.S. Encryption Compliance Roadmap: Classification, Licensing, Reporting, and a Primer on October 2023 Semiconductor Rule
May 14, 2024 9:00am – 12:30 PM
Speakers
Melissa Duffy
Partner
Fenwick & West
Andrea Popa
Senior Director, Global Trade Compliance
NetApp
Inna Sanamyan
Financial Regulatory Counsel
Bloomberg LP
Per Sundstrom
Head of Trade Compliance Technology
Ericsson (Sweden)
Workshop B — Operationalizing Clouds as Data Infrastructure Amid Complex Export Controls: Navigating Complex Data Outsourcing Needs, Creating Strategic Service Contracting Relationships
May 14, 2024 1:30pm – 05:00 PM
Speakers
Zvomir Bandic
Vice President, CPU R&D
Cadence Design Systems
Christopher Timura
Partner
Gibson Dunn & Crutcher LLP
Day 1 - Wednesday, May 15, 2024
Day 2 - Thursday, May 16, 2024
Day 1 - Wednesday, May 15, 2024
7:30 |
Registration and Continental Breakfast |
8:45 |
Co-Chairs’ Opening RemarksMichelle Aragon Roszel C. Thomsen II |
9:00 |
FIRESIDE CHATThe Bulk Sensitive Data EO and the Global Encryption, Cloud and Cyber Controls NexusLee Licata |
9:45 |
The Future of U.S. Cloud Computing, AI and its Potential China Intersection: The AI EO and Potential Ways Forward for Managing U.S. Technology Security Export RisksJacob Feldgoise Alan Martin Hayes Lillian Norwood
|
10:45 |
Extended Networking Break |
11:15 |
CASE STUDYA Behind the Scenes Look at Implementing the Advanced Semiconductor Rule and Strengthening ComplianceBob Bowen Melissa Duffy
|
11:45 |
HYPOTHETCIAL SCENARIOSPutting Your Encryption Compliance Roadmap into Practice: How to Resolve the Most Complex Advanced Semiconductor Classification and October 2023 Rule ChallengesHector Rivera Brian Falbo
|
12:45 |
Networking Luncheon |
2:00 |
The Multi-Jurisdictional AI and Cloud Computing Controls Landscape: Contrasting EU, Canadian, and German Cloud Computing Regulatory Efforts and the Key Differences with U.S. RequirementsJohn W. Boscariol Lothar Determann Stephan Mueller
|
3:00 |
Networking Break |
3:15 |
Managing the Real-Life Business Impacts of the October 2023 U.S. Advanced Computing and Semiconductor Rule: Practical Insights on Encryption Compliance the Supply Chain Path AheadWinnie Luk Ajay Kuntamukkala What are the short and long-term computing supply chain impacts of BIS’ latest October 2023 rule covering semiconductors and supercomputing technology? How do the 2023 updates raise the compliance bar? How do they impact encryption compliance? As with any complex and novel export control rule involving innovative technologies and supply chains, many anticipate that the new rules will likely have unintended consequences. Might the controls backfire without buy-in from foreign partners and allies? This panel of experts will address the future of the U.S. microelectronics sector and supply chain amid unprecedented regulatory change. |
4:00 |
Compliance Due Diligence: Updating Your Program in Accordance with Your Organization’s Risk ProfileMichael Miller Matt Silverman Joseph Stone
|
5:00 |
Close of Day One |
Day 2 - Thursday, May 16, 2024
8:45 |
Co-Chairs’ Opening RemarksMichelle Aragon Roszel C. Thomsen II |
9:00 |
Implementation of the Latest Wassenaar Arrangement Decisions: Global Efforts in Streamlining the Information Security Control ListDr. Torbjörn Gustavsson
|
9:45 |
Cloud Computing, End-Use Controls and Technology Transfers: Navigating the Grey Areas of 734.20/734.18 Exemptions and BeyondTansie Taylor Iwafuchi Thoth V. Weeda The definition of “export” in the EAR and ITAR both include the concept of releasing technical data or technology to a foreign person in the U.S. as part of the definition of a “deemed export”, or the transfer of ownership or control of a technology to a foreign person. Interesting changes are proposed – §734.18 and 734.20 – to the EAR, and – §120.52 – to the ITAR, which would deal with transfers of technology and use of encryption. What’s behind these rules, what are the limitations, and how is industry is managing these exceptions? |
10:45 |
Networking Break |
11:00 |
Unlocking EAR Treatment of Software Releases and Access Information Transfers: Navigating 734.15 / 734.19 and the Encryption NexusBob Bowen Michelle Aragon In September 2023, the BIS amended EAR provisions on the release of software and access information related to software. These amendments have changed the EAR landscape related to the concept of release as that term applies to software and related access information. This panel will examine these changes and the impact that they have on software-related activities subject to the EAR. |
12:00 |
Networking Luncheon |
1:15 |
Quantum Safe Cryptography — Protecting Data in the Era of Quantum ComputingJai Singh Arun Yvonne Brye-Vela With quantum computers advancing rapidly, traditional security protocols face a significant threat as they can be easily compromised. In this session, we will explore the importance of quantum-safe cryptography to safeguard sensitive data in the age of quantum computing. |
2:15 |
The Commercial Spyware EO and Finding the Right Balance Between Offensive and Defensive Cyber Security PolicyDavid Kovar Roszel C. Thomsen II An offensive security strategy aims to preemptively identify and mitigate gaps and weaknesses within an organization’s digital infrastructure. Defensive cybersecurity involves a systematic and comprehensive approach to identifying vulnerabilities and weaknesses before they can be exploited. With the Commercial Spyware EO in place, is the EO too defensive/restrictive, creating negative economic implications? How can the U.S. find the right defensive/offensive cyber-stance? |
3:15 |
Around the World in Encryption: The Latest Developments Coming Out of the EU, Russia, China, Japan and IsraelPart One: China and JapanYan Luo Part Two: EU and RussiaBrian J. Egan Part Three: IsraelDoron Hindin Part One: China and Japan
Part Two: EU and Russia
Part Three: Israel
|
3:30 |
Networking Break |
4:45 |
AUDIENCE POLLINGClosing Roundtable Discussion: The Next Phase of Encryption, Cloud and Cyber Export Compliance for 2024 and BeyondThis interactive, brainstorming session will take stock of the greatest compliance risks, emerging issues, and global regulatory dynamics that will impact compliance programs in the short, medium and long term. |
5:00 |
Close of Conference |
Workshop A — Updating Your U.S. Encryption Compliance Roadmap: Classification, Licensing, Reporting, and a Primer on October 2023 Semiconductor Rule
Melissa Duffy
Partner
Fenwick & West
Andrea Popa
Senior Director, Global Trade Compliance
NetApp
Inna Sanamyan
Financial Regulatory Counsel
Bloomberg LP
Per Sundstrom
Head of Trade Compliance Technology
Ericsson (Sweden)
What is it about?
This session is designed both for attendees new to encryption controls and for those who would like an in-depth refresher before the more advanced discussions of the main program. Take part in this practical and interactive working group as experts discuss the current state of U.S. encryption controls—with a focus on building and maintaining strong protocols to ensure compliance.
In addition to ample time for questions and discussion, benefit from speaker-prepared reference materials for your work after the conference. Topics will include:
- Proactive coordination with product development teams
- Who to contact and where to look toward mapping out your classification and licensing strategy
- Timing and planning of product classification reviews
- Utilizing early product analysis and evaluating intended use
- Overview of encryption classification rules under the EAR and ITAR
- Managing deemed exports and controls around software and technology
- Encryption reporting and export licensing requirements: EAR licensing requirements and exceptions, managing export license conditions and scoping limitations on encryption products
- Overview of October 2023 advanced computing export controls and intersection with encryption controls
Workshop B — Operationalizing Clouds as Data Infrastructure Amid Complex Export Controls: Navigating Complex Data Outsourcing Needs, Creating Strategic Service Contracting Relationships
Zvomir Bandic
Vice President, CPU R&D
Cadence Design Systems
Christopher Timura
Partner
Gibson Dunn & Crutcher LLP
What is it about?
Cloud service providers can help IT leaders set up for success – for instance, improving deployment speed and ensuring future flexibility. But how should IT and Compliance work together to prepare data to be outsourced? Where do export controls and IT intersect? This workshop will examine best practices from a variety of industry perspectives.
- Materiality assessments prior to any outsourcing decision (which activities should be considered as material, and in what areas)
- Security of data and systems: Obligations for the provider to protect the confidentiality of the outsourced information and key checks to be performed by the institution prior to outsourcing that should be then included in outsourcing agreements with third parties
- Encrypting data prior to sending it to the cloud and requiring the cloud vendor to use encryption technology
- Location of data and data transfers between controllers and processors
- Retaining visibility of any date subcontracting arrangements
- Supply chain outsourcing: Ensuring that service levels and oversight are not affected
- Negotiating robust contractual provisions, including access and audit rights in outsourcing agreements
- Contingency plans: Exiting cloud outsourcing without affecting export-controlled data