15th Forum on
GLOBAL ENCRYPTION, AI, CLOUD & CYBER EXPORT CONTROLS
March 26 – 27, 2025 | Omni San Francisco Hotel, San Francisco, CA
In-Person and Livestream Options Available
The country’s only comprehensive, practical conference on multi-jurisdictional compliance.
New Topics for 2025 Include:
Wassenaar Minus One: Harmonizing Plurilateral and Unilateral Encryption, Cloud and Cyber Rules
Uncharted Territory: Embedding EAR Compliance Across Your AI Computing and Development Infrastructure
Global Regulatory Updates: EU, China, India, Japan and Israel
The Impact of “Know Your Customer” Rules for IaaS and AI: Re-Positioning your Compliance Program to Meet Enhanced Reporting Requirements
Manufacturer and User Perspectives: Ensuring Compliance Across Your Semiconductor and Advanced Computing Supply Chain
Government Updates from:
Julia Khersonsky
Deputy Assistant Secy for Strategic Trade Bureau of Industry and Security U.S. Department of Commerce
Stéphane Chardon Head of Sector, Strategic Export Controls EU Commission
Best of its kind - focusing on a niche but critical area of export controls. Associate General Counsel, McKinsey
DISTINGUISHED FACULTY
CONFERENCE CO-CHAIRS
Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat
Roszel C. Thomsen II Partner Thomsen and Burke LLP
GOVERNMENT FACULTY
Julia Khersonsky Deputy Assistant Secretary for Strategic Trade Bureau of Industry and Security, Department of Commerce
Stéphane Chardon Head of Sector, Strategic Export Controls EU Commission
SPEAKER FACULTY
Bob Bowen Export and Trade Compliance Counsel ServiceNow
Mark Bromley Director of the Dual-Use and Arms Trade Control Programme Stockholm International Peace Research Institute (SIPRI) (Sweden)
Chelsea Clapp Associate General Counsel, Global Trade Compliance Meta
Sven DeKnop Partner Sidley Austin LLP (Belgium)
Brian Egan Partner
Skadden Arps Slate Meagher & Flom LLP
Daniel Fisher-Owens Partner Berliner, Corcoran & Rowe LLP
Matthew Fogarty Senior Counsel, Trade & Human Rights General Motors
Orisia Gammell Chief Legal Counsel & Head of Export Control Innovation SAP
Daniel Gerkin Partner Kirkland & Ellis LLP
Michael Gershberg Partner Fried, Frank, Harris, Shriver & Jacobson LLP
David Glynn Of Counsel Holland & Hart
Lloyd Grove Managing Counsel, Sanctions and Compliance Lucid Motors
Karla Haynes VP & Deputy General Counsel for Global Trade Compliance Cisco
Rohit Jain Partner Economic Laws Practice (India)
Garisma Kadakia Associate General Counsel, Global Trade NVIDIA
Joseph Kim Vice President of Compliance Altera
Ajay Kuntamukkala Partner Hogan Lovells
Anna Landau Partner
Herzog Fox & Neeman (Israel)
Josephine Aiello LeBeau Partner
Wilson Sonsini Goodrich and Rosati
Winnie Luk Director, Global Export Classification Oracle
Kenneth Niven Associate General Counsel Juniper Networks
Kristine Pirnia Partner Sandler, Travis & Rosenberg, P.A.
Dr. Venu Ranganathan Director, Export Compliance Microsoft
Soo-Mi Rhee Partner Arnold & Porter LLP
Jason Rhoades Director of Global Sanctions Intel
Karen Robertson Head of Trade Compliance Archer
Lawerence Ward Partner Dorsey & Whitney LLP
Wendy Wysong Partner
Steptoe & Johnson PLLC (Hong Kong)
Noriko Yodogawa Partner
Nishimura & Asahi (Japan)
* Due to the hands-on nature of the workshops, they will only be available for in-person attendance.
PRE-CONFERENCE WORKSHOPS
Tuesday, March 25, 2025
9:00 am–12:30 pm (Registration opens at 8:30 am)
Updating Your U.S. Encryption Compliance Infrastructure – The Key and Newest Essentials for Classification, Licensing, and Compliance
If you are new to encryption controls or looking for an in-depth refresher, this interactive working group will provide you with a comprehensive step-by-step review of U.S. encryption controls and the essential components of an effective compliance program for your organization. Led by encryption compliance experts, you’ll be able to ask questions, take part in meaningful discussions, and walk away with speaker-prepared materials for your work after the conference.
Topics will include:
• A review of encryption classification rules under the EAR and ITAR
• Partnering with product development teams to map out your classification and licensing strategy
• An updated roadmap to classification amid a rapidly evolving technological and legal landscape
• A deep dive into mass market encryption rules and controls around software and technology
• EAR licensing requirements and exceptions, and reporting requirements
• Managing export license conditions and scoping limitations on encryption products
• How the latest advanced computing and cybersecurity export controls intersect with encryption controls
• BIS requirements and expectations for export compliance
Fried,
1:30–5:00 pm (Registration opens at 1:00 pm)
A BOperationalizing Global Export Compliance in the Cloud – A Practical Roadmap to Implementing Controls, End-Use Monitoring, Data Collection and Reporting User Data
This workshop offers you a deep dive into the ins and out of applying complex export controls in the cloud. Benefit from an in-depth discussion on how to tailor your program to the cloud context and critical lessons for preventing compliance missteps.
Benefit from speaker-prepared reference materials for your work after the conference and come prepared with your questions!
Topics include:
• Multi-jurisdictional compliance with global cloud computing rules – an up-to-the-minute survey of rules, policies, and standards in the U.S., EU, and other key jurisdictions
• How these rules interact with your organization’s export compliance program
• Where export controls and your IT infrastructure intersect
• Managing cloud access control for third parties, affiliates, vendors, and customers
• Identifying and mitigating weaknesses in your existing control plan through cloud computing risk assessments
Kenneth Niven Associate General Counsel Juniper Networks
Michael Gershberg Partner
Frank, Harris, Shriver & Jacobson LLP
Winnie Luk Director, Global Export Classification Oracle
Daniel Fisher-Owens Partner Berliner, Corcoran & Rowe LLP
Wednesday, March 26, 2025
8:45 Opening Remarks from the Co-Chairs
Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat
Roszel C. Thomsen II Partner Thomsen & Burke LLP
9:00 Wassenaar Minus One: Harmonizing Plurilateral and Unilateral Encryption, Cloud and Cyber Rules
• Key updates and their anticipated impact
• Global survey of emerging export control regimes in a “Wassenaar Minus One” world for encryption, cloud, and cyber products and services
• Harmonizing EU and US controls for encryption, cloud, and cyber products and services within global organizations
Stéphane Chardon Head of Sector, Strategic Export Controls EU Commission
Sven DeKnop Partner
Sidley Austin LLP (Belgium)
Julia Khersonsky Deputy Assistant Secretary for Strategic Trade Bureau of Industry and Security, U.S. Department of Commerce
9:45 The Known and Unknown Impacts of IaaS, Cloud and AI KYC Rules: Repositioning Your Program in Anticipation of New, Emerging Business and Compliance Challenges
• How leading IaaS firms and more exporters are tackling key compliance grey areas
• Deployment strategies for infrastructure and evolving best practices for data collection, screening and reporting
• Managing compliance for remote access and end-use management
• How CIP programs could impact your larger organization and ways to adapt
Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat
Brian Egan Partner
Skadden, Arps, Slate, Meagher & Flom LLP
10:45 Extended Networking Break
11:15 Interview: Special Update on Export Controls for Encryption
Stay tuned for an exciting announcement!
Media Partner:
11:45 Uncharted Territory: Embedding EAR Compliance Across Your AI Computing and Development Infrastructure
• Examining the potential impacts of proposed reporting rules for AI developers in the NPRM from BIS
• Uncharted territory: Concrete examples of applying EAR requirements in the AI context and managing the interplay of deemed export risks and data security
• Perspectives shared by AI developers and users, and new lessons learned
• Upgrading your export compliance framework to work with AI vendors
• The lesser-known pitfalls to avoid and what questions are commonly overlooked
• Working with global AI development teams
• Compliance with U.S. and International “catch-all” controls for AI (for example, ECCN 4A004)
• Approaching ITAR compliance in the AI context
• Insight into the updated Validated End-User Program
12:45 Networking Luncheon
2:00
The Aftermath of an FDPR-Related Enforcement Action
• Discuss the risks associated with FDPR non-compliance, the real-world impacts, and how to mitigate your organization’s risk
• Analysis of the largest standalone administrative penalty in BIS history and its deterrent effect on other companies
• Overview of the steps taken to address the violations and ensure future compliance
• Discussion of what steps other organizations can take today to avoid a similar outcome
Joseph Kim Vice President of Compliance Altera
Soo-Mi Rhee
Partner
Arnold & Porter LLP
Chelsea Clapp
Associate General Counsel, Global Trade Compliance Meta
David Glynn Of Counsel
Holland & Hart
Lawerence Ward
Partner
Dorsey & Whitney LLP
2:45 The New Compliance Risks and Realities in China: A Closer Look at the Intricacies of the Data Security, Encryption, Cloud and Cyber Landscapes
• Understanding China’s evolving export controls regime for encryption, cloud and cyber products and services
• Criteria inclusions for securing applicable certifications, qualifications and licenses
• Practical takeaways for avoiding penalties
• The impacts of the Department of Commerce’s order to TSMC to halt shipments of advanced semiconductor chips to China
Wendy Wysong
Partner
Steptoe & Johnson PLLC (Hong Kong)
With conferences in the United States, Canada, Latin America and Europe, the C5 Group of Companies: American Conference Institute, Canadian Institute, and C5 Group, provides a diverse portfolio of conferences, events and roundtables devoted to providing business intelligence to senior decision makers responding to challenges around the world.
Don’t miss the opportunity to maximize participation or showcase your organization’s services and talent. For more information please contact us at: SponsorInfo@AmericanConference.com
• The finer points of de minimis calculations for encryption, cloud and cyber products and services
• Common misconceptions around licensing requirements and when the FDPR rules are triggered
• Challenges and solutions for non-U.S. technology firms that use U.S. technology to produce software, encryption, semiconductors, and other advanced technologies 4:45
• Understanding the enforcement and rule-making priorities of the Directorate of Foreign Trade and the Department of Defense Production.
• A Review of amendments to the SCOMET list effective October 2nd, 2024
• An update on bulk license schemes under General Authorization for Information Security (GAIS) Items and General Authorization for Telecommunications (GAET) items and the impact to global supply chains
• Managing the interplay of U.S. and Indian requirements-and how to tailor your program to the realities of cross-border compliance 5:30
EARN
CLE CREDITS
Accreditation will be sought in those jurisdictions requested by the registrants which have continuing education requirements. This course is identified as nontransitional for the purposes of CLE accreditation.
ACI certifies this activity has been approved for CLE credit by the New York State Continuing Legal Education Board.
Ajay Kuntamukkala
Partner
Hogan Lovells
Bob Bowen Export and Trade Compliance Counsel
Rohit Jain
Economic Laws Practice (India)
ACI certifies this activity has been approved for CLE credit by the State Bar of California.
ACI has a dedicated team which processes requests for state approval. Please note that event accreditation varies by state and ACI will make every effort to process your request.
For more information on ACI’s CLE process, visit: www.AmericanConference.com/Accreditation/CLE
The C5 Group, comprising American Conference Institute, the Canadian Institute and C5 in Europe, is a leading global events and business intelligence company.
For over 40 years, C5 Group has provided the opportunities that bring together business leaders, professionals and international experts from around the world to learn, meet, network and make the contacts that create the opportunities. Our conferences and related products connect the power of people with the power of information, a powerful combination for business growth and success.
DAY TWO
Thursday, March 27, 2025
8:45 Opening Remarks from the Co-Chairs
Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat
Roszel C. Thomsen II Partner Thomsen & Burke LLP
8:50 Fireside Chat: Data Infrastructure as a National Security Priority: 2025–2030
Stay tuned for an exciting announcement!
9:20 Manufacturer and User Perspectives on Ensuring Compliance Throughout Your Semiconductor and Advanced Computing Supply Chain
• Existing, new and forthcoming export controls that impact your semiconductor and advanced chip supply chain for AI and other advanced technology applications
• The expansion of BIS VEU to include AI data centers, the implications for semiconductor manufacturers and their customers
• How the BIS October 2023 rules continue to impact the global advanced computing supply chain
• Challenges and practical guidance for classification and licensing
Karla Haynes VP & Deputy General Counsel for Global Trade Compliance Cisco
Dr. Venu Ranganathan Director, Export Compliance Microsoft
10:20 Extended Networking Break
10:45 Preventing Human Rights Abuses via Digital Means: Implementing the EU “Catch-All” Control for Non-listed Cyber Surveillance Tools
• Gain clarity on the new guidelines for implementing Article 5 of Regulation (EU) 2021/821 and the new “catch-all” control for non-listed cyber-surveillance tools
• Which cyber-surveillance tools are captured by Regulation (EU) 2021/821and which additional tools and components potentially fall under the catch-all control
• Explore best practices for exporters to ensure compliance and avoid potential pitfalls
• The cyber-surveillance items and components likely to fall under the catch-all control
• Learn when to alert the licensing authority about a potential export of cyber-surveillance tools
• Get an update on U.S. controls for cyber-surveillance tools and license exceptions
Mark Bromley Director of the Dual-Use and Arms Trade Control Programme Stockholm International Peace Research Institute (SIPRI) (Sweden)
Roszel C. Thomsen II Partner Thomsen & Burke LLP
HYPOTHETICAL SCENARIOS
11:30
The Most Vexing Encryption, AI, Cloud & Cyber Compliance Dilemmas
Through a series of complex, real-world scenarios, the speakers will impart proven best practices for flagging potential issues, mitigating risk and strengthening compliance.
Key topics will include:
• Best practices for conducting internal investigations when a violation is detected
• Keeping up with the dynamic export controls landscape for advanced technologies
• Managing end-use and remote access for cloud services
• Staying compliant with military end-use monitoring rules
• Practical guidance for detecting an actual or suspected issue before it’s too late
12:30 Networking Luncheon
• Discussing the interplay between data and technology export controls and sanctions
• Best practices for establishing complementary sanctions compliance and export controls for data and technology infrastructure
• Strategies for product classification and supply chain risk analysis
• Practical insights to design an effective third-party due diligence program to protect your company from sanctions and export control risk
• The final rule under the EAR imposing new export controls on certain individuals and entities identified on the U.S. Department of the OFAC’s SDN List
Orisia Gammell Chief Legal Counsel & Head of Export Control Innovation SAP
Josephine Aiello LeBeau Partner
Wilson Sonsini Goodrich and Rosati
• A survey of trends in export controls for encryption, cloud, and cyber products and services in Israel
• An update on the latest moves and rulemaking by DECA
• Practical guidance for navigating the export controls landscape to ensure compliance and data security
Garisma Kadakia Associate General Counsel, Global Trade NVIDIA
Jason Rhoades Director of Global Sanctions Intel
Kristine Pirnia Partner
Sandler, Travis & Rosenberg, P.A.
Anna Landau Partner Herzog Fox & Neeman (Israel)
3:00 Japan: New Rules Around End-Use Monitoring, Advanced Tech Transfers and Public/Private Collaboration
• Overview of Japanese export controls for encryption, cloud, and cyber products and services, with insights on METI regulatory and enforcement priorities
• Japan’s new advanced technology transfer regulations and the potential impacts on global technology supply chains
• Japan’s new end-use monitoring rules
Noriko Yodogawa Partner Nishimura & Asahi (Japan)
Karen Robertson Head of Trade Compliance Archer
3:45
• The anticipated impact of the BIS’ NPRM implementing EO 13873 on the connected vehicle supply chain
• Rationale, key definitions, and overview of prohibitions, and timing
• Overview of penalties for non-compliance
• The lengths and limits of general and specific authorizations, and exemptions for the next few years
• Upgrading your compliance program within the connected vehicle supply chain 5:00
Matthew Fogarty Senior Counsel, Trade & Human Rights General Motors
Daniel Gerkin Partner Kirkland & Ellis
Lloyd Grove Managing Counsel, Sanctions and Compliance Lucid Motors
Please note that the guest room block cut-off date is March 4,
Book with confidence!
you will have the following options:
y A full credit note for you, or a colleague to attend another event.
y A full refund.
All cancellations and changes must be submitted to CustomerService@AmericanConference.com by March 13, 2025.
