15th Forum on Global Encryption, AI, Cloud & Cyber Export Controls - WEB

15th Forum on

GLOBAL

March 26 – 27, 2025 | Omni San Francisco Hotel, San Francisco, CA

In-Person and Livestream Options Available

The country’s only comprehensive, practical conference on multi-jurisdictional compliance.

Associate Sponsor

New Topics for 2025 Include:

“ Wassenaar Minus One: Harmonizing Plurilateral and Unilateral Encryption, Cloud and Cyber Rules

“ Uncharted Territory: Embedding EAR Compliance Across Your AI Computing and Development Infrastructure

“ Global Regulatory Updates: EU, China, India, Japan and Israel

“ The Impact of “Know Your Customer” Rules for IaaS and AI: Re-Positioning your Compliance Program to Meet Enhanced Reporting Requirements

“ Manufacturer and User Perspectives: Ensuring Compliance Across Your Semiconductor and Advanced Computing Supply Chain

Government Updates from:

Julia Khersonsky

Deputy Assistant Secy for Strategic Trade Bureau of Industry and Security U.S. Department of Commerce

Stéphane Chardon Head of Sector, Strategic Export Controls EU Commission

Best of its kind - focusing on a niche but critical area of export controls. Associate General Counsel, McKinsey

DISTINGUISHED FACULTY

CONFERENCE CO-CHAIRS

Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat

Roszel C. Thomsen II Partner Thomsen and Burke LLP

GOVERNMENT FACULTY

Julia Khersonsky

Deputy Assistant Secretary for Strategic Trade Bureau of Industry and Security, Department of Commerce

Stéphane Chardon Head of Sector, Strategic Export Controls EU Commission

John D. Sonderman

Director, Officer of Export Enforcement, Bureau of Industry & Security U.S. Department of Commerce

Evan Broderick

Senior Advisor for ICTS, Bureau of Industry & Security U.S. Department of Commerce

SPEAKER FACULTY

Bob Bowen Export and Trade Compliance Counsel ServiceNow

Mark Bromley

Director of the Dual-Use and Arms Trade Control Programme Stockholm International Peace Research Institute (SIPRI (Sweden)

Jason Burgoyne Counsel White & Case LLP

Chelsea Clapp

Associate General Counsel, Global Trade Compliance Meta

Robert R. Cleary, Jr. General CounseL OmniVision

Sven DeKnop Partner

Sidley Austin LLP (Belgium)

Brian Egan Partner

Skadden Arps Slate Meagher & Flom LLP

Daniel Fisher-Owens Partner

Berliner, Corcoran & Rowe LLP

Orisia Gammell Chief Legal Counsel & Head of Export Control Innovation SAP

Daniel Gerkin Partner Kirkland & Ellis LLP

Michael Gershberg Partner Fried, Frank, Harris, Shriver & Jacobson LLP

David Glynn Of Counsel Holland & Hart

Lloyd Grove Managing Counsel, Sanctions and Compliance Lucid Motors

Karla Haynes VP & Deputy General Counsel for Global Trade Compliance Cisco

Rohit Jain Partner Economic Laws Practice (India)

Garisma Kadakia Associate General Counsel, Global Trade NVIDIA

Joseph Kim Vice President of Compliance Altera

Ajay Kuntamukkala Partner Hogan Lovells

Anna Landau Partner Herzog Fox & Neeman (Israel)

Josephine Aiello LeBeau Partner

Wilson Sonsini Goodrich and Rosati

Winnie Luk Director, Global Export Classification Oracle

Kenneth Niven Associate General Counsel Juniper Networks

Kristine Pirnia Partner Kelley Drye & Warren LLP

Dr. Venu Ranganathan Director, Export Compliance Microsoft

Soo-Mi Rhee Partner Arnold & Porter LLP

Jason Rhoades Director of Global Sanctions Intel

Karen Robertson Head of Trade Compliance Archer

Lawerence Ward Partner Dorsey & Whitney LLP

Wendy Wysong Partner Steptoe (Hong Kong)

Noriko Yodogawa Partner Nishimura & Asahi (Japan)

* Due to the hands-on nature of the workshops, they will only be available for in-person attendance.

PRE-CONFERENCE WORKSHOPS

Tuesday, March 25, 2025

9:00 am–12:30 pm (Registration opens at 8:30 am)

Updating Your U.S. Encryption Compliance Infrastructure – The Key and Newest Essentials for Classification, Licensing, and Compliance

If you are new to encryption controls or looking for an in-depth refresher, this interactive working group will provide you with a comprehensive step-by-step review of U.S. encryption controls and the essential components of an effective compliance program for your organization. Led by encryption compliance experts, you’ll be able to ask questions, take part in meaningful discussions, and walk away with speaker-prepared materials for your work after the conference.

Topics will include:

• A review of encryption classification rules under the EAR and ITAR

• Partnering with product development teams to map out your classification and licensing strategy

• An updated roadmap to classification amid a rapidly evolving technological and legal landscape

• A deep dive into mass market encryption rules and controls around software and technology

• EAR licensing requirements and exceptions, and reporting requirements

• Managing export license conditions and scoping limitations on encryption products

• How the latest advanced computing and cybersecurity export controls intersect with encryption controls

• BIS requirements and expectations for export compliance

Fried,

1:30–5:00 pm (Registration opens at 1:00 pm)

A BOperationalizing Global Export Compliance in the Cloud – A Practical Roadmap to Implementing Controls, End-Use Monitoring, Data Collection and Reporting User Data

This workshop offers you a deep dive into the ins and out of applying complex export controls in the cloud. Benefit from an in-depth discussion on how to tailor your program to the cloud context and critical lessons for preventing compliance missteps.

Benefit from speaker-prepared reference materials for your work after the conference and come prepared with your questions!

Topics include:

• Multi-jurisdictional compliance with global cloud computing rules – an up-to-the-minute survey of rules, policies, and standards in the U.S., EU, and other key jurisdictions

• How these rules interact with your organization’s export compliance program

• Where export controls and your IT infrastructure intersect

• Managing cloud access control for third parties, affiliates, vendors, and customers

• Identifying and mitigating weaknesses in your existing control plan through cloud computing risk assessments

8:45 Opening Remarks from the Co-Chairs

Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat

Roszel C. Thomsen II Partner Thomsen & Burke LLP

9:00 Wassenaar Minus One: Harmonizing Plurilateral and Unilateral Encryption, Cloud and Cyber Rules

• Key updates and their anticipated impact

• Global survey of emerging export control regimes in a “Wassenaar Minus One” world for encryption, cloud, and cyber products and services

• Harmonizing EU and US controls for encryption, cloud, and cyber products and services within global organizations

Stéphane Chardon Head of Sector, Strategic Export Controls EU Commission

Sven DeKnop Partner

Sidley Austin LLP (Belgium)

Julia Khersonsky Deputy Assistant Secretary for Strategic Trade Bureau of Industry and Security, U.S. Department of Commerce

9:45 The Known and Unknown Impacts of IaaS, Cloud and AI KYC Rules: Repositioning Your Program in Anticipation of New, Emerging Business and Compliance Challenges

• How leading IaaS firms and more exporters are tackling key compliance grey areas

• Deployment strategies for infrastructure and evolving best practices for data collection, screening and reporting

• Managing compliance for remote access and end-use management

• How CIP programs could impact your larger organization and ways to adapt

Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat

Brian Egan Partner

Skadden, Arps, Slate, Meagher & Flom LLP

10:45 Extended Networking Break

11:15 Interview: Export Enforcement Priorities for Encryption, AI, Cloud & Cyber Products and Services

John D. Sonderman Director, Officer of Export Enforcement, Bureau of Industry & Security U.S. Department of Commerce

Media Partner:

11:45 Uncharted Territory: Embedding EAR Compliance Across Your AI Computing and Development Infrastructure

• Examining the potential impacts of proposed reporting rules for AI developers in the NPRM from BIS

• Uncharted territory: Concrete examples of applying EAR requirements in the AI context and managing the interplay of deemed export risks and data security

• Perspectives shared by AI developers and users, and new lessons learned

• Upgrading your export compliance framework to work with AI vendors

• The lesser-known pitfalls to avoid and what questions are commonly overlooked

• Working with global AI development teams

• Compliance with U.S. and International “catch-all” controls for AI (for example, ECCN 4A004)

• Approaching ITAR compliance in the AI context

• Insight into the updated Validated End-User Program

12:45 Networking Luncheon

2:00

The Aftermath of an FDPR-Related Enforcement Action

• Discuss the risks associated with FDPR non-compliance, the real-world impacts, and how to mitigate your organization’s risk

• Analysis of the largest standalone administrative penalty in BIS history and its deterrent effect on other companies

• Overview of the steps taken to address the violations and ensure future compliance

• Discussion of what steps other organizations can take today to avoid a similar outcome

Joseph Kim Vice President of Compliance Altera

Soo-Mi Rhee

Partner

Arnold & Porter LLP

Chelsea Clapp

Associate General Counsel, Global Trade Compliance Meta

David Glynn Of Counsel

Holland & Hart

Lawerence Ward

Partner

Dorsey & Whitney LLP

2:45 The New Compliance Risks and Realities in China: A Closer Look at the Intricacies of the Data Security, Encryption, Cloud and Cyber Landscapes

• Understanding China’s evolving export controls regime for encryption, cloud and cyber products and services

• Criteria inclusions for securing applicable certifications, qualifications and licenses

• Practical takeaways for avoiding penalties

• The impacts of the Department of Commerce’s order to TSMC to halt shipments of advanced semiconductor chips to China

Wendy Wysong Partner

Steptoe & Johnson PLLC (Hong Kong)

Robert R. Cleary, Jr. General Counsel

OmniVision With conferences in the United States, Canada, Latin America and Europe, the C5 Group of Companies: American Conference Institute, Canadian Institute, and C5 Group, provides a diverse portfolio of conferences, events and roundtables devoted to providing business intelligence to senior decision makers responding to challenges around the world.

• The finer points of de minimis calculations for encryption, cloud and cyber products and services

• Common misconceptions around licensing requirements and when the FDPR rules are triggered

• Challenges and solutions for non-U.S. technology firms that use U.S. technology to produce software, encryption, semiconductors, and other advanced technologies 4:45

• Understanding the enforcement and rule-making priorities of the Directorate of Foreign Trade and the Department of Defense Production.

• A Review of amendments to the SCOMET list effective October 2nd, 2024

• An update on bulk license schemes under General Authorization for Information Security (GAIS) Items and General Authorization for Telecommunications (GAET) items and the impact to global supply chains

• Managing the interplay of U.S. and Indian requirements-and how to tailor your program to the realities of cross-border compliance 5:30

Dr. Venu Ranganathan Director, Export Compliance Microsoft

Ajay Kuntamukkala Partner Hogan Lovells

Bob Bowen Export and Trade Compliance Counsel ServiceNow

Rohit Jain Partner Economic Laws Practice (India)

EARN CLE CREDITS

Accreditation will be sought in those jurisdictions requested by the registrants which have continuing education requirements. This course is identified as nontransitional for the purposes of CLE accreditation.

ACI certifies this activity has been approved for CLE credit by the New York State Continuing Legal Education Board.

ACI certifies this activity has been approved for CLE credit by the State Bar of California.

ACI has a dedicated team which processes requests for state approval. Please note that event accreditation varies by state and ACI will make every effort to process your request.

For more information on ACI’s CLE process, visit: www.AmericanConference.com/Accreditation/CLE

The C5 Group, comprising American Conference Institute, the Canadian Institute and C5 in Europe, is a leading global events and business intelligence company.

For over 40 years, C5 Group has provided the opportunities that bring together business leaders, professionals and international experts from around the world to learn, meet, network and make the contacts that create the opportunities. Our conferences and related products connect the power of people with the power of information, a powerful combination for business growth and success.

DAY TWO

Thursday, March 27, 2025

8:45 Opening Remarks from the Co-Chairs

Amy Ross Director, Export Compliance, Subsidiary Governance, and Compliance Operations Red Hat

Roszel C. Thomsen II Partner Thomsen & Burke LLP

8:50 Fireside Chat: ICTS Infrastructure as a National Security Priority: 2025–2030

Evan Broderick

Senior Advisor for ICTS, Bureau of Industry & Security U.S. Department of Commerce

9:20 Ensuring Compliance Throughout Your Semiconductor and Advanced Computing Supply Chain

• Get an update on where things stand in a dynamic regulatory space: existing, new and forthcoming export controls that impact your semiconductor and advanced chip supply chain for AI and other advanced technology applications

• The expansion of BIS VEU to include AI data centers, the implications for semiconductor manufacturers and their customers

• The AI Diffusion Framework – What problem was it trying to address?

• How will the BIS October 2023 rules continue to impact the global advanced computing supply chain

• Challenges and practical guidance for classification and licensing

• Strategies for companies to ingest new rules and making impact assessments of the rules

• How to think about your teams, systems and compliance program

• How to be resilient and jump through the regulations and devise processes systems and tools to educate executives in other departments

10:20 Extended Networking Break

Karla Haynes VP & Deputy General Counsel for Global Trade Compliance Cisco

Dr. Venu Ranganathan Director, Export Compliance Microsoft

Jason Burgoyne Counsel White & Case LLP

10:45 Preventing Human Rights Abuses via Digital Means: Implementing the EU “Catch-All” Control for Non-listed Cyber Surveillance Tools

• Gain clarity on the new guidelines for implementing Article 5 of Regulation (EU) 2021/821 and the new “catch-all” control for non-listed cyber-surveillance tools

• Which cyber-surveillance tools are captured by Regulation (EU) 2021/821and which additional tools and components potentially fall under the catch-all control

• Explore best practices for exporters to ensure compliance and avoid potential pitfalls

• The cyber-surveillance items and components likely to fall under the catch-all control

• Learn when to alert the licensing authority about a potential export of cyber-surveillance tools

• Get an update on U.S. controls for cyber-surveillance tools and license exceptions

Mark Bromley Director of the Dual-Use and Arms Trade Control Programme Stockholm International Peace Research Institute (SIPRI) (Sweden)

Roszel C. Thomsen II Partner Thomsen & Burke LLP

HYPOTHETICAL SCENARIOS

11:30

The Most Vexing Encryption, AI, Cloud & Cyber Compliance Dilemmas

Through a series of complex, real-world scenarios, the speakers will impart proven best practices for flagging potential issues, mitigating risk and strengthening compliance.

Key topics will include:

• Best practices for conducting internal investigations when a violation is detected

• Keeping up with the dynamic export controls landscape for advanced technologies

• Managing end-use and remote access for cloud services

• Staying compliant with military end-use monitoring rules

• Practical guidance for detecting an actual or suspected issue before it’s too late

12:30 Networking Luncheon

• Discussing the interplay between data and technology export controls and sanctions

• Best practices for establishing complementary sanctions compliance and export controls for data and technology infrastructure

• Strategies for product classification and supply chain risk analysis

• Practical insights to design an effective third-party due diligence program to protect your company from sanctions and export control risk

• The final rule under the EAR imposing new export controls on certain individuals and entities identified on the U.S. Department of the OFAC’s SDN List

Orisia Gammell Chief Legal Counsel & Head of Export Control Innovation SAP

Josephine Aiello LeBeau Partner Wilson Sonsini Goodrich and Rosati

• A survey of trends in export controls for encryption, cloud, and cyber products and services in Israel

• An update on the latest moves and rulemaking by DECA

• Practical guidance for navigating the export controls landscape to ensure compliance and data security

Garisma Kadakia Associate General Counsel, Global Trade NVIDIA

Jason Rhoades Director of Global Sanctions Intel

Kristine Pirnia Partner Kelley Drye & Warren LLP

3:00 Japan: New Rules Around End-Use Monitoring, Advanced Tech Transfers and Public/Private Collaboration

• Overview of Japanese export controls for encryption, cloud, and cyber products and services, with insights on METI regulatory and enforcement priorities

• Japan’s new advanced technology transfer regulations and the potential impacts on global technology supply chains

• Japan’s new end-use monitoring rules

Anna Landau Partner Herzog Fox & Neeman (Israel) Noriko Yodogawa Partner Nishimura & Asahi (Japan)

Karen Robertson Head of Trade Compliance Archer

4:00

• The anticipated impact of the BIS’ NPRM implementing EO 13873 on the connected vehicle supply chain

• Rationale, key definitions, and overview of prohibitions, and timing

• Overview of penalties for non-compliance

• The lengths and limits of general and specific authorizations, and exemptions for the next few years

• Upgrading your compliance program within the connected vehicle supply chain

5:00

Lloyd Grove Managing Counsel, Sanctions and Compliance Lucid Motors

5:30

Please

Book with confidence!