ARTICLE SUMMARY:
Companies need to institute more controls over what data is going to entities in China and five other “countries of concern” under the US Department of Justice’s Data Security Program, which took effect earlier this year.
Device companies have a lot of important reasons for sending data to government and private entities in China, a massive medtech market. But under a recently enacted US national security program, firms need to implement more controls around who is receiving the information and for what reason.
The Data Security Program (DSP) is a US Department of Justice regulation intended to prevent government or bulk sensitive personal data, including health and biometrics information, from being exploited to threaten national security by six “countries of concern,” including China, as well as Russia, Iran, North Korea, Cuba, and Venezuela. It originates from a President Biden-era executive order that was codified in a January 2025 final rule. The Trump DOJ picked up on the effort, issuing a compliance guide and other resources in April when the requirements officially took effect. It also granted well-intentioned firms until July 8 to get their systems in order before active enforcement would begin.
