Export Controls, AI Safety, Lapsus$ & Cybersecurity – 10/04/2025

Today’s compliance intelligence digest highlights critical developments in regulatory and third-party risk landscapes. Lapsus$ has resurfaced, threatening Salesforce customers, while new US Commerce Department rules expand export controls. California’s AI safety legislation sets a precedent, and the expiration of cybersecurity information-sharing protections marks a significant shift in policy.

Top 5 Critical Compliance Alerts

• Lapsus$ Returns With Salesforce Leak Site : The cybercriminal collective Lapsus$ has reemerged and is threatening to publish stolen data from Salesforce customers by Oct. 10 if their demands are not met. Read more
• New US Commerce Department Global License Requirements : BIS released the Affiliates Rule, drawing unnamed entities into entity-specific controls to close paths of diversion to blacklisted entities. Read more
• BIS Expands Export Controls to Affiliates : BIS issued an interim final rule expanding export controls to foreign affiliates of parties already subject to restrictions. Read more
• California AI Safety Legislation : California Governor Gavin Newsom signed into law Senate Bill 53 (SB 53), known as the Transparency in Frontier Artificial Intelligence Act (TFAIA). Read more
• Cybersecurity Protections Expire : The legal protections for sharing of cyber threat information among private sector entities and with the federal government were not renewed by Congress and have expired. Read more

Regulatory Updates

• New US Commerce Department Global License Requirements : BIS released the Affiliates Rule, drawing unnamed entities into entity-specific controls to close paths of diversion to blacklisted entities. Read more
• BIS Closes Loophole: New Rule Expands Export Controls to Affiliates : BIS issued an interim final rule expanding export controls to foreign affiliates of parties already subject to restrictions. Read more
• Broadcast Station Filings Due on October 10, 2025 : All radio and television broadcast stations must prepare a list of important issues facing their communities of license and the programs aired during July, August, and September dealing with those issues. Read more

Policy & Governance Updates

• The End of an Era: A Decade of Cybersecurity Protections Expire : The legal protections for sharing of cyber threat information among private sector entities and with the federal government were not renewed by Congress and have expired. Read more
• Landmark California AI Safety Legislation : California Governor Gavin Newsom signed into law Senate Bill 53 (SB 53), known as the Transparency in Frontier Artificial Intelligence Act (TFAIA). Read more

Third-Party Risk & Due Diligence

• Lapsus$ Returns With Salesforce Leak Site : The cybercriminal collective Lapsus$ has reemerged and is threatening to publish stolen data from Salesforce customers by Oct. 10 if their demands are not met. Read more
• Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage : Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe. Read more