Products Intelligence Pricing Methodology Contact
DEFENSE & GOVERNMENT CONTRACTING

Cross-border data transfer compliance

Defense and government contractors face some of the sharpest cross-border data transfer restrictions in any sector, driven by the U.S. Department of Defense's Cybersecurity Maturity Model Certification requirements, the Department of Justice's Data Security Program rules finalized under Executive Order 14117, and the European Data Protection Board's guidance on transfers involving public-authority data. The compliance question is no longer whether restrictions apply; it is which data categories, which vendor tiers, and which transfer mechanisms survive scrutiny under rules that now treat defense-adjacent personal data as a national security asset.

Watch

  • DOJ Data Security Program bulk data prohibitions: contractor obligations take effect October 2025
  • CMMC Level 2 and 3 re-certification timelines for CUI handled by foreign-owned subcontractors
  • EDPB opinion on Standard Contractual Clauses when a transfer recipient is a U.S. government-linked entity
  • DFARS clause 252.204-7012 scope disputes now reaching contract award protests

Recent material activity in Defense & Government Contracting

Active monitoring in place across Defense & Government Contracting. Material developments related to cross-border data transfer compliance will appear here as they are published.