Bureau of Industry and Security (BIS) of the U.S. Department of Commerce announced to prohibit Kaspersky Lab, Inc. a US subsidiary of the Russian software manufacturer, from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to US persons. The prohibition applies to branches, subsidiaries and parent companies of Kaspersky Lab, Inc.
In particular, Kaspersky will no longer be able to sell its software within the United States or provide updates to software that is already in use. The full list of prohibited transactions can be found at oicts.bis.gov/kaspersky. The reasons for the ban include:
The BIS also added Kaspersky Lab and Kaspersky Group (Russia) and Kaspersky Labs Limited (UK) to the list of organizations that cooperate with Russian military and intelligence agencies for cyber intelligence purposes. The Department notes that today’s decision is the result of a lengthy and thorough investigation that found that the company’s continued operations in the United States pose a national security threat that cannot be addressed by lenient measures — only by a complete ban.
Individuals and businesses that use Kaspersky software are strongly advised to quickly switch to other vendors to limit the access of attackers to personal or other sensitive data. Individuals and businesses that continue to use existing Kaspersky products and services will not be subject to legal sanctions, but assume all associated cybersecurity risks.
To minimize the impact on consumers and businesses in the United States and give them time to find suitable alternatives, Kaspersky is allowed to continue certain operations, including updating anti-virus signatures, until September 29, 2024.
The U.S. government took action against Kaspersky in 2017 when the Department of Homeland Security issued a directive requiring federal agencies to stop using Kaspersky-branded products in federal information systems. The National Defense Authorization Act (NDAA) for Fiscal Year 2018 prohibits the use of Kaspersky by the federal government. In March 2022, the Federal Communications Commission added to its «List of Communications Equipment and Services that Pose a Threat to National Security» information security products, solutions, and services provided directly or indirectly by Kaspersky.