To embed, copy and paste the code into your website or blog: On January 19, 2021, we saw the publication of both an interim final rule from the Department of Commerce (Commerce) to address the security of the U.S. supply chain for information technology (the Rule) 1 and a new cyber-security executive order (the Order), 2 both issued under the authority of the International Emergency Economic Powers Act (IEEPA). These issuances represent the final regulatory efforts by the outgoing Trump administration to exercise enhanced national security oversight over U.S. information technology (IT) companies' interactions with foreign actors. Both the Rule and the Order grant the U.S. government new oversight powers over private commercial agreements related to IT between U.S. businesses and foreign entities. The Rule, in particular, creates a regulatory regime that permits Commerce to review many U.S. companies' commercial agreements with foreign parties from certain nations—most notably, Chinese and Russian parties—in a manner similar to that in which the Committee on Foreign Investment in the United States (CFIUS) reviews investments by foreign parties. U.S. companies would have the option to seek a license for covered IT transactions in advance from the Department of Commerce. Those who do not would run the risk of having the government interfere in their procurement of IT products and services from selected foreign parties. If the Biden administration decides to exercise the new powers granted under the Rule—and it may or may not, as discussed below—it would be a startling expansion of U.S. government national security oversight in the technology sector.