The Biden administration is set to announce on Thursday a ban on the sale of Kaspersky Lab’s antivirus software in the United States. This move indicates that the U.S. may be starting to implement new measures to restrict or prohibit transactions between American companies and “foreign adversaries” such as China and Russia in the internet, telecommunications, and technology sectors.
According to Reuters, a source familiar with the matter stated that this Russian company has major clients in the U.S., including critical infrastructure suppliers and state and local governments.
The close relationship between Kaspersky and the Russian government is considered to pose significant risks to the U.S. The software’s privileged access to computer systems could potentially allow for the theft of sensitive information from U.S. computers, installation of malicious software, or blocking of critical updates.
Two other sources revealed that this new regulation will utilize the broad government powers granted during the Trump administration, placing Kaspersky on a trade restriction list. This action is expected to result in a dual blow to Kaspersky’s reputation and overseas sales.
The U.S. Department of Commerce spokesperson declined to comment, while Kaspersky Lab and the Russian embassy did not respond to requests for comments. Previously, Kaspersky had stated that it is a private company with no ties to the Russian government.
This move also signifies the Biden administration’s use of a powerful new authority to prohibit or restrict transactions between American companies and “foreign adversaries” such as Russia and China in the internet, telecommunications, and technology sectors. These tools have not been extensively utilized before.
The restrictions on the entry and sale of Kaspersky software will come into effect on September 29, 100 days after the announcement. This will prohibit the downloading of software updates, resale, and licensing of products. Within 30 days of the announcement of the restriction order, Kaspersky’s new business operations in the U.S. will be halted.
It is currently unclear how being included on the entity list will impact Kaspersky. The company’s Russian business is already subject to comprehensive export restrictions by the U.S.
If the U.S. Department of Commerce adds Kaspersky’s foreign subsidiaries to the Entity List for purchasing significant supplies from the U.S., it could disrupt Kaspersky’s supply chain. If only Kaspersky’s Russian entity is listed, the impact would likely be more on the company’s reputation.
Regulators have long been concerned about Kaspersky’s security. In 2017, the U.S. Department of Homeland Security banned Kaspersky’s flagship antivirus product from federal networks, alleging ties to the Russian intelligence agency and highlighting Russian laws enabling intelligence agencies to compel Kaspersky to assist and intercept communications in Russia.
Following Russia’s invasion of Ukraine, pressure on Kaspersky’s U.S. operations has been mounting. Reuters reported that on the second day of the invasion in February 2022, the U.S. government privately warned some American companies that Russian authorities might manipulate software designed by Kaspersky to cause harm.
This conflict has led the U.S. Department of Commerce to intensify its national security investigations into the software, culminating in Thursday’s action.
Kaspersky has a holding company in the UK and operates in Massachusetts, USA. In a company profile, it stated that in 2022, its revenue was $752 million, serving over 220,000 corporate clients in 200 countries. The website lists clients such as Italian automaker Fiat, Volkswagen, a Spanish retail sector, and the Qatar Olympic Committee.