About KORTX

Empowering transformative growth through integrated advertising, analytics and creative solutions

Careers

A culture of appreciation and dedication

Our Services

Data-driven creative, integrated advertising, and transparent analytics

our products

Purpose-built supercharged digital advertising tools

For agencies

Harness the power of KORTX to amplify your client initiatives

For Brands

Harness the power of KORTX to amplify your client initiatives

For Franchises

Built for Scale, Built for Results

creative gallery

case studies

What EO 14117 Means for Marketers (& How to Stay Ahead)

Published on April 25, 2025

A new federal data rule just took effect—and if your marketing touches user data (spoiler: it does), you need to pay attention.

This is a national security move with a real marketing impact.

Executive Order 14117 could disrupt how your data flows, who you can work with, and what targeting stays on the table.

The short version? The U.S. government is locking down sensitive personal data. Marketers need to start thinking like compliance officers.

Marketing Data, Meet National Security

On April 8, the Department of Justice enforced a new federal rule under Executive Order 14117. The U.S. government is officially treating sensitive personal data as a national security concern.

The goal? Keep foreign adversaries from accessing large-scale U.S. data sets.
The impact? Stricter controls on how companies collect, store, and share sensitive data.

If your marketing relies on advanced targeting, global data platforms, or Third-Party enrichment, this affects you.

Enforcement timeline:

  • Now: Rule is in effect
  • September 23, 2025: Audit, reporting, and due diligence requirements go live

Executive Order 14117: Countries of Concern

The U.S. government has defined the following as “countries of concern” under EO 14117:

  1. China
  2. Russia
  3. Iran
  4. North Korea
  5. Cuba
  6. Venezuela (specifically the Maduro regime)

If you’re a U.S. business, you’re prohibited from engaging in certain data transactions with individuals or entities based in these nations.

Executive Order 14117: Countries of Concern

This Impacts Targeting, Attribution, & CX

This rule isn’t just a legal or compliance issue. It touches nearly every part of modern marketing, from how you build audiences to how you measure performance and personalize creative.

If your campaigns use Third-Party data, rely on global platforms, or work with outside partners for targeting or attribution, this rule applies to you.

Quote Graphic

“The Final Rule represents a sweeping new regulation of cross-border data flows, with potentially significant implications for companies that collect and process sensitive personal data.”
DOJ Issues Final Rule Prohibiting and Restricting Transfers of Bulk Sensitive Personal Data, White & Case

What’s at risk:

  • Segmentation models may break. If you enrich your First-Party data with Third-Party inputs, especially from international vendors, you could lose access to key audience segments or face higher risk in using them.
  • Measurement and attribution could get murky. Clean rooms, device graphs, and identity resolution tools may limit access or change how they operate.
  • Creative personalization could take a hit. Behavioral data from apps, wearables, or geolocation might now fall under stricter rules or become off-limits altogether.

This rule matters even more in industries like:

  • Healthcare, pharma, and fitness
  • Financial services and fintech
  • Retail and QSR brands with loyalty programs
  • CPG brands using advanced audience targeting

Even if your campaigns are U.S.-focused, your data sources or vendors might not be. It’s time to take inventory.

Ad Tech Icon

Is your ad tech stack ready for tighter data rules? EO 14117 raises the stakes for every platform and partner in your stack.
✨ How to Audit Your Ad Tech Stack Without Slowing Down Your Strategy

What to Watch

This isn’t a one-and-done policy shift. It’s the start of a bigger realignment of how data is treated in the U.S. and how vendors respond will directly affect your campaigns.

Watch for these ripple effects in the months ahead:

1. Vendor reclassifications and restrictions: LiveRamp was among the first to flag changes. Expect others—Oracle, Neustar, Experian—to revise their enrichment, identity, or activation practices. You might lose access to certain segments altogether, especially anything built with device-level or location data.

2. DSPs and CDPs geofencing more aggressively
Some platforms may start restricting data flows from “countries of concern” or blacklisting supply paths entirely. That could affect everything from programmatic reach to audience size and match rates.

3. Changes to lookalike modeling and data onboarding
If you’re pushing CRM lists into platforms or building lookalikes based on historical data, ask your partners where that modeling happens. Some of it may rely on infrastructure abroad.

4. Tightening around location-based advertising
If you’re running campaigns that depend on precise location signals (store visit attribution, geofencing, or event-based retargeting), you need to know where that data is sourced and how it’s handled.

5. Risk of delayed campaigns or media pauses
If you don’t pre-audit your stack, your legal or compliance team might step in mid-flight. That can stall launches, pull spend, or force last-minute pivots.


KORTX Blog - Second Screen - Social Link Share Image 1200 x 628 (6)

 

How to Get Ahead of It

Make the fix before it is a fire drill.

This rule is active, and enforcement is coming soon. Taking a few smart steps now can help you avoid last-minute pivots and protect performance down the line.

1. Audit your data flows: Map your stack. Where is sensitive data coming from? Where is it going? Who has access along the way?

2. Pressure-test your contracts: Review your data-sharing agreements. Ask your partners where they store and process data. Add compliance clauses before they become urgent.

3. Push your martech and adtech vendors: Ask if they’re compliant with Executive Order 14117. Are they geofencing data? Have they updated their terms or targeting practices?

4. Train your internal teams: This isn’t just “legal’s problem.” It affects segmentation, targeting, attribution, and personalization. Make sure your strategy, media, and analytics teams are looped in.

The New Standard for Data-Driven Teams

Sensitive data is being treated like critical infrastructure. That changes how it’s handled, who’s responsible, and what’s expected from companies that use it.

Data governance is moving out of the legal silo and into everyday operations. Teams are asked to show how data is collected, where it goes, who has access, and how it’s protected. Compliance is table stakes. Marketers will soon be expected to manage data with the same discipline they apply to budget and performance.

For marketing teams, this shift means building strategies on:

  • Trust with customers, partners, and regulators
  • Agility to respond quickly to new rules and platform changes
  • Intelligence to turn consented, reliable data into tangible results

EO 14117 confirms where everything is headed. Brands and agencies that act now will be better equipped for what’s next.

Stay in Front of the Regulatory Curve

Executive Order 14117 raises the bar for how marketers handle sensitive data. This rule demands visibility, accountability, and tighter control across your data stack.

Audit what you’re using, strengthen what you own, and work with partners who are ready for what’s next.

Teams that take this seriously now will have a real edge when the next wave of regulation hits.

Brandon Pollard Headshot


ABOUT THE AUTHORBrandon Pollard is the Director of Ad Operations at KORTX. He enjoys cloud rap, soccer, and traveling.

Table of contents
2
3