On July 10, 2023, the U.S. Department of Commerce announced that the EU-U.S. Data Privacy Framework (EU-U.S. DPF) entered into force.  

The Department of Commerce has announced that the Swiss-U.S. Data Privacy Framework will go into effect on July 17, 2023.

With regard to the UK Extension to the EU-U.S. DPF, the Department of Commerce stated the following: 

Effective July 17, 2023, eligible organizations in the United States  that wish to self-certify their compliance pursuant to the UK Extension to the EU-U.S. DPF may do so; however, they may not begin relying on the UK Extension to the EU-U.S. DPF to receive personal data transfers from the United Kingdom (and Gibraltar) before the date that the United Kingdom’s anticipated adequacy regulations implementing the data bridge for the UK Extension to the EU-U.S. DPF enter into force.  Organizations that wish to participate in the UK Extension to the EU-U.S. DPF must also participate in the EU-U.S. DPF.  

For additional information and updates, please go to the official DPF website of the Department of Commerce’s International Trade Administration: 

The ICDR-AAA is working diligently to update its website to reflect changes resulting from the transitions to the DPF.  Please check back soon for updated Information and functionality.  

For urgent questions or concerns relating to the arbitral mechanism of the DPFs, please contact Luis Martinez at or contact Alyssa Montano at

The EU (European Union)-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the EU and Switzerland to the U.S.

The Privacy Shield Program, which is administered by the International Trade Administration within the Department of Commerce, allows U.S.-based organizations to join one or both of the Frameworks. While participation is voluntary, organizations that opt to participate are required to self-certify and commit to compliance with the Frameworks’ requirements.

ICDR-AAA Privacy Shield Services

The ICDR-AAA provides several dispute resolution and administrative services related to the Privacy Shield Program.

The ICDR-AAA EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Program Independent Recourse Mechanism (IRM). The ICDR provides the readily available Independent Recourse Mechanism required by participating organizations.

Annex I of the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Privacy Shield participants in either the EU-U.S. or Swiss-U.S. Privacy Shield Framework are obligated to arbitrate certain claims as per Annex I of the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework.

EU-U.S. and the Swiss-U.S. Privacy Shield Annex I Binding Arbitration Mechanism. The ICDR-AAA has been selected by the U.S. Department of Commerce to manage the Privacy Shield Annex I Arbitration Mechanism and Arbitral Fund, into which participating organizations are required to pay a periodic contribution. In addition, the ICDR-AAA administers arbitration cases filed by EU and Swiss individuals under Annex I. See the 
EU-U.S. Privacy Shield Annex I Binding Arbitration Mechanism or Swiss-U.S. Privacy Shield Annex I Binding Arbitration Mechanism for more information on these programs.