On February 05, 2026, the Florida Attorney General James Uthmeier announced the creation of the Consumer Harm from International Nefarious Actors Prevention Unit. As a first-of-its-kind division, this specialized unit will be a dedicated section within the Office of the Attorney General focused on addressing risks to Florida consumers, data privacy, and economic security arising from the activities of “foreign adversaries.”
The Florida Attorney General’s Office reported that the unit’s initial action includes issuing subpoenas to businesses with the intention to audit and identify any ties with “countries of concern.” “Countries of concern” is the same language used in Executive Order 14117 which identifies six countries considered by the U.S. to pose a significant risk to national security regarding data access: China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.
“If a company is funneling Floridians’ personal information to China or other foreign countries of concern, we will hold them accountable,” said Attorney General James Uthmeier. Since 2025, the Office has issued several investigative subpoenas to companies that allegedly shared personal information or data on Florida consumers with China, a jurisdiction Florida has prioritized for regulatory review. The subpoenas required the companies to disclose any ownership, control, or financing by “countries of concern” and to state whether the governments of those jurisdictions have requested operational information concerning the companies’ activities in Florida or the United States.
The formation of this new unit reflects a broader state-level effort to address national security and consumer protection risks associated with foreign technology and data transfers. The initiative aligns with recent federal action implementing Executive Order 14117. Companies that engage in cross-border operations or data transfers should anticipate heightened scrutiny and proactive investigative activity from Florida and other state regulators. Businesses can proactively prepare by conducting data mapping and documented risk assessments to show compliance with emerging data localization and national security laws.
