SenateS. 4882119th Congress
ICTS Supply Chain Security Act of 2026
Full Text
Official text as published. Use Ctrl+F / Cmd+F to search within the document.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 4882 Introduced in Senate (IS)]
<DOC>
119th CONGRESS
2d Session
S. 4882
To amend the Export Control Reform Act of 2018 to provide for the
security of information and communications technology and services
supply chains, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 24, 2026
Mr. Scott of South Carolina (for himself and Mr. Hagerty) introduced
the following bill; which was read twice and referred to the Committee
on Banking, Housing, and Urban Affairs
_______________________________________________________________________
A BILL
To amend the Export Control Reform Act of 2018 to provide for the
security of information and communications technology and services
supply chains, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``ICTS Supply Chain Security Act of
2026''.
SEC. 2. ASSISTANT SECRETARY OF COMMERCE FOR INFORMATION AND
COMMUNICATIONS TECHNOLOGY SUPPLY CHAINS.
Part III of the Export Control Reform Act of 2018 (50 U.S.C. 4851
et seq.) is amended--
(1) in the part heading, by striking ``administrative
authorities'' and inserting ``organization of bureau of
industry and security''; and
(2) by adding at the end the following:
``SEC. 1783. ASSISTANT SECRETARY OF COMMERCE FOR INFORMATION AND
COMMUNICATIONS TECHNOLOGY SUPPLY CHAINS.
``(a) In General.--The President shall appoint, by and with the
advice and consent of the Senate, and in addition to the Assistant
Secretaries of Commerce appointed under section 1782, an Assistant
Secretary of Commerce for Information and Communications Technology
Supply Chains (in this section referred to as the `Assistant
Secretary'), who shall report to the Under Secretary of Commerce for
Industry and Security.
``(b) Responsibilities.--The Assistant Secretary shall be
responsible for overseeing the Office of Information and Communications
Technology and Services established by section 1784.''.
SEC. 3. OFFICE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND
SERVICES.
Part III of the Export Control Reform Act of 2018, as amended by
section 2, is further amended by adding at the end the following:
``SEC. 1784. OFFICE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND
SERVICES.
``(a) Establishment.--The Secretary shall establish an Office of
Information and Communications Technology and Services (in this section
referred to as the `Office') within the Bureau of Industry and
Security.
``(b) Organizational Structure.--The head of the Office shall
report directly to the Assistant Secretary of Commerce for Information
and Communications Technology Supply Chains.
``(c) Duties.--The Office shall--
``(1) administer part IV; and
``(2) carry out such other duties as the Secretary or the
Assistant Secretary of Commerce for Information and
Communications Technology Supply Chains may assign.
``(d) Availability of Information to Congress.--
``(1) In general.--Any information obtained at any time by
the Office in carrying out the duties of the Office under
subsection (c), including in administering part IV, shall be
made available to a committee or subcommittee of Congress of
appropriate jurisdiction, upon the request of the chairman or
ranking minority member of the committee or subcommittee.
``(2) Prohibition on further disclosure.--No committee or
subcommittee referred to in paragraph (1), or any member
thereof, may disclose any information made available under
paragraph (1) that is submitted on a confidential basis unless
the full committee determines that the withholding of that
information is contrary to the national interest.''.
SEC. 4. SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND
SERVICES SUPPLY CHAINS.
(a) In General.--The Export Control Reform Act of 2018, as amended
by sections 2 and 3, is further amended by adding at the end the
following:
``PART IV--SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND
SERVICES SUPPLY CHAINS
``SEC. 1785. DEFINITIONS.
``In this part:
``(1) Appropriate congressional committees.--The term
`appropriate congressional committees' means the Committee on
Banking, Housing, and Urban Affairs of the Senate and the
Committee on Foreign Affairs of the House of Representatives.
``(2) Country of concern.--The term `country of concern'
means--
``(A) the People's Republic of China, including the
Hong Kong and Macau Special Administrative Regions;
``(B) the Republic of Cuba;
``(C) the Islamic Republic of Iran;
``(D) the Democratic People's Republic of Korea;
and
``(E) the Russian Federation.
``(3) Covered icts transaction.--The term `covered ICTS
transaction' means any transaction described in section
1785A(b) or a class of such transactions.
``(4) Information and communications technology or
services; icts.--The terms `information and communications
technology or services' and `ICTS' mean any hardware, software,
connected software applications, or other product or service
primarily intended to fulfill or enable the function of
information or data processing, storage, retrieval, or
communication by electronic means, including through
transmission, storage, or display.
``(5) Open-source software.--The term `open -source
software' means software for which the human-readable source
code is available in its entirety for use, study, reuse,
modification, enhancement, and redistribution by the users of
the software.
``SEC. 1785A. PROHIBITION ON TRANSACTIONS THAT THREATEN SECURITY OF
INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES
SUPPLY CHAINS.
``(a) In General.--Except as otherwise specifically provided in
this part, a transaction described in subsection (b) is prohibited.
``(b) Transactions Described.--A transaction described in this
subsection is any acquisition, importation, transfer, installation,
dealing in, or use of any information and communications technology or
service by any person, or with respect to any property, subject to the
jurisdiction of the United States, if the Secretary, in consultation
with the heads of the relevant Federal agencies, has determined that
the transaction--
``(1) involves information and communications technology or
services designed, developed, manufactured, or supplied by
persons owned by, controlled by, or subject to the jurisdiction
or direction of a country of concern; and
``(2)(A) poses an undue risk of sabotage to or subversion
of the design, integrity, manufacturing, production,
distribution, installation, operation, or maintenance of
information and communications technology or services in the
United States;
``(B) poses an undue risk of catastrophic effects on the
security or resiliency of United States critical infrastructure
or the digital economy of the United States; or
``(C) otherwise poses an unacceptable risk to the national
security of the United States or the security and safety of
United States persons.
``(c) Exception for Information and Informational Materials.--The
prohibition under subsection (a) shall not include a prohibition
intended to prevent the importation from any country, or the
exportation to any country, whether commercial or otherwise, of any
expressive materials, including--
``(1) publications, films, posters, photographs, artworks,
news wire feeds, digital streaming content, podcasts, social
media posts, blogs, online news articles, and other
electronically distributed media; and
``(2) items and transactions described in section 203(b) of
the International Emergency Economic Powers Act (50 U.S.C.
1702(b)).
``(d) Exception for Open-Source Software.--The prohibition under
subsection (a) does not include a prohibition on transactions
specifically intended to provide the public with access to open-source
software.
``(e) Effect on Contracts and Permits.--The prohibition under
subsection (a) applies notwithstanding any contract entered into or
license or permit granted before the date of the enactment of this
part.
``SEC. 1785B. AUTHORIZATION TO PRESCRIBE REGULATIONS WITH RESPECT TO
COVERED ICTS TRANSACTIONS AND PERSONS AND JURISDICTIONS
OF CONCERN.
``If Secretary determines that, for certain classes of covered ICTS
transactions, the prohibition under subsection (a) of section 1785A may
not effectively address the undue or unacceptable risks described in
subsection (b)(2) of that section, the Secretary may--
``(1) prescribe regulations that--
``(A) identify particular covered ICTS transactions
or persons or jurisdictions of concern that pose such a
risk;
``(B) impose mitigation measures and prohibitions
to address the risk posed by such transactions,
persons, or jurisdictions;
``(C) establish criteria by which particular
covered ICTS transactions or particular classes of
participants in the covered ICTS transaction supply
chain may be recognized as categorically included in or
as categorically excluded from mitigation measures or
prohibitions imposed under subparagraph (B);
``(D) establish particular classes of covered ICTS
transactions or parties to such transactions that are
required to abide by such mitigation measures and
prohibitions; and
``(E) establish procedures to authorize or license
transactions otherwise prohibited pursuant to a
regulation prescribed under this section; and
``(2) prescribe such other regulations as the Secretary
determines to be necessary or appropriate to address the undue
or unacceptable risks described in section 1785A(b)(2).
``SEC. 1785C. ADMINISTRATION.
``(a) In General.--The head of the Office of Information and
Communications Technology and Services established under section 1784
(in this section referred to as the `head of the Office') shall
administer this part.
``(b) Mitigation and Approval of Covered ICTS Transactions.--The
head of the Office, in consultation with the heads of the relevant
Federal agencies, may--
``(1) design, negotiate, and impose mitigation measures
with respect to a covered ICTS transaction; and
``(2) approve the transaction if those measures are
implemented.
``(c) Regulations.--The Secretary, acting through the head of the
Office, may prescribe regulations to carry out this part.
``SEC. 1785D. JUDICIAL REVIEW.
``(a) Exclusive Jurisdiction.--A claim or petition challenging this
part or any final action or determination under this part may be filed
only in the United States Court of Appeals for the District of Columbia
Circuit. Notwithstanding the preceding sentence, the United States
District Court for the District of Columbia Circuit shall have the
jurisdiction and power to order and require compliance with any
subpoena issued under this part.
``(b) In Camera and Ex Parte Review.--
``(1) In general.--The following information may be
included in the administrative record and shall be submitted
only to the court ex parte and in camera:
``(A) Sensitive security information, as defined in
section 1520.5 of title 49, Code of Federal
Regulations.
``(B) Records or information compiled for law
enforcement purposes, as described in section 552(b)(7)
of title 5, United States Code.
``(C) Classified information, as defined in section
1(a) of the Classified Information Procedures Act (18
U.S.C. App.).
``(2) Treatment of information filed in camera and ex
parte.--Any information that is part of the administrative
record filed ex parte and in camera under paragraph (1), or
cited by the court in any decision, shall be treated by the
court consistent with the provisions of this section. In no
event shall such information be released to the claimant or
petitioner or as part of the public record, or shall the
petitioner be permitted to review information submitted to the
court ex parte and in camera.
``(c) Exclusive Remedy.--A determination by the court under this
section shall be the exclusive judicial remedy for any claim or
petition for review challenging this part or any final action or
determination under this part against the United States, any agency, or
any component or official of any such agency.
``(d) Rule of Construction.--Nothing in this section may be
construed as limiting, superseding, or preventing the invocation of any
privileges or defenses that are otherwise available at law or in equity
to protect against the disclosure of information.
``(e) Statute of Limitations.--A challenge to any final action or
determination under this part may only be brought not later than 180
days after the date of such an action or determination.
``SEC. 1785E. PENALTIES.
``(a) Unlawful Acts.--It shall be unlawful for a person to violate,
attempt to violate, conspire to violate, or cause a violation of any
regulation, order, direction, prohibition, or other authorization or
directive issued under this part.
``(b) Criminal Penalties.--A person who willfully commits,
willfully attempts to commit, or willfully conspires to commit, or aids
and abets in the commission of an unlawful act described in subsection
(a)--
``(1) shall be fined not more than $1,000,000; and
``(2) in the case of the individual, shall be imprisoned
for not more than 20 years, or both.
``(c) Civil Penalties.--
``(1) In general.--The Secretary may impose the following
civil penalties on a person for each violation by that person
of this part or any regulation, order, or license issued under
this part:
``(A) A fine that is the greater of $1,500,000 or
an amount that is 5 times the value of the transaction
that is the basis of the violation with respect to
which the penalty is imposed.
``(B) Revocation of any mitigation measure or
authorization issued under this part to the person.
``(C) A prohibition or other restriction on the
ability of the person to engage in any covered ICTS
transaction.
``(2) Inflation.--The fine under paragraph (1)(A) is
subject to adjustment pursuant to the Federal Civil Penalties
Inflation Adjustment Act of 1990 (Public Law 101-410; 28 U.S.C.
2461 note).
``(3) Standards for levels of civil penalty.--The Secretary
may by regulation provide standards for establishing levels of
civil penalty under paragraph (1) based upon factors that
include--
``(A) the seriousness of the violation to the
national security of the United States;
``(B) the intent or actions of the violator,
including any pattern of reckless behavior; and
``(C) any mitigating factors, such as a record of
cooperation of the violator with the Federal Government
in disclosing the violation.
``SEC. 1785F. RELATIONSHIP TO OTHER LAWS.
``(a) Rule of Construction Relating to Other Law.--Nothing in this
part shall be construed to alter or affect any other authority,
process, regulation, investigation, enforcement measure, or review
provided by or established under any other provision of Federal law.
``(b) Administrative Procedure Exceptions.--Except with respect to
a civil penalty imposed pursuant to section 1785E(c), any function
exercised under this part is not subject to sections 551, 553 through
559, and 701 through 706 of title 5, United States Code.
``(c) Paperwork Reduction Act Exception.--The requirements of
chapter 35 of title 44, United States Code (commonly referred to as the
`Paperwork Reduction Act'), shall not apply to any action to implement
this part.
``(d) Defense Production Act of 1950.--
``(1) Rule of construction.--Nothing in this part shall
prevent or preclude the President or the Committee on Foreign
Investment in the United States from exercising any authority
under section 721 of the Defense Production Act of 1950 (50
U.S.C. 4565) that would be available in the absence of this
part.
``(2) Coordination of reviews.--The Secretary shall
terminate the review of a covered ICTS transaction under this
part if--
``(A) the transaction involves the acquisition of
ICTS items by a United States person as a party to a
transaction authorized under the Defense Production Act
of 1950 (50 U.S.C. 4501 et seq.); or
``(B) the Committee on Foreign Investment in the
United States is conducting a review or investigation
of the transaction under section 721 of the Defense
Production Act of 1950 (50 U.S.C. 4565).
``(e) Executive Orders 13873 and 14034.--
``(1) Rule of construction.--Nothing in this part may be
construed as altering any of the authority of the Secretary
under Executive Order 13873 (50 U.S.C. 1701 note; relating to
securing the information and communications technology and
services supply chain) or Executive Order 14034 (50 U.S.C. 1701
note; relating to protecting Americans' sensitive data from
foreign adversaries).
``(2) Continuation in effect.--Any regulation the Secretary
prescribed under Executive Order 13873 (50 U.S.C. 1701 note;
relating to securing the information and communications
technology and services supply chain) or Executive Order 14034
(50 U.S.C. 1701 note; relating to protecting Americans'
sensitive data from foreign adversaries) before the date of the
enactment of this part shall continue in effect on and after
such date of enactment.
``SEC. 1785G. AUTHORIZATION OF OTHER ACTIONS.
``In carrying out the requirements of this part, the Secretary may
take any other actions that the Secretary determines to be necessary or
appropriate, including prescribing new regulations, amending
regulations, publishing any notices in the Federal Register (including
with respect to mitigation measures and prohibitions imposed under
section 1785B), issuing guidance, establishing procedures, revoking or
amending authorizations, and terminating or amending any determination.
``SEC. 1785H. ANNUAL REPORTS.
``Not later than 180 days after the date of the enactment of this
part, and annually thereafter, the head of the Office of Information
and Communications Technology and Services shall submit to the
appropriate congressional committees a report on actions taken to carry
out this part during the one-year period preceding submission of the
report.
``SEC. 1785I. TERMINATION.
``The prohibition under section 1785A(a) and the requirements of
and authorities provided by this part terminate on the date that is 5
years after the date of the enactment of this part.''.
(b) Conforming Amendment.--Section 1742(13)(A) of the Export
Control Reform Act of 2018 (50 U.S.C. 4801(13)(A)) is amended, in the
matter preceding clause (i), by striking ``part I'' and inserting
``parts I and IV''.
<all>