SenateS. 4882119th Congress

ICTS Supply Chain Security Act of 2026

Full Text

Official text as published. Use Ctrl+F / Cmd+F to search within the document.

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 4882 Introduced in Senate (IS)]

<DOC>

119th CONGRESS
  2d Session
                                S. 4882

   To amend the Export Control Reform Act of 2018 to provide for the 
  security of information and communications technology and services 
                 supply chains, and for other purposes.

_______________________________________________________________________

                   IN THE SENATE OF THE UNITED STATES

                             June 24, 2026

 Mr. Scott of South Carolina (for himself and Mr. Hagerty) introduced 
the following bill; which was read twice and referred to the Committee 
                 on Banking, Housing, and Urban Affairs

_______________________________________________________________________

                                 A BILL

 
   To amend the Export Control Reform Act of 2018 to provide for the 
  security of information and communications technology and services 
                 supply chains, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``ICTS Supply Chain Security Act of 
2026''.

SEC. 2. ASSISTANT SECRETARY OF COMMERCE FOR INFORMATION AND 
              COMMUNICATIONS TECHNOLOGY SUPPLY CHAINS.

    Part III of the Export Control Reform Act of 2018 (50 U.S.C. 4851 
et seq.) is amended--
            (1) in the part heading, by striking ``administrative 
        authorities'' and inserting ``organization of bureau of 
        industry and security''; and
            (2) by adding at the end the following:

``SEC. 1783. ASSISTANT SECRETARY OF COMMERCE FOR INFORMATION AND 
              COMMUNICATIONS TECHNOLOGY SUPPLY CHAINS.

    ``(a) In General.--The President shall appoint, by and with the 
advice and consent of the Senate, and in addition to the Assistant 
Secretaries of Commerce appointed under section 1782, an Assistant 
Secretary of Commerce for Information and Communications Technology 
Supply Chains (in this section referred to as the `Assistant 
Secretary'), who shall report to the Under Secretary of Commerce for 
Industry and Security.
    ``(b) Responsibilities.--The Assistant Secretary shall be 
responsible for overseeing the Office of Information and Communications 
Technology and Services established by section 1784.''.

SEC. 3. OFFICE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND 
              SERVICES.

    Part III of the Export Control Reform Act of 2018, as amended by 
section 2, is further amended by adding at the end the following:

``SEC. 1784. OFFICE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND 
              SERVICES.

    ``(a) Establishment.--The Secretary shall establish an Office of 
Information and Communications Technology and Services (in this section 
referred to as the `Office') within the Bureau of Industry and 
Security.
    ``(b) Organizational Structure.--The head of the Office shall 
report directly to the Assistant Secretary of Commerce for Information 
and Communications Technology Supply Chains.
    ``(c) Duties.--The Office shall--
            ``(1) administer part IV; and
            ``(2) carry out such other duties as the Secretary or the 
        Assistant Secretary of Commerce for Information and 
        Communications Technology Supply Chains may assign.
    ``(d) Availability of Information to Congress.--
            ``(1) In general.--Any information obtained at any time by 
        the Office in carrying out the duties of the Office under 
        subsection (c), including in administering part IV, shall be 
        made available to a committee or subcommittee of Congress of 
        appropriate jurisdiction, upon the request of the chairman or 
        ranking minority member of the committee or subcommittee.
            ``(2) Prohibition on further disclosure.--No committee or 
        subcommittee referred to in paragraph (1), or any member 
        thereof, may disclose any information made available under 
        paragraph (1) that is submitted on a confidential basis unless 
        the full committee determines that the withholding of that 
        information is contrary to the national interest.''.

SEC. 4. SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND 
              SERVICES SUPPLY CHAINS.

    (a) In General.--The Export Control Reform Act of 2018, as amended 
by sections 2 and 3, is further amended by adding at the end the 
following:

 ``PART IV--SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND 
                         SERVICES SUPPLY CHAINS

``SEC. 1785. DEFINITIONS.

    ``In this part:
            ``(1) Appropriate congressional committees.--The term 
        `appropriate congressional committees' means the Committee on 
        Banking, Housing, and Urban Affairs of the Senate and the 
        Committee on Foreign Affairs of the House of Representatives.
            ``(2) Country of concern.--The term `country of concern' 
        means--
                    ``(A) the People's Republic of China, including the 
                Hong Kong and Macau Special Administrative Regions;
                    ``(B) the Republic of Cuba;
                    ``(C) the Islamic Republic of Iran;
                    ``(D) the Democratic People's Republic of Korea; 
                and
                    ``(E) the Russian Federation.
            ``(3) Covered icts transaction.--The term `covered ICTS 
        transaction' means any transaction described in section 
        1785A(b) or a class of such transactions.
            ``(4) Information and communications technology or 
        services; icts.--The terms `information and communications 
        technology or services' and `ICTS' mean any hardware, software, 
        connected software applications, or other product or service 
        primarily intended to fulfill or enable the function of 
        information or data processing, storage, retrieval, or 
        communication by electronic means, including through 
        transmission, storage, or display.
            ``(5) Open-source software.--The term `open -source 
        software' means software for which the human-readable source 
        code is available in its entirety for use, study, reuse, 
        modification, enhancement, and redistribution by the users of 
        the software.

``SEC. 1785A. PROHIBITION ON TRANSACTIONS THAT THREATEN SECURITY OF 
              INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES 
              SUPPLY CHAINS.

    ``(a) In General.--Except as otherwise specifically provided in 
this part, a transaction described in subsection (b) is prohibited.
    ``(b) Transactions Described.--A transaction described in this 
subsection is any acquisition, importation, transfer, installation, 
dealing in, or use of any information and communications technology or 
service by any person, or with respect to any property, subject to the 
jurisdiction of the United States, if the Secretary, in consultation 
with the heads of the relevant Federal agencies, has determined that 
the transaction--
            ``(1) involves information and communications technology or 
        services designed, developed, manufactured, or supplied by 
        persons owned by, controlled by, or subject to the jurisdiction 
        or direction of a country of concern; and
            ``(2)(A) poses an undue risk of sabotage to or subversion 
        of the design, integrity, manufacturing, production, 
        distribution, installation, operation, or maintenance of 
        information and communications technology or services in the 
        United States;
            ``(B) poses an undue risk of catastrophic effects on the 
        security or resiliency of United States critical infrastructure 
        or the digital economy of the United States; or
            ``(C) otherwise poses an unacceptable risk to the national 
        security of the United States or the security and safety of 
        United States persons.
    ``(c) Exception for Information and Informational Materials.--The 
prohibition under subsection (a) shall not include a prohibition 
intended to prevent the importation from any country, or the 
exportation to any country, whether commercial or otherwise, of any 
expressive materials, including--
            ``(1) publications, films, posters, photographs, artworks, 
        news wire feeds, digital streaming content, podcasts, social 
        media posts, blogs, online news articles, and other 
        electronically distributed media; and
            ``(2) items and transactions described in section 203(b) of 
        the International Emergency Economic Powers Act (50 U.S.C. 
        1702(b)).
    ``(d) Exception for Open-Source Software.--The prohibition under 
subsection (a) does not include a prohibition on transactions 
specifically intended to provide the public with access to open-source 
software.
    ``(e) Effect on Contracts and Permits.--The prohibition under 
subsection (a) applies notwithstanding any contract entered into or 
license or permit granted before the date of the enactment of this 
part.

``SEC. 1785B. AUTHORIZATION TO PRESCRIBE REGULATIONS WITH RESPECT TO 
              COVERED ICTS TRANSACTIONS AND PERSONS AND JURISDICTIONS 
              OF CONCERN.

    ``If Secretary determines that, for certain classes of covered ICTS 
transactions, the prohibition under subsection (a) of section 1785A may 
not effectively address the undue or unacceptable risks described in 
subsection (b)(2) of that section, the Secretary may--
            ``(1) prescribe regulations that--
                    ``(A) identify particular covered ICTS transactions 
                or persons or jurisdictions of concern that pose such a 
                risk;
                    ``(B) impose mitigation measures and prohibitions 
                to address the risk posed by such transactions, 
                persons, or jurisdictions;
                    ``(C) establish criteria by which particular 
                covered ICTS transactions or particular classes of 
                participants in the covered ICTS transaction supply 
                chain may be recognized as categorically included in or 
                as categorically excluded from mitigation measures or 
                prohibitions imposed under subparagraph (B);
                    ``(D) establish particular classes of covered ICTS 
                transactions or parties to such transactions that are 
                required to abide by such mitigation measures and 
                prohibitions; and
                    ``(E) establish procedures to authorize or license 
                transactions otherwise prohibited pursuant to a 
                regulation prescribed under this section; and
            ``(2) prescribe such other regulations as the Secretary 
        determines to be necessary or appropriate to address the undue 
        or unacceptable risks described in section 1785A(b)(2).

``SEC. 1785C. ADMINISTRATION.

    ``(a) In General.--The head of the Office of Information and 
Communications Technology and Services established under section 1784 
(in this section referred to as the `head of the Office') shall 
administer this part.
    ``(b) Mitigation and Approval of Covered ICTS Transactions.--The 
head of the Office, in consultation with the heads of the relevant 
Federal agencies, may--
            ``(1) design, negotiate, and impose mitigation measures 
        with respect to a covered ICTS transaction; and
            ``(2) approve the transaction if those measures are 
        implemented.
    ``(c) Regulations.--The Secretary, acting through the head of the 
Office, may prescribe regulations to carry out this part.

``SEC. 1785D. JUDICIAL REVIEW.

    ``(a) Exclusive Jurisdiction.--A claim or petition challenging this 
part or any final action or determination under this part may be filed 
only in the United States Court of Appeals for the District of Columbia 
Circuit. Notwithstanding the preceding sentence, the United States 
District Court for the District of Columbia Circuit shall have the 
jurisdiction and power to order and require compliance with any 
subpoena issued under this part.
    ``(b) In Camera and Ex Parte Review.--
            ``(1) In general.--The following information may be 
        included in the administrative record and shall be submitted 
        only to the court ex parte and in camera:
                    ``(A) Sensitive security information, as defined in 
                section 1520.5 of title 49, Code of Federal 
                Regulations.
                    ``(B) Records or information compiled for law 
                enforcement purposes, as described in section 552(b)(7) 
                of title 5, United States Code.
                    ``(C) Classified information, as defined in section 
                1(a) of the Classified Information Procedures Act (18 
                U.S.C. App.).
            ``(2) Treatment of information filed in camera and ex 
        parte.--Any information that is part of the administrative 
        record filed ex parte and in camera under paragraph (1), or 
        cited by the court in any decision, shall be treated by the 
        court consistent with the provisions of this section. In no 
        event shall such information be released to the claimant or 
        petitioner or as part of the public record, or shall the 
        petitioner be permitted to review information submitted to the 
        court ex parte and in camera.
    ``(c) Exclusive Remedy.--A determination by the court under this 
section shall be the exclusive judicial remedy for any claim or 
petition for review challenging this part or any final action or 
determination under this part against the United States, any agency, or 
any component or official of any such agency.
    ``(d) Rule of Construction.--Nothing in this section may be 
construed as limiting, superseding, or preventing the invocation of any 
privileges or defenses that are otherwise available at law or in equity 
to protect against the disclosure of information.
    ``(e) Statute of Limitations.--A challenge to any final action or 
determination under this part may only be brought not later than 180 
days after the date of such an action or determination.

``SEC. 1785E. PENALTIES.

    ``(a) Unlawful Acts.--It shall be unlawful for a person to violate, 
attempt to violate, conspire to violate, or cause a violation of any 
regulation, order, direction, prohibition, or other authorization or 
directive issued under this part.
    ``(b) Criminal Penalties.--A person who willfully commits, 
willfully attempts to commit, or willfully conspires to commit, or aids 
and abets in the commission of an unlawful act described in subsection 
(a)--
            ``(1) shall be fined not more than $1,000,000; and
            ``(2) in the case of the individual, shall be imprisoned 
        for not more than 20 years, or both.
    ``(c) Civil Penalties.--
            ``(1) In general.--The Secretary may impose the following 
        civil penalties on a person for each violation by that person 
        of this part or any regulation, order, or license issued under 
        this part:
                    ``(A) A fine that is the greater of $1,500,000 or 
                an amount that is 5 times the value of the transaction 
                that is the basis of the violation with respect to 
                which the penalty is imposed.
                    ``(B) Revocation of any mitigation measure or 
                authorization issued under this part to the person.
                    ``(C) A prohibition or other restriction on the 
                ability of the person to engage in any covered ICTS 
                transaction.
            ``(2) Inflation.--The fine under paragraph (1)(A) is 
        subject to adjustment pursuant to the Federal Civil Penalties 
        Inflation Adjustment Act of 1990 (Public Law 101-410; 28 U.S.C. 
        2461 note).
            ``(3) Standards for levels of civil penalty.--The Secretary 
        may by regulation provide standards for establishing levels of 
        civil penalty under paragraph (1) based upon factors that 
        include--
                    ``(A) the seriousness of the violation to the 
                national security of the United States;
                    ``(B) the intent or actions of the violator, 
                including any pattern of reckless behavior; and
                    ``(C) any mitigating factors, such as a record of 
                cooperation of the violator with the Federal Government 
                in disclosing the violation.

``SEC. 1785F. RELATIONSHIP TO OTHER LAWS.

    ``(a) Rule of Construction Relating to Other Law.--Nothing in this 
part shall be construed to alter or affect any other authority, 
process, regulation, investigation, enforcement measure, or review 
provided by or established under any other provision of Federal law.
    ``(b) Administrative Procedure Exceptions.--Except with respect to 
a civil penalty imposed pursuant to section 1785E(c), any function 
exercised under this part is not subject to sections 551, 553 through 
559, and 701 through 706 of title 5, United States Code.
    ``(c) Paperwork Reduction Act Exception.--The requirements of 
chapter 35 of title 44, United States Code (commonly referred to as the 
`Paperwork Reduction Act'), shall not apply to any action to implement 
this part.
    ``(d) Defense Production Act of 1950.--
            ``(1) Rule of construction.--Nothing in this part shall 
        prevent or preclude the President or the Committee on Foreign 
        Investment in the United States from exercising any authority 
        under section 721 of the Defense Production Act of 1950 (50 
        U.S.C. 4565) that would be available in the absence of this 
        part.
            ``(2) Coordination of reviews.--The Secretary shall 
        terminate the review of a covered ICTS transaction under this 
        part if--
                    ``(A) the transaction involves the acquisition of 
                ICTS items by a United States person as a party to a 
                transaction authorized under the Defense Production Act 
                of 1950 (50 U.S.C. 4501 et seq.); or
                    ``(B) the Committee on Foreign Investment in the 
                United States is conducting a review or investigation 
                of the transaction under section 721 of the Defense 
                Production Act of 1950 (50 U.S.C. 4565).
    ``(e) Executive Orders 13873 and 14034.--
            ``(1) Rule of construction.--Nothing in this part may be 
        construed as altering any of the authority of the Secretary 
        under Executive Order 13873 (50 U.S.C. 1701 note; relating to 
        securing the information and communications technology and 
        services supply chain) or Executive Order 14034 (50 U.S.C. 1701 
        note; relating to protecting Americans' sensitive data from 
        foreign adversaries).
            ``(2) Continuation in effect.--Any regulation the Secretary 
        prescribed under Executive Order 13873 (50 U.S.C. 1701 note; 
        relating to securing the information and communications 
        technology and services supply chain) or Executive Order 14034 
        (50 U.S.C. 1701 note; relating to protecting Americans' 
        sensitive data from foreign adversaries) before the date of the 
        enactment of this part shall continue in effect on and after 
        such date of enactment.

``SEC. 1785G. AUTHORIZATION OF OTHER ACTIONS.

    ``In carrying out the requirements of this part, the Secretary may 
take any other actions that the Secretary determines to be necessary or 
appropriate, including prescribing new regulations, amending 
regulations, publishing any notices in the Federal Register (including 
with respect to mitigation measures and prohibitions imposed under 
section 1785B), issuing guidance, establishing procedures, revoking or 
amending authorizations, and terminating or amending any determination.

``SEC. 1785H. ANNUAL REPORTS.

    ``Not later than 180 days after the date of the enactment of this 
part, and annually thereafter, the head of the Office of Information 
and Communications Technology and Services shall submit to the 
appropriate congressional committees a report on actions taken to carry 
out this part during the one-year period preceding submission of the 
report.

``SEC. 1785I. TERMINATION.

    ``The prohibition under section 1785A(a) and the requirements of 
and authorities provided by this part terminate on the date that is 5 
years after the date of the enactment of this part.''.
    (b) Conforming Amendment.--Section 1742(13)(A) of the Export 
Control Reform Act of 2018 (50 U.S.C. 4801(13)(A)) is amended, in the 
matter preceding clause (i), by striking ``part I'' and inserting 
``parts I and IV''.
                                 <all>