S4882Referred to Committee

ICTS Supply Chain Security Act of 2026

Share:
Introduced
In Committee
3
Passed One Chamber
4
Passed Both
5
Signed into Law
119th
Congress
2026-06-24
Introduced
1
Cosponsors
S
Type

Sponsor

Tim Scott
Tim Scott
Republican · SC · Senator
Votes with party: 76.4% (826 recorded votes)

Full profile: /officials/S001184

Source: Congress.gov · FEC

Cosponsors (1)

Members who have signed on to support this bill since introduction. Source: Congress.gov.

Latest Action

The most recent step in the bill's legislative path. Committee Activity below shows referrals and reports; the full action-by-action history including floor proceedings lives at Congress.gov →

Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.

2026-06-24

Source: Congress.gov

Committee Activity

Currently in

Plain-English Summary

The bill would strengthen rules around how the U.S. government controls the export of technology and communication services to other countries, with a focus on protecting American supply chains from security risks. It gives federal agencies more authority to review and restrict sales of sensitive tech products and services to foreign buyers, particularly those that could pose national security threats. This would affect technology companies, telecommunications firms, and other businesses that sell products or services internationally.

AI-assisted summary generated from the official bill metadata (title, subjects, actions) sourced from Congress.gov. Cached and reviewed. Always verify against the official text linked below.

Full Bill Text

Verbatim text published on Congress.gov via GovInfo. Use Cmd+F / Ctrl+F to search within this excerpt.

[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4882 Introduced in Senate (IS)] <DOC> 119th CONGRESS 2d Session S. 4882 To amend the Export Control Reform Act of 2018 to provide for the security of information and communications technology and services supply chains, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES June 24, 2026 Mr. Scott of South Carolina (for himself and Mr. Hagerty) introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban Affairs _______________________________________________________________________ A BILL To amend the Export Control Reform Act of 2018 to provide for the security of information and communications technology and services supply chains, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``ICTS Supply Chain Security Act of 2026''. SEC. 2. ASSISTANT SECRETARY OF COMMERCE FOR INFORMATION AND COMMUNICATIONS TECHNOLOGY SUPPLY CHAINS. Part III of the Export Control Reform Act of 2018 (50 U.S.C. 4851 et seq.) is amended-- (1) in the part heading, by striking ``administrative authorities'' and inserting ``organization of bureau of industry and security''; and (2) by adding at the end the following: ``SEC. 1783. ASSISTANT SECRETARY OF COMMERCE FOR INFORMATION AND COMMUNICATIONS TECHNOLOGY SUPPLY CHAINS. ``(a) In General.--The President shall appoint, by and with the advice and consent of the Senate, and in addition to the Assistant Secretaries of Commerce appointed under section 1782, an Assistant Secretary of Commerce for Information and Communications Technology Supply Chains (in this section referred to as the `Assistant Secretary'), who shall report to the Under Secretary of Commerce for Industry and Security. ``(b) Responsibilities.--The Assistant Secretary shall be responsible for overseeing the Office of Information and Communications Technology and Services established by section 1784.''. SEC. 3. OFFICE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES. Part III of the Export Control Reform Act of 2018, as amended by section 2, is further amended by adding at the end the following: ``SEC. 1784. OFFICE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES. ``(a) Establishment.--The Secretary shall establish an Office of Information and Communications Technology and Services (in this section referred to as the `Office') within the Bureau of Industry and Security. ``(b) Organizational Structure.--The head of the Office shall report directly to the Assistant Secretary of Commerce for Information and Communications Technology Supply Chains. ``(c) Duties.--The Office shall-- ``(1) administer part IV; and ``(2) carry out such other duties as the Secretary or the Assistant Secretary of Commerce for Information and Communications Technology Supply Chains may assign. ``(d) Availability of Information to Congress.-- ``(1) In general.--Any information obtained at any time by the Office in carrying out the duties of the Office under subsection (c), including in administering part IV, shall be made available to a committee or subcommittee of Congress of appropriate jurisdiction, upon the request of the chairman or ranking minority member of the committee or subcommittee. ``(2) Prohibition on further disclosure.--No committee or subcommittee referred to in paragraph (1), or any member thereof, may disclose any information made available under paragraph (1) that is submitted on a confidential basis unless the full committee determines that the withholding of that information is contrary to the national interest.''. SEC. 4. SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES SUPPLY CHAINS. (a) In General.--The Export Control Reform Act of 2018, as amended by sections 2 and 3, is further amended by adding at the end the following: ``PART IV--SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND
Show the remaining 2,104 words
SERVICES SUPPLY CHAINS ``SEC. 1785. DEFINITIONS. ``In this part: ``(1) Appropriate congressional committees.--The term `appropriate congressional committees' means the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Foreign Affairs of the House of Representatives. ``(2) Country of concern.--The term `country of concern' means-- ``(A) the People's Republic of China, including the Hong Kong and Macau Special Administrative Regions; ``(B) the Republic of Cuba; ``(C) the Islamic Republic of Iran; ``(D) the Democratic People's Republic of Korea; and ``(E) the Russian Federation. ``(3) Covered icts transaction.--The term `covered ICTS transaction' means any transaction described in section 1785A(b) or a class of such transactions. ``(4) Information and communications technology or services; icts.--The terms `information and communications technology or services' and `ICTS' mean any hardware, software, connected software applications, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including through transmission, storage, or display. ``(5) Open-source software.--The term `open -source software' means software for which the human-readable source code is available in its entirety for use, study, reuse, modification, enhancement, and redistribution by the users of the software. ``SEC. 1785A. PROHIBITION ON TRANSACTIONS THAT THREATEN SECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES SUPPLY CHAINS. ``(a) In General.--Except as otherwise specifically provided in this part, a transaction described in subsection (b) is prohibited. ``(b) Transactions Described.--A transaction described in this subsection is any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service by any person, or with respect to any property, subject to the jurisdiction of the United States, if the Secretary, in consultation with the heads of the relevant Federal agencies, has determined that the transaction-- ``(1) involves information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a country of concern; and ``(2)(A) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States; ``(B) poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or ``(C) otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons. ``(c) Exception for Information and Informational Materials.--The prohibition under subsection (a) shall not include a prohibition intended to prevent the importation from any country, or the exportation to any country, whether commercial or otherwise, of any expressive materials, including-- ``(1) publications, films, posters, photographs, artworks, news wire feeds, digital streaming content, podcasts, social media posts, blogs, online news articles, and other electronically distributed media; and ``(2) items and transactions described in section 203(b) of the International Emergency Economic Powers Act (50 U.S.C. 1702(b)). ``(d) Exception for Open-Source Software.--The prohibition under subsection (a) does not include a prohibition on transactions specifically intended to provide the public with access to open-source software. ``(e) Effect on Contracts and Permits.--The prohibition under subsection (a) applies notwithstanding any contract entered into or license or permit granted before the date of the enactment of this part. ``SEC. 1785B. AUTHORIZATION TO PRESCRIBE REGULATIONS WITH RESPECT TO COVERED ICTS TRANSACTIONS AND PERSONS AND JURISDICTIONS OF CONCERN. ``If Secretary determines that, for certain classes of covered ICTS transactions, the prohibition under subsection (a) of section 1785A may not effectively address the undue or unacceptable risks described in subsection (b)(2) of that section, the Secretary may-- ``(1) prescribe regulations that-- ``(A) identify particular covered ICTS transactions or persons or jurisdictions of concern that pose such a risk; ``(B) impose mitigation measures and prohibitions to address the risk posed by such transactions, persons, or jurisdictions; ``(C) establish criteria by which particular covered ICTS transactions or particular classes of participants in the covered ICTS transaction supply chain may be recognized as categorically included in or as categorically excluded from mitigation measures or prohibitions imposed under subparagraph (B); ``(D) establish particular classes of covered ICTS transactions or parties to such transactions that are required to abide by such mitigation measures and prohibitions; and ``(E) establish procedures to authorize or license transactions otherwise prohibited pursuant to a regulation prescribed under this section; and ``(2) prescribe such other regulations as the Secretary determines to be necessary or appropriate to address the undue or unacceptable risks described in section 1785A(b)(2). ``SEC. 1785C. ADMINISTRATION. ``(a) In General.--The head of the Office of Information and Communications Technology and Services established under section 1784 (in this section referred to as the `head of the Office') shall administer this part. ``(b) Mitigation and Approval of Covered ICTS Transactions.--The head of the Office, in consultation with the heads of the relevant Federal agencies, may-- ``(1) design, negotiate, and impose mitigation measures with respect to a covered ICTS transaction; and ``(2) approve the transaction if those measures are implemented. ``(c) Regulations.--The Secretary, acting through the head of the Office, may prescribe regulations to carry out this part. ``SEC. 1785D. JUDICIAL REVIEW. ``(a) Exclusive Jurisdiction.--A claim or petition challenging this part or any final action or determination under this part may be filed only in the United States Court of Appeals for the District of Columbia Circuit. Notwithstanding the preceding sentence, the United States District Court for the District of Columbia Circuit shall have the jurisdiction and power to order and require compliance with any subpoena issued under this part. ``(b) In Camera and Ex Parte Review.-- ``(1) In general.--The following information may be included in the administrative record and shall be submitted only to the court ex parte and in camera: ``(A) Sensitive security information, as defined in section 1520.5 of title 49, Code of Federal Regulations. ``(B) Records or information compiled for law enforcement purposes, as described in section 552(b)(7) of title 5, United States Code. ``(C) Classified information, as defined in section 1(a) of the Classified Information Procedures Act (18 U.S.C. App.). ``(2) Treatment of information filed in camera and ex parte.--Any information that is part of the administrative record filed ex parte and in camera under paragraph (1), or cited by the court in any decision, shall be treated by the court consistent with the provisions of this section. In no event shall such information be released to the claimant or petitioner or as part of the public record, or shall the petitioner be permitted to review information submitted to the court ex parte and in camera. ``(c) Exclusive Remedy.--A determination by the court under this section shall be the exclusive judicial remedy for any claim or petition for review challenging this part or any final action or determination under this part against the United States, any agency, or any component or official of any such agency. ``(d) Rule of Construction.--Nothing in this section may be construed as limiting, superseding, or preventing the invocation of any privileges or defenses that are otherwise available at law or in equity to protect against the disclosure of information. ``(e) Statute of Limitations.--A challenge to any final action or determination under this part may only be brought not later than 180 days after the date of such an action or determination. ``SEC. 1785E. PENALTIES. ``(a) Unlawful Acts.--It shall be unlawful for a person to violate, attempt to violate, conspire to violate, or cause a violation of any regulation, order, direction, prohibition, or other authorization or directive issued under this part. ``(b) Criminal Penalties.--A person who willfully commits, willfully attempts to commit, or willfully conspires to commit, or aids and abets in the commission of an unlawful act described in subsection (a)-- ``(1) shall be fined not more than $1,000,000; and ``(2) in the case of the individual, shall be imprisoned for not more than 20 years, or both. ``(c) Civil Penalties.-- ``(1) In general.--The Secretary may impose the following civil penalties on a person for each violation by that person of this part or any regulation, order, or license issued under this part: ``(A) A fine that is the greater of $1,500,000 or an amount that is 5 times the value of the transaction that is the basis of the violation with respect to which the penalty is imposed. ``(B) Revocation of any mitigation measure or authorization issued under this part to the person. ``(C) A prohibition or other restriction on the ability of the person to engage in any covered ICTS transaction. ``(2) Inflation.--The fine under paragraph (1)(A) is subject to adjustment pursuant to the Federal Civil Penalties Inflation Adjustment Act of 1990 (Public Law 101-410; 28 U.S.C. 2461 note). ``(3) Standards for levels of civil penalty.--The Secretary may by regulation provide standards for establishing levels of civil penalty under paragraph (1) based upon factors that include-- ``(A) the seriousness of the violation to the national security of the United States; ``(B) the intent or actions of the violator, including any pattern of reckless behavior; and ``(C) any mitigating factors, such as a record of cooperation of the violator with the Federal Government in disclosing the violation. ``SEC. 1785F. RELATIONSHIP TO OTHER LAWS. ``(a) Rule of Construction Relating to Other Law.--Nothing in this part shall be construed to alter or affect any other authority, process, regulation, investigation, enforcement measure, or review provided by or established under any other provision of Federal law. ``(b) Administrative Procedure Exceptions.--Except with respect to a civil penalty imposed pursuant to section 1785E(c), any function exercised under this part is not subject to sections 551, 553 through 559, and 701 through 706 of title 5, United States Code. ``(c) Paperwork Reduction Act Exception.--The requirements of chapter 35 of title 44, United States Code (commonly referred to as the `Paperwork Reduction Act'), shall not apply to any action to implement this part. ``(d) Defense Production Act of 1950.-- ``(1) Rule of construction.--Nothing in this part shall prevent or preclude the President or the Committee on Foreign Investment in the United States from exercising any authority under section 721 of the Defense Production Act of 1950 (50 U.S.C. 4565) that would be available in the absence of this part. ``(2) Coordination of reviews.--The Secretary shall terminate the review of a covered ICTS transaction under this part if-- ``(A) the transaction involves the acquisition of ICTS items by a United States person as a party to a transaction authorized under the Defense Production Act of 1950 (50 U.S.C. 4501 et seq.); or ``(B) the Committee on Foreign Investment in the United States is conducting a review or investigation of the transaction under section 721 of the Defense Production Act of 1950 (50 U.S.C. 4565). ``(e) Executive Orders 13873 and 14034.-- ``(1) Rule of construction.--Nothing in this part may be construed as altering any of the authority of the Secretary under Executive Order 13873 (50 U.S.C. 1701 note; relating to securing the information and communications technology and services supply chain) or Executive Order 14034 (50 U.S.C. 1701 note; relating to protecting Americans' sensitive data from foreign adversaries). ``(2) Continuation in effect.--Any regulation the Secretary prescribed under Executive Order 13873 (50 U.S.C. 1701 note; relating to securing the information and communications technology and services supply chain) or Executive Order 14034 (50 U.S.C. 1701 note; relating to protecting Americans' sensitive data from foreign adversaries) before the date of the enactment of this part shall continue in effect on and after such date of enactment. ``SEC. 1785G. AUTHORIZATION OF OTHER ACTIONS. ``In carrying out the requirements of this part, the Secretary may take any other actions that the Secretary determines to be necessary or appropriate, including prescribing new regulations, amending regulations, publishing any notices in the Federal Register (including with respect to mitigation measures and prohibitions imposed under section 1785B), issuing guidance, establishing procedures, revoking or amending authorizations, and terminating or amending any determination. ``SEC. 1785H. ANNUAL REPORTS. ``Not later than 180 days after the date of the enactment of this part, and annually thereafter, the head of the Office of Information and Communications Technology and Services shall submit to the appropriate congressional committees a report on actions taken to carry out this part during the one-year period preceding submission of the report. ``SEC. 1785I. TERMINATION. ``The prohibition under section 1785A(a) and the requirements of and authorities provided by this part terminate on the date that is 5 years after the date of the enactment of this part.''. (b) Conforming Amendment.--Section 1742(13)(A) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(13)(A)) is amended, in the matter preceding clause (i), by striking ``part I'' and inserting ``parts I and IV''. <all>