S. 4882: ICTS Supply Chain Security Act of 2026
This bill would create a new federal framework for reviewing and restricting certain information and communications technology and services, often called ICTS, when those products or services are tied to countries the U.S. government considers a “country of concern.”
What the bill sets up
The bill would require the President to appoint a new Assistant Secretary of Commerce for Information and Communications Technology Supply Chains, and it would create a new office inside the Commerce Department’s Bureau of Industry and Security to handle these issues. That office would be responsible for carrying out the new rules, and its head would report to the new Assistant Secretary.
What kinds of transactions could be blocked
The bill would generally prohibit certain U.S.-linked transactions involving ICTS if the Commerce Secretary, working with other agencies, determines that the transaction involves technology or services designed, developed, manufactured, or supplied by people or companies owned, controlled by, or subject to the direction of a country of concern, and that the transaction creates an undue or unacceptable risk. The kinds of risks listed include:
- sabotage or interference with the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of ICTS in the United States;
- serious harm to U.S. critical infrastructure or the digital economy; or
- other national security or public safety risks.
The bill defines “country of concern” as:
- China, including Hong Kong and Macau;
- Cuba;
- Iran;
- North Korea; and
- Russia.
It defines ICTS broadly to include hardware, software, connected applications, and other products or services mainly used for data processing, storage, retrieval, or electronic communication.
How the restrictions would work
If a transaction is covered, the Secretary of Commerce could also issue regulations to:
- identify specific transactions, persons, or jurisdictions that pose risks;
- impose mitigation measures or bans;
- set rules for when transactions are automatically included or excluded from restrictions;
- require certain classes of transactions or participants to follow those rules; and
- create licensing or authorization procedures for otherwise prohibited transactions.
The head of the new office could negotiate mitigation measures and approve a transaction if those measures are adopted.
Exceptions
The bill says the restrictions would not be intended to block expressive or informational materials, such as publications, films, photographs, news, online articles, blogs, podcasts, social media posts, and other similar media. It also would not block transactions specifically intended to give the public access to open-source software.
It also says the new rules would apply even if a contract, license, or permit was already in place before the law took effect.
Review, secrecy, and enforcement
The bill would limit legal challenges to the U.S. Court of Appeals for the D.C. Circuit, with certain subpoena issues handled in federal district court in D.C. Some information could be reviewed by the court privately and not shared with the challenger if it involves sensitive security, law enforcement, or classified information.
Violating the new rules would be unlawful. Willful violations could lead to criminal penalties, including fines of up to $1 million and, for individuals, up to 20 years in prison. Civil penalties could include fines of at least $1.5 million or up to five times the value of the transaction, plus revocation of approvals or broader restrictions on future covered transactions.
Relationship to existing authority
The bill would not change other federal authorities, including the President’s and CFIUS’s authority under the Defense Production Act. It says the Commerce Secretary should stop reviewing a transaction under this part if the transaction is already being handled under the Defense Production Act or by CFIUS.
It also states that existing regulations issued under Executive Orders 13873 and 14034 would continue in effect.
Duration
The new prohibition, rules, and authorities created by this part would expire five years after enactment.
Relevant Companies
- DELL - Could be affected if products, components, or services in its supply chain are found to involve covered ICTS from a country of concern.
- HPQ - May face added restrictions or compliance requirements for ICT hardware and services sourcing.
- CSCO - Network and communications equipment businesses could be affected by supply-chain restrictions or approvals.
- NVDA - Could be indirectly affected if supply-chain or distribution relationships involve covered technology or jurisdictions.
- ORCL - Cloud, software, and enterprise services with global technology supply chains may face review or mitigation obligations.
- CRM - Software and connected services could be impacted if any covered ICTS transactions are identified in its supply chain or operations.
- MU - Semiconductor supply-chain and sourcing arrangements could be subject to additional restrictions or scrutiny.
This is an AI-generated summary of the bill text. There may be mistakes.
Sponsors
2 bill sponsors
Actions
2 actions
| Date | Action |
|---|---|
| Jun. 24, 2026 | Introduced in Senate |
| Jun. 24, 2026 | Read twice and referred to the Committee on Banking, Housing, and Urban Affairs. |
Corporate Lobbying
0 companies lobbying
None found.
* Note that there can be significant delays in lobbying disclosures, and our data may be incomplete.