New Bill Gives Commerce Dept. Power to Ban Cars with Tech from China, Russia Over Security Risks

The Connected Vehicle National Security Review Act is setting up a new security checkpoint for the cars we drive. This bill creates the Office of Information and Communications Technology and Services (ICTS) within the Department of Commerce. Its core mission is to review and potentially prohibit any deal—a “covered transaction”—involving connected vehicles that use technology (ICTS) made by or controlled by a "Jurisdiction of Concern." Those jurisdictions are specifically named: China, Russia, Iran, and North Korea. The goal is to stop “undue risk” to U.S. critical infrastructure or the digital economy before it hits the road.

The New Auto Security Checkpoint

Think about your car today: it’s essentially a mobile computer. This bill focuses on that connectivity. A “connected vehicle” is defined as any car or truck on public roads that uses networked hardware and software to communicate wirelessly. If a car manufacturer uses, say, a specific cellular module or software component sourced from one of the named countries, that component could trigger a “covered transaction” review. The Secretary of Commerce can then step in, investigate, and decide if that component poses an undue risk—meaning a serious chance of sabotage or catastrophic effect on U.S. systems (SEC. 2).

What “Undue Risk” Means for Your Next Car

For the average person buying a new vehicle, this bill aims to make sure the tech inside isn't a national security liability. If the Commerce Department finds a risky component—say, a navigation system or even an engine management chip tied to China or Russia—they have two options: mitigate the risk or prohibit the transaction entirely. Mitigation could mean forcing the automaker to remove or replace the suspicious hardware. Prohibition means that specific component, or even the entire vehicle model relying on it, could be barred from U.S. roads or sales. This is a big deal for the global auto supply chain, which relies heavily on parts from all over the world. Automakers will have to prove their components are clean, adding a layer of compliance that could impact vehicle costs and availability.

Big Stick Enforcement: Subpoenas and Serious Penalties

To enforce these rules, the Secretary of Commerce is getting some serious muscle. The new office can force anyone under U.S. jurisdiction to provide detailed information under oath, issue subpoenas, and conduct full investigations. If you’re a business owner involved in a covered transaction, you could be compelled to testify or hand over documents. The penalties for non-compliance are severe: willful violations can result in criminal penalties of up to $1,000,000 and 20 years in prison, plus civil penalties that can be the greater of $250,000 or twice the value of the transaction (SEC. 2). That’s not a slap on the wrist; that’s a full-on federal crackdown, meant to ensure compliance.

The Catch: Limited Transparency and Judicial Review

While the goal of securing critical infrastructure is clear, the bill grants the Commerce Department broad discretion. The term “Undue Risk” is inherently subjective, giving the Secretary vast power to define what is and isn't safe. Furthermore, any legal challenge to a decision made under this new law must go exclusively to the U.S. Court of Appeals for the District of Columbia Circuit. Here’s the key part: when the court reviews the case, the government can submit sensitive information, like classified intelligence, ex parte (without the claimant present) and in camera (privately by the judge). That classified information can never become part of the public record (SEC. 2). This means a company could be banned from using a critical piece of technology based on evidence they never get to see or challenge directly, limiting transparency in the judicial process.