New Tech Security Office Gets Power to Ban Foreign Tech Deals, Backed by $1M Fines and 20-Year Prison Sentences

This bill, the Information and Communications Technology and Services National Security Review Act, creates a powerful new office inside the Department of Commerce. Its mission is simple: find and stop tech deals that pose an “undue risk” to U.S. national security, critical infrastructure, or the digital economy. The key targets are transactions involving Information and Communications Technology and Services (ICTS) developed by or linked to specific “jurisdictions of concern,” which the bill names as China, Russia, Iran, and North Korea.

The New Tech Cop on the Block

Think of this new Office of Information and Communications Technology and Services as a specialized cyber-traffic cop with serious muscle. The bill gives the Secretary of Commerce, acting through this office, the authority to investigate any “covered transaction” that crosses their desk. If you’re a business owner or executive involved in a deal that uses tech from, say, a Chinese supplier, the Secretary can demand that you provide every piece of information about that deal, under oath, even if the deal is already done. This is a massive expansion of investigative power aimed squarely at securing the supply chain.

If the office finds that a transaction poses an “undue risk”—which means anything from potential sabotage to catastrophic effects on U.S. critical infrastructure—they have two options. They can mitigate the risk by imposing specific conditions, like requiring certain hardware or software components be removed, or they can outright prohibit the transaction. This is a big deal for any company that relies on global supply chains for their IT infrastructure, manufacturing equipment, or specialized software, as their foreign partnerships could be halted or severely restructured by a government order.

The Real-World Cost of Compliance

For the busy person running a business or managing IT, the most significant part of this bill is the enforcement section. The penalties for violating a rule or prohibition issued by this new office are severe. If you willfully violate these rules, you could face a criminal fine of up to $1,000,000 for each violation, up to 20 years in prison, or both. Even civil penalties are steep, set at the greater of $250,000 or twice the value of the transaction involved.

This means that if your company accidentally uses a piece of equipment that the Commerce Department later deems a national security threat and bans, the risk isn't just a regulatory slap on the wrist—it’s potentially bankruptcy-level fines and jail time for the people responsible. While the intent is clearly to deter bad actors, the high stakes raise the compliance burden significantly for every company that sources technology internationally. Businesses will need to invest heavily in due diligence to vet every component and vendor that touches a designated jurisdiction, even if it’s several layers deep in their supply chain.

Intelligence Meets Commerce

The bill tries to ground these decisions in solid intelligence. It mandates that the Director of National Intelligence (DNI) must provide an annual risk assessment detailing the threats posed by these foreign entities and jurisdictions. This assessment is supposed to give the Commerce Department clear criteria for evaluating national security risks. In theory, this should ensure that the new office is targeting genuine threats and not just engaging in political theater. However, the bill also allows courts to review sensitive or classified information in camera (privately, without the claimant present) if a decision is challenged. While this protects national security secrets, it also means that a company fighting a ban might not get to see the full evidence used against them in court, limiting transparency during the judicial review process.