The RESTRICT Act
What is the RESTRICT Act?
The “Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act” (the RESTRICT Act) requires federal actions to identify and mitigate foreign threats to information and communications technology (ICT) products and services (e.g., social media applications). It also establishes civil and criminal penalties for violations under the bill.
The US Department of Commerce must identify, deter, disrupt, prevent, prohibit, investigate, and mitigate transactions involving ICT products and services in which any foreign adversary has any interest, and that pose an undue or unacceptable risk to U.S. national security or the safety of U.S. persons.
The US Department of Commerce may designate any foreign government or regime as a foreign adversary upon a determination that the foreign government or regime is engaged in a long-term pattern or serious instances of conduct significantly adverse to U.S. national security or the security and safety of U.S. persons, and remove such a designation. Commerce must notify Congress before making or removing a designation; these actions are subject to congressional disapproval.
Breaking news and deadlines.
Mar 07 2023 - Introduced in Senate.
U.S. Sens. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, and John Thune (R-SD), ranking member of the Commerce Committee’s Subcommittee on Communications, Media and Broadband, led a group of 12 bipartisan senators to introduce the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act, legislation that will comprehensively address the ongoing threat posed by technology from foreign adversaries by better empowering the Department of Commerce to review, prevent, and mitigate information communications and technology transactions that pose undue risk to our national security.
“Today, the threat that everyone is talking about is TikTok, and how it could enable surveillance by the Chinese Communist Party, or facilitate the spread of malign influence campaigns in the U.S. Before TikTok, however, it was Huawei and ZTE, which threatened our nation’s telecommunications networks. And before that, it was Russia’s Kaspersky Lab, which threatened the security of government and corporate devices,” said Sen. Warner. “We need a comprehensive, risk-based approach that proactively tackles sources of potentially dangerous technology before they gain a foothold in America, so we aren’t playing Whac-A-Mole and scrambling to catch up once they’re already ubiquitous.”
“Congress needs to stop taking a piecemeal approach when it comes to technology from adversarial nations that pose national security risks,” said Sen. Thune. “Our country needs a process in place to address these risks, which is why I’m pleased to work with Senator Warner to establish a holistic, methodical approach to address the threats posed by technology platforms – like TikTok – from foreign adversaries. This bipartisan legislation would take a necessary step to ensure consumers’ information and our communications technology infrastructure is secure.”
The RESTRICT Act establishes a risk-based process, tailored to the rapidly changing technology and threat environment, by directing the Department of Commerce to identify and mitigate foreign threats to information and communications technology products and services.
In addition to Sens. Warner and Thune, the legislation is co-sponsored by Sens. Tammy Baldwin (D-WI), Deb Fischer (R-NE), Joe Manchin (D-WV), Jerry Moran (R-KS), Michael Bennet (D-CO), Dan Sullivan (R-AK), Kirsten Gillibrand (D-NY), Susan Collins (R-ME), Martin Heinrich (D-NM), and Mitt Romney (R-UT).
The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act would:
- Require the Secretary of Commerce to establish procedures to identify, deter, disrupt, prevent, prohibit, and mitigate transactions involving information and communications technology products in which any foreign adversary has any interest and poses undue or unacceptable risk to national security;
- Prioritize evaluation of information communications and technology products used in critical infrastructure, integral to telecommunications products, or pertaining to a range of defined emerging, foundational, and disruptive technologies with serious national security implications; Ensure comprehensive actions to address risks of untrusted foreign information communications and technology products by requiring the Secretary to take up consideration of concerning activity identified by other government entities;
- Educate the public and business community about the threat by requiring the Secretary of Commerce to coordinate with the Director of National Intelligence to provide declassified information on how transactions denied or otherwise mitigated posed undue or unacceptable risk.
“We need to protect Americans’ data and keep our country safe against today and tomorrow’s threats. While many of these foreign-owned technology products and social media platforms like TikTok are extremely popular, we also know these products can pose a grave danger to Wisconsin’s users and threaten our national security,” said Sen. Baldwin. “This bipartisan legislation will empower us to respond to our fast-changing environment – giving the United States the tools it needs to assess and act on current and future threats that foreign-owned technologies pose to Wisconsinites and our national security.”
“There are a host of dangerous technology platforms – including TikTok – that can be manipulated by China and other foreign adversaries to threaten U.S. national security and abuse Americans’ personal data. I’m proud to join Senator Warner in introducing bipartisan legislation that would put an end to disjointed interagency responses and strengthen the federal government’s ability to counter these digital threats,” said Sen. Fischer.
“Over the past several years, foreign adversaries of the United States have encroached on American markets through technology products that steal sensitive location and identifying information of U.S. citizens, including social media platforms like TikTok. This dangerous new internet infrastructure poses serious risks to our nation’s economic and national security,” said Sen. Manchin. “I’m proud to introduce the bipartisan RESTRICT ACT, which will empower the Department of Commerce to adopt a comprehensive approach to evaluating and mitigating these threats posed by technology products. As Chairman of the Senate Armed Services Subcommittee on Cybersecurity, I will continue working with my colleagues on both sides of the aisle to get this critical legislation across the finish line.”
“Foreign adversaries are increasingly using products and services to collect information on American citizens, posing a threat to our national security,” said Sen. Moran. “This legislation would give the Department of Commerce the authority to help prevent adversarial governments from introducing harmful products and services in the U.S., providing us the long-term tools necessary to combat the infiltration of our information and communications systems. The government needs to be vigilant against these threats, but a comprehensive data privacy law is needed to ensure Americans are able to control who accesses their data and for what purpose.”
“We shouldn’t let any company subject to the Chinese Communist Party’s dictates collect data on a third of our population – and while TikTok is just the latest example, it won’t be the last. The federal government can’t continue to address new foreign technology from adversarial nations in a one-off manner; we need a strategic, enduring mechanism to protect Americans and our national security. I look forward to working in a bipartisan way with my colleagues on the Senate Select Intelligence Committee to send this bill to the floor,” said Sen. Bennet.
“Our modern economy, communication networks, and military rely on a range of information communication technologies. Unfortunately, some of these technology products pose a serious risk to our national security,” said Sen. Gillibrand. “The RESTRICT Act will address this risk by empowering the Secretary of Commerce to carefully evaluate these products and ensure that they do not endanger our critical infrastructure or undermine our democratic processes.”
“China’s brazen incursion of our airspace with a sophisticated spy balloon was only the most recent and highly visible example of its aggressive surveillance that has targeted our country for years. Through hardware exports, malicious software, and other clandestine means, China has sought to steal information in an attempt to gain a military and economic edge,” said Sen. Collins. “Rather than taking a piecemeal approach to these hostile acts and reacting to each threat individually, our legislation would create a wholistic, government-wide response to proactively defend against surveillance attempts by China and other adversaries. This will directly improve our national security as well as safeguard Americans’ personal information and our nation’s vital intellectual property.”
"Cybersecurity is one of the most serious economic and national security challenges we face as a nation. The future of conflict is moving further away from the battlefield and closer to the devices and the networks everyone increasingly depends on. We need a systemic approach to addressing potential threats posed by technology from foreign adversaries. This bill provides that approach by authorizing the Administration to review and restrict apps and services that pose a risk to Americans’ data security. I will continue to push for technology defenses that the American people want and deserve to keep our country both safe and free,” said Sen. Heinrich.
“The Chinese Communist Party is engaged in a multi-generational, multi-faceted, and systematic campaign to replace the United States as the world’s superpower. One tool at its disposal—the ability to force social media companies headquartered in China, like TikTok’s parent company, to hand over the data it collects on users,” said Sen. Romney. “Our adversaries—countries like China, Russia, Iran—are increasingly using technology products to spy on Americans and discover vulnerabilities in our communications infrastructure, which can then be exploited. The United States must take stronger action to safeguard our national security against the threat technology products pose and this legislation is a strong step in that direction.”
The White House - Statement from National Security Advisor Jake Sullivan on the Introduction of the RESTRICT Act.
We applaud the bipartisan group of Senators, led by Senators Warner and Thune, who today introduced the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act. This legislation would empower the United States government to prevent certain foreign governments from exploiting technology services operating in the United States in a way that poses risks to Americans’ sensitive data and our national security.
The information and communications technology products and services supply chain is integral to the lives of Americans and the functioning of U.S. businesses. This bill presents a systematic framework for addressing technology-based threats to the security and safety of Americans. This legislation would provide the U.S. government with new mechanisms to mitigate the national security risks posed by high-risk technology businesses operating in the United States. Critically, it would strengthen our ability to address discrete risks posed by individual transactions, and systemic risks posed by certain classes of transactions involving countries of concern in sensitive technology sectors. This will help us address the threats we face today, and also prevent such risks from arising in the future.
We look forward to continue working with both Democrats and Republicans on this bill, and urge Congress to act quickly to send it to the President’s desk.
SEC. 11. PENALTIES.
(a) Unlawful Acts.—
(1) IN GENERAL.—It shall be unlawful for a person to violate, attempt to violate, conspire to violate, or cause a violation of any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act, including any of the unlawful acts described in paragraph (2).
(2) SPECIFIC UNLAWFUL ACTS.—The unlawful acts described in this paragraph are the following:
(A) No person may engage in any conduct prohibited by or contrary to, or refrain from engaging in any conduct required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(B) No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act.
(C) No person may solicit or attempt a violation of any regulation, order, direction, mitigation measure, prohibition, or authorization or directive issued under this Act.
(D) No person may conspire or act in concert with 1 or more other person in any manner or for any purpose to bring about or to do any act that constitutes a violation of any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(E) No person may, whether directly or indirectly through any other person, make any false or misleading representation, statement, or certification, or falsify or conceal any material fact, to the Department of Commerce or any official of any other executive department or agency—
(i) in the course of an investigation or other action subject to this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder; or
(ii) in connection with the preparation, submission, issuance, use, or maintenance of any report filed or required to be filed pursuant to this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(F) No person may engage in any transaction or take any other action with intent to evade the provisions of this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(G) No person may fail or refuse to comply with any reporting or recordkeeping requirement of this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(H) Except as specifically authorized in this subchapter, any regulation, order, direction, mitigation measure, or other authorization or directive issued thereunder or in writing by the Department of Commerce, no person may alter any order, direction, mitigation measure, or other authorization or directive issued under this Act or any related regulation.
(3) ADDITIONAL REQUIREMENTS.—
(A) CONTINUATION OF EFFECT.—For purposes of paragraph (2)(E), any representation, statement, or certification made by any person shall be deemed to be continuing in effect until the person notifies the Department of Commerce or relevant executive department or agency in accordance with subparagraph (B).
(B) NOTIFICATION.—Any person who makes a representation, statement, or certification to the Department of Commerce or any official of any other executive department or agency relating to any order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act shall notify the Department of Commerce or the relevant executive department or agency, in writing, of any change of any material fact or intention from that previously represented, stated, or certified, immediately upon receipt of any information that would lead a reasonably prudent person to know that a change of material fact or intention had occurred or may occur in the future.
(b) Civil Penalties.—The Secretary may impose the following civil penalties on a person for each violation by that person of this Act or any regulation, order, direction, mitigation measure, prohibition, or other authorization issued under this Act:
(1) A fine of not more than $250,000 or an amount that is twice the value of the transaction that is the basis of the violation with respect to which the penalty is imposed, whichever is greater.
(2) Revocation of any mitigation measure or authorization issued under this Act to the person.
(c) Criminal Penalties.—
(1) IN GENERAL.—A person who willfully commits, willfully attempts to commit, or willfully conspires to commit, or aids or abets in the commission of an unlawful act described in subsection (a) shall, upon conviction, be fined not more than $1,000,000, or if a natural person, may be imprisoned for not more than 20 years, or both.
(2) CIVIL FORFEITURE.—
(A) FORFEITURE.—
(i) IN GENERAL.—Any property, real or personal, tangible or intangible, used or intended to be used, in any manner, to commit or facilitate a violation or attempted violation described in paragraph (1) shall be subject to forfeiture to the United States.
(ii) PROCEEDS.—Any property, real or personal, tangible or intangible, constituting or traceable to the gross proceeds taken, obtained, or retained, in connection with or as a result of a violation or attempted violation described in paragraph (1) shall be subject to forfeiture to the United States.
(B) PROCEDURE.—Seizures and forfeitures under this subsection shall be governed by the provisions of chapter 46 of title 18, United States Code, relating to civil forfeitures, except that such duties as are imposed on the Secretary of Treasury under the customs laws described in section 981(d) of title 18, United States Code, shall be performed by such officers, agents, and other persons as may be designated for that purpose by the Secretary of Homeland Security or the Attorney General.
(3) CRIMINAL FORFEITURE.—
(A) FORFEITURE.—Any person who is convicted under paragraph (1) shall, in addition to any other penalty, forfeit to the United States—
(i) any property, real or personal, tangible or intangible, used or intended to be used, in any manner, to commit or facilitate the violation or attempted violation of paragraph (1); and
(ii) any property, real or personal, tangible or intangible, constituting or traceable to the gross proceeds taken, obtained, or retained, in connection with or as a result of the violation.
(B) PROCEDURE.—The criminal forfeiture of property under this paragraph, including any seizure and disposition of the property, and any related judicial proceeding, shall be governed by the provisions of section 413 of the Controlled Substances Act (21 U.S.C. 853), except subsections (a) and (d) of that section.
Contact us
Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: https://www.cyber-risk-gmbh.com
The RESTRICT Act, news and alerts
This website belongs to Cyber Risk GmbH (established in Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). We are carefully monitoring the new legal and regulatory obligations that are connected with the RESTRICT Act. We understand the challenges and opportunities, update our training programs accordingly, and inform our clients and recipients of our monthly newsletter. For news and developments you can receive our monthly newsletter at no cost (you may visit Cyber Risk GmbH, Reading Room, links at the top of the page). You may also visit this web site.
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.