This bill creates a new office inside the Department of Commerce to guard U.S. tech systems from foreign risks. The office will review certain tech-related deals and supply chains and can demand information, investigate, set cybersecurity conditions, force risky parts or software to be removed, or block a deal if the risk can’t be fixed . Existing rules that protect the tech supply chain stay in place, and the office can update or add new rules as needed . The Director of National Intelligence must provide regular risk reports to help target the highest‑risk companies, countries, and transactions . A technical advisory committee with industry and academic experts will also advise the office .

If a company breaks the rules, it can face steep fines, lose approvals, be barred from certain deals, and in serious cases face criminal penalties, including fines up to $1 million and up to 20 years in prison . The Commerce Department and the Justice Department can subpoena records, go to court to enforce orders, and take other actions to protect U.S. networks and data; sensitive information submitted to the government will be kept confidential as required by law .