Sponsors
The bill strengthens U.S. cybersecurity and grid resilience against foreign-adversary-controlled IoT risks and clarifies agency authority, at the cost of increased compliance burdens, potential supply‑chain disruption, and expanded federal enforcement discretion.
Homeowners, utilities, and grid operators gain reduced risk of coordinated demand-manipulation attacks and improved power-grid resilience through federal risk assessments and coordinated mitigation steps.
Federal agencies, regulators, and critical-infrastructure providers get clearer statutory authority and uniform definitions (e.g., foreign-adversary-controlled apps, >500W 'high-wattage' IoT devices) to identify risks and take targeted cybersecurity actions.
Companies, contractors, and agencies benefit from making existing executive-branch cybersecurity measures permanent and clearer, reducing some legal uncertainty about supply‑chain compliance for federal contracting.
Manufacturers, importers, small businesses, and ultimately consumers (homeowners, taxpayers) could face higher costs as firms comply with new labeling, certification, procurement limits, or other regulatory requirements.
Homeowners, utilities, and federal buyers could experience supply-chain disruptions and reduced device availability (and higher prices) if measures target companies tied to specific foreign jurisdictions or impose transaction/procurement limits.
Tech firms, federal agencies, and contractors face increased regulatory uncertainty and concentrated enforcement risk because the bill grants discretionary authority (e.g., to the Secretary of Commerce) and could expand federal oversight of commercial IoT products.
Based on analysis of 5 sections of legislative text.
Requires a Commerce-led report on risks from foreign-adversary-controlled apps that can operate high-wattage IoT appliances, recommends mitigations, and enacts Executive Order 13873 into law.
Introduced July 31, 2025 by Richard Lynn Scott · Last progress July 31, 2025
Requires the Commerce Department, working with other federal officials, to assess and report within 270 days on national-security risks from apps controlled by foreign-adversary entities that can operate or control high-wattage Internet-connected appliances (devices over 500 watts). The report must describe risks to the electric grid, gather stakeholder input, and recommend mitigations such as applying existing supply-chain authorities to IoT devices, restricting federal procurement, and creating certification or labeling for such devices. Also converts a prior executive order on securing information and communications technology supply chains into permanent federal law as of enactment and directs the Archivist to publish that text with the Act.