Summary

Requires the Secretary of Commerce to study and report to Congress on national security risks posed by apps controlled by foreign adversaries that can operate high‑wattage Internet‑of‑Things (IoT) home devices. It directs federal agencies to collect public and industry input, assess vulnerabilities to the electric grid and other critical infrastructure, and recommend mitigation steps within 270 days of enactment. Also defines key terms (like “high‑wattage IoT device,” “foreign adversary,” and “covered entity”) to clarify the scope of the study, and incorporates the text of Executive Order 13873 into federal law as of the Act’s effective date.

Key Points

• Directs the Secretary of Commerce to study and report on national security risks from foreign‑adversary‑controlled apps that can operate high‑wattage home IoT devices.
• Requires the Commerce report to assess grid and other critical infrastructure risks and to recommend mitigation measures, with a 270‑day deadline after enactment.
• Establishes statutory definitions for key terms (e.g., “high‑wattage IoT device,” “foreign adversary‑controlled application”) to clarify coverage.
• Calls for public and industry input and interagency consultation to inform the risk assessment and recommendations.
• Makes the text of Executive Order 13873 part of federal law and requires the Archivist to include the EO text as an appendix in official publication.
• Focuses on appliances that can create synchronized, large‑scale power demand changes (EV chargers, smart HVAC, water heaters, ovens, dryers).
• The report must address technical attack vectors, deployment mapping, potential operational impacts (frequency imbalance, cascading failures), and remediation options.
• Does not itself impose regulatory sanctions, procurements, or funding; it centers on assessment and recommendations.
• Codifying the Executive Order embeds an existing executive policy tool into statute, which could influence future enforcement or policy actions.

Categories & Tags