Sponsors
Last progress July 31, 2025 (6 months ago)
Introduced on July 31, 2025 by Richard Lynn Scott
Requires the Secretary of Commerce to study and report to Congress on national security risks posed by apps controlled by foreign adversaries that can operate high‑wattage Internet‑of‑Things (IoT) home devices. It directs federal agencies to collect public and industry input, assess vulnerabilities to the electric grid and other critical infrastructure, and recommend mitigation steps within 270 days of enactment. Also defines key terms (like “high‑wattage IoT device,” “foreign adversary,” and “covered entity”) to clarify the scope of the study, and incorporates the text of Executive Order 13873 into federal law as of the Act’s effective date.
The rapid proliferation of high‑wattage IoT devices (examples: electric vehicle chargers, clothes dryers, smart air conditioners, water heaters, ovens, and similar appliances) has dramatically increased the number of connected devices in households in the United States.
Smart appliance applications and software platforms increasingly serve as remote control interfaces; when those applications and software platforms originate from companies operating under the jurisdiction or direction of foreign adversaries, they offer a pathway for large‑scale, coordinated manipulation of power demand, threatening grid stability.
In certain foreign adversary jurisdictions, particularly the People’s Republic of China, private companies are subject to formal political oversight through mechanisms such as embedded Chinese Communist Party committees and executive‑level Chinese Communist Party leadership.
Those arrangements (political oversight mechanisms described) blur the lines between commercial activity and state‑directed strategic interests.
The 2017 Cybersecurity Law of the People’s Republic of China (commonly referred to as the Chinese Cybersecurity Law) mandates that Chinese companies store customer data domestically and grant Chinese state authorities broad access to those data.
PROTECT the Grid Act
Updated 3 hours ago
Last progress January 22, 2026 (1 month ago)
Who is affected and how:
Grid operators and electric utilities: Directly affected because the law focuses on risks to grid stability from large numbers of networked, high‑wattage devices in homes. The Commerce report will shape recommended mitigations that utilities and grid operators may need to adopt, such as new operational protocols, demand‑response rules, threat monitoring, or technical controls.
Consumers and households: Owners of EV chargers, smart HVAC systems, connected water heaters, ovens, and other high‑wattage smart appliances could face new guidance, device restrictions, or recommendations to update firmware, change default settings, or avoid certain apps tied to specified foreign entities. The law itself does not ban devices but could lead to future policies that affect consumer choices and costs.
Appliance manufacturers and IoT app developers: Companies that build or supply high‑wattage connected devices and the mobile/cloud apps that control them—especially firms with ties to countries designated as foreign adversaries—will be subject to increased scrutiny. The report could prompt supply chain checks, code‑integrity requirements, or procurement restrictions that affect market access and compliance costs.
Technology and platform companies: App stores, cloud service providers, and platform operators that host or distribute foreign adversary‑controlled applications may face follow‑on policy changes, notice requirements, or restrictions informed by the report’s findings.
Federal agencies: Commerce leads the study and will coordinate with other relevant officials (energy, homeland security, intelligence, etc.). The act strengthens the legal basis for federal assessment and potential future actions tied to Executive Order 13873’s authorities.
State and local governments: Indirectly affected through recommendations aimed at protecting critical infrastructure and informing emergency planning, but the law does not impose direct duties on states or localities.
Possible practical consequences:
The report may recommend technical mitigations (e.g., firmware security standards, authentication requirements, telemetry/monitoring), operational changes (demand management, emergency load‑shedding protocols), or legal/contractual steps (procurement exclusions, app bans) that could lead to regulatory or industry action.
Manufacturers and app developers could incur compliance costs to meet recommended security practices, and consumers could face device‑replacement, upgrade, or behavior‑change costs if certain apps or devices are discouraged or blocked.
Codifying Executive Order 13873 into statute may expand the permanence or legal clarity of authorities used to restrict certain foreign technology transactions or operations, which could influence trade, procurement, and supply chain decisions.
Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.