Sponsors (4)
The bill strengthens federal cybersecurity by banning risky apps and creating centralized, regularly updated guidance plus controlled exceptions, but it risks disrupting federal workflows, imposing implementation costs, and unintentionally blocking legitimate commercial apps and vendor relationships.
Federal employees and agencies will face reduced national-security and supply-chain cyber risks because the bill bans high-risk apps on government devices, lowering the chance of data exfiltration from federal systems.
Federal employees and mission teams can still access necessary tools for controlled research or intelligence work under agency-level exception rules that require documented cybersecurity safeguards and risk mitigation.
Federal agencies will get consistent, centralized OMB guidance (updated every 180 days) for identifying and removing risky applications, improving coordination and predictability across the government.
Federal employees may lose access to widely used apps and tools on government devices, disrupting workflows and forcing new procedures or alternative software that could reduce productivity or delay work.
Agencies and taxpayers will face administrative burden and costs from implementing app removals, maintaining exception processes, and producing repeated OMB updates and compliance actions.
Businesses, federal procurement officials, and federal employees could be affected if the bill's broad definition of risky apps (including ties to the PRC) leads to overbroad bans that block legitimate commercial apps and complicate international vendor relationships.
Based on analysis of 2 sections of legislative text.
Bans covered applications on federal devices, requires OMB-led listing and recurring updates, mandates agency removal within 60 days and exception rules with safeguards.
Introduced January 15, 2026 by Jefferson Shreve · Last progress January 15, 2026
Prohibits downloading or using designated "covered applications" on any Federal Government device, and requires agencies to remove identified covered apps from federal devices within 60 days after identification. Agency heads may allow limited, documented exceptions for lawful research or intelligence activities with required cybersecurity safeguards. Assigns OMB (consulting DHS, DoD, and the Director of National Intelligence) to publish and update guidance on how the covered-app list is created and changed, and requires each agency to issue guidance on internal exception procedures and safeguards within set deadlines measured from enactment.