Concerns over the potential threat posed by information and communications technology (ICT) products and services, such as TikTok, to the United States’ economic and national security have been ruminating for some time now. To tackle that potential threat, on March 7, 2023, a bipartisan group of U.S. senators led by Sen. Mark R. Warner (D) and Sen. John Thune (R) introduced a new piece of legislation, Senate Bill 686, titled the Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act (the RESTRICT Act). The proposed legislation comes on the heels of the issuance of new guidelines by the Committee on Foreign Investment in the United States, which like the RESTRICT Act, show an increased attention to certain types of business transactions and business interests that implicate national security concerns and signal increased enforcement efforts relating to the same.
Already, several Biden administration officials have publicly voiced their support of the RESTRICT Act, including Secretary of Commerce Gina Raimondo, Deputy Attorney General Lisa Monaco, and National Security Advisor Jake Sullivan. If it becomes law, the RESTRICT Act will empower the secretary of commerce to take appropriate measures to identify and mitigate the risks associated with foreign ICT products and services, and impose civil and criminal penalties on anyone who violates or circumvents such measures.
Summary of the RESTRICT Act
The RESTRICT Act, as presently drafted, authorizes the secretary of commerce and the president to take appropriate measures against ICT products or services, or firms providing ICT products or services, that are owned or controlled by “foreign adversaries” that are deemed to pose an undue or unacceptable risk to national security. Such measures can range from an outright prohibition of the ICT product or service to a mitigation of the assessed risk. Importantly, the proposed legislation contemplates a review process to identify and evaluate the potential risk, giving due attention to key considerations such as the critical nature of certain ICT products and services to national security. A foreign government or regime is designated as a “foreign adversary” if the secretary finds that it “is engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.”
Broad Enforcement Powers
As proposed, the RESTRICT Act grants the secretary of commerce broad authority to take “any . . . action as necessary” to carry out its responsibilities. Such authority explicitly includes establishing “rules, regulations, and procedures as the Secretary considers appropriate,” issuing guidance and advisory opinions, and conducting “investigations of violations of any authorization, order, mitigation measure, regulation, or prohibition issued” under it.
The U.S. Department of Justice presumably will be a key law enforcement partner for the secretary of commerce. The RESTRICT Act outlines unlawful acts that can result in civil and/or criminal penalties. Those unlawful acts include both direct violations of “any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued” under it and inchoate offenses such as attempt and conspiracy. As drafted, a criminal violation will require specific intent — i.e., proof that an unlawful act was committed “willfully.” Civil violations can result in fines up to $250,000 or twice the amount of the transaction that is the basis of the violation, whichever is greater. Criminal penalties can result in fines up to $1 million and/or imprisonment up to 20 years.
The RESTRICT Act has been garnering bipartisan momentum in the Senate, as well as backing from the Biden administration, as a workable solution to address the emergent risk posed by foreign ICT products and services to national security.
If passed, the RESTRICT Act would provide the secretary of commerce broad authority to take appropriate measures to deal with identified risks, and to enforce such measures with hefty civil and criminal penalties.
Any individuals and businesses that are doing business with providers of ICT products or services owned or controlled by foreign companies should track the progress of this proposed legislation through Congress.