Department of Commerce: Securing the Information and Communications Technology and Services Supply Chain

B-336930

December 23, 2024

The Honorable Sherrod Brown
Chairman
The Honorable Tim Scott
Ranking Member
Committee on Banking, Housing, and Urban Affairs
United States Senate

The Honorable Michael McCaul
Chairman
The Honorable Gregory Meeks
Ranking Member
Committee on Foreign Affairs

House of Representatives

Subject: Department of Commerce: Securing the Information and Communications Technology and Services Supply Chain

Pursuant to section 801(a)(2)(A) of title 5, United States Code, this is our report on a major rule promulgated by the Department of Commerce (Commerce) entitled “Securing the Information and Communications Technology and Services Supply Chain” (RIN: 0605-AA51). We received the rule on December 6, 2024. It was published in the Federal Register on December 6, 2024. 89 Fed. Reg. 96872. The effective date of the rule is February 5, 2025.

This rule finalizes Commerce’s practices for its review of transactions involving information and communications technology and services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary that may pose undue or unacceptable risk to the United States or U.S. persons.

Enclosed is our assessment of Commerce’s compliance with the procedural steps required by section 801(a)(1)(B)(i) through (iv) of title 5 with respect to the rule. If you have any questions about this report or wish to contact GAO officials responsible for the evaluation work relating to the subject matter of the rule, please contact Charlie McKiver, Assistant General Counsel, at (202) 512-5992.

Shirley A. Jones
Managing Associate General Counsel
Enclosure

cc: Rachel O'Meara
Business and Industry Specialist
Department of Commerce

ENCLOSURE

REPORT UNDER 5 U.S.C. § 801(a)(2)(A) ON A MAJOR RULE
ISSUED BY THE
DEPARTMENT OF COMMERCE
ENTITLED
“SECURING THE INFORMATION AND COMMUNICATIONS TECHNOLOGY
AND SERVICES SUPPLY CHAIN”
(RIN: 0605-AA51)

(i) Cost-benefit analysis

The Department of Commerce (Commerce) prepared an analysis of the costs and benefits for this rule. See 89 Fed. Reg. 96889 (Dec. 6, 2024). Commerce estimated that the costs to all affected entities will range between approximately $238 million and $20.3 billion (annualized at 7 percent), or about $2,800 to $6,300 per entity. Id. at 96890. Commerce stated that the actual benefits of the rule are incalculable. Id.

(ii) Agency actions relevant to the Regulatory Flexibility Act (RFA), 5 U.S.C. §§ 603–605, 607, and 609

Commerce determined that this rule will have a significant economic impact on substantial numbers of small entities, and prepared a Final Regulatory Flexibility Analysis. 89 Fed. Reg. 96889–96890.

(iii) Agency actions relevant to sections 202–205 of the Unfunded Mandates Reform Act of 1995, 2 U.S.C. §§ 1532–1535

Commerce determined that this rule will not have an effect on state, local, or tribal governments, in the aggregate, or on the private sector, of $100 million in 1995 dollars, updated annually for inflation, in any one year. See 89 Fed. Reg. 96892.

(iv) Agency actions relevant to the Administrative Pay-As-You-Go-Act of 2023, Pub. L. No. 118-5, div. B, title III, 137 Stat 31 (June 3, 2023)

Section 270 of the Administrative Pay-As-You-Go-Act of 2023 amended 5 U.S.C. § 801(a)(2)(A) to require GAO to assess agency compliance with the Act, which establishes requirements for administrative actions that affect direct spending, in GAO’s major rule reports. In guidance to Executive Branch agencies, issued on September 1, 2023, the Office of Management and Budget (OMB) instructed that agencies should include a statement explaining that either: “the Act does not apply to this rule because it does not increase direct spending; the Act does not apply to this rule because it meets one of the Act’s exemptions (and specifying the relevant exemption); the OMB Director granted a waiver of the Act’s requirements pursuant to section 265(a)(1) or (2) of the Act; or the agency has submitted a notice or written opinion to the OMB Director as required by section 263(a) or (b) of the Act” in their submissions of rules to GAO under the Congressional Review Act. OMB, Memorandum for the Heads of Executive Departments and Agencies, Subject: Guidance for Implementation of the Administrative Pay-As-You-Go Act of 2023, M-23-21 (Sept. 1, 2023), at 11–12. OMB also states that directives in the memorandum that supplement the requirements in the Act do not apply to proposed rules that have already been submitted to the Office of Information and Regulatory Affairs, however agencies must comply with any applicable requirements of the Act before finalizing such rules.

In its submission to us, Commerce indicated the Act is not applicable to the rule.

(v) Other relevant information or requirements under acts and executive orders

Administrative Procedure Act, 5 U.S.C. §§ 551 et seq.

On November 27, 2019, Commerce published a proposed rule. 84 Fed. Reg. 65316. On January 19, 2021, Commerce published an interim final rule. 86 Fed. Reg. 4909. Commerce stated that it received comments on the interim final rule from various parties. See 89 Fed. Reg. 96875. Commerce responded to comments in this rule. Id.

Paperwork Reduction Act (PRA), 44 U.S.C. §§ 3501–3520

Commerce determined that this rule contains no information collection requirements under the Act. 89 Fed. Reg. 96891.

Statutory authorization for the rule

Commerce promulgated this rule pursuant to the International Emergency Economic Powers Act, Pub. L. No. 95-223, 91 Stat. 1626. (Dec. 28, 1977); the National Emergencies Act, Pub. L. No. 94-412, 90 Stat. 1255 (Sept. 14, 1976); Exec. Order No. 13873, Securing the Information and Communications Technology and Services Supply Chain, 84 Fed. Reg. 22689 (May 15, 2019); and Exec. Order No. 14034, Protecting Americans’ Sensitive Data From Foreign Adversaries, 86 Fed. Reg. 31423 (June 9, 2021).

Executive Order No. 12866 (Regulatory Planning and Review)

Commerce stated that this rule is significant under the Order. See 89 Fed. Reg. 96889.

Executive Order No. 13132 (Federalism)

Commerce determined that this rule does not have federalism implications. 89 Fed. Reg. 96892.