HR2683-119

What This Bill Does

The Remote Access Security Act expands U.S. export controls to cover digital remote access to controlled items, not just physical shipment. Currently, the Export Control Reform Act regulates the export and in-country transfer of sensitive dual-use technology with national security implications. This bill adds "remote access" as a third regulated activity, meaning that when a foreign person accesses controlled items via the internet, cloud computing services, or other network connections, that access must comply with the same export control licensing and compliance requirements as if the item were physically shipped abroad.

Who Benefits and How

The Department of Commerce's Bureau of Industry and Security (BIS) gains expanded regulatory authority to enforce export controls in the digital age, closing a loophole that currently allows foreign access to controlled technology without licenses. National security agencies benefit from stronger protection of sensitive U.S. technology and research. Export control compliance consulting firms gain new business opportunities as companies need guidance navigating these expanded requirements. U.S. companies that manufacture controlled technology may benefit from reduced risk of unauthorized foreign access to their intellectual property and trade secrets.

Who Bears the Burden and How

Cloud computing service providers like Amazon Web Services, Microsoft Azure, and Google Cloud face significant new compliance burdens. They must now track and obtain licenses for foreign persons accessing any export-controlled items hosted on their platforms. Software-as-a-Service (SaaS) companies with export-controlled technology must verify the nationality of all users and obtain export licenses before granting access to foreign persons. U.S. research institutions and universities must implement new compliance systems to control remote access by foreign researchers and graduate students to controlled research equipment, data, or software. Technology companies with foreign employees or contractors face additional administrative costs to ensure remote access to controlled items complies with export licensing requirements. Semiconductor and advanced manufacturing companies must obtain licenses when foreign technicians remotely access controlled production equipment for maintenance or troubleshooting.

Key Provisions

• Defines "remote access" as access to a U.S.-controlled item by a foreign person through a network connection from a location other than where the item is physically located, including internet and cloud computing services
• Amends 11 sections of the Export Control Reform Act to insert "remote access" alongside "export" and "in-country transfer" as regulated activities
• Grants the Secretary of Commerce authority to regulate remote access of controlled items and to specify additional forms of remote access in regulations
• Subjects remote access violations to the same penalties as physical export violations, including civil fines and criminal prosecution
• Requires export licenses for remote access to controlled items by foreign persons, just as licenses are currently required for physical export