HR6309-119

Introduced

To impose sanctions with respect to designated critical cyber threat actors, and for other purposes.

119th Congress Introduced Nov 25, 2025

Analysis under review: This bill has generated analysis that may be too generic or incomplete. Clause-level evidence remains available below.

Summary

What This Bill Does

Creates a federal framework to designate major foreign cyber threat actors and impose sanctions and other restrictions on persons and state entities tied to serious state-sponsored cyber activity.

Who Benefits and How

U.S. critical infrastructure operators, election systems, and other potential victims gain a stronger federal deterrence and response toolkit against state-backed cyberattacks.

Who Bears the Burden and How

Designated foreign actors, firms dealing with them, and federal agencies coordinating attribution and sanctions face new restrictions and administrative work.

Key Provisions

  • Requires a National Attribution Framework for determining responsibility for significant state-sponsored cyber activity.
  • Directs designation of critical cyber threat actors and requires reports to Congress after designation.
  • Authorizes sanctions including aid limits, procurement bans, financing limits, and securities restrictions.

Evidence Chain:

This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers.

At a Glance

What This Bill Does

Creates a federal framework to designate major foreign cyber threat actors and impose sanctions and other restrictions on persons and state entities tied to serious state-sponsored cyber activity.

Key Policy Areas

National Security, Technology, Foreign Policy

Primary Purpose

Creates a federal framework to designate major foreign cyber threat actors and impose sanctions and other restrictions on persons and state entities tied to serious state-sponsored cyber activity.

Policy Domains

National Security Technology Foreign Policy

Main Provisions

Identified Gains
Contextual inference, no direct clause citation
  • U.S. critical infrastructure operators and other cyberattack targets
  • Federal policymakers seeking a consistent attribution regime
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: ih

Contextual inference, no direct clause citation

Identified Costs
Contextual inference, no direct clause citation
  • Designated foreign cyber actors and supporting entities
  • Federal agencies administering attribution and sanctions
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: ih

Contextual inference, no direct clause citation

Legislative Progress

Introduced
Introduced Committee Passed
Nov 25, 2025

Mr. Pfluger introduced the following bill; which was referred to …

Stakeholder Effects

cui bono?

How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.

National Security
1 mention across 1 clause
-1 negative

Designated foreign cyber threat actors and supporting entities

Technology
1 mention across 1 clause
+1 positive

U.S. operators vulnerable to major cyberattacks

Government
1 mention across 1 clause
-1 negative

Federal agencies administering attribution and sanctions

1/2
sections analyzed
Full impact breakdown

Bill Structure & Actor Mappings

Who is "The Secretary" in each section?

Domains
National Security Technology Foreign Policy

We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.

Learn more about our methodology