What is the Protecting Americans from Foreign Adversary Controlled Applications Act?
The Act was signed into law on April 24, 2024, as part of Public Law 118-50. It is bipartisan legislation having the objective to protect Americans by preventing foreign adversaries from targeting, surveilling, and manipulating them with the use of online applications.
According to the Act, it shall be unlawful for an entity to distribute, maintain, or update (or enable the distribution, maintenance, or updating of) a foreign adversary controlled application by carrying out, within the land or maritime borders of the United States, any of the following:
(A) Providing services to distribute, maintain, or update such foreign adversary controlled application (including any source code of such application) by means of a marketplace (including an online mobile application store) through which users within the land or maritime borders of the United States may access, maintain, or update such application.
(B) Providing internet hosting services to enable the distribution, maintenance, or updating of such foreign adversary controlled application for users within the land or maritime borders of the United States.
What is the RESTRICT Act?
The RESTRICT Act has not yet been passed into law. While it has gained significant attention for its broad scope, allowing the U.S. government to regulate or restrict foreign technology (not just mobile apps), it has faced criticism and opposition, slowing its legislative progress. Its future remains uncertain as it continues to be debated.
The Protecting Americans from Foreign Adversary Controlled Applications Act has been signed into law. This act specifically targets foreign-owned mobile applications, such as TikTok, that are controlled by foreign adversaries. It allows the U.S. government to ban or force divestiture of these apps if they pose a national security threat.
The RESTRICT Act (Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act) was introduced in March 2023. Its aim is to address and mitigate risks posed by foreign technologies, particularly those that could be leveraged by foreign governments or entities to compromise U.S. national security.
The RESTRICT Act focuses on information and communications technology (ICT) products and services that are owned, controlled, or influenced by foreign adversaries. This includes software, hardware, networks, and services.
Foreign Adversaries are countries deemed as potential national security risks, like China, Russia, Iran, North Korea, Cuba, and Venezuela.
The RESTRICT Act grants broad authority to the U.S. Department of Commerce to investigate and block transactions involving ICT products that could pose a national security risk.
The RESTRICT Act proposes civil and criminal penalties for violations, including hefty fines and prison sentences. The penalties apply to those who attempt to circumvent bans or restrictions placed on foreign technologies.
The bill is intended to cover not only specific applications like TikTok but also any foreign technology that could be used for espionage, cyberattacks, or other national security threats.
The RESTRICT Act is a comprehensive approach to dealing with foreign technology threats, but its sweeping scope has led to concerns about overreach and its potential impact on tech companies, investors, and users.
From the RESTRICT Act to the Protecting Americans from Foreign Adversary Controlled Applications Act
While the RESTRICT Act covers a broad range of ICT products and services, the Protecting Americans from Foreign Adversary Controlled Applications Act is much narrower, primarily focusing on mobile applications.
Both acts arise from concerns about foreign influence over technology and the potential for espionage, data harvesting, or cyberattacks through popular mobile applications and digital services. The RESTRICT Act takes a broad, all-encompassing approach to dealing with these risks by targeting all ICT products and services linked to foreign adversaries. In contrast, the Protecting Americans from Foreign Adversary Controlled Applications Act narrows the focus to mobile apps specifically.
The legislative push has gained traction due to growing geopolitical tensions, especially with China, and rising concerns over data privacy, as many mobile apps collect large amounts of personal data that could potentially be misused by foreign governments.
The most prominent example driving these legislative efforts is TikTok, which has become a focal point in U.S.-China relations, with U.S. officials fearing that the app could be used to spy on Americans or influence public discourse.
Protecting Americans from Foreign Adversary Controlled Applications Act
SEC. 1. SHORT TITLE. This division may be cited as the “Protecting Americans from Foreign Adversary Controlled Applications Act”.
SEC. 2. PROHIBITION OF FOREIGN ADVERSARY CONTROLLED APPLICATIONS.
(a) In General.—
(1) Prohibition of foreign adversary controlled applications.—It shall be unlawful for an entity to distribute, maintain, or update (or enable the distribution, maintenance, or updating of) a foreign adversary controlled application by carrying out, within the land or maritime borders of the United States, any of the following:
(A) Providing services to distribute, maintain, or update such foreign adversary controlled application (including any source code of such application) by means of a marketplace (including an online mobile application store) through which users within the land or maritime borders of the United States may access, maintain, or update such application.
(B) Providing internet hosting services to enable the distribution, maintenance, or updating of such foreign adversary controlled application for users within the land or maritime borders of the United States.
(2) Applicability.—Subject to paragraph (3), this subsection shall apply—
(A) in the case of an application that satisfies the definition of a foreign adversary controlled application pursuant to subsection (g)(3)(A), beginning on the date that is 270 days after the date of the enactment of this division; and
(B) in the case of an application that satisfies the definition of a foreign adversary controlled application pursuant to subsection (g)(3)(B), beginning on the date that is 270 days after the date of the relevant determination of the President under such subsection.
(3) Extension.—With respect to a foreign adversary controlled application, the President may grant a 1-time extension of not more than 90 days with respect to the date on which this subsection would otherwise apply to such application pursuant to paragraph (2), if the President certifies to Congress that—
(A) a path to executing a qualified divestiture has been identified with respect to such application;
(B) evidence of significant progress toward executing such qualified divestiture has been produced with respect to such application; and
(C) there are in place the relevant binding legal agreements to enable execution of such qualified divestiture during the period of such extension.
(b) Data and Information Portability to Alternative Applications.—Before the date on which a prohibition under subsection (a) applies to a foreign adversary controlled application, the entity that owns or controls such application shall provide, upon request by a user of such application within the land or maritime borders of United States, to such user all the available data related to the account of such user with respect to such application. Such data shall be provided in a machine readable format and shall include any data maintained by such application with respect to the account of such user, including content (including posts, photos, and videos) and all other account information.
(c) Exemptions.—
(1) Exemptions for qualified divestitures.—Subsection (a)—
(A) does not apply to a foreign adversary controlled application with respect to which a qualified divestiture is executed before the date on which a prohibition under subsection (a) would begin to apply to such application; and
(B) shall cease to apply in the case of a foreign adversary controlled application with respect to which a qualified divestiture is executed after the date on which a prohibition under subsection (a) applies to such application.
(2) Exemptions for certain necessary services.—Subsections (a) and (b) do not apply to services provided with respect to a foreign adversary controlled application that are necessary for an entity to attain compliance with such subsections.
(d) Enforcement.—
(1) Civil penalties.—
(A) Foreign adversary controlled application violations.—An entity that violates subsection (a) shall be subject to pay a civil penalty in an amount not to exceed the amount that results from multiplying $5,000 by the number of users within the land or maritime borders of the United States determined to have accessed, maintained, or updated a foreign adversary controlled application as a result of such violation.
(B) Data and information violations.—An entity that violates subsection (b) shall be subject to pay a civil penalty in an amount not to exceed the amount that results from multiplying $500 by the number of users within the land or maritime borders of the United States affected by such violation.
(2) Actions by attorney general.—The Attorney General—
(A) shall conduct investigations related to potential violations of subsection (a) or (b), and, if such an investigation results in a determination that a violation has occurred, the Attorney General shall pursue enforcement under paragraph (1); and
(B) may bring an action in an appropriate district court of the United States for appropriate relief, including civil penalties under paragraph (1) or declaratory and injunctive relief.
Read more:
Protecting Americans from Foreign Adversary Controlled Applications Act
July 24, 2024, White House - Memorandum on the Delegation of Authority Under the Protecting Americans from Foreign Adversary Controlled Applications Act.
MEMORANDUM FOR THE SECRETARY OF STATE
THE SECRETARY OF THE TREASURY
THE SECRETARY OF DEFENSE
THE ATTORNEY GENERAL
THE SECRETARY OF COMMERCE
THE SECRETARY OF HOMELAND SECURITY
THE DIRECTOR OF NATIONAL INTELLIGENCE
SUBJECT: Delegation of Authority Under the Protecting Americans from Foreign Adversary Controlled Applications Act
By the authority vested in me as President by the Constitution and the laws of the United States of America, including section 301 of title 3, United States Code, I hereby order as follows:
Section 1. (a) I hereby delegate to the Attorney General, in consultation with the Secretary of the Treasury, the Secretary of Commerce, and the Secretary of Homeland Security, all authorities vested in the President by the Protecting Americans from Foreign Adversary Controlled Applications Act (Division H of Public Law 118-50).
(b) In exercising the authorities delegated in subsection (a) of this section, the Attorney General may, as appropriate, consult with the Director of National Intelligence and the heads of other relevant executive departments and agencies (agencies).
Section. 2. (a) There is established a Committee for the Review of Foreign Adversary Controlled Applications (Committee), composed of the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, the Secretary of Commerce, the Secretary of Homeland Security, and the Director of National Intelligence. Not later than 180 days after the date of this memorandum, the members of the Committee, through a process convened by National Security Council staff consistent with National Security Memorandum 2 of February 4, 2021 (Renewing the National Security Council System), shall determine rules and procedures sufficient for the Committee to exercise the authorities delegated to the Attorney General under section 1 of this memorandum. Upon conclusion of the 180-day period, the Committee shall exercise those authorities in accordance with such rules and procedures.
(b) The Director of National Intelligence and the heads of other relevant agencies, as the Attorney General under section 1 of this memorandum or the Committee under section 2 of this memorandum determines appropriate, shall provide assessments of the threat to national security posed by foreign adversary controlled applications in connection with the discharge of the responsibilities, respectively, of the Attorney General or the Committee. In providing such assessments, the Director of National Intelligence shall solicit and incorporate the views of the Intelligence Community, as appropriate.
Section. 3. The Attorney General is authorized and directed to publish this memorandum in the Federal Register.
JOSEPH R. BIDEN JR.
News, Protecting Americans from Foreign Adversary Controlled Applications Act.
March 13, 2024 - Passed House
According to congress.gov, this bill prohibits distributing, maintaining, or providing internet hosting services for a foreign adversary controlled application (e.g., TikTok). However, the prohibition does not apply to a covered application that executes a qualified divestiture as determined by the President.
Under the bill, a foreign adversary controlled application is directly or indirectly operated by:
(1) ByteDance, Ltd. or TikTok (including subsidiaries or successors that are controlled by a foreign adversary); or
(2) a social media company that is controlled by a foreign adversary and has been determined by the President to present a significant threat to national security. The prohibition does not apply to an application that is primarily used to post product reviews, business reviews, or travel information and reviews.
The bill authorizes the Department of Justice to investigate violations of the bill and enforce the bill's provisions. Entities that violate the bill are subject to civil penalties based on the number of users.
The bill requires a covered application to provide a user with all available account data (including posts, photos, and videos) at the user's request before the prohibition takes effect.
The bill gives the U.S. Court of Appeals for the District of Columbia exclusive jurisdiction over any challenge to the bill. Further, a challenge to the bill must be brought within 165 days after the bill's enactment date. A challenge to any action, finding, or determination under the bill must be brought with 90 days of the action, finding, or determination.
March 11, 2024 - Annual Threat Assessment from the Office of the Director of National Intelligence (ODNI)
According to the report (page 12/41):
Malign Influence Operations.
Beijing is expanding its global covert influence posture to better support the CCP’s goals. The PRC aims to sow doubts about U.S. leadership, undermine democracy, and extend Beijing’s influence.
Beijing’s information operations primarily focus on promoting pro-China narratives, refuting U.S.- promoted narratives, and countering U.S. and other countries’ policies that threaten Beijing’s interests, including China’s international image, access to markets, and technological expertise.
• Beijing’s growing efforts to actively exploit perceived U.S. societal divisions using its online personas move it closer to Moscow’s playbook for influence operations.
• China is demonstrating a higher degree of sophistication in its influence activity, including experimenting with generative AI. TikTok accounts run by a PRC propaganda arm reportedly targeted candidates from both political parties during the U.S. midterm election cycle in 2022.
• Beijing is intensifying efforts to mold U.S. public discourse—particularly on core sovereignty issues, such as Hong Kong, Taiwan, Tibet, and Xinjiang. The PRC monitors Chinese students abroad for dissident views, mobilizes Chinese student associations to conduct activities on behalf of Beijing, and influences research by U.S. academics and think tank experts.
The PRC may attempt to influence the U.S. elections in 2024 at some level because of its desire to sideline critics of China and magnify U.S. societal divisions. PRC actors’ have increased their capabilities to conduct covert influence operations and disseminate disinformation. Even if Beijing sets limits on these activities, individuals not under its direct supervision may attempt election influence activities they perceive are in line with Beijing’s goals.
Intelligence Operations.
China will continue to expand its global intelligence posture to advance the CCP’s ambitions, challenge U.S. national security and global influence, quell perceived regime threats worldwide, and steal trade secrets and IP to bolster China’s indigenous S&T sectors.
• Officials of the PRC intelligence services will try to exploit the ubiquitous technical surveillance environment in China and expand their use of monitoring, data collection, and advanced analytic capabilities against political security targets beyond China’s borders. China is rapidly expanding and improving its AI and big data analytics capabilities for intelligence operations.
• More robust intelligence operations also increase the risk that these activities have international consequences, such as the overflight of the United States by the high-altitude balloon in February 2023.
What is the RESTRICT Act?
The “Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act” (the RESTRICT Act) requires federal actions to identify and mitigate foreign threats to information and communications technology (ICT) products and services (e.g., social media applications). It also establishes civil and criminal penalties for violations under the bill.
The US Department of Commerce must identify, deter, disrupt, prevent, prohibit, investigate, and mitigate transactions involving ICT products and services in which any foreign adversary has any interest, and that pose an undue or unacceptable risk to U.S. national security or the safety of U.S. persons.
The US Department of Commerce may designate any foreign government or regime as a foreign adversary upon a determination that the foreign government or regime is engaged in a long-term pattern or serious instances of conduct significantly adverse to U.S. national security or the security and safety of U.S. persons, and remove such a designation. Commerce must notify Congress before making or removing a designation; these actions are subject to congressional disapproval.
News, RESTRICT Act.
Mar 07 2023 - Introduced in Senate.
U.S. Sens. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, and John Thune (R-SD), ranking member of the Commerce Committee’s Subcommittee on Communications, Media and Broadband, led a group of 12 bipartisan senators to introduce the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act, legislation that will comprehensively address the ongoing threat posed by technology from foreign adversaries by better empowering the Department of Commerce to review, prevent, and mitigate information communications and technology transactions that pose undue risk to our national security.
“Today, the threat that everyone is talking about is TikTok, and how it could enable surveillance by the Chinese Communist Party, or facilitate the spread of malign influence campaigns in the U.S. Before TikTok, however, it was Huawei and ZTE, which threatened our nation’s telecommunications networks. And before that, it was Russia’s Kaspersky Lab, which threatened the security of government and corporate devices,” said Sen. Warner. “We need a comprehensive, risk-based approach that proactively tackles sources of potentially dangerous technology before they gain a foothold in America, so we aren’t playing Whac-A-Mole and scrambling to catch up once they’re already ubiquitous.”
“Congress needs to stop taking a piecemeal approach when it comes to technology from adversarial nations that pose national security risks,” said Sen. Thune. “Our country needs a process in place to address these risks, which is why I’m pleased to work with Senator Warner to establish a holistic, methodical approach to address the threats posed by technology platforms – like TikTok – from foreign adversaries. This bipartisan legislation would take a necessary step to ensure consumers’ information and our communications technology infrastructure is secure.”
The RESTRICT Act establishes a risk-based process, tailored to the rapidly changing technology and threat environment, by directing the Department of Commerce to identify and mitigate foreign threats to information and communications technology products and services.
In addition to Sens. Warner and Thune, the legislation is co-sponsored by Sens. Tammy Baldwin (D-WI), Deb Fischer (R-NE), Joe Manchin (D-WV), Jerry Moran (R-KS), Michael Bennet (D-CO), Dan Sullivan (R-AK), Kirsten Gillibrand (D-NY), Susan Collins (R-ME), Martin Heinrich (D-NM), and Mitt Romney (R-UT).
The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act would:
- Require the Secretary of Commerce to establish procedures to identify, deter, disrupt, prevent, prohibit, and mitigate transactions involving information and communications technology products in which any foreign adversary has any interest and poses undue or unacceptable risk to national security;
- Prioritize evaluation of information communications and technology products used in critical infrastructure, integral to telecommunications products, or pertaining to a range of defined emerging, foundational, and disruptive technologies with serious national security implications; Ensure comprehensive actions to address risks of untrusted foreign information communications and technology products by requiring the Secretary to take up consideration of concerning activity identified by other government entities;
- Educate the public and business community about the threat by requiring the Secretary of Commerce to coordinate with the Director of National Intelligence to provide declassified information on how transactions denied or otherwise mitigated posed undue or unacceptable risk.
“We need to protect Americans’ data and keep our country safe against today and tomorrow’s threats. While many of these foreign-owned technology products and social media platforms like TikTok are extremely popular, we also know these products can pose a grave danger to Wisconsin’s users and threaten our national security,” said Sen. Baldwin. “This bipartisan legislation will empower us to respond to our fast-changing environment – giving the United States the tools it needs to assess and act on current and future threats that foreign-owned technologies pose to Wisconsinites and our national security.”
“There are a host of dangerous technology platforms – including TikTok – that can be manipulated by China and other foreign adversaries to threaten U.S. national security and abuse Americans’ personal data. I’m proud to join Senator Warner in introducing bipartisan legislation that would put an end to disjointed interagency responses and strengthen the federal government’s ability to counter these digital threats,” said Sen. Fischer.
“Over the past several years, foreign adversaries of the United States have encroached on American markets through technology products that steal sensitive location and identifying information of U.S. citizens, including social media platforms like TikTok. This dangerous new internet infrastructure poses serious risks to our nation’s economic and national security,” said Sen. Manchin. “I’m proud to introduce the bipartisan RESTRICT ACT, which will empower the Department of Commerce to adopt a comprehensive approach to evaluating and mitigating these threats posed by technology products. As Chairman of the Senate Armed Services Subcommittee on Cybersecurity, I will continue working with my colleagues on both sides of the aisle to get this critical legislation across the finish line.”
“Foreign adversaries are increasingly using products and services to collect information on American citizens, posing a threat to our national security,” said Sen. Moran. “This legislation would give the Department of Commerce the authority to help prevent adversarial governments from introducing harmful products and services in the U.S., providing us the long-term tools necessary to combat the infiltration of our information and communications systems. The government needs to be vigilant against these threats, but a comprehensive data privacy law is needed to ensure Americans are able to control who accesses their data and for what purpose.”
“We shouldn’t let any company subject to the Chinese Communist Party’s dictates collect data on a third of our population – and while TikTok is just the latest example, it won’t be the last. The federal government can’t continue to address new foreign technology from adversarial nations in a one-off manner; we need a strategic, enduring mechanism to protect Americans and our national security. I look forward to working in a bipartisan way with my colleagues on the Senate Select Intelligence Committee to send this bill to the floor,” said Sen. Bennet.
“Our modern economy, communication networks, and military rely on a range of information communication technologies. Unfortunately, some of these technology products pose a serious risk to our national security,” said Sen. Gillibrand. “The RESTRICT Act will address this risk by empowering the Secretary of Commerce to carefully evaluate these products and ensure that they do not endanger our critical infrastructure or undermine our democratic processes.”
“China’s brazen incursion of our airspace with a sophisticated spy balloon was only the most recent and highly visible example of its aggressive surveillance that has targeted our country for years. Through hardware exports, malicious software, and other clandestine means, China has sought to steal information in an attempt to gain a military and economic edge,” said Sen. Collins. “Rather than taking a piecemeal approach to these hostile acts and reacting to each threat individually, our legislation would create a wholistic, government-wide response to proactively defend against surveillance attempts by China and other adversaries. This will directly improve our national security as well as safeguard Americans’ personal information and our nation’s vital intellectual property.”
"Cybersecurity is one of the most serious economic and national security challenges we face as a nation. The future of conflict is moving further away from the battlefield and closer to the devices and the networks everyone increasingly depends on. We need a systemic approach to addressing potential threats posed by technology from foreign adversaries. This bill provides that approach by authorizing the Administration to review and restrict apps and services that pose a risk to Americans’ data security. I will continue to push for technology defenses that the American people want and deserve to keep our country both safe and free,” said Sen. Heinrich.
“The Chinese Communist Party is engaged in a multi-generational, multi-faceted, and systematic campaign to replace the United States as the world’s superpower. One tool at its disposal—the ability to force social media companies headquartered in China, like TikTok’s parent company, to hand over the data it collects on users,” said Sen. Romney. “Our adversaries—countries like China, Russia, Iran—are increasingly using technology products to spy on Americans and discover vulnerabilities in our communications infrastructure, which can then be exploited. The United States must take stronger action to safeguard our national security against the threat technology products pose and this legislation is a strong step in that direction.”
The White House - Statement from National Security Advisor Jake Sullivan on the Introduction of the RESTRICT Act.
We applaud the bipartisan group of Senators, led by Senators Warner and Thune, who today introduced the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act. This legislation would empower the United States government to prevent certain foreign governments from exploiting technology services operating in the United States in a way that poses risks to Americans’ sensitive data and our national security.
The information and communications technology products and services supply chain is integral to the lives of Americans and the functioning of U.S. businesses. This bill presents a systematic framework for addressing technology-based threats to the security and safety of Americans. This legislation would provide the U.S. government with new mechanisms to mitigate the national security risks posed by high-risk technology businesses operating in the United States. Critically, it would strengthen our ability to address discrete risks posed by individual transactions, and systemic risks posed by certain classes of transactions involving countries of concern in sensitive technology sectors. This will help us address the threats we face today, and also prevent such risks from arising in the future.
We look forward to continue working with both Democrats and Republicans on this bill, and urge Congress to act quickly to send it to the President’s desk.
SEC. 11. PENALTIES.
(a) Unlawful Acts.—
(1) IN GENERAL.—It shall be unlawful for a person to violate, attempt to violate, conspire to violate, or cause a violation of any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act, including any of the unlawful acts described in paragraph (2).
(2) SPECIFIC UNLAWFUL ACTS.—The unlawful acts described in this paragraph are the following:
(A) No person may engage in any conduct prohibited by or contrary to, or refrain from engaging in any conduct required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(B) No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act.
(C) No person may solicit or attempt a violation of any regulation, order, direction, mitigation measure, prohibition, or authorization or directive issued under this Act.
(D) No person may conspire or act in concert with 1 or more other person in any manner or for any purpose to bring about or to do any act that constitutes a violation of any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act.
(E) No person may, whether directly or indirectly through any other person, make any false or misleading representation, statement, or certification, or falsify or conceal any material fact, to the Department of Commerce or any official of any other executive department or agency—
(i) in the course of an investigation or other action subject to this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder; or
(ii) in connection with the preparation, submission, issuance, use, or maintenance of any report filed or required to be filed pursuant to this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(F) No person may engage in any transaction or take any other action with intent to evade the provisions of this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(G) No person may fail or refuse to comply with any reporting or recordkeeping requirement of this Act, or any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued thereunder.
(H) Except as specifically authorized in this subchapter, any regulation, order, direction, mitigation measure, or other authorization or directive issued thereunder or in writing by the Department of Commerce, no person may alter any order, direction, mitigation measure, or other authorization or directive issued under this Act or any related regulation.
(3) ADDITIONAL REQUIREMENTS.—
(A) CONTINUATION OF EFFECT.—For purposes of paragraph (2)(E), any representation, statement, or certification made by any person shall be deemed to be continuing in effect until the person notifies the Department of Commerce or relevant executive department or agency in accordance with subparagraph (B).
(B) NOTIFICATION.—Any person who makes a representation, statement, or certification to the Department of Commerce or any official of any other executive department or agency relating to any order, direction, mitigation measure, prohibition, or other authorization or directive issued under this Act shall notify the Department of Commerce or the relevant executive department or agency, in writing, of any change of any material fact or intention from that previously represented, stated, or certified, immediately upon receipt of any information that would lead a reasonably prudent person to know that a change of material fact or intention had occurred or may occur in the future.
(b) Civil Penalties.—The Secretary may impose the following civil penalties on a person for each violation by that person of this Act or any regulation, order, direction, mitigation measure, prohibition, or other authorization issued under this Act:
(1) A fine of not more than $250,000 or an amount that is twice the value of the transaction that is the basis of the violation with respect to which the penalty is imposed, whichever is greater.
(2) Revocation of any mitigation measure or authorization issued under this Act to the person.
(c) Criminal Penalties.—
(1) IN GENERAL.—A person who willfully commits, willfully attempts to commit, or willfully conspires to commit, or aids or abets in the commission of an unlawful act described in subsection (a) shall, upon conviction, be fined not more than $1,000,000, or if a natural person, may be imprisoned for not more than 20 years, or both.
(2) CIVIL FORFEITURE.—
(A) FORFEITURE.—
(i) IN GENERAL.—Any property, real or personal, tangible or intangible, used or intended to be used, in any manner, to commit or facilitate a violation or attempted violation described in paragraph (1) shall be subject to forfeiture to the United States.
(ii) PROCEEDS.—Any property, real or personal, tangible or intangible, constituting or traceable to the gross proceeds taken, obtained, or retained, in connection with or as a result of a violation or attempted violation described in paragraph (1) shall be subject to forfeiture to the United States.
(B) PROCEDURE.—Seizures and forfeitures under this subsection shall be governed by the provisions of chapter 46 of title 18, United States Code, relating to civil forfeitures, except that such duties as are imposed on the Secretary of Treasury under the customs laws described in section 981(d) of title 18, United States Code, shall be performed by such officers, agents, and other persons as may be designated for that purpose by the Secretary of Homeland Security or the Attorney General.
(3) CRIMINAL FORFEITURE.—
(A) FORFEITURE.—Any person who is convicted under paragraph (1) shall, in addition to any other penalty, forfeit to the United States—
(i) any property, real or personal, tangible or intangible, used or intended to be used, in any manner, to commit or facilitate the violation or attempted violation of paragraph (1); and
(ii) any property, real or personal, tangible or intangible, constituting or traceable to the gross proceeds taken, obtained, or retained, in connection with or as a result of the violation.
(B) PROCEDURE.—The criminal forfeiture of property under this paragraph, including any seizure and disposition of the property, and any related judicial proceeding, shall be governed by the provisions of section 413 of the Controlled Substances Act (21 U.S.C. 853), except subsections (a) and (d) of that section.