Remote Access Security Act
Sponsored By: Senator Sen. McCormick, David [R-PA]
Introduced
Summary
Creates a new export-control category for _remote access to controlled items_. This bill would let the Commerce Department treat access to U.S.-controlled technologies over foreign cloud services as an export and set rules for licensing, enforcement, and penalties when foreign "persons of concern" pose national security or human-rights risks.
Show full summary
- Cloud providers and technology firms would face new licensing and reporting expectations and a public review process. The Secretary must publish a public report within one year and hold a roundtable to gather industry input on privacy, costs, and licensing consistency.
- National-security rules would target three risk pathways: training AI models that lower barriers to designing weapons of mass destruction or enable offensive cyber operations; access to tools designed mainly for offensive cyber operations; and use of spyware, location tracking, or biometric ID to undermine human rights.
- The measure expands the Export Control Reform Act across policy, presidential authority, transfers, licensing, compliance, enforcement, and reporting. It also requires annual impact analysis and ends the authority to control remote access after 10 years unless renewed.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
4 provisions identified: 1 benefits, 2 costs, 1 mixed.
Treat cloud access like exports
If enacted, the bill would amend the Export Control Reform Act to treat provision of remote access like an export or in‑country transfer. That means remote connections to Commerce Control List items could need licenses, be restricted by the President, and be subject to enforcement, penalties, compliance assistance, and reporting rules. Cloud providers, exporters, and license applicants could face new authorization steps, tighter controls, and potential penalties for unlicensed remote access. The bill also requires agencies to include remote access in licensing and enforcement data and reports.
Remote access authority ends in 10 years
If enacted, the bill would automatically end the authority to impose controls on remote access ten years after the act becomes law. That means the new powers to regulate remote cloud access would expire on that date unless Congress extends them. Firms would get a predictable legal time horizon for these rules, but the expiration could also remove a regulatory tool used for national security after ten years.
New rules on foreign cloud users
If enacted, the bill would define who counts as a "foreign person of concern." That would include governments named in 10 U.S.C. 4872(f)(2) and any regions within them (explicitly including Macau and Hong Kong SAR), entities based or ultimately headquartered there, and people under those governments' jurisdiction. This definition would expand the set of foreign actors whose cloud access to controlled U.S. items could trigger export‑control licensing and restrictions. Companies that host or provide access to controlled items would likely face wider screening and compliance obligations when serving those users.
New remote access cloud rules
If enacted, the bill would add a legal definition of "remote access" for items on the Commerce Control List. It would apply when a foreign person of concern uses a cloud infrastructure service (IaaS per NIST SP 800-145) from outside the United States to access a controlled item not physically where they are. The definition lists three risk pathways that can trigger controls: certain AI model training that raises WMD or offensive cyber risks, tools made mainly for offensive cyber operations (not defense), and surveillance tech used to undermine human rights. This would raise compliance and licensing questions for cloud hosts and exporters while giving regulators clearer authority to act when those risks appear.
Free Policy Watch
You just read the policy. Now see what it costs you.
Pick a topic. PRIA runs your household against live legislation and sends you a free personalized readout.
Pick a topic to get started
Sponsors & CoSponsors
Sponsor
Sen. McCormick, David [R-PA]
PA • R
Cosponsors
Sen. Wyden, Ron [D-OR]
OR • D
Sponsored 12/17/2025
Sen. Cotton, Tom [R-AR]
AR • R
Sponsored 12/17/2025
Sen. Coons, Christopher A. [D-DE]
DE • D
Sponsored 12/17/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.govTake It Personal
Get Your Personalized Policy View
Take the PRIA Score to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in