Office of Information and Communications Technology and Services (OICTS)
The Office of Information and Communications Technology and Services (OICTS) is responsible for implementing the Information and Communications Technology and Services (ICTS) Program for the Department of Commerce.
On This Page
Commerce Department Prohibits Certain Connected Vehicle Technologies with a Nexus to the PRC and Russia
On January 14, 2024, the Bureau of Industry and Security (BIS) released a rule prohibiting certain transactions involving the import or sale of connected vehicles and certain hardware and software with a sufficient nexus to the PRC or Russia.
This action is the first final rule addressing a class of transactions issued by BIS’s Office of Information and Communications Technology and Services (OICTS), whose mission is to investigate whether certain information and communications technology or services (ICTS) transactions in the United States pose an undue or unacceptable national security risk.
Under this final rule, OICTS regulates connected vehicle technology with a sufficient nexus to the PRC and Russia by issuing three distinct prohibitions. OICTS prohibits (1) the import of Vehicle Connectivity Systems (VCS) hardware, including when imported within connected vehicles, for model year 2030 and later; (2) the import or sale of connected vehicles that incorporate VCS and Automated Driving System (ADS) software for model year 2027 and later; and, (3) the import or sale of certain connected vehicles by PRC or Russian manufacturers in the United States for model year 2027 and later.
Connected vehicle manufacturers and hardware importers are expected to make the necessary adjustments to meet the regulation’s compliance requirements by the effective model years.
For more information about this connected vehicle regulation, visit our Connected Vehicles page.
Commerce Department Prohibits Russian Kaspersky Software for U.S. Customers
On June 20, 2024, the Bureau of Industry and Security (BIS) announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons.
This action is the first Final Determination issued by BIS’s Office of Information and Communications Technology and Services (OICTS), whose mission is to investigate whether certain information and communications technology or services transactions in the United States pose an undue or unacceptable national security risk.
In order to minimize disruption to U.S. consumers and businesses and to give them time to find suitable alternatives, the Department’s determination will allow Kaspersky to continue certain operations in the United States—including providing anti-virus signature updates and codebase updates—until 12:00AM Eastern Daylight Time (EDT) on September 29, 2024.
Individuals and businesses that utilize Kaspersky software are strongly encouraged to expeditiously transition to new vendors to limit exposure of personal or other sensitive data to malign actors due to a potential lack of cybersecurity coverage.
Additional information about this action and publicly available resources can be found on our website and Frequently Asked Questions page.
Office overview and responsibilities
The ICTS program implements four Executive Orders (EOs) and its related regulations under the International Emergency Economic Powers Act (IEEPA):”
EO 13873, “Securing the Information and Communications Technology and Services Supply Chain,” (May 15, 2019) delegated to the Secretary of Commerce broad authority to prohibit or impose mitigation measures on any ICTS Transaction subject to United States jurisdiction that poses undue or unacceptable risks to the United States.
15 C.F.R. Part 791, “Securing the Information and Communications Technology and Services Supply Chain“ is the implementing regulation for EO 13873 and establishes the scope of an ICTS Transaction and creates a process for reviewing ICTS Transactions the Department or other agencies (through referrals) believe may pose an undue or unacceptable risk. The Department can, on its own accord or upon referral, investigate ICTS Transactions. Ultimately, the Secretary can prohibit or mitigate ICTS Transactions if those transactions pose one of the three risks outlined in EO 13873.
EO 13984, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” directs the Secretary of Commerce to propose rules to address malicious cyber actors’ use of Infrastructure as a Service (IaaS), by proposing “know your customer” (KYC) requirements.
EO 14034, “Protecting Americans’ Sensitive Data from Foreign Adversaries” (June 11, 2021) builds upon EO 13873 to address threats posed by connected software applications linked to foreign adversaries.
2024 Technology Prioritization
The Office of Information and Communications Technology and Services (OICTS) has come up with 2024 Technology Prioritization Table based on supply chain transactions posed risks to the security and safety of United States persons. The prioritization table shows ICTS supply chain tracks and its priorities.
Office leadership
Elizabeth Cannon
Executive Director for Information and Communications Technology and Services
Evan Broderick
Deputy Director for Information and Communications Technology and Services
Virginia Clark
Chief of Staff
Contact us
For general inquiries to OICTS, please email: [email protected]
To report a tip on potential violations of OICTS regulations, please email: [email protected]