[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9566 Enrolled Bill (ENR)]
H.R.9566
One Hundred Eighteenth Congress
of the
United States of America
AT THE SECOND SESSION
Begun and held at the City of Washington on Wednesday,
the third day of January, two thousand and twenty-four
An Act
To require governmentwide source code sharing, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Source code Harmonization And Reuse
in Information Technology Act'' or the ``SHARE IT Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Agency.--The term ``agency'' has the meaning given that
term in section 3502 of title 44, United States Code.
(2) Appropriate congressional committees.--The term
``appropriate congressional committees'' means the Committee on
Homeland Security and Governmental Affairs of the Senate and the
Committee on Oversight and Accountability of the House of
Representatives.
(3) Custom-developed code.--The term ``custom-developed
code''--
(A) means source code that is--
(i) produced in the performance of a contract with an
agency or is otherwise exclusively funded by the Federal
Government; or
(ii) developed by a Federal employee as part of the
official duties of the employee;
(B) includes--
(i) source code, or segregable portions of source code,
for which the Federal Government could obtain unlimited
rights under part 27 of the Federal Acquisition Regulation
or any relevant supplemental acquisition regulations of an
agency; and
(ii) source code written for a software project,
module, plugin, script, middleware, or application
programming interface; and
(C) does not include--
(i) source code that is solely exploratory or
disposable in nature, including source code written by a
developer experimenting with a new language or library; or
(ii) commercial computer software, commercial off-the-
shelf software, or configuration scripts for such software.
(4) Federal employee.--The term ``Federal employee'' has the
meaning given the term in section 2105(a) of title 5, United States
Code.
(5) Metadata.--The term ``metadata'', with respect to custom-
developed code--
(A) has the meaning given that term in section 3502 of
title 44, United States Code; and
(B) includes--
(i) information on whether the custom-developed code
was--
(I) produced pursuant to a contract; or
(II) shared in a public or private repository;
(ii) any contract number under which the custom-
developed code was produced; and
(iii) any hyperlink to the repository in such the code
was shared.
(6) Private repository.--The term ``private repository'' means
a software storage location--
(A) that contains source code, documentation, configuration
scripts, as appropriate, revision history, and other files; and
(B) access to which is restricted to only authorized users.
(7) Public repository.--The term ``public repository'' means a
software storage location--
(A) that contains source code, documentation, configuration
scripts, as appropriate, revision history, and other files; and
(B) access to which is open to the public.
(8) Software.--The term ``software'' has the meaning given the
term ``computer software'' in section 2.101 of title 48, Code of
Federal Regulations, or any successor regulation.
(9) Source code.--The term ``source code'' means a collection
of computer commands written in a computer programming language
that a computer can execute as a piece of software.
SEC. 3. SOFTWARE REUSE.
(a) Sharing.--Not later than 210 days after the date of enactment
of this Act, the head of each agency shall ensure that the custom-
developed code of the agency and other key technical components of the
code (including documentation, data models, schemas, metadata,
architecture designs, configuration scripts, and artifacts required to
develop, build, test, and deploy the code) of the code are--
(1) stored at not less than 1 public repository or private
repository;
(2) accessible to Federal employees via procedures developed
under subsection (d)(1)(A)(ii)(III); and
(3) owned by the agency.
(b) Software Reuse Rights in Procurement Contracts.--The head of an
agency that enters into a contract for the custom development of
software shall acquire and exercise rights sufficient to enable the
governmentwide access to, sharing of, use of, and modification of any
custom-developed code created in the development of such software.
(c) Discovery.--Not later than 210 days after the date of enactment
of this Act, the head of each agency shall make metadata created on or
after such date for the custom-developed code of the agency publicly
accessible.
(d) Accountability Mechanisms.--
(1) Agency cios.--Not later than 180 days after the date of
enactment of this Act, the Chief Information Officer of each
agency, in consultation with the Chief Acquisition Officer, or
similar official, of the agency and the Administrator of the Office
of Electronic Government, shall develop an agency-wide policy
that--
(A) implements the requirements of this Act, including--
(i) ensuring that custom-developed code follows the
best practices established by the Director of the Office
and Management and Budget under paragraph (3) for operating
repositories and version control systems to keep track of
changes and to facilitate collaboration among multiple
developers; and
(ii) managing the sharing of custom-developed code
under subsection (b), and the public accessibility of
metadata under subsection (c), including developing--
(I) procedures to determine whether any custom-
developed code meets the conditions under section 4(b)
for an exemption under this Act;
(II) procedures for making metadata for custom-
developed code publicly accessible pursuant to
subsection (c);
(III) procedures for Federal employees to gain
access to public repositories and private repositories
that contain custom developed source code; and
(IV) standardized reporting practices across the
agency to capture key information relating to a
contract under which custom-developed source code was
produced for reporting statistics about the contract;
and
(B) corrects or amends any policies of the agency that are
inconsistent with the requirements of this Act.
(2) Administrator of the office of electronic government.--
(A) Minimum standard reporting requirements.--Not later
than 120 days after the date of enactment of this Act, the
Administrator of the Office of Electronic Government shall
establish minimum standard reporting requirements for the Chief
Information Officers of agencies, which shall include
information relating to--
(i) measuring the frequency of reuse of code, including
access and modification under subsection (b);
(ii) whether the shared code is maintained;
(iii) whether there is a feedback mechanism for
improvements to or community development of the shared
code; and
(iv) the number and circumstances of all exemptions
granted under section 4(a)(2).
(B) Reporting requirement.--
(i) Requirement.--Not later than 1 year after the date
of the enactment of this Act, and annually thereafter, the
Administrator of the Office of Electronic Government shall
publish on a centralized website a report on the
implementation of this Act that includes--
(I) a complete list of all exemptions granted under
section 4(a)(2); and
(II) information showing whether each agency has
updated the acquisition and other policies of the
agency to be compliant with this Act.
(ii) Open government data asset.--The report under
clause (i) shall be maintained as an open Government data
asset (as defined in section 3502 of title 44, United
States Code).
(3) Guidance.--The Director of the Office of Management and
Budget shall issue guidance, consistent with the purpose of this
Act, that establishes best practices and uniform procedures across
agencies for the purposes of implementing this subsection.
SEC. 4. EXEMPTIONS.
(a) In General.--
(1) Automatic.--
(A) In general.--This Act shall not apply to classified
source code or source code developed primarily for use in a
national security system (as defined in section 11103 of title
40, United States Code).
(B) National security.--An exemption from the requirements
under section 3 shall apply to classified source code or source
code developed--
(i) primarily for use in a national security system (as
defined in section 11103 of title 40, United States Code);
or
(ii) by an agency, or part of an agency, that is an
element of the intelligence community (as defined in
section 3(4) of the National Security Act of 1947 (50
U.S.C. 3003(4)).
(C) Freedom of information act.--An exemption from the
requirements under section 3 shall apply to source code the
disclosure of which is exempt under section 552(b) of title 5,
United States Code (commonly known as the ``Freedom of
Information Act'').
(2) Discretionary.--
(A) Exemption and guidance.--
(i) In general.--The Chief Information Officer of an
agency, in consultation with the Federal Privacy Council,
or any successor thereto, may exempt from the requirements
of section 3 any source code for which a limited exemption
described in subparagraph (B) applies.
(ii) Guidance required.--The Federal Privacy Council
shall provide guidance to the Chief Information Officer of
each agency relating to the limited exemption described in
subparagraph (B)(ii) to ensure consistent application of
this paragraph across agencies.
(B) Limited exemptions.--The limited exemptions described
in this paragraph are the following:
(i) The head of the agency is prohibited from providing
the source code to another individual or entity under
another Federal law or regulation, including under--
(I) the Export Administration Regulations;
(II) the International Traffic in Arms Regulations;
(III) the regulations of the Transportation
Security Administration relating to the protection of
Sensitive Security Information; and
(IV) the Federal laws and regulations governing the
sharing of classified information not covered by the
exemption in paragraph (1).
(ii) The sharing or public accessibility of the source
code would create an identifiable risk to the privacy of an
individual.
(b) Reports Required.--
(1) Agency reporting.--Not later than December 31 of each year,
the Chief Information Officer of an agency shall submit to the
Administrator of the Office of Electronic Government a report of
the source code of the agency to which an exemption under paragraph
(1) or (2) of subsection (a) applied during the fiscal year ending
on September 30 of that year with a brief narrative justification
of each exemption.
(2) Annual report to congress.--Not later than 1 year after the
date of enactment of this Act, and annually thereafter, the
Administrator of the Office of Electronic Government shall submit
to the appropriate congressional committees a report on all
exemptions granted under paragraph (1) or (2) of subsection (a) by
each agency, including a compilation of all information, including
the narrative justification, relating to each such exemption.
(3) Form.--The reports under paragraphs (1) and (2) shall be
submitted in unclassified form, with a classified annex as
appropriate.
SEC. 5. GAO REPORT.
Not later than 2 years after the date of enactment of this Act, the
Comptroller General of the United States shall submit to Congress a
report that includes an assessment of the implementation of this Act.
SEC. 6. RULE OF CONSTRUCTION.
Nothing in this Act may be construed as requiring the disclosure of
information or records that are exempt from public disclosure under
section 552 of title 5, United States Code (commonly known as the
``Freedom of Information Act'').
SEC. 7. APPLICATION.
This Act shall apply to custom-developed code that is developed or
revised--
(1) by a Federal employee not less than 180 days after the date
of enactment of this Act; or
(2) under a contract awarded pursuant to a solicitation issued
not less than 180 days after the date of enactment of this Act.
SEC. 8. REVISION OF FEDERAL ACQUISITION REGULATION.
Not later than 1 year after the date of enactment of this Act, the
Federal Acquisition Regulation shall be revised as necessary to
implement the provisions of this Act.
SEC. 9. NO ADDITIONAL FUNDING.
No additional funds are authorized to be appropriated to carry out
this Act.
Speaker of the House of Representatives.
Vice President of the United States and
President of the Senate.