[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6309 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 6309
To impose sanctions with respect to designated critical cyber threat
actors, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
November 25, 2025
Mr. Pfluger introduced the following bill; which was referred to the
Committee on Foreign Affairs, and in addition to the Committees on
Financial Services, Oversight and Government Reform, and the Judiciary,
for a period to be subsequently determined by the Speaker, in each case
for consideration of such provisions as fall within the jurisdiction of
the committee concerned
_______________________________________________________________________
A BILL
To impose sanctions with respect to designated critical cyber threat
actors, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Deterrence and Response Act of
2025''.
SEC. 2. ACTIONS TO ADDRESS STATE-SPONSORED CYBER ACTIVITIES AGAINST THE
UNITED STATES.
(a) Designation as a Critical Cyber Threat Actor.--
(1) In general.--The President, acting through the National
Cyber Director, and in coordination with the heads of other
relevant Federal departments and agencies, shall designate
pursuant to the National Attribution Framework under paragraph
(2) as a critical cyber threat actor--
(A) each foreign person and each agency or
instrumentality of a foreign state that the President
determines to be knowingly responsible for or complicit
in, or have engaged in, directly or indirectly, state-
sponsored cyber activities originating from, or
directed by persons located, in whole or in substantial
part, outside the United States that are reasonably
likely to result in, or have contributed to, a
significant threat to the national security, foreign
policy, or economic health or financial stability of
the United States and that have the purpose or effect
of--
(i) causing a significant disruption to the
availability of a computer or network of
computers;
(ii) harming, or otherwise significantly
compromising the provision of service by, a
computer or network of computers that support
one or more entities in a critical
infrastructure sector;
(iii) significantly compromising the
provision of services by one or more entities
in a critical infrastructure sector;
(iv) causing a significant misappropriation
of funds or economic resources, trade secrets,
personal identifiers, health or financial
information for commercial or competitive
advantage or private financial gain;
(v) destabilizing the financial sector of
the United States by tampering with, altering,
or causing a misappropriation of data;
(vi) causing a significant disruption to
the energy sector of the United States by
tampering with or altering data or equipment
necessary for the operation of the energy
sector in the United States; or
(vii) interfering with or undermining
election processes or government institutions
by tampering with, altering, or causing
misappropriation of data;
(B) each foreign person that the President has
determined to have knowingly, significantly, and
materially assisted, sponsored, or provided financial,
material, or technological support for, or goods or
services to or in support of, any activities described
in subparagraph (A) by a foreign person or agency or
instrumentality of a foreign state designated as a
critical cyber threat actor under subparagraph (A);
(C) each agency or instrumentality of a foreign
state that the President has determined to have
significantly and materially assisted, sponsored, or
provided financial, material, or technological support
for, or goods or services to or in support of, any
activities described in subparagraph (A) by a foreign
person or agency or instrumentality of a foreign state
designated as a critical cyber threat actor under
subparagraph (A); and
(D) any person determined by the President to be
responsible for or complicit in, or to have engaged in,
the receipt or use for commercial or competitive
advantage or private financial gain, or by a commercial
entity, outside the United States of data or
information, including trade secrets, misappropriated
through cyber-enabled means, knowing they have been
misappropriated, where the misappropriation of such
trade secrets is reasonably likely to result in, or has
materially contributed to, a significant threat to the
national security, foreign policy, or economic health
or financial stability of the United States or personal
safety of American citizens.
(2) National attribution framework.--Not later than 180
days after the date of the enactment of this Act, the Director,
in consultation with the Secretary of Homeland Security, the
Secretary of Defense, the Director of National Intelligence,
the Secretary of State, the Attorney General, and the head of
any other Federal agency the Director determines appropriate,
shall submit to the appropriate congressional committees a
framework, to be known as the ``National Attribution
Framework'' to carry out the following:
(A) Establish a uniform, criteria-based process for
evaluating and determining attribution of state-
sponsored cyber activities.
(B) Define technical, operational, and strategic
evidentiary standards, including thresholds for
reliability, corroboration, and technical verification,
that must be satisfied for such an attribution
determination.
(C) Require assessments based on the quality of
available evidence to assign a confidence level with
respect to such an attribution determination.
(D) Provide for the consideration of private sector
threat intelligence if such intelligence satisfies such
evidentiary standards.
(E) Establish procedures for coordination with
allied and partner countries, including regarding
processes for information sharing, validation of
evidence, and efforts to develop consistent public
attribution statements to enhance international
consensus relating to determining attribution of state-
sponsored cyber activities.
(F) Establish timelines and reporting thresholds to
ensure that attribution determinations are conducted
promptly after the detection of any state-sponsored
cyber activity.
(G) Ensure the National Attribution Framework is
consistent with the National Cyber Incident Response
Plan under section 2210 of the Homeland Security Act of
2002 (6 U.S.C. 660) and other relevant policies
governing cyber attribution and response processes of
the following:
(i) The Department of Homeland Security.
(ii) The Office of the National Cyber
Director.
(iii) The Department of Defense.
(iv) The Department of State.
(v) Any other appropriate Federal
department or agency.
(H) Ensure attribution determinations account for
exemptions, waivers, and removals described in
subsection (g), including mandatory exemptions for
United States intelligence activities and case-by-case
waivers granted in the national interest of the United
States, for law enforcement purposes, or for
humanitarian reasons.
(I) Establish procedures for the designation of a
foreign person and each agency or instrumentality of a
foreign state as a critical cyber threat actor under
paragraph (1) to provide for a reassignment of such
designation if the original designee is subject to an
exception described in subsection (g)(4) to the next
operationally responsible foreign person and each
agency or instrumentality of a foreign state materially
involved in the state-sponsored cyber activity at
issue.
(3) Transmission to congress.--Not later than seven
calendar days after designating a foreign person or agency or
instrumentality of a foreign state as a critical cyber threat
actor under paragraph (1), the President shall transmit to the
appropriate congressional committees in classified or
unclassified form a report identifying the designee.
(b) Non-Travel-Related Sanctions.--
(1) In general.--The President shall impose one or more of
the applicable sanctions described in paragraph (2) with
respect to each foreign person and each agency or
instrumentality of a foreign state designated as a critical
cyber threat actor under subsection (a).
(2) Sanctions described.--The sanctions described in this
paragraph are the following:
(A) The President may provide for the withdrawal,
limitation, or suspension of non-humanitarian United
States development assistance under chapter 1 of part I
of the Foreign Assistance Act of 1961 (22 U.S.C. 2151
et seq.).
(B) The President may provide for the withdrawal,
limitation, or suspension of United States security
assistance under part II of the Foreign Assistance Act
of 1961 (22 U.S.C. 2301 et seq.).
(C) The President may direct the United States
executive director to each international financial
institution to use the voice and vote of the United
States to oppose any loan from the international
financial institution that would benefit the designated
foreign person or the designated agency or
instrumentality of a foreign state.
(D) The President may direct the United States
International Development Finance Corporation, or any
other United States Government agency not to approve
the issuance of any (or a specified number of)
guarantees, insurance, extensions of credit, or
participation in the extension of credit.
(E) The President may, pursuant to such regulations
or guidelines as the President may prescribe, prohibit
any United States person from purchasing or selling any
publicly traded securities, or any publicly traded
securities that are derivative of such securities or
are designed to provide investment exposure to such
securities or investing in or purchasing significant
amounts of equity or debt instruments of the designated
foreign person.
(F) The President may, pursuant to procedures the
President shall prescribe, which shall include the
opportunity to appeal actions under this subparagraph,
prohibit any United States agency or instrumentality
from procuring, or entering into any contract for the
procurement of, any goods, technology, or services, or
classes of goods, technology, or services, from the
designated foreign person or the designated agency or
instrumentality of a foreign state.
(G) The President may terminate--
(i) sales to that country under the Arms
Export Control Act (22 U.S.C. 2751 et seq.) of
any defense articles, defense services, or
design and construction services; and
(ii) sales to that country of any item on
the United States Munitions List maintained
pursuant to part 121 of title 22, Code of
Federal Regulations.
(H) The President may prohibit the entity and, when
acting for or on the entity's behalf, its successors,
assigns, directors, officers, employees,
representatives, or agents, from directly or indirectly
participating in transactions involving any commodity,
software, or technology subject to United States
jurisdiction under the Export Administration
Regulations (``EAR'') or any other activity subject to
the EAR, including--
(i) applying for, obtaining, or using any
license, license exception, or export control
document;
(ii) carrying out negotiations concerning,
ordering, buying, receiving, using, selling,
delivering, storing, disposing of, forwarding,
transporting, financing, or servicing in any
way any item exported or to be exported from
the United States that is subject to the EAR;
and
(iii) benefitting in any way from any
transaction involving any item exported or to
be exported from the United States that is
subject to the EAR.
(I) The President may prohibit any person, whether
a United States or non-United States person, from
engaging in the following activities, either directly
or indirectly, with the entity:
(i) Exporting or reexporting to or on
behalf of the entity any item subject to the
EAR.
(ii) Facilitating the acquisition or
attempted acquisition by the entity of the
ownership, possession, or control of any item
subject to the EAR that has been or will be
exported from the United States, including
financing or other support activities related
to a transaction whereby the entity acquires or
attempts to acquire such ownership, possession
or control.
(iii) Acquiring from or facilitating the
acquisition or attempted acquisition from the
entity or any item subject to the EAR that has
been exported from the United States.
(iv) Obtaining from the entity in the
United States any item subject to the EAR with
knowledge or reason to know that the item will
be, or is intended to be, exported from the
United States.
(v) Engaging in any transaction to service
any item subject to the EAR that has been or
will be exported from the United States and
which is owned, possessed, or controlled by the
entity if such service involves the use of any
item subject to the EAR that has been or will
be exported from the United States (for
purposes of this paragraph ``service'' means
installation, maintenance, repair,
modification, or testing).
(J)(i) The President may exercise all of the powers
granted to the President under the International
Emergency Economic Powers Act (50 U.S.C. 1701 et seq.)
(except that the requirements of section 202 of such
Act (50 U.S.C. 1701) shall not apply) to the extent
necessary to block and prohibit all transactions in
property and interests in property of the designated
foreign person if such property and interests in
property are in the United States, come within the
United States, or are or come within the possession or
control of a United States person.
(ii) The penalties provided for in subsections (b)
and (c) of section 206 of the International Emergency
Economic Powers Act (50 U.S.C. 1705) shall apply to a
person that violates, attempts to violate, conspires to
violate, or causes a violation of regulations
prescribed under clause (i) to the same extent that
such penalties apply to a person that commits an
unlawful act described in subsection (a) of such
section 206.
(K) The President may, pursuant to such regulations
as the President may prescribe, prohibit any transfers
of credit or payments between one or more financial
institutions or by, through, or to any financial
institution, to the extent that such transfers or
payments are subject to the jurisdiction of the United
States and involve any interest of the designated
foreign person.
(c) Travel-Related Sanctions.--
(1) Aliens ineligible for visas, admission, or parole.--An
alien who is designated as a critical cyber threat actor under
subsection (a) is--
(A) inadmissible to the United States;
(B) ineligible to receive a visa or other
documentation to enter the United States; and
(C) otherwise ineligible to be admitted or paroled
into the United States or to receive any other benefit
under the Immigration and Nationality Act (8 U.S.C.
1101 et seq.).
(2) Current visas revoked.--The issuing consular officer,
the Secretary of State, or the Secretary of Homeland Security
(or a designee of either such Secretaries) shall revoke any
visa or other entry documentation issued to the foreign person
designated as a critical cyber threat actor under subsection
(a) regardless of when issued. A revocation under this clause
shall take effect immediately and shall automatically cancel
any other valid visa or entry documentation that is in the
possession of such foreign person.
(d) Additional Sanctions With Respect to Foreign Countries.--
(1) In general.--The President may impose any of the
sanctions described in paragraph (2) with respect to the
government of each country that the President has determined
aided, abetted, or directed a foreign person or agency or
instrumentality of a foreign state designated as a critical
cyber threat actor under subsection (a).
(2) Sanctions described.--The sanctions referred to in
paragraph (1) are the following:
(A) The President may provide for the withdrawal,
limitation, or suspension of non-humanitarian or non-
trade-related assistance United States development
assistance under chapter 1 of part I of the Foreign
Assistance Act of 1961 (22 U.S.C. 2151 et seq.).
(B) The President may provide for the withdrawal,
limitation, or suspension of United States security
assistance under part II of the Foreign Assistance Act
of 1961 (22 U.S.C. 2301 et seq.).
(C) The President may instruct the United States
Executive Director to each appropriate international
financial institution to oppose, and vote against the
extension by such institution of any loan or financial
assistance to the government of the country.
(D) No item on the United States Munitions List
(maintained pursuant to part 121 of title 22, Code of
Federal Regulations) or the Commerce Control List set
forth in Supplement No. 1 to part 774 of title 15, Code
of Federal Regulations, may be exported to the
government of the country or any entity under its
influence, control, or ownership.
(E)(i) No intrusion software or IP network
communications surveillance systems or related items
that are subject to the Export Administration
Regulations, whether or not enumerated on the Commerce
Control List, may be exported, reexported, or
transferred, directly or indirectly, to the government
of the country or any entity under its influence,
control, or ownership.
(ii) For purposes of this subparagraph, the terms
``intrusion software'' and ``IP network
communications'' mean any--
(I) systems, equipment, or components
specially designed for the generation,
operation or delivery of, or communication
with, with intrusion software;
(II) software specially designed or
modified for the development or production of
such systems, equipment or components;
(III) software specially designed for the
generation, operation or delivery of, or
communication with, intrusion software;
technology required for the development of
intrusion software; and
(IV) internet protocol network
communications surveillance systems or
equipment and test, inspection, production
equipment, specially designed components
therefor, and development and production
software and technology therefor.
(e) Implementation.--The President may exercise all authorities
provided under sections 203 and 205 of the International Emergency
Economic Powers Act (50 U.S.C. 1702 and 1704) to carry out this
section.
(f) Coordination.--To the extent practicable--
(1) actions taken by the President pursuant to this section
should be coordinated with United States allies and partners;
and
(2) the Secretary of State should work with United States
allies and partners, on a voluntary basis, to lead an
international diplomatic initiative to--
(A) deter critical cyber threat actors and state-
sponsored cyber activities; and
(B) provide mutual support to such allies and
partners participating in such initiative to respond to
such state-sponsored cyber activities.
(g) Exemptions, Waivers, and Removals of Sanctions and
Designations.--
(1) Mandatory exemptions.--Activities subject to the
reporting requirements of title V of the National Security Act
of 1947 (50 U.S.C. 413 et seq.), and any authorized
intelligence activities of the United States, shall be exempt
from the imposition of sanctions under this section.
(2) Waiver.--The President may waive, on a case-by-case
basis, the imposition of sanctions described in this section
for a period of not more than one year, and may renew such
waiver for additional periods of not more than one year, if the
President transmits to the appropriate congressional committees
a written determination that such waiver meets one or more of
the following requirements:
(A) Such waiver is in the national interests of the
United States.
(B) Such waiver will further the enforcement of
this Act or is for an important law enforcement
purpose.
(C) Such waiver is for an important humanitarian
purpose.
(3) Removals of sanctions and designations.--The President
may prescribe rules and regulations for the removal of
sanctions under subsections (b), (c), and (d) and the removal
of designations under subsection (a) if the President
determines that a foreign person, agency or instrumentality of
a foreign state, or government of a country subject to such
sanctions or such designations, as the case may be, has
verifiably ceased its participation in any of the conduct with
respect to which such foreign person, agency or instrumentality
of a foreign state, or government was subject to such sanctions
or designation, as the case may be, under this section, and has
given assurances that such foreign person, agency or
instrumentality of a foreign state, or government, as the case
may be, will no longer participate in such conduct.
(4) Exception to comply with united nations headquarters
agreement.--Sanctions under subsection (c) shall not apply to a
foreign person if admitting such foreign person into the United
States is necessary to permit the United States to comply with
the Agreement regarding the Headquarters of the United Nations,
signed at Lake Success June 26, 1947, and entered into force
November 21, 1947, between the United Nations and the United
States, or other applicable international obligations.
(h) Rule of Construction.--Nothing in this section may be construed
to limit the authority of the President under the International
Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) or any other
provision of law to impose sanctions to address critical cyber threat
actors and malicious state-sponsored cyber activities.
(i) Definitions.--In this section:
(1) Admitted; alien.--The terms ``admitted'' and ``alien''
have the meanings given such terms in section 101 of the
Immigration and Nationality Act (8 U.S.C. 1101).
(2) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the Committee on Foreign Affairs, the Committee
on Financial Services, the Committee on the Judiciary,
the Committee on Oversight and Reform, and the
Committee on Homeland Security of the House of
Representatives; and
(B) the Committee on Foreign Relations, the
Committee on Banking, Housing, and Urban Affairs, the
Committee on the Judiciary, and the Committee on
Homeland Security and Governmental Affairs of the
Senate.
(3) Agency or instrumentality of a foreign state.--The term
``agency or instrumentality of a foreign state'' has the
meaning given such term in section 1603(b) of title 28, United
States Code.
(4) Critical infrastructure sector.--The term ``critical
infrastructure sector'' means any of the designated critical
infrastructure sectors identified in the Presidential Policy
Directive entitled ``Critical Infrastructure Security and
Resilience'', numbered 21, and dated February 12, 2013.
(5) Director.--The term ``Director'' means the National
Cyber Director.
(6) Foreign person.--The term ``foreign person'' means a
person that is not a United States person.
(7) Foreign state.--The term ``foreign state'' has the
meaning given such term in section 1603(a) of title 28, United
States Code.
(8) Knowingly.--The term ``knowingly'', with respect to
conduct, a circumstance, or a result, means that a person has
actual knowledge, or should have known, of the conduct, the
circumstance, or the result.
(9) Misappropriation.--The term ``misappropriation'' means
taking or obtaining by improper means, without permission or
consent, or under false pretenses.
(10) State-sponsored cyber activities.--The term ``state-
sponsored cyber activities'' means any malicious cyber-enabled
activities that--
(A) are carried out by a government of a foreign
country or an agency or instrumentality of a foreign
state; or
(B) are carried out by a foreign person that is
aided, abetted, or directed by a government of a
foreign country or an agency or instrumentality of a
foreign state.
(11) United states person.--The term ``United States
person'' means--
(A) a United States citizen or an alien lawfully
admitted for permanent residence to the United States;
or
(B) an entity organized under the laws of the
United States or of any jurisdiction within the United
States, including a foreign branch of such an entity.
<all>