Cyber Deterrence and Response Act of 2025
- Bill Number
- H.R. 6309
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- International Affairs
- Status
- Introduced
- Latest Action
- 2025-11-25: Referred to the Committee on Foreign Affairs, and in addition to the Committees on Financial Services, Oversight and Government Reform, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- Last Updated
- 2025-12-11T15:12:40Z
AI-Generated Summary
Cyber Deterrence and Response Act of 2025 (H.R. 6309)
Purpose This legislation establishes a framework for designating and sanctioning foreign persons and agencies or instrumentalities of foreign states involved in state-sponsored cyber activities that threaten U.S. national security, foreign policy, or economic stability. It aims to deter such activities through targeted sanctions and promote coordinated attribution processes.
Key Provisions
- Designation Process: The President, acting through the National Cyber Director and in coordination with relevant agencies, must designate as "critical cyber threat actors" any foreign persons or state agencies knowingly responsible for or complicit in cyber activities that cause significant disruptions to computers, critical infrastructure, financial systems, elections, or result in misappropriation of data or trade secrets.
- National Attribution Framework: Requires development within 180 days of a uniform, criteria-based process for attributing state-sponsored cyber activities, including evidentiary standards, confidence levels, consideration of private sector intelligence, coordination with allies, and timelines for determinations.
- Sanctions:
- Non-travel sanctions include withdrawal of U.S. development and security assistance, opposition to international loans, prohibitions on securities transactions, export controls, blocking of property under the International Emergency Economic Powers Act (IEEPA), and restrictions on financial transfers.
- Travel sanctions prohibit admission, visas, or parole for designated individuals, with mandatory revocation of existing visas.
- Additional sanctions may apply to governments of countries that aid, abet, or direct designated actors, including restrictions on munitions exports and intrusion software.
- Exemptions, Waivers, and Removals: Mandatory exemptions for U.S. intelligence activities; case-by-case waivers for national interest, law enforcement, or humanitarian reasons; and procedures for removing designations when conduct ceases.
- Coordination and Implementation: Actions should be coordinated with allies; the President may exercise IEEPA authorities for implementation.
Significant Changes to Existing Law The bill introduces a new, specific sanctions regime for cyber threats, distinct from general authorities under IEEPA or the Export Administration Regulations. It mandates creation of a National Attribution Framework to standardize attribution determinations and requires reporting to Congress within seven days of designations. It also expands sanctions options to cover cyber-specific activities like election interference and data misappropriation, while providing structured waiver and removal mechanisms not uniformly present in prior cyber-related executive actions.
Potential Impacts
- Government Agencies: Increases responsibilities for the National Cyber Director, Department of Homeland Security, Department of Defense, Department of State, and intelligence community in attribution, designation, and coordination; may require new interagency processes and reporting.
- Citizens: Primarily affects U.S. persons and entities through compliance requirements for sanctions (e.g., prohibitions on transactions or exports); indirect effects on businesses in critical infrastructure sectors due to enhanced deterrence of foreign threats.
- International Relations: Could lead to diplomatic tensions with designated countries or entities; encourages voluntary international cooperation on cyber attribution and response, potentially strengthening alliances while limiting U.S. assistance or exports to sanctioned nations.
Main Stakeholders Affected
- Foreign persons, agencies, or instrumentalities of foreign states designated as critical cyber threat actors.
- Governments of countries determined to have aided such actors.
- U.S. federal agencies involved in cyber policy and sanctions enforcement.
- U.S. persons and financial institutions subject to transaction restrictions.
- International financial institutions and allies/partners engaged in coordinated responses.
- Entities in critical infrastructure sectors potentially benefiting from reduced threats.
Notable Legal, Constitutional, or Political Implications
- Legal: Relies on presidential authority under IEEPA and existing export control laws but adds cyber-specific triggers and a formal attribution process; includes due process elements via appeal procedures for certain sanctions and exemptions for intelligence activities.
- Constitutional: Designations and sanctions may raise questions regarding property rights and due process for affected foreign entities, though waivers and removal provisions provide flexibility; the United Nations Headquarters Agreement exemption addresses potential conflicts with international obligations.
- Political: Strengthens U.S. policy on cyber deterrence by formalizing sanctions responses; promotes bipartisan emphasis on protecting elections and critical infrastructure while balancing enforcement with national interest waivers.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Pfluger, August [R-TX-11]
Recent Actions
- 2025-11-25: Referred to the Committee on Foreign Affairs, and in addition to the Committees on Financial Services, Oversight and Government Reform, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-11-25: Referred to the Committee on Foreign Affairs, and in addition to the Committees on Financial Services, Oversight and Government Reform, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-11-25: Referred to the Committee on Foreign Affairs, and in addition to the Committees on Financial Services, Oversight and Government Reform, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-11-25: Referred to the Committee on Foreign Affairs, and in addition to the Committees on Financial Services, Oversight and Government Reform, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-11-25: Introduced in House
- 2025-11-25: Introduced in House
Bill Versions
- Cyber Deterrence and Response Act of 2025 — issued 2025-11-25 — PDF (24 pages)