Countering CCP Act
- Bill Number
- S. 4939
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 2
- Status
- Introduced
- Latest Action
- 2026-06-24: Read twice and referred to the Committee on Health, Education, Labor, and Pensions.
- Last Updated
- 2026-07-07T05:08:21Z
AI-Generated Summary
Summary of S. 4939: Countering Chinese Cyberthreats for Patients Act (Countering CCP Act)
Purpose
This legislation directs the Secretary of Health and Human Services, through the Food and Drug Administration (FDA), to examine certain medical devices made in the People's Republic of China for cybersecurity risks. It aims to protect patient data and device security by allowing recalls where risks are found or required information is not provided.
Key Provisions
- Device Review Process: The FDA, working with the Cybersecurity and Infrastructure Security Agency (CISA), must review "covered devices"—defined as networked medical devices (those connectable to the internet) cleared, approved, or exempted by the FDA on or before March 28, 2023, from manufacturers headquartered in, owned by, or controlled by China.
- Information Requests: Within 180 days of enactment, the FDA must request details from manufacturers, including a software bill of materials (listing all software components), data storage locations, and other information to assess cybersecurity and ensure patient data is not held in China-controlled systems.
- Recall Authority:
- If a device poses a cybersecurity risk (threats from unauthorized access or disruption), the FDA can order manufacturers, importers, distributors, or retailers to stop distribution, notify health professionals and facilities to stop use, and alert affected individuals.
- Failure to provide requested information triggers a similar recall order.
- The FDA may exempt a device from recall if it would cause a patient health shortage.
- Congressional Report: Within 2 years, the FDA and CISA must report on U.S. device industry cyber preparedness, Chinese manufacturers' market share in the U.S., data security practices, and recommendations to improve security.
- Definitions: Clarifies terms like "covered manufacturer" (excluding some with operations in China but not otherwise controlled by it) and "cybersecurity risk" (focusing on unauthorized access or system disruption).
Significant Changes to Existing Law
This bill adds new authority for the FDA to conduct origin-specific cybersecurity reviews and issue recalls for medical devices, expanding beyond standard FDA oversight under the Federal Food, Drug, and Cosmetic Act. It introduces requirements tied to manufacturer location or control by China, which do not exist in current device regulation for cybersecurity.
Potential Impacts
- Government Agencies: Increases workload for the FDA and CISA in reviews, information gathering, and possible enforcement actions.
- Citizens: May affect patients relying on these devices by potentially removing them from use, while aiming to reduce risks of data breaches or device tampering.
- International Relations: Could strain U.S.-China trade ties by targeting devices from Chinese manufacturers, possibly prompting responses from China or affecting global supply chains.
Main Stakeholders Affected
- Manufacturers headquartered in or controlled by China.
- U.S. healthcare providers, hospitals, and device users.
- The FDA and CISA.
- Importers, distributors, and retailers of affected devices.
- Congressional committees overseeing health and homeland security.
Notable Legal, Constitutional, or Political Implications
The bill raises questions about due process for manufacturers facing recalls without prior hearings and potential challenges under international trade agreements. It highlights national security priorities in healthcare technology but could face legal scrutiny regarding selective enforcement based on foreign origin.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Recent Actions
- 2026-06-24: Read twice and referred to the Committee on Health, Education, Labor, and Pensions.
- 2026-06-24: Introduced in Senate
Bill Versions
- Countering Chinese Cyberthreats for Patients Act — issued 2026-06-24 — PDF (8 pages)