Last Monday, April 28, 2025, the House passed a bill titled Removing Our Unsecure Technologies to Ensure Reliability and Security (“ROUTERS”) Act (H.R. 866), which directs the Secretary of Commerce to study national security risks and cybersecurity vulnerabilities “posed by consumer routers, modems, and devices that combine a modem and router, that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the influence of a covered country.”  Similar to some other recent supply chain requirements imposed on federal contractors, the bill defines “covered countries” by reference to 10 U.S.C. 4872, which prohibits the acquisition of sensitive materials from North Korea, Russia, Iran, and China.

In his remarks on the House floor, Representative Bob Latta (R-OH), who co-sponsored the bill alongside Representative Robin Kelly (D-IL), stated that the ROUTERS Act aims to protect U.S. national security from Chinese Communist Party-sponsored attacks on communications networks.  Specifically, Representative Latta highlighted that various agencies had reported on “how some Chinese Communist Party-sponsored hackers have used [] vulnerabilities” in routers and modems to “launch attacks.”  Noting that “companies with ties” to the Chinese Communist Party could be forced to support Chinese intelligence activities, Representative Latta added that a study of routers and modems—which he characterized as “key” in communication networks—is critical for Congress to understand the “scope and risk” of any security threats posed by such technologies “produced by companies with ties to foreign adversaries.”  He further stated that the ROUTERS Act built upon “bipartisan efforts to remove untrusted equipment from [American] communication systems,” referring specifically to the 2019 Secure and Trusted Communications Networks Act (H.R. 4998), which prohibited the use of equipment from certain Chinese telecommunications companies in American networks.  Notably, the bill coincides with recently introduced legislation that would prohibit the use of adversarial technology in the U.S., such as the No DeepSeek on Government Devices Act (H.R. 1121).    

Although the ROUTERS Act’s likelihood of passage is unclear, if enacted, the Act would set the stage for additional future legislation similar to Congress’s 2019 ban of certain Chinese telecommunications systems, especially as the national security concerns underlying the ROUTERS Act and Secure and Trusted Communications Network Act continue to grow.  In this instance, government contractors can expect to face regulations and prohibitions similar to other supply chain rules that address information technology and cybersecurity risks from foreign adversaries.  We are monitoring such updates closely and will provide additional information as it becomes available.

Tags: congressional action, Cybersecurity, Government Contracts
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Moushmi Patil Moushmi Patil

Moushmi Patil represents government contractors across a range of industries and in all stages of the public procurement process. Her experience includes high-stakes litigation and corporate matters, as well as navigating regulatory compliance issues.

Moushmi routinely advises clients on the most complex regulatory…

Moushmi Patil represents government contractors across a range of industries and in all stages of the public procurement process. Her experience includes high-stakes litigation and corporate matters, as well as navigating regulatory compliance issues.

Moushmi routinely advises clients on the most complex regulatory challenges relating to the public procurement process. Her experience include litigating bid protests before the Court of Federal Claims and the Government Accountability Office, coordinating regulatory due diligence processes for large scale M&A transactions, and negotiating with government actors on government intellectual property and data rights matters. Moushmi also represents clients in connection with criminal and civil investigations by the U.S. Department of Justice, with a focus on matters arising under the False Claims Act.

In addition, Moushmi maintains an active pro bono practice focusing on indigent criminal defense and Freedom of Information Act requests and disclosures.

Read more about Moushmi PatilEmail
Show more Show less
Photo of August Gweon August Gweon

August Gweon counsels national and multinational companies on data privacy, cybersecurity, antitrust, and technology policy issues, including issues related to artificial intelligence and other emerging technologies. August leverages his experiences in AI and technology policy to help clients understand complex technology developments, risks…

August Gweon counsels national and multinational companies on data privacy, cybersecurity, antitrust, and technology policy issues, including issues related to artificial intelligence and other emerging technologies. August leverages his experiences in AI and technology policy to help clients understand complex technology developments, risks, and policy trends.

August regularly provides advice to clients on privacy and competition frameworks and AI regulations, with an increasing focus on U.S. state AI legislative developments and trends related to synthetic content, automated decision-making, and generative AI. He also assists clients in assessing federal and state privacy regulations like the California Privacy Rights Act, responding to government inquiries and investigations, and engaging in public policy discussions and rulemaking processes.

Read more about August GweonEmail
Show more Show less
Photo of Robert Huffman Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing…

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under the October 2023 AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice’s Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Read more about Robert HuffmanEmail
Show more Show less
Photo of Ryan Burnette Ryan Burnette

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain…

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain, artificial intelligence, and software development requirements.

Ryan also advises on Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) compliance, public policy matters, agency disputes, and government cost accounting, drawing on his prior experience in providing overall direction for the federal contracting system to offer insight on the practical implications of regulations. He has assisted industry clients with the resolution of complex civil and criminal investigations by the Department of Justice, and he regularly speaks and writes on government contracts, cybersecurity, national security, and emerging technology topics.

Ryan is especially experienced with:

Government cybersecurity standards, including the Federal Risk and Authorization Management Program (FedRAMP); DFARS 252.204-7012, DFARS 252.204-7020, and other agency cybersecurity requirements; National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171; and the Cybersecurity Maturity Model Certification (CMMC) program.
Software and artificial intelligence (AI) requirements, including federal secure software development frameworks and software security attestations; software bill of materials requirements; and current and forthcoming AI data disclosure, validation, and configuration requirements, including unique requirements that are applicable to the use of large language models (LLMs) and dual use foundation models.
Supply chain requirements, including Section 889 of the FY19 National Defense Authorization Act; restrictions on covered semiconductors and printed circuit boards; Information and Communications Technology and Services (ICTS) restrictions; and federal exclusionary authorities, such as matters relating to the Federal Acquisition Security Council (FASC).
Information handling, marking, and dissemination requirements, including those relating to Covered Defense Information (CDI) and Controlled Unclassified Information (CUI).
Federal Cost Accounting Standards and FAR Part 31 allocation and reimbursement requirements.

Prior to joining Covington, Ryan served in the Office of Federal Procurement Policy in the Executive Office of the President, where he focused on the development and implementation of government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.  While in government, Ryan helped develop several contracting-related Executive Orders, and worked with White House and agency officials on regulatory and policy matters affecting contractor disclosure and agency responsibility determinations, labor and employment issues, IT contracting, commercial item acquisitions, performance contracting, schedule contracting and interagency acquisitions, competition requirements, and suspension and debarment, among others.  Additionally, Ryan was selected to serve on a core team that led reform of security processes affecting federal background investigations for cleared federal employees and contractors in the wake of significant issues affecting the program.  These efforts resulted in the establishment of a semi-autonomous U.S. Government agency to conduct and manage background investigations.

Read more about Ryan BurnetteEmail
Show more Show less