S-4486 : Still Just a Bill

The Defense Technology Report Parity Act, also known as S.4486, seeks to enhance transparency concerning individuals working in the People's Republic of China (PRC) who are employed by entities contracting with the U.S. Department of Defense. Key provisions include:

• Disclosure Requirements: Covered companies must disclose whether they have employees performing work in the PRC and whether the Chinese government has requested or acquired data from them under PRC laws like the National Intelligence Law of China.
• Software Vulnerability Reporting: Companies providing commercial or noncommercial computer software services must disclose their processes for reporting software vulnerabilities to Chinese authorities. They must also provide information on how U.S. affiliates are notified of these vulnerabilities.
• Regulatory Revision: The Secretary of Defense will revise the Defense Federal Acquisition Regulation Supplement to ensure that companies are notified of software vulnerabilities by affiliated Chinese entities within 48 hours of reporting to Chinese authorities. These companies must also retain and provide the Department of Defense with information regarding any software vulnerabilities reported to Chinese authorities.
• Definition Clarification: The legislation clarifies that a "covered company" is a contractor offeror that conducts software development in the People's Republic of China.

In summary, this bill aims to strengthen oversight and transparency of companies with ties to the PRC, particularly concerning software development and data access, to safeguard U.S. national security interests.