SB3900 centralizes U.S. responsibility for promoting internet freedom in Iran under the Secretary of State, requires updates to existing strategies, and funds research, development, and rapid-deployment technologies to circumvent Iranian censorship. It extends and ups the authorized grants for Iran-focused internet-freedom programs, mandates interagency coordination (including with Defense, Commerce, Treasury, and the United States Agency for Global Media), and creates reporting obligations to Congress.
The bill also tightens accountability measures: it obligates the President to answer congressional inquiries about foreign persons who materially support Iranian rights abuses and requires a new strategy to expand Persian-language broadcasting and support for independent journalists. For practitioners, the measure creates procurement and grant opportunities for circumvention technology, adds compliance and reporting work for multiple agencies, and raises practical tensions between sanctions enforcement and enabling civilian access to communications tools in Iran.
At a Glance
What It Does
Designates the Secretary of State as the lead Federal official for internet-freedom programs in Iran, amends the Iran Threat Reduction and Syria Human Rights Act to add new strategy elements (VPNs, direct-to-cell, blackout circumvention), requires several reports to Congress, forms an interagency Working Group to develop deployable anti-censorship technologies, and extends grant funding.
Who It Affects
State, Defense, Treasury, Commerce, FCC, US Agency for Global Media (USAGM), and acquisition offices; technology vendors (satellite, VPN, mesh, portable comms); NGOs and contractors who run Iran-facing programs; Iranian journalists, activists, and civil-society users of digital-safety tools.
Why It Matters
The bill converts a policy preference into concrete agency duties, procurement pathways, and authorized funding—shifting responsibility for digital-circumvention strategy to State while requiring operational coordination with defense and acquisition authorities. That makes it a practical roadmap for vendors and implementers, and it tightens congressional oversight of sanctions-related decisions and information-access programming.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
SB3900 reassigns primary responsibility for Iran internet-freedom work to the Secretary of State and requires immediate, documented updates to existing strategy authorities. Those updates must evaluate VPNs and direct-to-cell satellite options, address how sanctions enforcement interacts with civilian access tools, and plan for circumventing full internet blackouts.
The bill attaches strict reporting timelines: the updated strategy and related reports must be delivered to key congressional committees in unclassified form (with a classified annex option) within specified windows after enactment.
The legislative text creates a formal interagency Working Group—drawing State, Defense, USAGM, and other agencies—tasked with accelerating low-cost, scalable technologies such as low-earth orbit satellite internet, mesh networks, portable communications, and other off-the-shelf solutions. The Working Group must work with the Federal Acquisition Institute to bake acquisition best practices into rapid procurement and deployment, and it must produce an annual public report to Congress on progress and obstacles.
The bill also increases the authorized minimum appropriation for the Iran Internet Freedom grant program (raising the floor to $20 million annually for fiscal years 2027–2030).On accountability, SB3900 requires the President to respond within a fixed period to congressional requests about whether a named foreign person provided material support to the Iranian regime’s human-rights abuses and to explain whether sanctions were imposed. The measure also directs State and USAGM to prepare a multi-element broadcasting strategy to expand reliable Persian-language broadcasts, support independent Iranian media, and propose performance metrics and a multi-year budget; the GAO must audit Near East Regional Democracy account expenditures for Iran for fiscal years 2024–2025.
Finally, the bill authorizes cybersecurity training and digital-safety tool distribution for Iranian civil society, requires quarterly aggregate metrics to Congress, and mandates a GAO evaluation after three years.
The Five Things You Need to Know
The bill designates the Secretary of State as the principal U.S. official for promoting internet freedom in Iran and coordinating related interagency efforts.
It amends the 2012 Iran Threat Reduction and Syria Human Rights Act to add examination of VPNs, direct-to-cell satellite technologies, and strategies for circumventing internet blackouts.
SB3900 raises the minimum authorized funding for the Iran Internet Freedom grant program to not less than $20 million per fiscal year for 2027–2030 (up from prior authorizations).
The bill creates an interagency Working Group to develop and rapidly procure low-cost, scalable anti-censorship technologies and requires collaboration with the Federal Acquisition Institute on acquisition strategies.
The President must, within 120 days of a written congressional request, determine whether a named foreign person provided material support for Iranian human-rights abuses and justify whether sanctions were imposed.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Findings and U.S. policy on internet access and human rights in Iran
This section lays out Congress’s factual premises and formal policy statements that animate the bill—recognizing the role of information access in supporting Iranian civil society and declaring U.S. support for uncensored communication and enforcement of sanctions against rights violators. Practically, these findings function as statutory direction shaping subsequent program priorities, metric choices, and the legal rationale for funding circumvention work and targeted sanctions.
Secretary of State as lead and direction to update existing strategy
Section 3 names the Secretary of State the lead Federal official and requires immediate updates to the 2012 strategy on internet freedom. The mechanics: State must consult Treasury, Commerce, and other agencies; it must add specific analysis of VPNs, direct-to-cell tech, and blackout circumvention; and it must review the strategy on an ongoing basis with the option of classified annexes. For implementers, this elevates State’s acquisition and program-management role and signals closer Treasury/Commerce coordination where export controls and sanctions could affect civilian access tools.
Reports, grant funding, and the Working Group for circumvention technology
This section requires an updated internet-freedom report (building on the FY2025 NDAA product) that covers direct-to-cell feasibility, drone and jamming impacts, and a survey of terrestrial and non-terrestrial providers. It increases the authorized floor for internet-freedom grants and establishes a cross-agency Working Group (State, Defense, USAGM, etc.) to accelerate R&D and rapid procurement of LEO satellite solutions, mesh networking, VPNs, and portable systems. The statute specifies collaboration with the Federal Acquisition Institute, annual reporting to appropriations and policy committees, and authorization of appropriations for 2027–2030—creating a clear line from policy to procurement and budgeting.
Congressional-requested determinations about support for human-rights violations
This provision creates a mandatory process by which the President must, within a set timeframe, determine whether a foreign person knowingly provided material support to the Iranian regime’s abuses and explain sanctions decisions to the relevant congressional leaders. The definition of sanctionable conduct points to existing authorities (the Iranian Human Rights Abuses Sanctions Regulations and Global Magnitsky), so the section tightens congressional oversight rather than creating a new sanctions regime, but it also imposes a predictable timeline and justification duty that can trigger further congressional follow-up.
Strategy to expand broadcasting and GAO review of NERD spending
Here the bill charges State and USAGM with a specific, deliverable strategy to boost Persian-language and Iranian-facing broadcasting—covering satellite, shortwave, digital circumvention, and journalist-support programs—and to produce metrics and a multi-year budget. It pairs that with a GAO audit of Near East Regional Democracy (NERD) expenditures for FY2024–2025, requiring line-item accounting, oversight process review, and recommendations for transparency and performance metrics; that combination tightens both program design and fiscal accountability for Iran-related media work.
Cybersecurity training, tools, and monitoring for Iranian civil society
Section 7 creates programs to deliver remote or in-person cybersecurity training, distribute vetted digital-safety tools (VPNs, E2E messaging), and provide multilingual guidance warning against regime-controlled apps and phishing. It mandates quarterly aggregate metrics to Congress on trainees and tool use, a GAO evaluation after three years, and authorizes appropriations for 2027–2030. Operationally, this places compliance obligations on implementers to track anonymized usage metrics and prepares the ground for longer-term performance evaluation.
This bill is one of many.
Codify tracks hundreds of bills on Foreign Affairs across all five countries.
Explore Foreign Affairs in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Iranian journalists, citizen reporters, and human-rights defenders — they receive training, secure communication tools, and expanded access to uncensored broadcasting that can reduce digital vulnerabilities and amplify independent reporting.
- Diaspora and independent Persian-language media organizations — the bill creates new funding streams, technical support, and coordination channels to expand audience reach and distribution resilience.
- U.S. vendors and researchers of circumvention technologies — authorized procurement pathways, pilot programs, and an interagency Working Group create demand and clearer acquisition routes for LEO satellite providers, mesh-network vendors, VPN providers, and portable-comms suppliers.
- Congressional oversight offices and watchdogs — the required reports, GAO audit, and mandatory presidential determinations give Congress clearer information and timelines to evaluate policy effectiveness and enforcement of sanctions.
Who Bears the Cost
- Department of State and USAGM — will absorb expanded program-management, interagency coordination, and reporting responsibilities, along with potential staffing and contract-management costs.
- Department of Defense and acquisition communities — must dedicate personnel and acquisition bandwidth to develop rapid-procurement pathways and technical testing work, potentially diverting resources from other programs.
- Commercial telecom and satellite firms — will face heightened due diligence, export-control questions, and reputational risk when supplying technology that could be dual-use or intercepted by the Iranian state.
- Grant recipients and NGO implementers — must meet new reporting and vetting requirements (quarterly metrics, vetting for recipients), possibly increasing compliance costs and administrative overhead.
Key Issues
The Core Tension
The central dilemma: accelerate and fund technologies and programs that enable Iranians to communicate freely while avoiding the creation or transfer of dual-use capabilities that could be misused or contravene sanctions—balancing speed and operational secrecy against legal constraints, oversight, and the safety of end users.
The bill locks in an operational approach that privileges rapid technology development and procurement to overcome censorship, but that approach collides with two practical limits. First, many of the most promising solutions—LEO satellite internet, direct-to-cell services, and portable comms—are dual-use.
They can support civilians but also be intercepted, co-opted, or weaponized, and their deployment may trigger Iranian countermeasures or regional escalation. Second, the statute demands tight coordination with Treasury and Commerce to avoid sanctions blocking civilian access; in practice, aligning export-control regimes, sanctions enforcement, and rapid procurement timelines is administratively complex and legally fraught.
Transparency and oversight are also in tension. The bill requires unclassified reports but preserves classified annexes—a reasonable compromise—yet reliance on classified annexes risks obscuring program limits from public and congressional scrutiny.
Finally, measuring impact inside a closed and hostile information environment is difficult: audience-reach metrics and anonymous tool-use statistics can provide only partial evidence of effectiveness, and those metrics create additional burdens for implementers who must protect user privacy while satisfying congressional reporting requirements.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.