The bill directs the Federal Communications Commission to stand up — within 90 days — a council to advise on strengthening the security, reliability, and interoperability of communications networks. The Chair appoints members, the council must include industry, public-interest/academic, and federal/state/local/Tribal government representatives, and the Chair can exclude entities deemed "not trusted."
The council must produce reports (including working-group reports) every two years that the FCC must post publicly, and the statute exempts the council from the automatic-termination rule that otherwise applies to advisory committees. For professionals, the bill creates a permanent, centralized venue for regulatory recommendations while giving the FCC Chair broad authority to shape membership on national-security grounds — a dynamic that will affect vendors, network operators, and state/local/Tribal officials who want a seat at the table.
At a Glance
What It Does
The bill requires the FCC to establish (or designate and modify) an advisory council within 90 days to develop recommendations on communications network security, reliability, and interoperability; the Chair appoints members and may bar entities judged "not trusted." It mandates biennial reports and public posting and removes the council from the automatic advisory-committee termination rule.
Who It Affects
The council directly affects communications vendors and network operators (as potential members or subjects of recommendations), public-interest groups and academics (as named membership categories), and federal, State, local, and Tribal governments (each guaranteed representation). The FCC itself takes on a continuing advisory-management role.
Why It Matters
This creates a standing, cross-jurisdictional vehicle for technical and policy recommendations that can shape FCC rulemaking and industry practices while formalizing the Chair's power to exclude entities on national-security grounds — a precedent for vetting advisory participation based on supply-chain risk criteria.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
Within 90 days of enactment, the FCC must either create a new council or designate an existing advisory committee to provide advice on improving communications network security, reliability, and interoperability. If the agency reuses an existing committee, it must adjust that committee's membership to meet the new law's composition requirements.
The Chair of the FCC makes all appointments.
Membership is structured to include three broad categories: communications-industry representatives (unless the Chair deems a particular company "not trusted"), public-interest organizations and academics (also subject to the "not trusted" exclusion), and government representatives with at least one seat each for federal, State, local, and Tribal governments. Members must have relevant expertise and serve two-year terms; vacancy appointments last only the remainder of the term, and members may continue in office until successors are in place.
The council must adopt reports and working-group reports and submit each adopted report to the FCC Chair every two years; the FCC must publish those reports on its website. The statute also removes the council from the specific statutory automatic-termination provision that would otherwise require periodic sunsetting of advisory committees, effectively making the council a continuing body unless otherwise changed by law.
The statute defines "not trusted" to include entities publicly determined by the Chair to be owned, controlled by, or subject to influence of a foreign adversary, or those otherwise judged to pose a national security threat; for the latter, the Chair must use the criteria laid out in section 2(c)(1)-(4) of the Secure and Trusted Communications Networks Act of 2019. That cross-reference imports supply-chain risk factors into membership vetting.
Taken together, the bill establishes a permanent, Chair-led advisory forum focused on technical and governance recommendations while giving the Chair explicit national-security authority to exclude participants.
The Five Things You Need to Know
The FCC must establish or designate the council within 90 days of enactment.
The Chair appoints all members and may exclude any company, public-interest organization, or academic institution the Chair publicly determines is "not trusted.", The council must include representatives from industry, public-interest/academic communities, and at least one representative each for Federal, State, local, and Tribal governments.
The council must submit every two years all reports adopted by the council and its working groups to the Chair, and the FCC must post those reports on its website.
The council is exempted from the automatic-termination provision in 5 U.S.C. 1013(a)(2), removing the statutory sunset that normally applies to advisory committees.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Names the statute the "Communications Security Act." This is purely stylistic but signals the focus for agency implementation — security, reliability, and interoperability — which will shape how the FCC frames the council's charter and priorities.
Establish or designate council (90-day deadline)
Requires the FCC to either create a new council or designate an existing advisory committee to serve the same purpose within 90 days. If an existing committee is designated but its membership doesn't match the new statutory composition, the FCC must modify the membership. Practically, agencies will need to assess current committees' charters and membership rosters quickly and document changes to meet the tight statutory timetable.
Membership rules, terms, and Chair appointment power
Gives the FCC Chair unilateral appointment authority and prescribes three membership categories: industry, public-interest/academic, and government reps (with at least one each for Federal, State, local, and Tribal). Members must have relevant expertise and serve two-year terms, with standard vacancy and holdover rules. Critically, the Chair can exclude entities judged "not trusted," creating a gatekeeping role that will determine who gets access to the council's deliberations.
Biennial reporting and public posting
Obligates the council to submit every two years all reports it adopted during the prior period, including working-group reports, to the Chair. It further requires the FCC to post those reports on its public website. The provision makes the council's output part of the public record, which agencies, industry, and state/local actors can cite — but the biennial cadence may limit the speed at which the council influences rapidly moving security issues.
Exemption from automatic advisory-committee termination
States that 5 U.S.C. 1013(a)(2) shall not apply to the council. That provision ordinarily imposes statutory termination or reauthorization requirements for advisory committees; exempting the council removes that automatic sunset, making it a continuing advisory body unless Congress or the FCC acts otherwise. This creates long-term continuity but also places a permanent administrative duty on the FCC.
Key definitions and the "not trusted" standard
Defines "Chair," "Commission," and "council," and sets a two-part definition for "not trusted": (A) public determination that the entity is owned/controlled by or subject to influence by a foreign adversary, or (B) a Chair determination it poses a national-security threat. For (B), the Chair must use criteria from the Secure and Trusted Communications Networks Act of 2019 (47 U.S.C. 1601(c)(1)-(4)). By importing those statutory criteria, the bill ties membership vetting to established supply-chain risk factors rather than leaving the standard purely open-ended.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- FCC — Gains a permanent, structured advisory channel for cross-disciplinary recommendations and a public repository of council reports the agency can cite in rulemaking or enforcement.
- State, local, and Tribal governments — Receive guaranteed representation and a forum to surface jurisdictional interoperability and emergency-communications issues directly to a federal advisory body.
- Network operators and major communications providers — Obtain a predictable venue to coordinate on technical standards and reliability best practices and to influence FCC guidance that affects deployments.
Who Bears the Cost
- Companies deemed "not trusted" — Face exclusion from the advisory process and potential reputational or business impacts when the Chair publicly identifies them as a national-security risk.
- FCC staff and budget — Must stand up and sustain the council, manage appointments, red-team the "not trusted" determinations, and host/maintain public reports, creating ongoing administrative work and possible unfunded costs.
- Participating organizations (industry, NGOs, academics) — Must allocate staff time to serve on the council and working groups and may incur compliance or implementation costs if the council's recommendations prompt new technical or procurement requirements.
Key Issues
The Core Tension
The bill must reconcile two legitimate goals that pull in opposite directions: protecting national security by excluding risky actors from sensitive policy discussions, and preserving an inclusive, expert-driven advisory process that draws on the full range of technical talent — including vendors and foreign-affiliated researchers — whose input can be essential to secure, interoperable networks. The Chair's exclusion power solves one problem (security) but risks narrowing expertise and politicizing membership (access).
The bill vests substantial gatekeeping authority in the FCC Chair. Allowing the Chair to exclude members on a "not trusted" basis — including by public determination that an entity is owned or influenced by a foreign adversary or otherwise poses a national-security threat — raises due-process and transparency questions: the statute requires public determination in one clause but otherwise leaves the process for (B) to the Chair, albeit constrained by cross-referenced criteria.
That mix of public-facing labels and administrative discretion can chill participation, complicate vendor relationships, and invite legal challenges over criteria and evidence used for exclusion.
Another implementation tension is speed versus deliberation. The council's biennial reporting cycle and two-year member terms support continuity and in-depth work but may be too slow for urgent cybersecurity incidents or fast-moving supply-chain risks.
Exempting the council from the statutory automatic-termination rule removes a periodic congressional check and creates institutional permanence; that reduces near-term renewal burdens but raises questions about oversight, budgetary obligations, and how to sunset or reform the body if it becomes captured or ineffective. Finally, by importing the Secure and Trusted Communications Networks Act's criteria, the bill anchors membership vetting in a specific supply-chain framework — useful for consistency but also limiting if future threat models fall outside those enumerated criteria.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.