Make Foreign Adversary Bills Smarter
A wave of legislation aimed at blocking foreign adversaries from state government contracts is sweeping across state legislatures. These bills seek to mitigate national security risk in government procurement, such as Maryland’s Board of Elections procuring election software from a Russian-owned company. While aiming at legitimate security issues, most of these bills fail to adequately mitigate risks or reduce dependence on supply chains linked to foreign adversaries.
A better approach would be for state lawmakers to pursue procurement transparency by requiring vendors to verify the origin of critical infrastructure technologies and imposing penalties for non-compliance. This strategy would expose foreign affiliations in supply chains and security goals without increasing costs or limiting access to critical technologies.
These bills echo other state and federal legislation on decoupling from federally designated "foreign adversaries," particularly China, which is prominent in global supply chains. They prohibit state contracts with companies tied to foreign adversaries, enforce strict ownership and control restrictions, and impose penalties on non-compliant vendors. The penalties include contract termination, multi-year bans from future state contracts, and fines up to $250,000 or triple the value of the contract.
Lawmakers’ concerns are justified. A 2023 report from the group China Tech Threat identified multiple state agencies that work on sensitive issues, such as Arizona’s Board of Fingerprinting and Georgia’s Bureau of Investigation, that have procured equipment from U.S. resellers of hardware from Chinese companies. By increasing transparency in procurement, states can reduce vulnerabilities in government IT networks and infrastructure.
However, the bills are flawed for three reasons. First, the bills are unfocused. State officials introducing these bills claim the bills’ primary goal is to mitigate cybersecurity risks from foreign adversary technology. Yet, some of the bills, including ones in Georgia and Texas, include language that requires vendors to verify they have no “concerned goods,” meaning components or services from a foreign country of concern, in their products. As a result, the bills encroach on a separate foreign policy issue: supply chain dependence on China.
Take Evoque Group LLC as an example: An office furniture small business that contracts to the Georgia state government and uses China-based suppliers that mass-produce the office chairs it sells. Penalizing vendors like Evoque Group LLC for sourcing from China-based suppliers does not create conditions for reshoring, nor is there substantive risk to U.S. national or economic security from the procurement of these types of consumer goods. Besides likely higher costs, the biggest impact to materialize from companies like Evoque Group LLC shifting their supply chains out of China would be to push China further towards its reliance on transshipment, whereby Chinese suppliers ship goods through intermediaries in third countries, resulting in an ultimately unchanged supply chain.
Second, the bills are unlikely to fully mitigate foreign adversaries’ potential to conduct espionage through government supply chains. Without robust mechanisms for evaluating supply chain security, enforcement could become more about compliance formalities than genuine risk reduction.
For example, a state government needing to procure laptops for sensitive work might find that brands like Lenovo, a company with ties to China’s government and military, are prohibited. Replacing Lenovo laptops that are widely used in government agencies would shift procurement to alternatives like the Taiwanese-owned ASUS. However, ASUS—along with other friendshored options—still assembles laptops in China, creating risk for hardware espionage that China has done in the past.
Third, the bills are too broad and risk limiting state government access to critical technologies. Some products have no cost-effective U.S.-made substitutes at scale, which can impact the government’s ability to do its job.
One example is drones: Policies restricting the Department of the Interior’s (DOI) ability to buy foreign-made drones have weakened DOI’s ability to conduct emergency operations. For technology like networking equipment that relies on global supply chains, blanket bans could make it harder for state agencies to procure necessary technology. Some of the proposed bills, including in Tennessee, Texas, and Arizona, include exceptions for two conditions: If there are no other reasonable options or if not procuring a specific good would pose a greater threat. However, these exceptions remain narrow and would likely require state oversight or justification.
How could lawmakers improve these bills? Georgia’s bill includes a worthwhile proposal for the Georgia Technology Authority to create an up-to-date list of technological components that pose a security threat. An approach that uses such a list to narrowly focus on mitigating surveillance threats from high-risk technologies in critical infrastructure would allow for a more dynamic, evidence-based approach rather than a one-size-fits-all ban.
However, state-level authorities may struggle to assess foreign ownership structures internally and may lack the budget to outsource this analysis. One solution would be for the National Governors Association to facilitate a formalized agreement with the Department of Homeland Security to collaborate on foreign ownership assessments.
Of the bills, Georgia’s is moving the fastest and is at the final stages of the legislative process. If Georgia’s—or other states’—bills become laws, contractors will face increased compliance burdens, critical state responsibilities may suffer due to delayed or inferior technological procurement, and state citizens may face higher costs.
In the rush to protect state infrastructure, lawmakers should balance security concerns with the realities of the globalized economy. Refining these bills to be more targeted and adaptable would lead to stronger long-term outcomes for state governance, national security, and the economy.
