There are unprecedented risks and opportunities emerging for companies in the energy sector as the Trump administration’s priorities start to come into focus. Many of those are well-known to the industry. Here’s one that’s not: the Information and Communications Technology and Services (ICTS) rules, administered by the Commerce Department’s Bureau of Industry and Security (BIS).

Below we answer some frequently asked questions about the ICTS rules for companies in the energy sector.

What are the ICTS rules?

It’s a very broad power that BIS has, stemming from Executive Order 13873, from President Trump’s first term, tasking the agency to address risks to U.S. national security posed by ICTS (i.e., essentially any product or technology with an information/data function) that is “designed, developed, manufactured or supplied by entities under the ownership or control of, or subject to the jurisdiction or direction of, a foreign adversary,” such as China.

It essentially allows BIS to regulate any communications/data product, technology, or service that has a link to China. For more on BIS’s ICTS regulations, see their website.

Why have I never heard of these rules?

In large part, that’s because BIS is just getting started rolling them out. Over the next few years, they’ll become widely known.

Isn’t it just Chinese companies that need to worry about this?

No. If your company uses any of the technologies that come within the crosshairs of the Office of Information and Communications Technology and Services (OICTS) within BIS, you may need to eliminate that, which is often a costly and disruptive process.

(Some companies may have already experienced this with Kaspersky cybersecurity and anti-virus software and services, which BIS banned last year.)

How will this impact the energy sector?

The 2024 Technology Prioritization table from OICTS, a regularly updated list of the government’s “most critical ICTS national security risk” areas that BIS will prioritize for regulation under the ICTS framework, lists “Energy Generation and Storage” as one of just a few “high” priority areas.

It will come as a surprise to many that energy generation and storage is listed in this table of national security priorities alongside more obviously sensitive areas like sensors, robotics, and semiconductors. What’s particularly telling is that some of the other “high” priority areas called out in the table are those that OICTS has: 1) already begun regulating, such as connected vehicles (see the website for that recently announced regulatory program); 2) announced a specific intention to regulate in the near future, such as cloud services (see this regulatory agenda item); or 3) has attempted to regulate in the recent past and will likely revisit in the future, such as computing infrastructure as a service (see this 2024 proposed rule).

So, the writing is on the wall for the energy sector.

What can be done now?

We’ve already laid out a bit of a strategic framework that can serve as a guide for certain types of companies on how to engage with the government on this. The best approach will be case-specific. U.S. companies will have the easiest time getting the government’s ear and having their concerns taken seriously.

In short, an ICTS strategy will involve trying to get as much insight as possible on what the government’s concerns are, and what they may target in an effort to resolve those concerns, and then trying to shape that targeting through mutually productive engagement that helps the government hone its approach to avoid being over-inclusive or otherwise doing more harm than good to U.S. interests.

On a parallel track, companies and industry groups should be looking at their dependencies on products and technologies that are linked in some way to China or other “adversaries” as part of a vulnerability/risk analysis.

What is the current state of play?

The priority track in the OICTS table where “energy generation and storage” is listed is based on “restatements of executive branch technology priorities,” such as the National Standards Strategy and the Critical and Emerging Technologies list. OICTS then considered factors like the “degree of maturity, commercialization, and foreign adversary investment” in finalizing and tiering its priorities.

The May 2023 National Standards Strategy lists a subset of critical and emerging technologies (CET) “that are essential for U.S. competitiveness and national security,” including “Clean Energy Generation and Storage,” which is described as “critical to the generation, storage, distribution, and climate-friendly and efficient utilization of energy, and to the security of the technologies that support energy-producing plants.” That’s pretty broad and could encompass most if not all of the electrical power industry as a whole.

The National Standards Strategy also lists “specific applications of CET” that have been determined to “impact our global economy and national security,” including “Carbon Capture, Removal, Utilization and Storage” and “Automated, Connected, and Electrified Transportation.” The latter is particularly telling, because, as noted above, there is already an ICTS regulatory program in place for connected vehicles. But this CET application list is broader, also covering vehicles’ “safe and efficient integration into smart communities and the transportation system as a whole, including standards to integrate EVs with the electrical grid and charging infrastructure.”

The February 2024 CET list update from the National Science and Technology Council provides a bit more granularity on what is included within “Clean Energy Generation and Storage”:

  • Renewable generation.
  • Renewable and sustainable chemistries, fuels, and feedstocks.
  • Nuclear energy systems.
  • Fusion energy.
  • Energy storage.
  • Electric and hybrid engines.
  • Batteries.
  • Grid integration technologies.
  • Energy-efficiency technologies.
  • Carbon management technologies.

Again, this is super broad and could encompass most if not all of the energy industry’s emerging (and many legacy) technology areas.

Of course, under the Trump administration, the focus on “clean” energy may diminish, and some of these priorities will shift. President Trump has already launched the President’s Council of Advisors on Science and Technology (PCAST) to shape the administration’s CET policy, and outlined the White House’s goals and priorities in this area. However, the details of how the Trump administration will change the current course remain sparse.

Conclusion

One glimpse that the energy industry has already gotten of the government’s national security regulatory instincts in this area was Executive Order 13920 from May 2020 on “Securing the United States Bulk-Power System.” That attempt to address national security risks in this sector was based on the view “that foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system.” It sought to mitigate the “potentially catastrophic effects” of “the unrestricted acquisition or use in the United States of bulk-power system electric equipment designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries.”

While ICTS regulation in this sector has not materialized yet, it likely will soon. The threat, the vulnerability, and the intent to exploit it have not gone away — they’ve only escalated. With a number of shocking recent critical infrastructure cyber intrusions, such as Volt Typhoon and Salt Typhoon, both of which the government has attributed to China, and with the Trump administration’s focus on China and related U.S. national security vulnerabilities, the smart money would be on more rather than less regulation in this area in the months and years to come.

There’s much that industry can do today to start to prepare.