This bill establishes the Office of Information and Communications Technology and Services (OICTS) within the Bureau of Industry and Security of the Department of Commerce. The OICTS is tasked with identifying and preventing "undue risk" posed by certain transactions involving connected vehicles, particularly those linked to "jurisdictions of concern" such as China, Russia, Iran, and North Korea. Its primary function is to safeguard national security, critical infrastructure, and the digital economy from potential sabotage or subversion. The bill defines a "connected vehicle" as one with onboard networked hardware and software that communicates wirelessly, excluding rail vehicles. A "covered transaction" involves information and communications technology and services (ICTS) from jurisdictions of concern or items on the Commerce Control List, used in connected vehicles. "Undue risk" encompasses threats like sabotage of ICTS, catastrophic effects on critical infrastructure, or entities of concern acquiring sensitive technology. The OICTS, led by an Executive Director, will review covered transactions and has broad investigative authority, including requiring information and issuing subpoenas. If an undue risk is found, the Secretary of Commerce can mitigate it through various measures, such as negotiating agreements, requiring cybersecurity standards, or excluding specific components. If mitigation is not possible, the Secretary may prohibit the transaction entirely. Furthermore, the Secretary can issue regulations for classes of covered transactions, entities, or jurisdictions of concern, establishing specific mitigation measures or prohibitions. The Director of National Intelligence will provide annual risk assessments to the Secretary and Congress, detailing threats posed by supply chains of covered transactions. These assessments will help identify high-risk entities and jurisdictions. The bill outlines significant enforcement powers, including investigations, inspections, and seizures, with the Attorney General authorized to pursue legal action. Violations can incur severe penalties, including criminal fines up to $1,000,000 and 20 years imprisonment, or civil penalties of at least $250,000 or twice the transaction value. Judicial review of determinations is exclusively handled by the U.S. Court of Appeals for the D.C. Circuit, with provisions for handling sensitive and classified information.