This bill, titled the "Connected Vehicle Security Act of 2026," aims to safeguard U.S. economic and national security by restricting connected vehicles and their components linked to foreign adversaries. It addresses concerns that such vehicles, which collect vast amounts of sensitive data and can be remotely accessed, pose risks of surveillance, espionage, and critical infrastructure disruption. The legislation specifically targets the importation, manufacture, sale, resale, or introduction into interstate commerce of these items. Effective January 1, 2027, the bill prohibits connected vehicles if their country of origin is a covered country or if their manufacturer is significantly controlled by an entity from a covered country. The same date applies to covered software , prohibiting its integration into connected vehicles if its origin or developer is linked to a covered country. These covered countries include the Democratic People's Republic of North Korea, the People's Republic of China, the Russian Federation, and the Islamic Republic of Iran. A similar prohibition for connected vehicle hardware takes effect on January 1, 2030, applying if the hardware's country of origin or manufacturer is associated with a covered country. The bill defines a "connected vehicle" broadly, encompassing those designed to communicate wirelessly, regardless of whether the capability is enabled. It also includes provisions for the Secretary of Commerce to prohibit other transactions deemed to pose undue threats to U.S. security. The Secretary of Commerce may issue authorizations for otherwise prohibited items if a written risk assessment determines they pose no undue risk, following congressional notification. Exceptions are also made for testing and evaluation purposes by U.S.-based entities not controlled by foreign adversaries. To ensure compliance, the bill mandates a "declaration of conformity" process for importers and manufacturers, certifying their items are not subject to prohibition. Violations of these prohibitions will incur substantial civil penalties, starting at the greater of $1,500,000 or five times the transaction value, with each day of a continuing violation treated separately. The Secretary is also required to establish procedures for binding rulings and advisory opinions regarding compliance and to submit annual reports to Congress detailing enforcement activities and effectiveness.