This bill, titled the "Information and Communications Technology and Services National Security Review Act," establishes a new Office of Information and Communications Technology and Services (OICTS) within the Bureau of Industry and Security of the Department of Commerce. The primary purpose of this office is to identify, prevent, and mitigate "undue risks" to U.S. national security, economic security, and critical infrastructure posed by certain information and communications technology and services (ICTS) transactions. The OICTS will be headed by an Executive Director and is tasked with reviewing "covered transactions." These transactions involve ICTS designed, developed, manufactured, or supplied by persons or entities from "jurisdictions of concern," such as China, Russia, Iran, and North Korea, or items on the Commerce Control List. The bill defines "undue risk" to include sabotage, subversion, catastrophic effects on critical infrastructure, or the acquisition of sensitive items by entities of concern. The Secretary of Commerce, through the OICTS, gains significant authority to investigate suspicious covered transactions, requiring information and issuing subpoenas. If an undue risk is identified, the Secretary can implement mitigation measures, such as negotiating agreements, imposing cybersecurity standards, or requiring the exclusion of certain components. If mitigation is not feasible, the Secretary may prohibit the transaction entirely. Furthermore, the bill authorizes the Secretary to issue regulations for specific classes of covered transactions, identifying particular entities or jurisdictions that warrant scrutiny and establishing pre-emptive mitigation or prohibition measures. The Director of National Intelligence will provide annual risk assessments to inform these efforts. The legislation also outlines robust enforcement mechanisms, including substantial criminal penalties of up to $1 million and 20 years imprisonment, and civil penalties that can include monetary fines or transaction prohibitions for violations. Judicial review of decisions will be exclusively handled by the U.S. Court of Appeals for the District of Columbia Circuit, with provisions for handling sensitive information confidentially.