On May 13, 2026, the Federal Register (Vol. 91, No. 92, p. 27181) carried a one-paragraph notice that almost no one read: President Trump was continuing, "for 1 year," the national emergency first declared in Executive Order 13873 on May 15, 2019. The order — Securing the Information and Communications Technology and Services Supply Chain — is the standing legal authority under which the Commerce Department can block, unwind, or shut down internet and technology transactions it deems a national-security risk. The renewal was automatic, unsigned by Congress, and unaccompanied by any new finding of crisis. That is precisely the problem.
What the emergency actually authorizes
EO 13873 was issued under the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701, the same statute that powers most U.S. sanctions programs. It declares the "unrestricted acquisition" of foreign information and communications technology and services (ICTS) an "unusual and extraordinary threat" and hands the Secretary of Commerce authority to prohibit transactions involving designated foreign adversaries — China, Cuba, Iran, North Korea, Russia, and the Maduro regime in Venezuela.
This is not abstract. Commerce finalized its formal ICTS review rule on December 6, 2024 (effective February 4, 2025), and on January 16, 2025 issued a connected-vehicle final rule barring Chinese- and Russian-linked vehicle software and hardware from the U.S. market — software prohibitions bite for Model Year 2027 (Mayer Brown). The same IEEPA emergency architecture underpinned the 2020 TikTok and WeChat orders and the Huawei equipment restrictions. In plain terms, EO 13873 is the legal machinery that lets the executive branch switch off a class of internet services by administrative order.
The case for the power — taken seriously
The strongest argument for this authority is real and should not be waved away. Hardware and software embedded in critical infrastructure — telecom switches, vehicle telematics, cloud dependencies — can carry genuine sabotage and surveillance risk, and that risk does not pause for the multi-year clock of ordinary legislation. When a foreign-controlled component sits inside the power grid or millions of cars, a government plainly needs a faster tool than a committee markup. Emergency economic authority exists exactly so the executive can act before a vulnerability is exploited. On the merits of the threat, the regulators are not wrong.
The problem is not the existence of the tool. It is that an instrument justified by speed and exception has quietly become permanent and routine.
When the exception becomes the rule
IEEPA emergencies are supposed to be temporary; the National Emergencies Act requires annual renewal precisely to force re-examination. In practice, renewal is a rubber stamp. As of June 2025, there were 52 ongoing national emergencies, all but three invoking IEEPA, and they last on average nearly nine years (The Conference Board, drawing on CRS and Brennan Center data). IEEPA has been the sole or primary authority in 65 of 71 emergency declarations since 1976 (Brennan Center). An "emergency" that is reflexively extended seven years running is not an emergency in any ordinary sense — it is a standing delegation of legislative power to the executive, relabeled.
The Brennan Center warned of this dynamic at the outset, noting that if the EO 13873 declaration were "used purely as leverage in a trade war, or as a way to avoid engaging with Congress to address security concerns, it would clearly be an abuse of the intent of emergency powers." Seven renewals later, with no Congress-passed framework governing ICTS shutdowns, that concern looks prescient rather than alarmist.
The cost of governing the internet by emergency
Governing internet access through open-ended emergency authority carries costs that a proportionate-regulation lens makes visible. First, due process: prohibition orders can reach products and services with limited adversarial review, and the breadth of "undue risk" gives Commerce enormous discretion over what stays online. Second, predictability: firms building connected products cannot plan against a standard that the executive can expand by notice. Third, mission creep: a power forged for the gravest supply-chain threats invites use for ordinary industrial policy or trade leverage — exactly the abuse the statute was meant to prevent.
None of this argues for disarming the government against real supply-chain threats. It argues for putting the power on a proper statutory footing. Congress should legislate a narrow, ICTS-specific authority with defined triggers, hard sunset clauses, mandatory judicial review of shutdown orders, and reporting requirements — replacing perpetual IEEPA renewals with a regime Congress actually voted for. Reform efforts to amend the National Emergencies Act, including proposals to make emergencies lapse automatically without an affirmative congressional vote, point the right direction.
The bottom line
The May 13 renewal is unremarkable on its face — and that is the point. The most consequential power the U.S. government holds over the internet's plumbing now runs on autopilot, renewed yearly by a notice few notice, with the legislature a spectator. A pro-innovation, pro-speech, evidence-based policy does not deny that foreign-adversary technology can threaten national security. It insists that the power to shut down internet services be exercised under law Congress wrote, not an emergency that never ends.