Shadow IT is now illegal, but is the law enforceable?

Computerworld.com reported that “The Strengthening Agency Management and Oversight of Software Assets (SAMOSA) bill, H.R. 5457, received unanimous approval from a key US House of Representative committee, the Committee on Oversight and Government Reform, on Tuesday.” The December 4, 2025 article entitled “US federal software reform bill aims to strengthen software management controls” (https://www.computerworld.com/article/4101222/us-federal-software-reform-bill-aims-to-strengthen-software-management-controls-2.html) included these comments about “Outlawing shadow IT”:

The bill also attempts to rein in shadow IT by “restricting the ability of a bureau, program, component, or operational entity within the agency to acquire, use, develop, or otherwise leverage any software entitlement without the approval of the Chief Information Officer of the agency.” But there are no details about how such a rule would be enforced.

It would require agencies “to provide an estimate of the costs to move toward more enterprise, open-source, or other licenses that do not restrict the use of software by the agency, and the projected cost savings, efficiency measures, and improvements to agency performance throughout the total software lifecycle.” But the hiccup is that benefits will only materialize if technology vendors change their ways, especially in terms of transparency.

However, analysts and consultants are skeptical that such changes are likely to happen.

What do you think?