Cybersecurity 2023 Legislation

Technology

Overview

The risk of cyberattacks remains high for government and businesses, influenced by vulnerabilities caused by remote work, an increasing reliance on e-commerce and more sophisticated bad actors. The war in Ukraine and economic sanctions against Russia also prompted serious concerns about an increased potential for malicious cyber activity.

Cyberattacks disrupted unemployment benefits in several states and ransomware attacks continue to shut down operations or impose huge costs on government, schools and colleges and businesses.

State legislatures focused on cybersecurity concerns in many ways in 2023, as detailed below.

2023 Introductions and Enactments

At least 40 states, Guam, Puerto Rico and Washington, D.C., introduced or considered more than 500 bills or resolutions that deal significantly with cybersecurity. Thirty-nine states, Puerto Rico, and Washington, D.C., enacted at least 130 bills and adopted at least 10 resolutions in 2023, as indicated in boldface in the list below. The most common enactments in 2023 will:

Require government agencies to implement cybersecurity training; to set up and follow formal security policies, standards and practices; to have incident response plans in place; to provide mandatory training for employees; and to report security incidents, including ransomware attacks.
Provide funding for cybersecurity programs and practices in state agencies, local governments and schools. (Not all cybersecurity appropriations are listed here, although significant funding or funding for specific statewide mandates or state projects may be listed.)
Mandate security practices related to elections.
Establish or support programs or incentives for cybersecurity workforce training and education programs.
Provide provisions for critical infrastructure and limit the procurement of software and supplies from specified sources.
Limit the use of software and applications on government devices.

Jurisdiction	Bill Number	Bill Title	Bill Status	Bill Summary
Alabama	H 321	State Government	Failed - Adjourned	Relates to state government; requires state agencies, departments, and other governmental bodies, and counties and municipalities, to consult the federal Specially Designated Nationals and Blocked Persons List (SDN List) before purchasing or acquiring an unmanned aircraft system; prohibits any of the above entities from purchasing or acquiring an unmanned aircraft system if the manufacturer is on the SDN List and based in China.
Alabama	HJR 232	Protecting Children from Internet Pornography	Failed - Adjourned	Creates the Interim Study Commission on Protecting Children from Internet Pornography.
Alaska	H 94	Foreign Contracts and Commerce and Investments	Pending - Carryover	Relates to the use of the ports in the state; relates to contracts with certain foreign-owned entities; relates to the use of TikTok; relates to commerce with certain foreign-owned entities; relates to investments of state funds in certain foreign-owned entities.
Alaska	H 132	Elections Ballot Security	Pending - Carryover	Relates to election security, voting and ballots.
Alaska	S 1	Election Security	Pending - Carryover	Relates to election security, voting and ballots.
Alaska	S 134	Insurance Data Security	Pending - Carryover	Relates to insurance data security; amends specified rules of state civil procedure and state rules of evidence.
Alaska	S 138	Election Offense	Pending - Carryover	Relates to elections; relates to voters; relates to voting; relates to the crime of unlawful interference with voting in the first degree; relates to campaign signs; relates to the reporting of financial and business interests by certain municipal officers and former officers and candidates for municipal office; relates to the Redistricting Board.
Arizona	H 2116	Election Laws and Revisions	Failed - Adjourned	Relates to election laws; relates to revisions; relates to appropriation.
Arizona	H 2416	Cybersecurity Threats	Vetoed	Relates to cybersecurity threats; relates to state information technology; relates to standards; relates to state employees and contractors; provides for prohibitions and exceptions.
Arizona	H 2570	General Appropriations Act	Failed - Adjourned	Relates to general appropriations act; relates to cyber risk insurance fund and statewide cybersecurity grants.
Arizona	H 2810	General Appropriations Act	Failed - Adjourned	Relates to general appropriations act; relates to cyber risk insurance fund and statewide cybersecurity grants.
Arizona	S 1041	Cybersecurity Software	Failed - Adjourned	Requires the Arizona Department of Homeland Security to acquire security software that detects security threats by using at least two specified testing mechanisms and appropriates funds from the State General Fund to the Arizona Department of Homeland Security.
Arizona	S 1074	Election and Contest	Vetoed	Provides that electronic equipment may not be used as the primary method for tabulating votes in any city, town, county, state or federal election unless the electronic equipment complies with specified requirements, including that the equipment meets or exceeds the standards set by the U.S. Department of Defense regarding cybersecurity, all parts of the electronic equipment are manufactured in the U.S., and all source codes for the equipment are submitted to and maintained on file by the auditor general.
Arizona	S 1513	Telecommuting and Alternative Schedules	Failed - Adjourned	Relates to telecommuting; relates to alternative schedules; relates to state employees.
Arizona	S 1658	Critical Infrastructure and Prohibited Agreements	Vetoed	Relates to critical infrastructure; relates to prohibited agreements; provides that the governor, in consultation with the Department of Public Safety may designate a country as a threat to critical infrastructure.
Arizona	S 1713	Nonprofit Security Grant Program Fund	Failed - Adjourned	Relates to nonprofit security grant program fund.
Arizona	SCR 1037	Presidential Electors and Constitutional Appointments	Adopted	Supports the manufacture of voting system components in the United States; provides that no voting system or component or subcomponent of a voting system or component, including firmware software or hardware, assemblies and subassemblies with integrated circuits or on which any firmware or software operates, may be used or purchased as the primary method for casting, recording and tabulating ballots used in any election held in this state for federal office unless under certain conditions.
Arkansas	H 1326	Uniform Remote Work Policy Act	Failed	Creates the Uniform Remote Work Policy Act; establishes state agency guidelines for remote work.
Arkansas	H 1369	Cyber Security Policy	Enacted	Requires public entities to create a policy concerning the authorized use of technology resources and a cyber security policy; amends the duties of the State Cyber Security Office.
Arkansas	H 1488	State Cyber Response Board Appropriation	Enacted	Makes an appropriation for expenses for the State Cyber Response Board for the fiscal year ending on a specific date.
Arkansas	H 1555	Public Entity Cyberattack	Enacted	Regulates meetings, internal policies and guidelines, and reports to address a cybersecurity incident involving, or a cyberattack on, a public entity.
Arkansas	H 1653	Small Unmanned Aircrafts Purchase	Enacted	Prohibits the purchase of small, unmanned aircraft manufactured or assembled by a covered foreign entity.
Arkansas	H 1704	Ransom Payment Prohibition for Cyberattack	Failed	Prohibits public entities from paying a ransom for a cyberattack; requires public entities to create a policy to prohibit payment of a ransom for a cyberattack.
Arkansas	H 1757	Student Data Vendor Security Act	Enacted	Creates the Student Data Vendor Security Act to increase security and transparency in the sharing and use of student data with and by third party vendors.
Arkansas	H 1780	Cybersecurity Insurance	Enacted	Concerns cybersecurity insurance; allows the insurance commissioner to regulate cybersecurity insurance; requires coverage for cybersecurity incidents; establishes the state self-funded cyber response program and the state cyber response board; creates the state self-funded cyber response program trust fund.
Arkansas	H 1789	State Contracts	Enacted	Creates the technology protection act; prohibits contracts with the government of the People's Republic of China; amends the law concerning state contracts; amends the duties of the office of state procurement.
Arkansas	S 4	TikTok Usage Prohibition for Public Entities	Failed	Prohibits a public entity from using the TikTok application or visiting the TikTok website on a state-owned device or state-leased equipment.
Arkansas	S 294	LEARNS Act	Enacted	Amends various provisions of the state code as they relate to early childhood through grade 12; relates to authority to make school personnel hiring and placement decisions; provides that a public school district or open-enrollment public charter school shall have a school safety expert review and advise on architectural plans for a public school facility before the new construction of the public school facility; provides for the Arkansas High-Impact Tutoring Pilot Program and the Course Choice Program. Requires reviewing and updating cybersecurity policies and procedures annually.
Arkansas	S 297	Arkansas Underground Facilities Damage Prevention Act	Enacted	Amends the Arkansas Underground Facilities Damage Prevention Act; revises definitions; provides that a person who violates the act may be required to undergo training in underground facilities damage prevention according to a training program developed and administered by the One Call Center; provides for civil penalties; provides that the attorney general shall produce a quarterly report with specified information to the Legislative Council, the One Call Center, and the Office of Pipeline Safety.
Arkansas	S 500	Student Data Vendor Security Act	Failed	Creates the Student Data Vendor Security Act.
California	A 101	Budget Act of 2023	Pending - Carryover	Makes appropriations for the support of state government for the specified fiscal year, including the California Cybersecurity Integration Center (Cal-CSIC). Requires the Office of Emergency Services to provide a report to the Legislature on the State and Local Cybersecurity Grant Program.
California	A 227	State Employment: Social Media Platforms	Pending - Carryover	Prohibits a person from installing an application for a social media platform on a state-owned or state-issued electronic device if specified conditions are met, including that the social media company that owns the application is domiciled in, has its principal place of business in, has its headquarters in, or is organized under the laws of, a country of concern.
California	A 302	Department of Technology: Automated Decision Systems	Enacted	Requires the Department of Technology, in coordination with other interagency bodies, to conduct, on or before specified date, a comprehensive inventory of all high-risk automated decision systems, as defined, that have been proposed for use, development, or procurement by, or are being used, developed, or procured by, state agencies.
California	A 569	California State University: Cybersecurity	Enacted	Provides that existing law establishes the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program to address the cybersecurity workforce gap. Requires the Office of the chancellor of the California State University to submit a report to the Legislature on the pilot program.
California	A 740	Department of General Services: Drone Cybersecurity	Pending - Carryover	Requires the Department of General Services, in consultation with the chief of the Office of Information Security, to adopt rules and regulations, by a specified date, to ensure that each unmanned aircraft and unmanned aircraft system used by a government entity, as defined, in part, to include local governmental entities, for any purpose meets appropriate safeguards to ensure the confidentiality, integrity, and availability of any data collected, transmitted, or stored by that unmanned aircraft or system.
California	A 749	State Agencies: Information Security: Uniform Standards	Pending - Carryover	Requires every state agency, as defined and subject to specified exceptions, to implement Zero Trust architecture for all data, hardware, software, internal systems, and essential third-party software, including for on-premises, cloud and hybrid environments, to achieve prescribed levels of maturity based on the Cybersecurity and Infrastructure Security Agency Maturity Model by specified dates.
California	A 1023	California Cybersecurity Integration Center: School	Enacted	Provides that existing law requires the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center with a primary mission to reduce the likelihood and severity of cyber incidents. Requires Cal-CSIC to include representatives from the State Department of Education. Includes school districts, county offices of education, and charter schools among the specified entities with which Cal-CSIC coordinates information sharing, including cyber threat information.
California	A 1206	Voter Registration Database: Electronic Registration	Pending - Carryover	Prohibits the disclosure of any information or data related to citizenship and certain types of driver's licenses and identification cards. Requires the secretary of state to receive a certification from the Department of Technology that all proper cybersecurity protections are in place prior to sending any data or information to the Electronic Registration Information Center.
California	A 1637	Local Government: Internet Websites and Email Addresses	Enacted	Provides that the California Public Records Act requires a local agency to make public records available for inspection and allows a local agency to comply by posting the record on its internet website and directing a member of the public to the internet website. Requires, no later than specified date, a local agency that maintains an internet website for use by the public to ensure that the internet website utilizes a .gov top-level domain or a .ca.gov second-level domain.
California	A 1667	Department of Technology: California Cybersecurity	Pending - Carryover	Establishes the California Cybersecurity Awareness and Education Council within the Department of Technology. Requires the council to be composed of a specified number of members, to be appointed by specified date. Requires the council to research ways to increase cybersecurity awareness and education of students, families, and other adults, with the goal of helping people learn and use healthy cybersecurity practices, and ways to create a larger and more diverse cybersecurity-trained workforce.
California	S 74	State Entities: State-Owned or State-Issued Devices	Pending - Carryover	Requires state agencies, when implementing social media and cybersecurity policies pursuant to the Statewide Information Management Manual and authorizing any agency installation or download of an application for a particular social media platform on a state-issued or state-owned electronic device for an official state purpose, to adopt risk mitigation strategies tailored to risks posed by that social media platform.
California	S 127	State Government	Pending - Carryover	Specifies that the California Children's Data Protection Working Group is within the Office of the Attorney General. Requires the Department of Finance to calculate the individual subvention amounts for specified state programs and provide this information on an annual basis to the California State Association of Counties and the League of California Cities for distribution to local agencies. Establishes a Racial Equity Commission. Appropriates funds.
California	S 265	Cybersecurity Preparedness: Critical Infrastructure	Pending - Carryover	Requires the Office of Emergency Services to direct the California Cybersecurity Integration Center to prepare, and Cal OES to submit to the Legislature, a strategic, multiyear outreach plan to assist critical infrastructure sectors, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness.
California	S 591	Consumer Protection: Credit Reporting	Pending - Carryover	Requires the California Cybersecurity Integration Center to submit a report on the feasibility of requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened, or a credit report is accessed, and specified tactics relating to using alternatives to Social Security numbers as authenticators.
Colorado	S 53	Restrictions on Governmental Nondisclosure Agreements	Enacted	Provides that no school district, board of cooperative services, public school, or any department, institution, or agency of a school district, board of cooperative services, or public school shall make it a condition of employment that an employee executes a contract or other agreement that prohibits, prevents, or otherwise restricts the employee from disclosing factual circumstances concerning the employee's employment unless the prohibition is necessary to prevent disclosure of specified information. Includes information bearing on the specialized details of security arrangements or investigations including security arrangements for or investigations into elected officials or other individuals, physical infrastructure, or cybersecurity.
Connecticut	H 6402	Use of Social Networking Application by State Employees	Failed	Prohibits the use of a certain social networking application by state employees; prohibits the use of TikTok on state-owned or state-issued electronic equipment.
Connecticut	H 6410	Reporting and Enforcement of Online Harassment	Failed - Adjourned	Establishes a safe online practices working group to assess and make recommendations related to addressing harassing, abusive or threatening behavior on online social media platforms; provides that such assessment shall include, but need not be limited to, studying the short-term and long-term effects of harassing behaviors online on elected officials, public officials and residents of this state.
Connecticut	H 6494	Study of Electric Grid Security	Failed	Concerns a study of electric grid security; determines the security of the existing electric grid and examine ways to enhance protection.
Connecticut	S 52	Use of Certain Applications on State Government Devices	Failed	Prohibits the use of certain applications on state government devices and requires audits to ensure compliance with security standards; protects sensitive data on state government devices from malicious foreign and domestic actors.
Connecticut	S 380	Use of Certain Social Networking Applications	Failed	Prohibits the use of TikTok and WeChat applications on state electronic equipment.
Connecticut	S 572	Cybersecurity Task Force	Failed	Establishes a cybersecurity task force to ensure protection from cyberattacks and prevention of government, business and personal cyberattacks.
Connecticut	S 635	National Guard and Cybersecurity	Failed	Authorizes the state National Guard to provide the state and municipalities with cybersecurity functional support.
Connecticut	S 933	Cybersecurity Task Force	Enacted	Establishes a cybersecurity task force; requires the task force to develop a strategic plan that includes findings and recommendations on, among other things, establishing a structure for the oversight and coordination of cybersecurity among state agencies, boards, commissions and other entities, including the constituent units of the state system of higher education, as defined in section 10a-1 of the general statutes.
Connecticut	S 1124	Study of Pathways to State Employment	Enacted	Relates to a study of pathways to state employment; provides that the commissioner of administrative services shall conduct a study regarding the hiring practices of state agencies for positions in state service; provides that such study shall include, but need not be limited to, the feasibility of eliminating requirements for college degrees for certain appointments to state classified services and the feasibility of establishing a program to provide applicants with pathways for alternative routes.
Connecticut	S 1191	Use of a Certain Application Software	Failed - Adjourned	Prohibits the use of a certain application, software and programs on state government devices and requiring minimum security standards and annual audits of such devices.
District of Columbia	B 379	Water Critical Infrastructure Freedom of Information	Enacted	Amends, on an emergency basis, the Freedom of Information Act of 1976 to exempt from disclosure critical infrastructure information or plans that contain critical infrastructure information for the critical infrastructures of the District of Columbia Water and Sewer Authority.
District of Columbia	B 380	Water Critical Infrastructure Freedom of Information	Enacted	Amends, on a temporary basis, the Freedom of Information Act of 1976 to exempt from disclosure critical infrastructure information or plans that contain critical infrastructure information for the critical infrastructures of the State Water and Sewer Authority.
District of Columbia	B 424	State Water Critical Infrastructure	Pending	Amends the Freedom of Information Act of 1976 to exempt from disclosure critical infrastructure information or plans that contain critical infrastructure information for the critical infrastructures of the State Water and Sewer Authority.
District of Columbia	R 332	Water Critical Infrastructure	Adopted	Declares the existence of an emergency with respect to the need to amend the Freedom of Information Act of 1976 to exempt from disclosure critical infrastructure information or plans that contain critical infrastructure information for the critical infrastructures of the State Water and Sewer Authority.
District of Columbia	R 355	Contract Approval	Adopted	Declares the existence of an emergency with respect to the need to approve Contract No. DCHBX-E-2023-0002 with Norton Rose Fulbright, LLC, in the not-to-exceed amount of $2.6 million, and to authorize payment for goods and services received and to be received under the contract in relation to a data breach.
Florida	H 379	Student Use of Social Media Platforms	Enacted	Relates to technology in k-12 public schools; requires each district school board to adopt an internet safety policy for student access to the iternet provided by the school district; provides requirements; requires each school district to prohibit and prevent student access to social media through internet access provided by the school district; provides an exception; prohibits the use of certain platforms on district-owned devices and through internet access provided by the school district.
Florida	H 563	Applications on Government Devices	Failed	Relates to applications on government devices; prohibits specified employees from being issued device that contains certain application; prohibits specified employees from downloading certain application; authorizes the governor and law enforcement entities to use certain application; authorizes the Department of Management Services to adopt rules.
Florida	H 745	Emergency Communications	Failed	Relates to emergency communications; renames E911 Board as Emergency Communications Board; revises composition of board; establishes board responsibilities; requires board to administer fees; authorizes board to establish schedules for implementing wireless systems and improvements; revises provisions relating to public safety emergency communications systems fee; eliminates obligation of provider to take legal action to enforce fee collection and county liability to provider.
Florida	H 909	Electronic Filing of Records	Failed	Relates to electronic filing of records with the Department of State; authorizes the department to implement password protected system for electronic filing of certain records; provides person using system may be required to verify his or her credentials; authorizes the department to allow certain entities to identify authorized account holders; requires the department to use e-mail addresses as initial authorized account holder and send codes to such e-mail addresses.
Florida	H 911	Public Records	Failed	Relates to public records; provides exemptions from public records requirements for e-mail addresses collected and held by the Department of State and secure login credentials held by the Department of State for a certain purpose; provides for retroactive application; provides for future legislative review and repeal of the exemptions; provides a statement of public necessity; provides a contingent effective date.
Florida	H 1355	Interests of Foreign Countries	Failed	Relates to interests of foreign countries; prohibits governmental entities from knowingly entering certain contracts and taking specified actions after specified date relating to contracts that give certain access to personal identifying information; prohibits governmental entities from knowingly entering certain contracts; requires government entities to require affidavit from applicants before providing any economic incentive.
Florida	H 1511	Cybersecurity	Failed - Adjourned	Relates to cybersecurity; clarifies powers, duties, and functions of Florida Digital Service; requires the governor to appoint state chief information officer subject to confirmation by Senate; requires Florida Digital Service to oversee state data center; requires state agency and local government to report ransomware and cybersecurity incidents within certain time period; requires Florida Digital Service to notify the governor and Legislature of certain incidents.
Florida	H 7011	Florida Statutes	Failed	Relates to state statutes; deletes provisions that have expired, have become obsolete, have had their effect, have served their purpose, or have been impliedly repealed or superseded; replaces incorrect cross-references and citations; corrects grammatical, typographical, and like errors; removes inconsistencies, redundancies, and unnecessary repetition in statutes, including the Florida Cybersecurity Advisory Council.
Florida	H 7035	Citizens Property Insurance Corporation	Enacted	Relates to open government sunset review, Citizens Property Insurance Corporation, cybersecurity data and information; provides an exemption from public record and public meeting requirements for certain data and information relating to cybersecurity; repeals exemptions relating to data and information from technology systems; makes technical changes; revises specified information that is required to be made available to certain entities; removes the scheduled repeal of the exemption.
Florida	S 32	Revisers Bill	Enacted	Relates to the Florida Statutes; deletes provisions that have expired, have become obsolete, have had their effect, have served their purpose, or have been impliedly repealed or superseded; deletes, among others, a provision that the clerks of the circuit court must collaborate with the state courts through the Florida Courts Technology Commission to prepare a plan to procure or develop a statewide electronic solution that will accurately identify all assessments mandated by statute.
Florida	S 258	Prohibited Applications on Government Issued Devices	Enacted	Relates to prohibited applications on government-issued devices; defines terms; requires public employers to take certain actions relating to prohibited applications; prohibits employees and officers of public employers from downloading or accessing prohibited applications on government-issued devices; provides exceptions.
Florida	S 264	Interests of Foreign Countries	Enacted	Relates to interests of foreign countries; prohibits governmental entities from knowingly entering certain contracts; prohibiting governmental entities from taking specified actions after a specified date relating to contracts that give certain access to personal identifying information; authorizes the attorney general to bring a civil action.
Florida	S 552	Public Records and Broadband Opportunity Program	Enacted	Relates to public records; provides an exemption from public records requirements for certain information relating to communications services locations, project proposals, and challenges submitted to the Department of Economic Opportunity under the Broadband Opportunity Program or pursuant to a federal broadband access grant program implemented by the department; provides applicability; provides for future legislative review and repeal of the exemption.
Florida	S 1418	Emergency Communications	Enacted	Relates to emergency communications; renames the E911 Board as the Emergency Communications Board; authorizes the board to establish schedules for implementing certain wireless systems and improvements; revises the composition of a committee that reviews requests for proposals from the board regarding independent accounting firm selection.
Florida	S 1708	Cybersecurity	Failed - Adjourned	Relates to cybersecurity; cites this act as the Florida Cyber Protection Act; clarifies the powers, duties and functions of the Florida Digital Service; revises the cost threshold of state agency information technology projects for which the Florida Digital Service must perform project oversight; requires the Florida Digital Service to oversee the state data center; requires a local government to report ransomware and cybersecurity incidents within a certain time.
Florida	S 2508	State Cybersecurity Operations	Failed - Adjourned	Relates to state cybersecurity operations; provides for a type two transfer of the Cybersecurity Operations Center and related services, including the position of the state chief information security officer, from the State Digital Service within the Department of Management Services to the Department of Law Enforcement; requires the Department of Management Services, acting through the State Digital Service, to perform specified actions relating to state agency cybersecurity risks.
Florida	H 473	Cybersecurity Incident Liability	Pending	Provides that county, municipality, commercial entity or third-party agent that complies with certain requirements is not liable in connection with cybersecurity incident.
Georgia	HR 68	Department of Education	Pending - Carryover	Encourages the Department of Education to dedicate personnel, funds and other resources to state-wide outreach efforts to promote and improve cybersecurity education, training, and workforce development.
Georgia	S 11	Georgia Fights Terrorism Act	Enacted	Relates to general provisions concerning the Georgia Bureau of Investigation to provide for concurrent jurisdiction by the Georgia Bureau of Investigation in cases involving the identification, investigation, arrest, and prosecution of an individual or groups of individuals for violation of state laws concerning domestic, cyber, biological, chemical, and nuclear terrorism.
Georgia	S 93	Information Technology	Enacted	Provides that a state employee or student shall not install, use, or visit any social media platform on state equipment if any of the specified conditions are met, including that the company that directly or indirectly owns or directly or indirectly operates such social media platform is directly or indirectly owned or directly or indirectly operated by a foreign adversary or is domiciled in, has its principal place of business in, has headquarters in, or is organized under the laws of a foreign adversary.
Georgia	S 161	Counties and Municipal Corporations	Pending - Carryover	Ensures that counties and municipalities are protected from cyberattacks directed at contractors and suppliers by requiring certain provisions in county and municipal contracts; relates to the Georgia Technology Authority to ensure that state agencies are protected from cyberattacks directed at contractors and suppliers by requiring certain provisions in contracts entered into by the state and its agencies; provides for related matters.
Guam	B 190	Marianas Cyber Working Group	Pending	Creates the Marianas Cyber Security Working Group.
Guam	R 237	Recognition Resolution	Pending	Recognizes Cyber Security Awareness Month 2023 and commends the collaborative efforts demonstrating its importance of promoting cybersecurity awareness and preparedness to protect critical infrastructure.
Hawaii	H 460	Government Issued Devices TikTok Prohibition	Pending - Carryover	Prohibits the downloading or use of social media application TikTok on government issued devices capable of internet connectivity, or on government internet networks.
Hawaii	H 1035	Homeland Security	Pending - Carryover	Provides that critical infrastructure information received or maintained by the Office of Homeland Security shall be confidential and shall not be disclosed, with specified exceptions; provides that the office may share confidential critical infrastructure information with federal agencies and state and county agencies within the state for the purposes of the security of critical infrastructure of protected systems; provides that the information shall remain confidential.
Hawaii	H 1200	Unmanned Aircraft Systems Program	Enacted	Requires the Department of Land and Natural Resources to establish an unmanned aircraft systems program; authorizes Division of Conservation and Resources Enforcement officers to use unmanned aircraft systems; requires the Department of Land and Natural Resources to submit an annual report of the effectiveness of the unmanned aircraft systems program to the Legislature; appropriates funds.
Hawaii	H 1220	Cyber Harassment	Pending - Carryover	Prohibits cyber harassment and cyberstalking; allows for civil liabilities and injunctions for cyber harassment and cyberstalking.
Hawaii	H 1493	Campus and Cybersecurity Data Center	Pending - Carryover	Appropriates funds to the Hawaii Technology Development Corporation for the development of the first responders technology campus and cybersecurity data center on tax map key.
Hawaii	HCR 40	Maritime Transportation Regional Resiliency Assessment	Adopted	Requests that the state Emergency Management Agency establish a two-year task force to address key findings validated by the 2022 Resiliency Assessment Report of the state Maritime Transportation Regional Resiliency Assessment Program project and plan resiliency enhancements.
Hawaii	HCR 189	Power Grid and Critical Infrastructure	Failed - Adjourned	Urges the U.S. Congress to convene the appropriate stakeholders and partners for the fortification of the local power grid and other critical infrastructure in the state.
Hawaii	HR 194	Power Grid and Critical Infrastructure	Failed - Adjourned	Urges the U.S. Congress to convene the appropriate stakeholders and partners for the fortification of the local power grid and other critical infrastructure in the state.
Hawaii	S 1249	University of Hawaii Maui College	Pending - Carryover	Appropriates money to support cybersecurity and data science programs at the University of Hawaii Maui College for laboratories and equipment, laboratory assistants, and lecture support.
Hawaii	S 1469	First Responders Data Center	Pending - Carryover	Appropriates funds for the development of the first responder's technology campus and cybersecurity data center.
Hawaii	S 1478	Offensive Cybersecurity Program	Pending - Carryover	Establishes an offensive cybersecurity program within the office of enterprise technology services to analyze and evaluate cybersecurity threats and increase cybersecurity awareness and education; establishes a goal for all state and county agencies to identify and address vulnerabilities having a benchmark score exceeding 3.9 on the common vulnerability scoring system by a specified date.
Hawaii	SCR 84	State Departments and Agencies Cybersecurity	Failed - Adjourned	Requests that the chief information officer ensure that all state departments, agencies, and offices of the state have up-to-date technology to reduce cyber threats and help protect the state against cyberattacks.
Hawaii	SCR 101	Maritime Transportation Regional Resiliency Assessment	Failed - Adjourned	Requests that the state Emergency Management Agency establish a two-year task force to address key findings validated by the 2022 Resiliency Assessment Report of the state Maritime Transportation Regional Resiliency Assessment Program project and plan resiliency enhancements.
Hawaii	SR 75	State Departments and Agencies Cybersecurity	Adopted	Requests that the chief information officer review whether all departments, agencies, and offices of the state have up-to-date technology to reduce cyber threats and help protect the state against cyberattacks.
Hawaii	SR 111	Maritime Transportation Regional Resiliency Assessment	Adopted	Requests that the Hawaii Emergency Management Agency establish a task force to address key findings validated by the 2022 Resiliency Assessment Report of the Hawaii Maritime Transportation Regional Resiliency Assessment Program Project and plan resiliency enhancements.
Idaho	H 148	Impeding Critical Infrastructure	Failed - Adjourned	Adds to existing law to provide for the crime of impeding critical infrastructure, to provide penalties, to provide that aggregate damage may be a violation, to provide exceptions and to authorize the attorney general to prosecute certain persons.
Idaho	H 152	Employment Security Program	Failed - Adjourned	Adds to existing law to establish procedures to verify the integrity of the employment security program.
Idaho	H 168	Employment Security Program	Enacted	Adds to existing law to establish procedures to verify the integrity of the employment security program.
Idaho	H 175	Communications Security	Failed - Adjourned	Adds to existing law to prohibit state employees from using or downloading TikTok on a state-issued device; provides that the state shall implement controls to prevent the use of TikTok on state-issued devices; provides a penalty.
Idaho	H 274	Communications Security	Enacted	Adds to existing law to prohibit state employees from using or downloading TikTok on a state-issued device, to provide that the state shall implement controls to prevent the use of TikTok on state-issued devices, and to provide a penalty.
Illinois	H 47	Insurance Code	Enacted	Amends the Insurance Code; provides that if the entry of an order of liquidation occurs, then the obligations shall not exceed $500,000 or exceed without any deduction $50,000 for any unearned premium claim or refund under any one policy; provides that in no event shall the fund be obligated to pay an amount in excess of $500,000 in the aggregate for all first-party and third-party claims under a policy or endorsement providing cybersecurity insurance coverage.
Illinois	H 841	Information Security Improvement Act	Pending	Amends the Information Security Improvement Act; makes a technical change in a section concerning the short title.
Illinois	H 1378	Graduate and Retain Our Workforce Act	Enacted	Amends the Higher Education Student Assistance Act; provides that, subject to appropriation, and no sooner than the specified academic year, there is established the Illinois Graduate and Retain Our Workforce (iGROW) Scholarship Program to recruit and train individuals to work in technology jobs that have a high demand for new employees and offer high wages by awarding scholarships.
Illinois	H 1621	Computer Tampering	Pending	Amends the Criminal Code of 2012; provides that a person commits computer tampering when he or she knowingly and without the authorization of a computer's owner or in excess of the authority granted to him or her falsifies or forges electronic mail transmission information or other routing information in any manner in connection with delivery of code, software, or hyperlinks to deliver software or code designed to manipulate a computer to allow for remote manipulation without the computer owner.
Illinois	H 2130	Insurance Data Security Law	Enacted	Creates the Insurance Data Security Law; sets forth provisions concerning an information security program, investigations of cybersecurity events, and notifications of cybersecurity events; provides that the director of insurance shall have power to examine and investigate into the affairs of any licensee to determine whether the licensee has been or is engaged in any conduct in violation of the Act; makes a change in provisions concerning notification of a cybersecurity event.
Illinois	H 2325	Residential Mortgage License Act	Enacted	Amends the Residential Mortgage License Act of 1987; provides that licensees may allow mortgage loan originators to work from a remote location if, among other things, the licensee has written policies and procedures for the supervision of mortgage loan originators working from a remote location and access to company platforms and customer information is in accordance with the licensee's comprehensive written information security plan.
Illinois	H 2353	Cyber Attack Report	Pending	Amends the School Code to require a school district to report a cyber security attack to the State Board of Education as soon as school personnel determine that a breach of the school district's computer system or network has occurred; amends various acts relating to the governance of public universities and community colleges to require a public university or community college district to report a cybersecurity attack to the Department of Innovation and Technology.
Illinois	H 2394	Regulatory Sunset Act	Enacted	Amends the Illinois Procurement Code. Provides that the Department of Financial and Professional Regulation shall identify a method of source selection that will make it possible to implement a software solution to support the Department's mandates to enforce the professional licensing acts that it administers and rules adopted under those acts. Requires the Department of Financial and Professional Regulation shall consult with the Department of Innovation and Technology to ensure the resulting contracts provide cybersecurity protection and are consistent with information technology standards as determined by the Department of Innovation and Technology.
Illinois	H 2449	Title Insurance Act	Pending	Amends the Title Insurance Act; provides that the Amendatory Act may be referred to as the Title Insurance Reform Act; provides that no person, firm, partnership, association, corporation or other legal entity shall act as or hold itself out to be a title insurance agent without first procuring a certificate of authority from the secretary of financial and professional regulation. Provides requirement for escrow agents to carry cybercrime insurance coverage. The title insurance agent may not conduct title insurance business as an escrow agent unless the deposit, fidelity bond, errors and omissions insurance, and cybercrime insurance coverage required are continuously maintained.
Illinois	H 2538	Institute of Technology Cybersecurity Bootcamp Program	Pending	Appropriates from the General Revenue Fund to the Board of Higher Education for a grant to the Institute of Technology to fund the Institute of Technology Cybersecurity Bootcamp program.
Illinois	H 2703	Department of Innovation and Technology Funds	Pending	Makes appropriations for the ordinary and contingent expenses of the Department of Innovation and Technology for the fiscal year beginning on a specified date.
Illinois	H 3483	Consumer Financial Protection Law	Pending	Creates the Consumer Financial Protection Law; creates the Financial Protection Fund; sets forth provisions concerning findings and purpose, exemptions, administration of the provisions, funds, supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking; defines terms; makes conforming changes in the Freedom of Information Act and the State Finance Act.
Illinois	H 3487	Residential Mortgage License Act	Pending	Amends the Residential Mortgage License Act; provides that each full-service office at which a residential mortgage licensee conducts any part of his or her business must be recorded with the secretary of financial and professional regulation; provides that licensees may allow employees to work from a remote location if specified conditions are met; provides that full-service office does not include a remote location; defines remote location.
Illinois	H 3581	Prairie State Infrastructure Protection Act	Pending	Creates the Prairie State Infrastructure Protection Act; provides that a business entity in the state may not enter into a contract or other agreement relating to critical infrastructure in the state with a company if the company, under the contract or agreement, would be able to directly or remotely access or control critical infrastructure in the state and is associated with China, Iran, North Korea, Russia, or another designated county.
Illinois	H 3626	Innovation and Technology Act	Pending	Amends the Department of Innovation and Technology Act; provides that the department shall prohibit the use of TikTok on state devices by any state personnel or other person.
Illinois	H 3742	Use of TikTok on State Devices	Pending	Amends the Department of Innovation and Technology Act; provides that the department shall prohibit the use of TikTok on state devices by any state personnel or other person.
Illinois	H 3872	Department of Innovation and Technology Act	Pending	Amends the Department of Innovation and Technology Act; provides that the department shall prohibit the use of TikTok on state devices by any state personnel or other person.
Illinois	H 3940	Emergency Telephone System Act	Enacted	Amends the Emergency Telephone System Act; provides meaning for EMS personnel and first responder; provides that the act ensures that 9-1-1 systems have redundant methods of dispatch.
Illinois	H 4081	Recognition Resolution	Pending	Creates the Cybersecurity Compliance Act; creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework; prescribes requirements for the cybersecurity program.
Illinois	S 47	Tort Immunity and Government Employees	Pending	Amends the Local Governmental and Governmental Employees Tort Immunity Act; provides that a public entity or a public employee is not liable for injury caused by any unauthorized access to government records, data, or electronic information systems by any person or entity.
Illinois	S 1453	Graduate and Retain Our Workforce Act	Pending	Creates the Graduate and Retain Our Workforce Act; establishes the GROW Program, in which public institutions of higher education award incentive loans to applicants; provides that, subject to appropriation, the Student Assistance Commission may, each year, administer applications for assistance under the GROW Program; sets forth qualifications for recipients, degrees, and jobs; provides for loan repayment and rulemaking; amends the State Finance Act to create the Graduate and Retain Our Workforce Fund.
Illinois	S 1740	Ransomware Attack Act	Pending	Creates the Ransomware Attack Act; provides that a governmental unit may not use any public funds to pay any person or entity to recover its computer system after a ransomware attack unless the governor first makes a proclamation that the ransomware attack against the governmental unit is a disaster under the Emergency Management Agency Act and, in the proclamation, authorizes the governmental unit to make a payment to recover its computer system following the ransomware attack.
Illinois	S 1899	Title Insurance Act	Pending	Amends the Title Insurance Act; provides that the Amendatory Act may be referred to as the Title Insurance Reform Act; provides that no person, firm, partnership, association, corporation or other legal entity shall act as or hold itself out to be a title insurance agent without first procuring a certificate of authority from the secretary of financial and professional regulation; provides that a certificate of authority shall remain in effect unless revoked or suspended by the secretary or voluntarily. Provides requirement for escrow agents to carry cybercrime insurance coverage. The title insurance agent may not conduct title insurance business as an escrow agent unless the deposit, fidelity bond, errors and omissions insurance, and cybercrime insurance coverage required are continuously maintained.
Illinois	S 2123	Election Code	Enacted	Amends the Illinois Constitutional Amendment Act; creates the Security of Remote Vote by Mail Task Force, requires one member with expertise in cybersecurity be appointed by the governor.
Indiana	H 1266	Indiana Cyber Civilian Corps Program	Enacted	Establishes the Indiana Cyber Civilian Corps Program Advisory Board; provides for the membership of the board; requires the board to provide findings and recommendations concerning the establishment of an Indiana cyber civilian corps program to the legislative council.
Indiana	H 1517	Social Media	Failed - Adjourned	Relates to social media; requires the Office of Technology to restrict access to TikTok or WeChat applications or any other applications developed by ByteDance Limited or Tencent Holdings Limited and prohibits persons from accessing those applications or visiting those websites on a state owned, operated, or maintained device; imposes a surcharge tax on social media providers; defines social media provider as a social media company that maintains a public social media platform.
Indiana	H 1591	Education	Enacted	Establishes the Early Learning Advisory Committee to take specified actions, including but not limited to commissioning a third-party evaluation to assess existing regulations for childcare providers and provide recommendations to, among other things, maintain health and safety standards and streamline administrative burdens, program standards, and reporting requirements for childcare providers; provides for a public database of public school employee injuries. Provides that a school corporation may require an innovation network school to: (1) Use the school corporation's student information system. (2) comply with the school corporation's networking, cybersecurity, and device standards
Indiana	HR 24	Recognition Resolution	Adopted	Recognizes the 25th Anniversary of the Center for Education and Research in Information Assurance and Security.
Indiana	S 142	Internet Safety Curricula for Schools	Failed - Adjourned	Relates to internet safety curricula for schools; provides that a school corporation may include instruction regarding internet safety in the school corporation's curriculum; requires the Department of Education to develop, not later than the specified date, age-appropriate curricula in internet safety for use at multiple grade levels and specifies topics that must be included in the curricula.
Indiana	S 159	Computer Trespass	Failed - Adjourned	Relates to computer trespass; defines financial information; enhances the sentence of an offense against intellectual property to a Level 5 felony if the data, computer program, or supporting documentation that is modified, destroyed, or disclosed contains protected health information or financial information; provides that an offense against computer users is a Level 5 felony if the computer, computer system or computer network.
Indiana	S 477	Threats to Critical Infrastructure	Enacted	Relates to prohibited contracts and land sales to certain foreign owned companies and foreign individuals; provides that after specified date, a qualified entity may not enter into an agreement relating to critical infrastructure with a company if, among other things, under the agreement, the company would be able to directly or remotely access or control critical infrastructure or a cybersecurity system of a critical infrastructure.
Iowa	H 139	Cybersecurity Simulation Training Center	Pending - Carryover	Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology; makes appropriations.
Iowa	H 143	Computer Spyware Malware and Ransomware Protection Act	Enacted	Relates to protection from computer spyware, malware, and ransomware; provides penalties.
Iowa	H 452	Secure an Advanced Vision for Education Fund	Failed	Authorizes the expenditure of funding from the Secure an Advanced Vision for Education Fund for certain cybersecurity purposes.
Iowa	H 553	Defenses for Entities Using Cybersecurity Programs	Enacted	Relates to affirmative defenses for entities using cybersecurity programs.
Iowa	H 554	Revenue Received from Taxpayers	Pending - Carryover	Prohibits the state or a political subdivision of the state from expending revenue received from taxpayers for payment to persons responsible for ransomware attacks; includes effective date provisions.
Iowa	H 632	Secure an Advanced Vision for Iowa Fund	Pending - Carryover	Authorizes the expenditure of funding from the Secure an Advanced Vision for Education Fund for certain cybersecurity purposes.
Iowa	H 698	Cybersecurity Simulation Training Center	Pending - Carryover	Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology; includes contingent effective date provisions.
Iowa	S 46	Definition of Essential County Purpose	Pending - Carryover	Modifies the definitions of essential county purpose and essential corporate purpose to include cybersecurity purposes.
Iowa	S 195	Definitions of Essential County Purpose	Pending - Carryover	Modifies the definitions of essential county purpose and essential corporate purpose to include cybersecurity purposes.
Iowa	S 203	Ransomware	Failed	Relates to ransomware and provides penalties.
Iowa	S 402	Cybersecurity Simulation Training Center	Pending - Carryover	Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology and makes appropriations.
Iowa	S 495	Defenses for Entities Using Cybersecurity Programs	Failed	Relates to affirmative defenses for entities using cybersecurity programs.
Kansas	H 2019	Cybersecurity Incidents	Enacted	Concerns information technology; requires reporting of significant cybersecurity incidents; changes membership, terms and quorum requirements for the information technology executive council; relates to information technology projects and reporting requirements, information technology security training and cybersecurity reports, duties of the chief information security officer; requires certain information to be provided to the joint committee on information technology.
Kansas	H 2077	Informational Technology Projects Reporting	Pending - Carryover	Requires reporting of significant cybersecurity incidents; relates to the Information Technology Executive Council; relates to information technology projects and reporting requirements; provides that any entity that is connected to the state criminal justice information system shall report any cybersecurity incident in accordance with rules and regulations adopted by the State Criminal Justice Information System Committee.
Kansas	H 2078	Information Technology Executive Council Membership	Pending - Carryover	Relates to changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.
Kansas	H 2218	Sunflower Education Equity Act for Students	Pending - Carryover	Relates to establishing the Sunflower Education Equity Act to provide education savings accounts for qualified students in the state. Websites and mobile applications must meet best standards as determined by the board for data privacy and cyber security
Kansas	H 2273	Appropriations	Pending - Carryover	Relates to appropriations for specified fiscal year for various state agencies.
Kansas	H 2314	TikTok Prohibited on State Owned Devices and Network	Pending - Carryover	Prohibits the use of social media platforms of concern, including TikTok, on state-owned devices and on any state network; provides for certain exceptions for law enforcement activities or cybersecurity investigations.
Kansas	H 2473	Reconciling Multiple Amendments to Certain Statutes	Pending - Carryover	Relates to reconciling multiple amendments to certain statutes, including cybersecurity requirements for executive branch agency heads.
Kansas	S 44	Kansas Financial Institutions Information Security Act	Enacted	Relates to financial institutions; relates to cybersecurity; enacts the Kansas Financial Institutions Information Security Act; requires certain covered entities to protect customer information; authorizes the state bank commissioner to adopt rules and regulations; provides penalties for violations of such act.
Kansas	S 106	Reconciling Multiple Amendments	Enacted	Relates to reconciling multiple amendments to certain statutes, including cybersecurity requirements for executive branch agency heads.
Kansas	S 155	Appropriations	Pending - Carryover	Relates to and makes appropriations for the fiscal years ending on specified dates for sState agencies; authorizes certain transfers, capital improvement projects and fees; imposes certain restrictions and limitations; directs or authorizes certain receipts, disbursements, procedures and acts.
Kentucky	H 124	Social Media Applications	Failed - Adjourned	Prohibits the use or download of TikTok on any state government network or any state government-issued devices; directs the Commonwealth Office of Technology and the legislative branch to implement controls to block access to TikTok on state government-issued devices and on any state government network; permits the judicial branch of state government to implement its own ban and restrictions of TikTok.
Kentucky	H 155	Banning of Social Media Applications	Failed - Adjourned	Prohibits the use or download of TikTok on any network or device under the control of a public agency; defines public agency; directs the Commonwealth Office of Technology and public agencies to implement controls to block access to TikTok on networks or devices under the control of a public agency; permits the judicial branch of state government to implement its own ban and restrictions of TikTok.
Kentucky	H 210	Kentucky Insurance Guaranty Association Act	Enacted	Relates to the Kentucky Insurance Guaranty Association Act. Regarding existing covered claims, the association shall satisfy the obligation by paying an amount not exceeding $500,000 per insured event for all covered claims resulting from that event for benefits arising from a cybersecurity insurance policy
Kentucky	HR 100	Recognition Resolution	Failed - Adjourned	Recognizes the University of Louisville for its efforts regarding adoption of cybersecurity systems in Kentucky.
Kentucky	S 20	Social Media Applications	Enacted	Relates to banning social media applications from state government technology; provides that, with certain exceptions, no executive branch employee, executive branch agency, or person or entity who contracts with the commonwealth shall download or use the TikTok application or visit the TikTok website on any network owned, operated, or otherwise under the control of state government or state government-issued device.
Kentucky	S 33	Cybersecurity Center	Failed - Adjourned	Establishes the Kentucky Cybersecurity Center (Kentucky CYBER) at the University of Louisville; establishes the purpose and duties of Kentucky CYBER; creates the Kentucky CYBER fund.
Kentucky	S 52	Collection of Fees in a County	Enacted	Provides that in a county containing a consolidated local government the fee shall not be paid to the Finance and Administration Cabinet and shall not lapse to the general fund of the consolidated local government; provides that moneys accumulated from this fee shall be held in perpetuity by the county clerk in a separate fund for equipment related to the permanent storage of and access to records, including deed books, binders, shelves, microfilm equipment, fireproof equipment, and cloud storage and cybersecurity services for the permanent storage of and access to records.
Kentucky	SR 269	Recognition Resolution	Adopted	Recognizes the University of Louisville for its efforts regarding adoption of cybersecurity systems in Kentucky.
Kentucky	SR 271	Encouragement Resolution	Adopted	Encourages the interim joint committee for Economic Development and Workforce Investment to address cybersecurity challenges and associated workforce opportunities by inviting all interested parties to present during the upcoming interim session.
Louisiana	H 361	Administration	Enacted	Relates to public officers and employees; provides for policies prohibiting the use of certain applications on computers, devices, and networks owned or leased by the state; provides for definitions; provides for duties of the Office of Technology Services; provides for approval by the Joint Legislative Committee on Technology and Cybersecurity; provides for duties of certain agency heads; provides for penalties.
Louisiana	H 431	Procurement	Failed - Adjourned	Provides relative to procurement of information technology.
Louisiana	H 456	Unemployment Compensation	Failed - Adjourned	Provides relative to the duration of unemployment compensation benefits and creates the job and reemployment act. Requires requiring multi-factor authentication as part of online applications.
Louisiana	H 550	Treasury Funds	Enacted	Establishes the Reading Enrichment and Academic Deliverables Fund; provides for the Power-Based Violence and Safety Fund; provides that monies in the Hurricane Ida Recovery Fund shall be used to make full or partial payments to eligible entities that suffered property loss or damage caused by Ida and that were not fully compensated for such property loss or damage by insurance and state and federal resources; creates the Court Modernization and Technology Fund and Public Safety and Crime Prevention Fund.
Louisiana	S 152	Information Technology	Enacted	Enacts the Louisiana Cybersecurity Commission to coordinate cybersecurity efforts among local, state, tribal, and federal governments, as well as the private sector, to maintain the stability of public services while ensuring proper privacy and protection of data entrusted to the state; provides for the purposes, duties, and powers of the commission to identify, prioritize, and mitigate Louisiana's cyber risk.
Maine	H 643	TikTok on State Owned Computers	Enacted	Provides that a computer or other electronic device owned or controlled by any branch of state government may not be used to access, contain or download the video hosting service known as TikTok, except as necessary for life, health, safety or investigative purposes in accordance with a policy adopted by a state agency.
Maine	S 245	Availability of Election Information on Websites	Pending - Carryover	Requires the secretary of state to provide a publicly accessible website or equivalent online platform for voters to access information about upcoming elections, including local elections to the extent municipalities provide information on local elections to the secretary of state; permits the secretary of state to work with municipalities to increase cybersecurity related to elections; permits a municipal clerk to provide the secretary of state with information on upcoming local elections.
Maryland	H 200	Fiscal Year Budget Bill	Enacted	Makes the proposed appropriations contained in the state budget for the fiscal year ending on specified date, in accordance with Article III, Section 52 of the state constitution; relates to appropriations and budgetary provisions made pursuant to that section, includes funding for the Cyber Maryland Program.
Maryland	H 201	State Debt Creation	Enacted	Authorizes the creation of a state debt of a specified amount, the proceeds to be used for certain necessary building, construction, demolition, planning, renovation, conversion, replacement and capital equipment purchases of the state, for acquiring certain real estate in connection therewith, and for grants to certain subdivisions and other organizations for certain development and improvement purposes. Includes funding for cybersecurity measures for specified counties.
Maryland	H 502	Electronic Benefits Transfer Cards Theft of Benefits	Enacted	Requires the Department of Human Services to reimburse a beneficiary for any benefits lost due to theft; authorizes certain households to request a certain hearing under certain circumstances; authorizes the department to restore benefits to certain households; requires the department to issue benefits to eligible households on or before a certain date; requires the department to take certain actions to reduce the vulnerability of electronic benefits transfer cards to theft. Authorizes multifactor authentication.
Maryland	H 552	Build Our Future Grant Pilot Program and Fund	Enacted	Establishes the Build Our Future Grant Pilot Program in the Department of Commerce to provide funding for certain costs for infrastructure projects in eligible technology sectors, including cybersecurity; requires certain grantees to provide matching funds and to demonstrate certain abilities; establishes the Build Our Future Grant Fund as a continuing, non-lapsing fund.
Maryland	H 622	Technology Grant Program and Fund	Enacted	Establishes the Industry 4.0 Technology Grant Program in the Department of Commerce to provide grants to certain small and medium-sized manufacturing enterprises to assist those manufacturers with implementing new Industry 4.0 technology, including cybersecurity solutions, or related infrastructure for certain purposes; establishes the Industry 4.0 Technology Grant Fund as a special, non-lapsing fund; requires the governor to include in the budget bill for fiscal years 2024 through 2028 an appropriation of a specified amount to the fund.
Maryland	H 744	Public Safety Answering Point Interference	Failed - Adjourned	Prohibits a person from taking certain actions with the intent to interrupt or impair the functioning of a public safety answering point; prohibits a person from taking certain actions that interrupt or impair the functioning of a public safety answering point; authorizes certain penalties.
Maryland	H 936	Small Business Cybersecurity Measures Income Tax Credit	Failed - Adjourned	Authorizes a credit against the state income tax for a certain small business that employs a specified number of employees for costs incurred by the small business during the taxable year for certain cybersecurity measures undertaken by the small business; makes the credit refundable; applies the act to all taxable years beginning on specified date.
Maryland	H 969	Public Service Commission Cybersecurity Staffing	Enacted	Requires the Public Service Commission to include on its staff a certain number of experts in cybersecurity to perform certain duties; requires the commission to establish, in coordination with the Office of Security Management, cybersecurity standards and best practices for regulated entities, share information on cybersecurity initiatives and best practices with certain entities, and conduct a certain periodic assessment.
Maryland	H 1065	State and Local Cybersecurity Revisions	Failed	Establishes the director of cybersecurity preparedness in the Cyber Preparedness Unit of the Maryland Department of Emergency Management; establishes certain duties of the director; specifies the amount of a certain annual appropriation made by the governor to the unit; establishes that the deputy secretary of information technology is the state chief information officer; requires a certain number of position identification numbers to be created to assist the deputy secretary.
Maryland	H 1131	National Guard Assignment to Cybersecurity Support	Failed - Adjourned	Requires the adjutant general of the National Guard to assign a certain number of members of the National Guard to support certain state cybersecurity programs.
Maryland	H 1141	State Issued Devices TikTok Prohibition	Failed - Adjourned	Prohibits the social media application TikTok from being installed or maintained on any information technology owned by a unit of state government; requires the Department of Budget and Management, in collaboration with the Department of Information Technology, to prepare guidance for units of state government to remove from and prohibit the use of the social media application TikTok on information technology owned by the unit on specified date.
Maryland	H 1189	Cyber Maryland Program and Fund	Failed - Adjourned	Establishes the Cyber Maryland Program in the State Technology Development Corporation to increase the cybersecurity workforce in the state, build an advanced cybersecurity workforce, and carry out other purposes related to the cybersecurity workforce in the state; establishes the Cyber Maryland Fund; establishes the Cyber Maryland Board; requires the Maryland Higher Education Commission, in consultation with a certain organization to expand.
Maryland	S 2	Electronic Benefits Transfer Cards Theft of Benefits	Enacted	Requires the Department of Human Services to reimburse a beneficiary for any benefits lost due to theft; authorizes certain households to request a certain hearing under certain circumstances; requires the state to give preference to certain vendors in the procurement process for electronic benefits distribution or administration; authorizes the department to restore benefits to certain households; requires the department to issue benefits to eligible households on or before a certain date. Authorizes multifactor authentication.
Maryland	S 48	Disaster Service and Uniformed Services Leave	Enacted	Defines the term emergency manager; adds certain state employees to certain provisions of law authorizing disaster service leave with pay; authorizes certain appointing authorities to waive certain requirements for disaster service leave and to increase the number of days of disaster service leave under certain circumstances; defines uniformed services for the purpose of adding certain individuals to certain provisions of law relating to certain paid leave and military administrative leave.
Maryland	S 181	Fiscal Year Budget Bill	Failed - Adjourned	Makes the proposed appropriations contained in the state budget for the fiscal year ending on specified dates, in accordance with Article III, Section 52 of the Maryland Constitution. Includes funding for cybersecurity measures.
Maryland	S 405	Computer Related Public Safety Crimes	Failed - Adjourned	Prohibits a person from committing computer-related crimes with the intent to interrupt or impair the functioning of a public safety answering point; prohibits a person from committing computer-related crimes which interrupt or impair the functioning of a public safety answering point; authorizes certain penalties.
Maryland	S 531	Public Water Systems Supplier Safety Requirements	Failed - Adjourned	Requires a supplier of water to inspect certain valves in a public water system in a certain manner, repair or replace certain valves, inspect certain fire hydrants, formulate and implement a certain plan, identify the locations of certain valves, and record certain characteristics and identifiers of certain valves; requires a supplier of water to develop a certain cybersecurity program by specified date.
Maryland	S 549	Build Our Future Grant Pilot Program and Fund	Enacted	Establishes the Build Our Future Grant Pilot Program in the Department of Commerce to provide funding for certain costs for infrastructure projects in eligible technology sectors; requires certain grantees to provide matching funds and to demonstrate certain abilities; establishes the Build Our Future Grant Fund to provide grants for projects to support innovation in eligible technology sectors, including cybersecurity; requires the department to report by a specified date.
Maryland	S 799	Public Schools Cyber Safety Guide	Failed - Adjourned	Requires the state Department of Education, the Behavioral Health Administration within the State Department of Health, the Maryland Center for School Safety, and the Department of Information Technology jointly to develop and publish a cyber safety guide to be made available in public schools beginning in the 2024-2025 school year; requires the cyber safety guide to be developed in consultation with professionals who specialize in child development and child psychology.
Maryland	S 800	Public Service Commission Cybersecurity Staffing	Failed - Adjourned	Requires the Public Service Commission to include on its staff a certain number of experts in cybersecurity to perform certain duties; requires the Commission to establish, in coordination with the Office of Security Management, cybersecurity standards and best practices for regulated entities, share information on cybersecurity initiatives and best practices with certain entities, and conduct a certain periodic assessment.
Maryland	S 801	Cyber Maryland Program and Fund	Enacted	Establishes the Cyber Maryland Program in the Maryland Technology Development Corporation to increase the cybersecurity workforce in the state, build an advanced cybersecurity workforce, and carry out other purposes related to the cybersecurity workforce in the state; establishes the Cyber Maryland Fund; establishes the Cyber Maryland Board; requires the Maryland Higher Education Commission, in consultation with a certain organization, to expand the Cyber Warrior Diversity Program.
Maryland	S 862	Consumer Protection Security Questions and Measures	Failed - Adjourned	Prohibits businesses, nonprofit entities, and units of state and local government from using a customer's mother's maiden name as a means of safeguarding access to a customer's account; makes a violation of the Act by businesses and nonprofit entities an unfair, abusive, or deceptive trade practice that is subject to certain enforcement and penalties under the Maryland Consumer Protection Act.
Maryland	S 868	State and Local Cybersecurity Revisions	Failed - Adjourned	Establishes the director of cybersecurity preparedness in the Cyber Preparedness Unit of the State Department of Emergency Management; establishes certain duties of the director; specifies the amount of a certain annual appropriation made by the governor to the unit; establishes that the state chief information security officer in the Office of Security Management reports to the governor; alters certain qualifications and duties of the state chief information security officer.
Maryland	S 891	Military Department State Cyber Protection Team	Failed - Adjourned	Establishes the State Cyber Protection Team in the Military Department for the purpose of supporting the Cyber Preparedness Unit in the Maryland Department of Emergency Management and the Office of Security Management in the Department of Information Technology during cybersecurity emergency response efforts; requires a certain number of Position Identification Numbers to be created for the team and specifying the amount of a certain annual appropriation made by the governor for the positions.
Maryland	S 906	Industry Technology Grant Program and Fund	Failed - Adjourned	Establishes the specified Industry Technology Grant Program in the Department of Commerce to provide grants to certain small and medium-sized manufacturing enterprises to assist those manufacturers with implementing new specified Industry technology or related infrastructure for certain purposes; establishes the specified Industry Technology Grant Fund as a special, non-lapsing fund.
Maryland	S 969	Success Assurance Model and Fund	Failed - Adjourned	Establishes the Success Assurance Model in the Department of Commerce to provide comprehensive and targeted business services, including cybersecurity services, to small businesses through professional services entities; establishes the Success Assurance Fund to award grants to certain coordinating services providers, which shall be disbursed as payment to professional services entities selected to provide business services; requires in fiscal year 2025, the governor to include a specified amount for the fund in the annual budget bill.
Massachusetts	H 51	Economic Revitalization	Pending	Finances the immediate economic revitalization, community development, and housing needs of the commonwealth, including cybersecurity.
Massachusetts	H 66	Cyberattack Responses	Pending	Relates to cyberattack responses.
Massachusetts	H 82	Social Media Companies	Pending	Protects residents of the commonwealth from the threat posed by certain foreign adversaries using current or potential future social media companies.
Massachusetts	H 84	Electronic Security	Pending	Relates to electronic security for certain procurements involving electronic or cyber security equipment components.
Massachusetts	H 532	Student and Educator Data Privacy	Pending	Relates to student and educator data privacy. Requires the Board of Elementary and Secondary Education to promulgate regulations that establish data security and privacy responsibilities of the department and educational entities as well as minimum required security standards for operators, including for use in department and educational entity contracts and agreements with operators, and shall approve the department’s data privacy and security policy and security plan for the state data system.
Massachusetts	H 3062	Information Technology Goods by State Agencies	Pending	Relates to the procuring of information technology goods or services by state agencies.
Massachusetts	S 23	Appropriations for the Fiscal Year 2023	Pending	Makes appropriations for the Fiscal Year 2023 to provide for supplementing certain existing appropriations and for certain other activities and projects reports, recommending that the same ought to pass with an amendment striking out all after the enacting clause and inserting in place thereof the text of Senate document numbered 23.
Massachusetts	S 32	Cyber Incident Response	Pending	Relates to cyber incident response.
Massachusetts	S 35	Against Cyber Ransom	Pending	Protects against cyber ransom.
Massachusetts	S 36	Cybersecurity Control	Pending	Establishes a Cybersecurity Control and Review Commission.
Massachusetts	S 37	Residents of the Commonwealth	Pending	Protects the residents of the commonwealth.
Michigan	H 4220	Freedom of Information Act	Pending - Carryover	Modifies definition of public record subject to the freedom of information act.
Michigan	H 4261	Freedom of Information Act	Pending - Carryover	Subjects the governor's office to the Freedom of Information Act.
Michigan	H 4286	K-12 Appropriations	Pending - Carryover	Provides for K-12 school aid appropriations for the 2023-24 fiscal year.
Michigan	H 4414	Data Security	Pending - Carryover	Provides department to create resources concerning digital literacy and cybersafety on public website.
Michigan	H 4427	Public Records	Pending - Carryover	Provides limited access to public records for incarcerated individuals.
Michigan	H 5065	State Devices	Pending - Carryover	Prohibits use of certain applications on state devices.
Michigan	H 5066	The Management and Budget Act	Pending - Carryover	Provides that if a certain contract awarded will give a contractor access to personal identifying information of any individual, an applicant for the contract must provide the department with an affidavit signed under penalty of perjury attesting that the applicant is not a controlled entity, and the Department of Technology, Management, and Budget may not knowingly enter into the contract with a controlled entity.
Michigan	H 5283	Health Records	Pending - Carryover	Requires Health Information Technology Commission to designate health information exchange for certain entities and data.
Michigan	S 15	State Technology	Pending - Carryover	Prohibits use of TikTok on state devices.
Michigan	S 154	Freedom of Information Act	Pending - Carryover	Modifies definition of public record subject to the freedom of information act.
Michigan	S 224	Legislative Open Records Act	Pending - Carryover	Creates the Legislative Open Records Act (LORA) as part of the Freedom of Information Act.
Michigan	S 669	Public Records	Pending - Carryover	Provides applicability of the Freedom of Information Act to the legislature and governor's office.
Minnesota	H 669	Capital Investment	Enacted	Relates to capital investment; authorizes spending to acquire and better public land and buildings and for other improvements of a capital nature with certain conditions; establishes new programs and modifying existing programs; modifies prior appropriations; authorizes the sale and issuance of state bonds; authorizes the conveyance of state bond-financed property; requires reports. Includes an appropriation to design, renovate, and equip space in New Main Hall for the cybersecurity program at Metropolitan State University.
Minnesota	H 1360	Education Finance	Pending - Carryover	Relates to education finance; increases safe schools revenue; provides state aid; expands revenue uses to include cyber security measures; appropriates money.
Minnesota	H 1409	State Government	Pending - Carryover	Relates to state government; appropriates money for public educational radio stations.
Minnesota	H 1693	State Government	Pending - Carryover	Relates to state government; changes provisions for certain legislative commissions and councils and other state councils. Requires procedures for when the legislative commission on cybersecurity holds closed meetings
Minnesota	H 1710	State Government	Pending - Carryover	Relates to state government; requires procedures for when the legislative commission on cybersecurity holds closed meetings.
Minnesota	H 1723	Elections	Pending - Carryover	Relates to elections; modifies election administration provisions relating to voter registration, absentee voting, and election day voting; establishes early voting; adopts the national popular vote compact; allows access for census workers; regulates intimidation, deceptive practices, and interference with voter registration and voting; amends requirements related to soliciting near the polling place; modifies campaign finance provisions; modifies campaign finance reporting requirements.
Minnesota	H 1826	State Government	Pending - Carryover	Relates to state government; designates the state fire museum; changes provisions in state government operations; modifies enabling statutes for the Legislative Commission on Cybersecurity; modifies provisions related to the Office of the Legislative Auditor and the Legislative Audit Commission; authorizes forms of collateral for state deposits; adds provisions for Hmong Special Guerilla Units Remembrance Day; modifies procedures for challenging accuracy of government data.
Minnesota	H 1904	Data Privacy	Pending - Carryover	Relates to data privacy; establishes neurodata rights; modifies certain crimes to add neurodata elements; provides civil and criminal penalties.
Minnesota	H 1952	Elections	Pending - Carryover	Relates to elections; establishes a procedure for the chair of either of the state's two largest major political parties to request a forensic audit of a state primary or state general election.
Minnesota	H 1960	Emergency Management	Pending - Carryover	Relates to emergency management; protects information and telecommunications technology systems and services during emergencies.
Minnesota	H 2071	Capital Investment	Pending - Carryover	Relates to capital investment; appropriates money for improvements on the Metropolitan State University campus; authorizes the sale and issuance of state bonds.
Minnesota	H 2079	State Government	Pending - Carryover	Relates to state government; prohibits download or use of the TikTok application on state telecommunications devices, with certain exceptions.
Minnesota	H 2205	Crime of Computer Theft to Include Copies of Data	Pending - Carryover	Relates to crime; modifies crime of computer theft to include copies of data.
Minnesota	H 2255	Natural Gas Utilities	Pending - Carryover	Relates to energy; authorizes natural gas utilities to sell extraordinary event bonds under certain circumstances; establishes an account; appropriates money.
Minnesota	H 2310	Environment, Natural Resources, Climate, and Energy	Enacted	Appropriates money for environment, natural resources, climate, and energy; establishes a biennial budget for Department of Commerce, Public Utilities Commission, and energy, climate, and clean energy activities. Provides for electric grid resilience grants.
Minnesota	H 2338	Public Safety	Pending - Carryover	Relates to public safety; expands crime of unauthorized computer access to include accessing a computer without penetrating security system.
Minnesota	H 2497	Education Finance	Enacted	Relates to education finance; provides funding for prekindergarten through grade 12 education; modifies provisions for general education, education excellence, literacy, American Indian education, teachers, charter schools, special education, facilities, nutrition, libraries, early childhood, community education, and state agencies; appropriates funds.
Minnesota	H 2680	Department of Commerce Biennial Budget	Pending - Carryover	Relates to commerce; establishes a biennial budget for Department of Commerce and related activities; adds and modifies various provisions governing health, property, life, homeowners, and automobile insurance; provides for certain consumer protections and privacy; modifies provisions governing commerce; makes technical changes; establishes civil and criminal penalties; authorizes administrative rulemaking. Appropriates funds for information technology and cybersecurity upgrades for the unclaimed property program.
Minnesota	H 2880	Capital Investment	Pending - Carryover	Relates to capital investment; authorizes spending to acquire and better public land and buildings and for other improvements of a capital nature with certain conditions; establishes new programs and modifying existing programs; modifies prior appropriations; authorizes the sale and issuance of state bonds; appropriates money. Includes appropriations to design, renovate, and equip space in New Main Hall for the cybersecurity program at Metropolitan State University.
Minnesota	H 2890	State Government	Pending - Carryover	Relates to state government; provides for certain crime, public safety, victim, sentencing, expungement, clemency, evidence, policing, private security, corrections, firearm, controlled substances, community supervision, and 911 Emergency Communication System policy provisions in statutes and laws; provides for reports; authorizes rulemaking; appropriates money.
Minnesota	H 2940	State Government	Pending - Carryover	Relates to state government; appropriates money for certain constitutional offices, legislature, state agencies, boards, offices, councils, commissions, and certain retirement accounts; establishes the consumer litigation fund; amends salary limits provisions and provisions of the compensation council; requires performance measures for the state; amends provisions covering transfers from grants, setting agency rates for services, and billing procedures for settlement.
Minnesota	S 676	Capital Investment	Pending - Carryover	Relates to capital investment; authorizes spending to acquire and better public land and buildings and for other improvements of a capital nature with certain conditions; establishes new programs and modifying existing programs; modifies prior appropriations; authorizes the sale and issuance of state bonds; requires reports; appropriates money.
Minnesota	S 905	Elections	Pending - Carryover	Relates to elections; establishes a procedure for the chair of either of the state's two largest major political parties to request a forensic audit of a state primary or state general election.
Minnesota	S 957	Public Safety	Pending - Carryover	Relates to public safety; expands crime of unauthorized computer access to include accessing a computer without penetrating security system.
Minnesota	S 1110	Data Privacy	Pending - Carryover	Relates to data privacy; establishes neurodata rights; modifies certain crimes to add neurodata elements; provides civil and criminal penalties.
Minnesota	S 1424	State Government	Failed	Designates the State Fire Museum; changes provisions in state government operations; modifies enabling statutes for the Legislative Commission on Cybersecurity; modifies provisions related to the Office of the Legislative Auditor and the Legislative Audit Commission; authorizes forms of collateral for state deposits; modifies procedures for challenging accuracy of government data; modifies provisions relating to the Legislative Salary Council; modifies Senate confirmation process.
Minnesota	S 1426	State Government	Failed	Appropriates money for the legislature, the governor's office, state auditor, attorney general, secretary of state, and certain agencies, boards, councils, and retirement funds; sets salaries for constitutional officers; changes provisions for information technology; establishes a pilot program for construction materials to meet certain standards for global warming potential; implements recommendations of Advisory Task Force on State Employment and Retention of Employees with Disabilities.
Minnesota	S 1514	State Government	Pending - Carryover	Relates to state government; appropriates money for public educational radio stations.
Minnesota	S 1547	Capital Investment	Pending - Carryover	Relates to capital investment; appropriates money for improvements on the Metropolitan State University campus; authorizes the sale and issuance of state bonds.
Minnesota	S 1548	Ethics in Government	Pending - Carryover	Relates to elections; establishes a local election expense reimbursement account; modifies the voting equipment grant account; requires a report; appropriates money.
Minnesota	S 1703	State Government	Pending - Carryover	Relates to state government; requires procedures for when the legislative commission on cybersecurity holds closed meetings.
Minnesota	S 1746	State Government	Pending - Carryover	Relates to state government; changes provisions for certain legislative commissions and councils and other state councils.
Minnesota	S 1811	Individual Income and Corporate Franchise Taxes	Failed	Relates to financing and operation of state and local government; modifies provisions governing individual income and corporate franchise taxes, federal conformity, property taxes, certain state aids, sales and use taxes, minerals taxes, tax increment financing, local sales and use taxes, local special taxes, provisions related to public finance, and various other taxes and tax-related provisions; modifies income tax credits; modifies provisions related to the taxation of pass-through entities.
Minnesota	S 1884	Education Finance	Pending - Carryover	Relates to education finance; increases safe schools revenue; provides state aid; expands revenue uses to include cyber security measures; appropriates money.
Minnesota	S 2001	Emergency Management	Failed	Relates to emergency management; protects information and telecommunications technology systems and services during emergencies.
Minnesota	S 2069	Computer Theft To Include Copies of Data	Pending - Carryover	Relates to crime; modifies crime of computer theft to include copies of data.
Minnesota	S 2166	Natural Gas Utilities	Pending - Carryover	Relates to energy; authorizes natural gas utilities to sell extraordinary event bonds under certain circumstances; establishes an account; appropriates money.
Minnesota	S 2438	State Government	Pending - Carryover	Relates to state government; appropriates money for environment and natural resources; modifies environment and natural resources provisions; modifies commissioner's duties; modifies provisions for water and soil conservation; prohibits lead and cadmium in certain consumer products; modifies farmed Cervidae provisions; modifies report requirements; requires reports; requires rulemaking.
Minnesota	S 2542	Energy	Pending - Carryover	Relates to energy; modifies certain utility requirements; prohibits certain restrictions on the use of residential solar energy systems; modifies the property assessed clean energy program; amends definition of low-income household for purposes of receiving energy conservation assistance; requires submission of a decommissioning and demolition plan for a scheduled retirement of an electric generation facility; authorizes natural gas utilities to sell extraordinary event bonds under certain circumstances.
Minnesota	S 2744	Biennial Budget for the Department of Commerce	Enacted	Establishes a biennial budget for Department of Commerce and related activities; adds and modifies various provisions governing health, property, life, homeowners, and automobile insurance; regulates financial institutions; modifies provisions governing financial institutions; provides for certain consumer protections and privacy; establishes civil and criminal penalties; appropriates funds.
Minnesota	S 2892	Capital Investment	Pending - Carryover	Relates to capital investment; authorizes spending to acquire and better public land and buildings and for other improvements of a capital nature with certain conditions; establishes new programs and modifying existing programs; modifies prior appropriations; authorizes the sale and issuance of state bonds; appropriates money.
Minnesota	S 2909	State Government	Enacted	Relates to state government; provides law for judiciary, public safety, crime, sentencing, evidence, courts, law enforcement, firearms, controlled substances, corrections, clemency, expungement, rehabilitation and reinvestment, civil law, community supervision, supervised release, and human rights; provides for rulemaking; provides for reports; provides for criminal and civil penalties.
Minnesota	S 2979	State Government	Pending - Carryover	Relates to state government; appropriates money for certain constitutional offices, legislature, state agencies, boards, offices, councils, commissions, and certain retirement accounts; establishes the consumer litigation fund; amends salary limits provisions and provisions of the compensation council; requires performance measures for the state; amends provisions covering transfers from grants, setting agency rates for services, and billing procedures for settlement.
Mississippi	H 208	Computer Science and Cyber Education Equality Act	Failed	Revises the definition of terminology related to the offering of instruction under provisions of the State Computer Science and Cyber Education Equality Act; provides that such instruction must be taught by appropriately endorsed teachers for computer science courses which award Carnegie units, and by licensed teachers or paraprofessionals with proper training in computer science instruction who are under the guidance or supervision of a licensed teacher.
Mississippi	H 279	TikTok Application on State Issued Devices	Failed	Prohibits state employees who have been issued electronic devices for the purpose of performing work related functions from downloading or using the TikTok application on any device issued by the state; requires the removal of such application from government issued devises; requires the state Department of Information Technology Services, in consultation with the director of information technology within the department of finance and administration, to develop standards and guidelines.
Mississippi	H 1032	Mississippi Security Drone Act of 2023	Failed	Creates the Mississippi Security Drone Act of 2023 for purposes of prohibiting government entities from purchasing covered unmanned aircraft systems that are not manufactured by companies based in the United States or in any territory or commonwealth under the jurisdiction of the United States; provides exemptions to the state office of homeland security and the state National Guard under certain conditions.
Mississippi	H 1293	Drones Manufactured in State Purchase	Failed	Requires state agencies to give a purchasing preference to drones manufactured in the state; prohibits state agencies from purchasing or operating drones manufactured or assembled from parts manufactured in the People's Republic of China.
Mississippi	S 2046	National Security in Public Purchasing Act	Failed	Creates the Mississippi National Security in Public Purchasing Act.
Mississippi	S 2140	National Security on State Devices Act	Enacted	Creates the National Security on State Devices and Networks Act; provides that the Department of Information Technology Services, or any other appropriate state agency, shall restrict the download, access or use of prohibited technologies on state-operated networks; provides that the Department of Information Technology Services shall maintain and timely update a publicly available list of such prohibited technologies on its website.
Mississippi	S 2340	Water Quality Accountability Act	Failed	Enacts the Mississippi Water Quality Accountability Act.
Mississippi	S 2437	Mississippi Water Quality Accountability Act	Failed	Enacts the State water quality accountability act.
Mississippi	S 2586	Computer Science Curriculum	Enacted	Revises the definition of terminology related to the offering of instruction under provisions of the state computer science and cyber education equality act; provides that such instruction must be taught by appropriately endorsed teachers for computer science courses which award Carnegie units, and by licensed teachers or paraprofessionals with proper training in computer science instruction who are under the guidance or supervision of a licensed teacher.
Mississippi	S 2717	Enterprise Security Program	Enacted	Establishes the Enterprise Security Program which shall provide for the coordinated oversight of the cybersecurity efforts across all state agencies, including cybersecurity systems, services and the development of policies, standards and guidelines; provides that the state Department of Information Technology Services shall evaluate the Enterprise Security Program; provides that such evaluation shall include specified factors.
Mississippi	S 2853	Small Unmanned Aircraft Systems	Enacted	Requires state-purchased small unmanned aircraft systems or drones to be manufactured in the United States and possess collision avoidance systems; grants a certain percent bid preference in public procurement for small unmanned aircraft systems and related services to state manufacturers and servicing companies.
Mississippi	S 2870	National Security on State Devices and Networks Act	Failed	Enacts the National Security on State Devices and Networks Act.
Missouri	H 668	Grant Program for Employers to Enhance Cybersecurity	Failed - Adjourned	Creates a grant program for employers to enhance cybersecurity.
Missouri	H 919	Use of Chinese-Owned Apps on State Devices	Failed - Adjourned	Bans the use of TikTok and other Chinese-owned apps on state-owned devices.
Missouri	S 319	Joint Committee on Disaster Preparedness and Awareness	Failed - Adjourned	Reauthorizes the joint committee on disaster preparedness and awareness.
Missouri	S 380	Cybersecurity Grants For Employers	Failed - Adjourned	Relates to grants to employers for the purpose of enhancing cybersecurity.
Missouri	S 596	Removal of TikTok from Agency Technology	Failed - Adjourned	Requires the commissioner of administration to develop standards and guidelines for all departments, divisions, and agencies of the state requiring the removal of TikTok, or any successor application or service, from information technology; this provision does not apply to the Missouri State Highway Patrol to the extent necessary to conduct any law enforcement activities.
Missouri	SJR 41	Joint Committee on State Security	Failed - Adjourned	Creates the joint committee on state security; relates to securing state property from certain foreign interests.
Missouri	H 1415	Unmanned Aerial Systems Security Act of 2024	Pending	Establishes the Unmanned Aerial Systems Security Act of 2024.
Missouri	H 1416	Light Detection Ranging Technology Security Act	Pending	Establishes the Light Detection & Ranging Technology Security Act.
Montana	H 10	Information Technology Capital Projects	Enacted	Relates to information technology capital projects; appropriates money for information technology capital projects for the biennium ending on specified date; provides for matters relating to the appropriations; provides reporting requirements; provides for a transfer of funds from the general fund to the long-range information technology program account; provides for the development and acquisition of new information technology systems for various departments and the Montana university system.
Montana	H 30	Mortgage Laws	Enacted	Revises Montana mortgage laws; adopts prudential standards for nonbank mortgage servicers; provides for applicability and exclusions; provides for financial conditions and corporate governance of servicers; grants authorization to the Department of Administration regarding servicers; allows remote work for a mortgage business; defines confidential supervisory information; provides that a licensee shall file a written report with the department regarding a cybersecurity incident.
Montana	H 138	Bank Act	Enacted	Revises the Bank Act; abolishes the State Banking Board; provides for the chartering of state chartered banks by the Department and the commissioner of banking; allows rulemaking on implementing the process for new charters; clarifies the application of general corporate law to the Bank Act; allows rulemaking for the approval of a shell bank; requires approval for loan production offices; requires an annual report of officers and directors; requires an annual report of service and technology providers.
Montana	H 161	Computer Crime Laws	Enacted	Revises computer crime laws; provides definitions; revises the offense of unlawful use of a computer; provides exceptions.
Montana	S 341	Election Equipment Contracts	Failed	Revises laws related to election equipment contracts; relates to elections; relates to local government; relates to public contracts.
Montana	S 419	TikTok in State	Enacted	Bans TikTok in the state; prohibits an internet service provider from allowing the operation of TikTok in the state; prohibits a mobile application store from offering the TikTok application to state users; provides for penalties; provides for enforcement authority; provides definitions; provides for contingent voidness.
Montana	H 770	Electronic and Social Media Communications Regulation	Failed	Revises regulation of electronic and social media communications; relates to communications; relates to crimes; relates to information technology; relates to liability; relates to state government.
Nebraska	L 638	K-12 Cybersecurity and Data Protection Act	Pending - Carryover	Adopts the State K-12 Cybersecurity and Data Protection Act.
Nebraska	L 650	Cybersecurity Records to be Withheld from Public	Pending - Carryover	Allows certain cybersecurity records to be withheld from the public.
Nebraska	L 651	Cybersecurity Improvements	Pending - Carryover	Provides for appropriations relating to cybersecurity improvements for state agencies and political subdivisions.
Nevada	A 18	Provisions Relating to Governmental Administration	Enacted	Relates to governmental administration; revises the definitions of certain terms related to the provision of information services to using agencies by the Division of Enterprise Information Technology Services of the Department of Administration; revises the composition of the division.
Nevada	A 284	Mortgage Company Remote Location Requirements	Failed	Relates to mortgage companies; authorizes an employee of a mortgage company, including a mortgage loan originator employed by or associated with the mortgage company, to conduct the business of the mortgage company at a remote location under certain circumstances; sets forth certain requirements and restrictions concerning the conducting of the business of a mortgage company at a remote location; requires the commissioner of mortgage lending to adopt certain regulations.
Nevada	A 488	Security Firewall and Upgrades	Enacted	Makes appropriations to the Division of Enterprise Information Technology Services of the Department of Administration for the replacement of computer hardware and associated software, the replacement of components of a security firewall and security upgrades to mountaintop microwave sites; provides other matters properly relating thereto.
Nevada	S 276	Collection Agencies	Enacted	Provides that a collection agency shall display on any internet website maintained by the collection agency the license number issued to the collection agency and the certificate identification number of the certificate issued to the compliance manager of the collection agency by the commissioner of financial institutions; provides that before a collection agent begins working from a remote location, the collection agent must sign a specified written agreement.
Nevada	S 355	Commissioner of Financial Institutions	Enacted	Relates to financial services; prohibits the commissioner of financial institutions from requiring an applicant for a license to establish a new depository institution to identify the physical address of the proposed depository institution in the application for the license; authorizes certain persons employed by financial institutions to temporarily delay certain financial transactions involving the suspected exploitation of an older person or vulnerable person.
Nevada	S 360	Digital Financial Asset Business Activity	Failed	Relates to digital financial assets; provides for the licensure and regulation of persons engaged in digital financial asset business activity; sets forth certain requirements concerning the operations of a person who is licensed to engage in digital financial asset business activity; provides penalties; provides other matters properly relating thereto.
Nevada	S 378	Provisions Relating to Common Interest Communities	Enacted	Provides that a website or electronic portal established and maintained by a unit owners association may provide owners with the ability to pay obligations electronically only if the association, or if the association has contracted with a payment processor, the payment processor, maintains a policy of cybersecurity insurance in a specified minimum aggregate amount that provides coverage for potential losses associated with the unauthorized acquisition of personal information.
Nevada	S 431	Governmental Administration	Enacted	Relates to governmental administration; revises the duties of the chief information officer; provides for the appointment and prescribing the duties of a chief innovation officer; creates the Office of Nevada Boards, Commissions and Councils Standards within the Department of Business and Industry and prescribing the duties and responsibilities of the office with respect to professional and occupational licensing boards.
Nevada	S 485	Appropriations to the Office of the Secretary of State	Enacted	Makes appropriations to the office of the secretary of state for costs related to the office's business registration and filing system, internet website and information security; provides other matters properly relating thereto.
New Hampshire	H 91	Department of Health and Human Services	Failed	Establishes a Data Privacy and Information Technology Security Governance Board within the Department of Health and Human Services to oversee data privacy risk calculation and risk mitigation efforts; makes an appropriation to the department for classified employees to accomplish these objectives.
New Hampshire	H 519	Chief Information Security Officer	Enacted	Establishes a chief information security officer for the Department of Information Technology.
New Jersey	A 493	Public Agencies Report Cybersecurity Incidents	Pending	Requires public agencies and government contractors to report cybersecurity incidents to New Jersey Office of Homeland Security and Preparedness; provides that every public agency and government contractor shall report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness; provides that the report shall be made within a specified number of hours of when the public agency or government contractor reasonably believes that a cybersecurity incident has occurred.
New Jersey	A 4013	Executive Branch and State College Cybersecurity	Pending	Requires each principal department in the executive branch and each state college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
New Jersey	A 4184	Shared Service Incentive Programs	Enacted	Relates to shared service incentive programs; provides that the Department of Community Affairs shall not exclude the hiring of information technology or cybersecurity professionals pursuant to a shared services agreement from any program, activity, assistance, or offering, administered by the department to incentivize local units to enter into shared services agreements when information technology or cybersecurity shared services are potential eligible uses of program funds.
New Jersey	A 4836	Office of Emergency Management and Internet	Enacted	Relates to cybersecurity incidents; provides that the State Office of Emergency Management shall adopt a State Emergency Operations Plan; provides that the plan shall, among other things, incorporate a framework to address cybersecurity incidents that shall, at a minimum, serve as a mechanism to facilitate and coordinate preparation for detection, analysis, containment and eradication of, and recovery from, a cybersecurity incident, and to prescribe post-incident activity.
New Jersey	A 5065	Cybersecurity Infrastructure Study	Pending	Requires state Cybersecurity and Communications Integration Cell to study cybersecurity infrastructure and establish cybersecurity guidelines.
New Jersey	A 5080	State Issued Electronic Devices TikTok Prohibition	Pending	Prohibits download or use of TikTok application on any state issued electronic device.
New Jersey	A 5355	Office of Supportive Action Functionality Experts	Pending	Establishes the Office of Supportive Action Functionality Experts to prepare for catastrophic loss of technological services.
New Jersey	A 5361	State Critical Infrastructure	Pending	Prohibits any foreign company created under the laws of foreign adversary from participating in critical infrastructure.
New Jersey	A 5384	State Technology Contracts Restrictions	Pending	Prohibits state contracts for technology with Chinese government owned or affiliated companies.
New Jersey	A 5530	Government Cybersecurity Systems Purchasing	Pending	Establishes state and local government purchasing and use requirements for cybersecurity systems.
New Jersey	S 297	Public Agencies Report Cybersecurity Incidents	Enacted	Requires public agencies and government contractors to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness; requires the report to be made within a specified number of hours of when the public agency or government contractor reasonably believes that a cybersecurity incident has occurred.
New Jersey	S 2827	Shared Service Incentive Programs	Pending	Requires the Department of Community Affairs to allow hiring of information technology and cybersecurity professionals pursuant to shared service incentive programs.
New Jersey	S 3417	Emergency Management Office Internet Outage Plans	Pending	Requires the Office of Emergency Management to incorporate into the state emergency operations plan a framework to address cybersecurity incidents.
New Jersey	S 3451	Police Cyber Crimes Unit	Pending	Appropriates a specified amount to the New Jersey State Police Cyber Crimes Unit.
New Jersey	S 3462	State Issued Electronic Devices TikTok Ban	Pending	Prohibits download or use of TikTok application on any state issued electronic device.
New Jersey	S 3645	Cybersecurity Infrastructure and Guidelines	Pending	Requires the state Cybersecurity and Communications Integration Cell to study cybersecurity infrastructure and establish cybersecurity guidelines.
New Jersey	S 3665	Foreign Companies Technology Products	Pending	Prohibits government entities from procuring and using technology products and services from companies owned by, controlled by, or domiciled in certain foreign countries.
New Jersey	S 3826	Cybersecurity Systems Government Purchasing	Pending	Establishes state and local government purchasing and use requirements for cybersecurity systems.
New Mexico	H 256	Hybrid Dual Credit Pilot Project	Failed - Adjourned	Relates to a hybrid dual credit pilot project.
New Mexico	H 388	Cybersecurity Fund	Failed - Adjourned	Relates to cybersecurity; creates the cybersecurity fund as a non-reverting fund in the state treasury which shall be administered by the Department of Information Technology for specified purposes; provides that at a specified time, the fund shall be administrated by the Cybersecurity Office.
New Mexico	S 208	Use of TikTok With State Resources	Failed - Adjourned	Relates to banning the use of TikTok with state resources.
New Mexico	S 269	Department of Information Technology	Failed - Adjourned	Relates to the Department of Information Technology.
New Mexico	S 280	Cybersecurity Act	Enacted	Relates to cybersecurity; enacts the Cybersecurity Act; creates the cybersecurity office; provides duties and powers; creates the position of state chief information security officer; provides duties; creates the cybersecurity advisory committee; provides exemptions to the open meetings act and inspection of public records act; requires reports.
New Mexico	S 452	Broadband Changes	Enacted	Relates to broadband; authorizes the lease or sale of broadband infrastructure and the provision of cybersecurity, information technology and telecommunication network services; provides for administrative hearings; clarifies the bases for some service rates; provides definitions; amends sections of the broadband access and expansion act; requires reports by some internet service providers; establishes conditions for lease of the state-owned broadband network.
New York	A 1646	School District Cyber Crime Prevention Services Program	Pending	Establishes the school district cybercrime prevention services program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cybercrimes in school districts or otherwise affecting school districts; provides that information on eligibility and applications for financial assistance be made available to school districts.
New York	A 2183	Computer Tampering in the Third Degree	Pending	Adds that a person is guilty of computer tampering in the third degree when they intentionally enter or alter in any manner or destroy computer material indicating that a person did or did not receive a vaccination that is reported to the New York state immunization information system or the New York city immunization registry.
New York	A 2301	Crime of Larceny by Cyber Extortion	Pending	Establishes the crime of larceny by cyber extortion which occurs when a person intends to obtain property from another person or entity located in the state using certain malicious software.
New York	A 2319	E-Mail Service Providers	Pending	Requires e-mail service providers to create a service for consumers to report instances of unauthorized use of an e-mail account and to report instances of unauthorized use of an e-mail account to the attorney general's office and the local district attorney's office; establishes the crime of unauthorized use of an e-mail account as a class A misdemeanor.
New York	A 2529	General Protection Data Regulation Study	Pending	Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state.
New York	A 2833	Procurement Requirements	Pending	Relates to procurement requirements for end point device security.
New York	A 2896	Critical Energy Infrastructure Security	Enacted	Relates to critical energy infrastructure security and responsibility; provides that the Public Service Commission shall have power to provide for management and operations audits of gas corporations and electric corporations; provides that the audit shall include, but not be limited to, an evaluation of customer privacy protections, including but not limited to customer electrical and gas consumption data; provides that customer electric and gas consumption data shall be considered confidential.
New York	A 3005	Public Protection and General Government Budget	Enacted	Enacts into law major components of legislation necessary to implement the state public protection and general government budget for the specified state fiscal year.
New York	A 3094	Critical Infrastructure Standards and Procedures Act	Pending	Amends the state technology law, in relation to enacting the Critical Infrastructure Standards and Procedures Act.
New York	A 3317	Use of TikTok Application on State Issued Devices	Pending	Prohibits the use or access of the TikTok application on state-issued electronic devices.
New York	A 4640	Cyber Security Enhancement Fund	Pending	Creates a cyber security enhancement fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of 1 million or less; restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.
New York	A 5736	Secure Our Data Act	Pending	Establishes the Secure Our Data Act; relates to state entities preparing for and protecting against a ransomware attack; defines ransomware and other malware protection.
New York	A 6128	Security on Digital Submissions to the State	Pending	Increases security on digital submissions to the state by requiring the use of verified accounts and multi-factor authorization.
New York	A 6200	Digital Distribution of State Funds	Pending	Requires the use of verified accounts and multi-factor authorization before state funds can be distributed digitally.
New York	A 6994	New York Veteran Digital Navigator Program Act	Pending	Enacts the New York veteran digital navigator program act; requires the state commissioner of the department of veterans' services to establish a program to promote digital citizenship, through which the state commissioner shall award grants to eligible entities.
New York	A 7166	Emergency Response Plans	Pending	Relates to the contents of emergency response plans required to be submitted to the public service commission by electric corporations; requires such plans to include details of staffing, equipment, and ability to perform toward certain standards; requires the public service commission to establish a time-based restoration schedule.
New York	A 7331	Governmental Entities	Pending	Amends the state technology law; requires governmental entities to implement multifactor authentication for local and remote network access; requires public websites to encrypt all exchanges and to comply with privacy standards.
New York	A 7364	Security of Critical Infrastructure	Enacted	Amend the executive law; relates to the security and cyber security of certain critical infrastructure.
New York	A 7958	New York Grid Modernization Act	Pending	Enacts the New York Grid Modernization Act to address the aging infrastructure; establishes the grid modernization program; defines terms; creates the smart grid advisory council; makes related changes.
New York	A 8041	Felony Commercial Bribery Statutes	Pending	Removes the specified amount economic harm requirement from the felony commercial bribery statutes; expands the crime of larceny to include theft of personal identifying information, computer data, computer programs, and services, to adapt to modern technological realities; provides state jurisdiction and county venue over cases involving larceny of personal identifying information, computer data, and computer programs, where the victim is in the state or the county.
New York	S 508	Use or Access of the TikTok Application	Pending	Prohibits the use or access of the TikTok application on state-issued electronic devices.
New York	S 881	Crime of Larceny by Cyber Extortion	Pending	Relates to establishing the crime of larceny by cyber extortion which occurs when a person intends to obtain property from another person or entity located in the state using certain malicious software.
New York	S 924	State Higher Education Capital Matching Grant Board	Pending	Requires the New York state higher education capital matching grant board to award matching capital grants totaling $2 million for projects to implement, modify, or otherwise enhance cyber security infrastructure; makes related provisions.
New York	S 1345	Critical Energy Infrastructure Security	Pending	Relates to critical energy infrastructure security and responsibility and provides for the protection of critical infrastructure in the state.
New York	S 1454	Crime of Disruption of an Online Public Meeting	Pending	Establishes the crime of disruption of an online public meeting when a person with intent to cause public inconvenience, annoyance or alarm, without lawful authority, and acting through a computer service, he or she disturbs any lawful assembly or meeting of persons open to the public conducted through a computer service; makes such crime a class B misdemeanor.
New York	S 2563	School District Cyber Crime Prevention Services Program	Pending	Establishes the school district cybercrime prevention services program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cybercrimes in school districts or otherwise affecting school districts; provides that information on eligibility and applications for financial assistance be made available to school districts.
New York	S 2564	Department of Education Annual Notifications	Pending	Requires the Department of Education to provide annual notifications to school districts to combat cybercrime.
New York	S 2571	Definition of Unreciprocated Offensive Contact	Pending	Adds additional offenses where there is concurrent jurisdiction of criminal and family courts; defines unreciprocated offensive contact.
New York	S 2730	Computer Related Crimes	Pending	Relates to computer-related crimes; creates the crimes unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant; allows for a civil action for compensatory damages for victims of such crimes.
New York	S 4276	Computer Tampering Offenses	Pending	Elevates all computer tampering offenses by one degree in severity.
New York	S 4512	Cyber Security Enhancement Fund	Pending	Creates a cyber security enhancement fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of 1 million or less; restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.
New York	S 4871	Business Tax Credit for Data Breach Insurance	Pending	Relates to a business tax credit for purchase of data breach insurance.
New York	S 4882	Strengthening of Utility Storm Response and Compliance	Pending	Relates to strengthening of utility storm response and compliance by reviewing mitigating factors including but not limited to mitigating factors and the specifics surrounding the violation or violations.
New York	S 4992	Security Hardware and Software Safety Technology	Pending	Relates to providing for security hardware and software safety technology; defines technology equipment; relates to providing aid for computer software purchases; relates to providing building aid for security hardware and software safety technology.
New York	S 5007	Secure Our Data Act	Pending	Establishes the Secure Our Data Act; relates to state entities preparing for and protecting against a ransomware attack; provides that each state entity shall create an inventory of the data maintained by the state entity and the purpose or purposes for which such data is maintained and used; provides that the inventory shall include a listing of all personal information maintained by the state entity, along with the source and age of such information.
New York	S 5189	Websites Maintained by a Board of Elections	Pending	Requires a ".gov" domain name for websites maintained by a board of elections.
New York	S 5600	Contents of Emergency Response Plans	Pending	Relates to the contents of emergency response plans required to be submitted to the public service commission by electric corporations; requires such plans to include details of staffing, equipment, and ability to perform toward certain standards; requires the public service commission to establish a time-based restoration schedule.
New York	S 5615	State Agencies Procurement of Personal Computing Goods	Pending	Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.
New York	S 5646	Critical Infrastructure Standards and Procedures Act	Pending	Enacts the Critical Infrastructure Standards and Procedures (CRISP) Act.
New York	S 5662	Data Economy Labor Compensation and Accountability Act	Pending	Enacts the Data Economy Labor Compensation and Accountability Act; establishes the office of consumer data protection for the purpose of properly safeguarding personal data; imposes a tax on data controllers and data processors required to register with such office.
New York	S 6474	Governmental Entities	Pending	Requires governmental entities to implement multifactor authentication for local and remote network access; requires public websites to encrypt all exchanges and to comply with privacy standards.
New York	S 6731	Computer Tampering in the Third Degree	Pending	Amends the Penal Law; adds that a person is guilty of computer tampering in the third degree when they intentionally enter or alter in any manner or destroy computer material indicating that a person did or did not receive a vaccination that is reported to the New York state immunization information system or the New York city immunization registry.
New York	S 7414	Security and Cyber Security of Critical Infrastructure	Pending	Relates to the security and cyber security of certain critical infrastructure, including energy generating and transmission facilities, storage facilities for hazardous substances, and commercial aviation, petroleum and natural gas fuel transmission facilities and pipelines.
North Carolina	H 196	State Information Technology	Pending	Makes omnibus modifications to laws relating to state information technology and the privacy of personal identifying information.
North Carolina	H 671	Protect Public Infrastructure	Pending	Makes it a felony to willfully or maliciously destroy, injure, or otherwise damage a public infrastructure or public transportation system; establishes the cyber security fund within the state treasury to be administered by the Department of Information Technology with input from critical government stakeholders for the purpose of upgrading their information technology infrastructure to strengthen the state and localities against cyberattacks and appropriating funds for that purpose.
North Carolina	H 842	Workforce Housing Revolving Loan Program	Pending	Makes changes to the Workforce Housing Revolving Loan Program; appropriates funds to create a cybersecurity apprenticeship program; provides salary enhancements to apprenticeship instructors.
North Carolina	S 83	No High-Risk Apps on Government Networks and Devices	Pending - Carryover	Regards the use of high-risk platforms on government networks and government devices; provides exceptions; defines device, high risk platform, network, and public agency for these purposes.
North Carolina	S 194	Student Borrowers Bill of Rights	Pending	Enacts a student borrowers' bill of rights; provides that the commissioner of banks shall license and regulate student loan servicers; establishes the position of the student loan ombudsman.
North Carolina	S 196	Student Borrowers Bill of Rights	Pending	Enacts a student borrowers' bill of rights; provides that the commissioner of banks shall license and regulate student loan servicers; establishes the position of the student loan ombudsman.
North Dakota	H 1353	Resource Planning	Enacted	Relates to resource planning; provides that an integrated resource plan must include specified information; provides that an electric public utility shall report annually to the Public Service Commission on emerging threats and efforts taken by the electric public utility to implement physical security and cybersecurity measures; provides that the commission shall limit access to records and portions of a meeting relating to physical security and cybersecurity preparedness.
North Dakota	H 1398	Computer Science and Cybersecurity Instruction	Enacted	Provides that to be approved by the superintendent of public instruction, each public and nonpublic elementary and middle school shall provide students instruction in specified subjects, including but not limited to computer science, including cybersecurity; provides for the development of a computer science and cybersecurity integration plan; provides that the board of a public school or school district shall approve a plan by specified date.
North Dakota	S 2073	Information Technology Standards and Services	Enacted	Provides that the Information Technology Department shall have specified powers and duties, including but not limited to providing information technology and cybersecurity services to any administrative, elementary education, secondary education, and higher education institution under the control of a tribal government of the state; provides that the services provided and the cost of services must be equal to those provided to state agencies.
North Dakota	S 2184	Uniform Regulation of Occupations and Professions	Failed	Relates to uniform regulation of occupations and professions; relates to the duties of the state auditor; provides a penalty; provides for a legislative management study; provides an effective date.
Ohio	H 17	Application or Service Owned by an Entity	Pending	Prohibits state officials, employees, and contractors from using TikTok, WeChat, or any other application or service owned by an entity located in China.
Ohio	H 20	State Computer Crimes Act	Pending	Enacts the State Computer Crimes Act.
Ohio	H 33	Operating Appropriations for the Biennium	Enacted	Makes operating appropriations for the biennium beginning a specified date, and ending a specified date, to levy taxes; provides authorization and conditions for the operation of state programs.
Ohio	H 74	Information Technology Systems and Shared Services	Pending	Amends the Revised Code regarding the state's information technology systems and shared services.
Ohio	H 260	Public Utility and Competitive Retail Electric Service	Pending	Regards public utilities and competitive retail electric service.
Oklahoma	H 1640	State Technology Protection Act	Pending - Carryover	Relates to state technology protection; creates the State Technology Protection Act of 2023; provides for noncodification; provides an effective date.
Oklahoma	H 1784	Information Services Agency	Pending - Carryover	Relates to public finance; relates to the Information Services Division of the Office of Management and Enterprise Services; creates the Information Services Agency; makes division a separate and distinct agency; directs agency and chief information officer to continue to exercise statutory powers, duties, and responsibilities; provides for succession to contractual rights and responsibilities.
Oklahoma	H 2555	Critical Industries Scholarship Program	Pending - Carryover	Creates the State Critical Industries Scholarship Program; provides that the program shall be a four-year pilot program to encourage high school graduates to pursue degree-seeking or certificate-seeking post-secondary education training in industries which are critical to the economic growth of the state.
Oklahoma	H 2790	Cybersecurity Protection	Enacted	Relates to cybersecurity; creates the Oklahoma Hospital Cybersecurity Protection Act of 2023; provides definitions; creates requirements for affirmative defense; recognizes industry framework; provides for severability; provides for codification; provides an effective date.
Oklahoma	S 107	State Government	Pending - Carryover	Provides that no state agency or political subdivision of this state shall enter into a contract or agreement with any company that is directly influenced or owned by a designated country, that is related to critical infrastructure, and that would grant the company access or control of critical infrastructure, cybersecurity networks, or public utilities; provides that the governor may designate countries as threats to critical infrastructure.
Oklahoma	S 320	State Government	Pending - Carryover	Relates to state government; defines levels of certain incidents; relates to the Office of Management and Enterprise Services; modifies powers and authority of the Office of Management and Enterprise Services; defines requirements for reporting certain incidents to certain state agency; provides for codification; provides an effective date.
Oklahoma	S 543	Insurance Data Security	Pending - Carryover	Relates to insurance data security; creates the Insurance Data Security Act; provides short title; establishes act jurisdiction; construes provision; defines terms; requires licensees to develop data security program with certain inclusions; establishes intent of security programs created pursuant to act; directs licensee to conduct risk assessment; directs licensee to take certain action following risk assessment result; requires certain supervising boards to take certain actions to implement program.
Oklahoma	S 875	Higher Education	Pending - Carryover	Relates to higher education; allows certain institutions of higher education to require employees to complete training or professional development on certain topics; allows certain institutions of higher education to provide optional training or professional development on other topics; allows employees to opt out of certain training or professional development; provides for promulgation of rules; provides for codification; provides an effective date; declares an emergency.
Oklahoma	S 1205	Office of Management and Enterprise Services	Pending	Relates to the Office of Management and Enterprise Services; relates to the State Finance Act; modifies responsibilities of chief information officer; modifies duties of the Information Services Division of the Office of Management and Enterprise Services; terminates authority of State Governmental Technology Applications Review Board; relates to the Information Technology Consolidation and Coordination Act; modifies definitions; modifies duties of Chief Information Officer.
Oregon	H 2049	Cybersecurity	Enacted	Establishes the Oregon Cybersecurity Advisory Council within the Oregon Cybersecurity Center of Excellence; provides that the duties, functions and powers of the Office of Enterprise Information Services relating to the Cybersecurity Advisory Council are imposed upon, transferred to and vested in the Oregon Cybersecurity Center of Excellence; establishes the Oregon Cybersecurity Center of Excellence at Portland State University; establishes the Oregon Cybersecurity Grant Program Fund; appropriates funds.
Oregon	H 2268	Adjutant General	Failed	Permits adjutant general, with approval of governor, to order members of organized militia to state active duty for purpose of supporting state chief information officer in conduct of vulnerability assessments of state agency information systems or related activities.
Oregon	H 2490	Disclosure Records Concerning Cybersecurity Plans	Enacted	Exempts from disclosure any document, record or plan for protection relating to the existence, nature, location or function of cybersecurity devices, programs or systems designed to protect computer, information technology or communications systems against threat or attack, including but not limited to records pertaining to devices, programs or systems that depend for their effectiveness in whole or part upon a lack of public knowledge and contractual records or insurance records.
Oregon	H 2806	Governing Body of Public Body Meeting	Enacted	Authorizes governing body of public body to meet in executive session to consider matters relating to safety of governing body, public body staff and public body volunteers and to security of public body facilities and meeting spaces and relating to cyber security infrastructure and responses to cyber security threats.
Oregon	H 3127	State Information Technology Assets	Enacted	Provides that a covered product, defined as any form of hardware, software or service provided by a covered vendor, may not be installed or downloaded onto a state information technology asset or used or accessed by a state information technology asset; provides that a state agency shall, among other things, remove any covered product that is installed or downloaded onto a state information technology asset that is under the management or control of the state agency.
Oregon	S 166	Elections	Enacted	Provides that each elector has the right to vote in any election in which the elector is qualified to vote, has registered to vote, and casts a ballot in a manner authorized by law; provides that in each election, an elector has the right to cast the elector’s ballot in a confidential manner; provides that the secretary of state or county clerk may not disclose as a public record any information that would reveal how a particular elector voted in an election.
Oregon	S 587	School Bullying or Harassment Notification	Failed	Requires school officials to provide parents or guardians of student who was subjected to act of harassment, intimidation or bullying or act of cyberbullying with notification that describes actions of school in responding to report of act of harassment, intimidation or bullying or act of cyberbullying.
Pennsylvania	H 132	Full Time Cyber Education Program	Pending	Amends the act known as the Public School Code, in charter schools; provides for full-time cyber education program offered by school district.
Pennsylvania	H 273	Powers and Duties of County Boards	Pending	Amends the act known as the Pennsylvania Election Code, in county boards of elections; provides for powers and duties of county boards.
Pennsylvania	H 425	Pipeline Safety	Pending	Amends the specified title of Public Utilities of the State Consolidated Statutes, in service and facilities; provides for pipeline safety.
Pennsylvania	H 739	Insurance Data Security	Enacted	Relates to regulation of insurers and related persons generally; provides for insurance data security; relates to reserve liabilities; repeals provisions relating to small company exemption and provides for adoption of exemption standards of the NAIC Valuation Manual.
Pennsylvania	H 883	Office of Information Technology	Pending	Amends Title 71 State Government of the Pennsylvania Consolidated Statutes, in boards and offices; provides for information technology; establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposes duties on the Office of Information Technology; provides for administration of Pennsylvania Statewide Radio Network; imposes penalties.
Pennsylvania	H 1139	Cybersecurity Coordination Board	Pending	Provides that the Cybersecurity Coordination Board is established within the Office of Administration; provides that the board shall, among other things, collect, study and share information about cybersecurity issues and initiatives and provide advice to the governor with respect to developing uniform cybersecurity techniques, standards, policies, procedures and best practices; provides for membership.
Pennsylvania	H 1580	Department of Banking and Securities Code	Pending	Provides for the jurisdiction and maintenance of the Department of Banking and Securities; relates to appropriations to the Banking Department Fund; provides that an employee employed by a licensee licensed under the Consumer Discount Company Act may work from a remote location if all of the specified requirements are met, including that the licensed activities are conducted under the supervision of the licensee and the licensee has written policies and procedures for the supervision of employees.
Pennsylvania	H 1854	Emergency Communication Services	Pending	Amends Title 35 Health and Safety of the Pennsylvania Consolidated Statutes, in 911 emergency communication services; provides for definitions, for telecommunications management and for counties; provides for addressing authorities and for next generation 911 call delivery; provides for 911 system plan, for fund, for uniform 911 surcharge, for payment, collection and remittance of surcharge by providers of 911 communications services, for payment, collection and remittance of surcharge.
Pennsylvania	S 284	Office of Information Technology	Pending	Amends Title 71 State Government of the Pennsylvania Consolidated Statutes, in boards and offices; provides for information technology; establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposes duties on the Office of Information Technology; provides for administration of Pennsylvania Statewide Radio Network; imposes penalties.
Pennsylvania	S 379	Prohibition of Unauthorized Applications	Pending	Amends specified title of the State Government of the Pennsylvania Consolidated Statutes; provides for the prohibition of unauthorized applications.
Pennsylvania	S 563	Offense of Ransomware	Pending	Provides that, with certain exceptions, a person may not, with the intent to extort money or other thing of value from another person or a commonwealth agency for the purpose of removing a computer contaminant or lock, restoring access to a computer, computer system, computer network or data or otherwise remediating the impact of a computer contaminant or lock, take specified actions; such actions include, but are not limited to, knowingly possessing ransomware.
Pennsylvania	S 745	Information Technology Commodities and Services	Pending	Provides that a contract for the procurement of end point devices shall require that those devices, services and solutions must be capable of being configured, secured and maintained in a manner that meets the National Institute of Standards and Technology guidelines or industry best practices for computer security to the extent that the guidelines or industry best practices are applicable to the end point devices, services and solutions being procured.
Puerto Rico	H 1530	Cybersecurity Act	Pending	Relates to Cybersecurity Act; establishes as a principle of Public Policy that provides security to government data is essential to support innovation processes and foster development and sustainable economic growth of all sectors in Puerto Rico; creates the position of the chief information security officer under the office of the Puerto Rico Innovation and Technology Service; establishes its powers and duties, to guarantee the execution of the public policy established in this law.
Puerto Rico	H 1678	TikTok or WeChat	Pending	Prohibits the use or installation of the application of the social network TikTok or WeChat or their successors or any service developed or provided by ByteDance Limited or Tencent Holdings Limited or by any entity belonging to the latter two, in any electronic device belonging to the three branches or powers of the government, namely, legislative, executive and judicial; includes municipalities and private institutions that provide, offer or render, any service, program or activity.
Puerto Rico	HJR 318	Transportation and Public Works	Pending	Relates to order the Department of Transportation and Public Works to eliminate all fines and toll costs for traveling without balance through the island's toll stations granted as of April 2022, due to the cyberattack suffered by the system of AutoExpresso and until its culmination; announces and establishes what the protocol will be and the next steps to follow so that citizens can make claims for improper charges on their accounts; awards a credit to the accounts of the persons who paid said fines.
Puerto Rico	HJR 333	AutoExpreso system	Pending	Relates to order the Department of Transportation and Public Works, the Highways and Transportation Authority and the Government of the Commonwealth, to establish a voluntary moratorium of certain days so that users duly registered in the AutoExpreso system, can pay any balance accumulated as a result of the seizure of information due to the cyberattack on the control of the AutoExpreso system between the specified date until the date on which the system administrator company.
Puerto Rico	HR 468	Ransomware Cyber Attack Study	Adopted	Orders the House Committee on Finance and Budget to investigate the cyberattack caused by ransomware in 2017, causing a state of emergency in the Department of the Treasury.
Puerto Rico	S 118	Office of Security Information Management Powers	To governor	Amends Law 20 of 2017, the Law of the Department of Security, to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.
Puerto Rico	S 273	New Third Book Cybercrime Law	Pending	Amends a new third book, cybercrime; eliminates the current Articles 301, 302, 303, 304, 305, 306, 307, 308 and 309, to be renumbered under the new Third Book of the Cybercrime of Law 146 of 2012, as amended, known as the Criminal Code of Puerto Rico, for the purpose of classifying cybercrimes and other related crimes.
Puerto Rico	S 1393	Cyber Security Training Act	Pending	Creates the Cyber Security Training Act; establishes as public policy of the Government of Puerto Rico mandatory training on cybersecurity for the protection and proper management of information systems and assets; establishes the Cyber Security Training Program; imposes penalties.
Puerto Rico	SJR 294	AutoExpreso System	Pending	Relates to order the Department of Transportation and Public Works and the Highways and Transportation Authority to establish a series of measures in favor of the user of the AutoExpreso system, in response to the cyberattack that occurred on this system on a specified date.
Puerto Rico	SR 595	Cyber Attack	Adopted	Orders the Compliance and Restructuring Commission of the Senate of Puerto Rico to investigate everything related to the cyberattack suffered by the AutoExpreso recharge system, operated by the company Professional Account Management.
Puerto Rico	SR 726	AutoExpreso Recharging System	Adopted	Relates to investigating everything related to the cyberattack suffered by the AutoExpreso recharging system, operated by the Professional Account Management Company.
Puerto Rico	SR 833	Identity Theft and Cybercrimes	Adopted	Relates to an exhaustive investigation into the recent events reported in Puerto Rico of identity theft and cybercrimes in the use of cards of credit against the residents of Puerto Rico with the purpose of determining the need to amend the current legislation on the matter; examines the existing protocols to facilitate the prevention of these crimes, the recovery of the appropriate amounts and the criminal prosecution of those responsible.
Rhode Island	H 5684	Identity Theft Protection Act	Enacted	Provides that any municipal agency or state agency, that detects a cybersecurity incident shall provide notification to the Rhode Island State Police upon detection of the cybersecurity incident within a specified number of hours; provides that any municipal agency or state agency required to make notification and fails to do so may be liable for a violation.
Rhode Island	H 5832	Producer Licensing Act	Pending	Amends the statutory provisions regarding insurance producer appointments to provide for an efficient electronic process; clarifies language relating to insurance claims adjusters; adds elements to unfair discrimination prohibitions; amends the Rhode Island Life and Health Guarantee Association Act; adds an Insurance Data Security Act and a Pet Insurance Act.
Rhode Island	S 425	Identity Theft Protection Act of 2015	Pending	Provides identity theft protections by requiring reporting of breaches by certain municipal and state agencies; requires notice to collective bargaining agents where required and requires an explanation of remediation services; provides that cybersecurity incidents would be reported to the State Police.
South Carolina	H 3058	Cyber Harassment Offense	Pending - Carryover	Defines necessary terms, create the offense of cyber harassment; penalties, and delineates exceptions.
South Carolina	H 3119	Infrastructure Contracts Prohibition	Pending - Carryover	Prohibits certain contracts with certain foreign owned companies in connection with critical infrastructure.
South Carolina	H 3448	Electronic Devices Prohibition	Pending - Carryover	Requires the Department of Administration to prohibit the electronic devices it manages from access and use of websites and applications that threaten cybersecurity and infrastructure from foreign and domestic threats, such as TikTok.
South Carolina	H 4187	Retail Theft Offense	Pending - Carryover	Relates to the offense of retail theft and associated penalties; defines necessary terms; revises the previous offense of retail theft to create the offenses of felony organized retail crime and felony organized retail crime of an aggravated nature; provides graduated penalties for the offenses.
South Carolina	H 4300	Expenditure Regulation	Enacted	Makes appropriations to provide revenues to meet the ordinary expenses of state government for the fiscal year beginning a specified amount; regulates the expenditure of such funds; provided for the operation of state government during this fiscal year and for other purposes.
South Carolina	H 4596	Websites and Applications That Threaten Cybersecurity	Pending	Requires all agencies and departments of the state and its political subdivisions to prohibit the electronic devices it manages from access and use of websites and applications that threaten cybersecurity and infrastructure from foreign and domestic threats, such as TikTok.
South Carolina	H 4702	Computer Science Education Initiative Act	Pending	Enacts the State Computer Science Education Initiative Act by adding section 59-29-250 to provide for the expansion and enhancement of computer science education in public high schools through the creation and implementation of a statewide computer science education plan and the requirement that each public school offers at least one computer science course that meets certain criteria, and to provide related requirements of the state board of education and the state department of education.
South Carolina	S 563	Retail Theft Penalty	Pending - Carryover	Relates to retail theft and penalties; defines organized retail crime and organized retail crime of an aggravated nature and related terms; classifies organized retail crime as a felony offense; defines aggravating circumstances and increased penalties for organized retail crime of an aggravated nature.
South Dakota	S 32	Cybersecurity Upgrades	Failed - Adjourned	Makes an appropriation for the purchase of cybersecurity upgrades by the Board of Regents and to declare an emergency.
Tennessee	H 548	Criminal Offenses	Enacted	Relates to criminal instruments; provides that it is an offense to possess a device, tool, machine, implement, or other item capable of programming a smart key or key fob with the intent to use it or allow it to be used to commit theft; provides that a violation is a Class A misdemeanor.
Tennessee	H 1445	Higher Education	Pending - Carryover	Prohibits a public institution of higher education that provides internet access to students, faculty, staff, or the general public from allowing an individual to access a video platform using the institution's network if the video platform is owned by a company headquartered outside of the United States.
Tennessee	S 834	Higher Education	Enacted	Prohibits a public postsecondary institution that provides internet access to students, faculty, staff, or the general public from allowing an individual to access a social media platform using the institution's network if the platform is owned by a company based in the People's Republic of China.
Texas	H 100	Compensation of Public School Educators	Failed - Adjourned	Relates to the compensation of public-school educators and to the public-school finance system, including enrollment-based funding for certain allotments under the Foundation School Program.
Texas	H 578	Adoption of a Comprehensive Plan to Protect Oil and Gas	Failed - Adjourned	Relates to the adoption of a comprehensive plan to protect oil and gas infrastructure in this state.
Texas	H 1412	Resilience of the Electric Grid	Failed - Adjourned	Relates to the resilience of the electric grid and certain municipalities; authorizes an administrative penalty.
Texas	H 1489	Issuance of Certificates of Obligation	Failed - Adjourned	Relates to the issuance of certificates of obligation by local governments.
Texas	H 1508	Resources At Public Institutions of Higher Education	Failed - Adjourned	Relates to certain powers and duties in relation to information resources at public institutions of higher education and other state agencies.
Texas	H 1569	Establishment of a Computer Science Strategic Advisory	Failed - Adjourned	Relates to the establishment of a Computer Science Strategic Advisory Committee and a grant program for the professional development and training of computer science classroom teachers.
Texas	H 1657	Technology Infrastructure Security Assessment	Failed - Adjourned	Relates to state agency information technology infrastructure and information security assessments.
Texas	H 1659	Cybersecurity Training for Certain Public Employees	Failed - Adjourned	Relates to cybersecurity training for certain public employees.
Texas	H 1722	Oil and Gas Infrastructure Security Division	Failed - Adjourned	Relates to the establishment of the oil and gas infrastructure security division within the Railroad Commission of the state.
Texas	H 1723	Cybersecurity of Small Businesses Study	Failed - Adjourned	Relates to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses.
Texas	H 2156	Department of Information Resources	Failed - Adjourned	Relates to the position of chief information security officer in the Department of Information Resources.
Texas	H 2206	Prohibition of Certain Social Media Platforms	Failed - Adjourned	Relates to a prohibition of certain social media platforms developed or provided by certain foreign entities.
Texas	H 2494	Network Threat Detection	Failed - Adjourned	Relates to information security officers and network threat detection and response for state agencies.
Texas	H 2555	Transmission and Distribution System Resiliency	Enacted	Relates to transmission and distribution system resiliency planning by and cost recovery for electric utilities.
Texas	H 2615	Vocational Education Program	Failed - Adjourned	Relates to the operation by a school district of a vocational education program to provide eligible high school students with vocational and educational training under a plan for the issuance of a high school diploma and the application of certain student-based allotments under the public school finance system.
Texas	H 2710	School District Purchasing of and Contracting for Goods	Failed - Adjourned	Relates to school district purchasing of and contracting for goods and services.
Texas	H 2793	Distributed Energy Resources	Failed - Adjourned	Relates to the interconnection and integration of distributed energy resources.
Texas	H 3047	Public Utility Commission Grid Resilience Study	Failed - Adjourned	Relates to a study by the Public Utility Commission of the state regarding grid resilience and emergency response in electric power generation.
Texas	H 3141	Provision of Virtual Education in Public Schools	Failed - Adjourned	Relates to the provision of virtual education in public schools and to certain waivers and modifications by the commissioner of education to the method of calculating average daily attendance in an emergency or crisis for purposes of preserving school district funding entitlements under the Foundation School Program during that emergency or crisis; authorizes a fee.
Texas	H 3174	Requirements for Counties Posting Election Information	Failed - Adjourned	Relates to requirements for counties posting election information on an internet website.
Texas	H 3217	Department of Information Resources Audit	Failed - Adjourned	Relates to a biennial audit by the Department of Information Resources of state agency information technology infrastructure.
Texas	H 3289	Prohibiting the Use of Social Media Applications	Failed - Adjourned	Prohibits the use of certain social media applications and services on devices owned or leased by state agencies.
Texas	H 4023	Security Procedures for Digital Applications	Failed - Adjourned	Relates to security procedures for digital applications that pose a network security risk to state agencies.
Texas	H 4102	Unmanned Aircraft	Failed - Adjourned	Prohibits the acquisition or use of certain unmanned aircraft by a governmental entity.
Texas	H 4123	Dissemination of Criminal History Record Information	Enacted	Relates to the dissemination of criminal history record information by the Department of Public Safety.
Texas	H 4322	STEM and Computer Science Strategic Advisory Committee	Failed - Adjourned	Relates to the establishment of a STEM and computer science strategic advisory committee.
Texas	H 4553	Eligibility of Entities for Services and Commodity Item	Enacted	Relates to the eligibility of certain entities for services and commodity items provided by the Department of Information Resources and statewide technology centers.
Texas	H 4719	Security of Election Systems	Failed - Adjourned	Relates to the security of election systems.
Texas	H 4737	Unmanned Aircraft Use	Failed - Adjourned	Relates to prohibiting the acquisition and use of certain unmanned aircraft by a governmental entity.
Texas	H 4892	Physical Security and Cybersecurity Practices	Failed - Adjourned	Relates to physical security and cybersecurity practices for certain utilities that provide electricity service and an independent organization certified to manage a power region.
Texas	H 4902	Unemployment Benefits Eligibility	Failed - Adjourned	Relates to the eligibility of certain individuals for unemployment benefits and the validity of certain claims for unemployment benefits submitted to the State Workforce Commission.
Texas	H 4944	Public School Cybersecurity Controls	Failed - Adjourned	Relates to public school cybersecurity controls and requirements and technical assistance and cybersecurity risk assessments for public schools provided by the Department of Information Resources.
Texas	H 4996	Statewide Cyber Insurance Program	Failed - Adjourned	Relates to a statewide cyber insurance program.
Texas	H 5268	Breach of Computer Security Offenses	Failed - Adjourned	Relates to the prosecution of the offense of breach of computer security.
Texas	S 1	General Appropriations Bill	Failed - Adjourned	Concerns the general appropriations bill.
Texas	S 271	State Local Government Security Incident Procedures	Enacted	Relates to state agency and local government security incident procedures; provides that a state agency or local government that owns, licenses, or maintains computerized data that includes sensitive personal information, confidential information, or information where the disclosure of which is regulated by law shall, in the event of a security incident, comply with the notification requirements to the same extent as a person who conducts business in the state.
Texas	S 330	Resilience of Electric Grid	Failed - Adjourned	Relates to the resilience of the electric grid and certain municipalities; authorizes an administrative penalty.
Texas	S 535	State Agency Information Technology Infrastructure	Failed - Adjourned	Relates to state agency information technology infrastructure and information security assessments.
Texas	S 592	Creation of the Lone Star Workforce	Failed - Adjourned	Relates to the creation of the Lone Star Workforce of the Future Fund.
Texas	S 621	Position of Chief Information Security Officer	Enacted	Relates to the position of chief information security officer in the Department of Information Resources.
Texas	S 717	Public School Cybersecurity Controls	Failed - Adjourned	Relates to public school cybersecurity controls and requirements and technical assistance and cybersecurity risk assessments for public schools provided by the Department of Information Resources.
Texas	S 768	Breach of Security of Computerized Data Notification	Enacted	Relates to the process for notifying the attorney general of a breach of security of computerized data by persons doing business in this state; provides that a person who is required to disclose or provide notification of a breach of system security under this section shall notify the attorney general of that breach as soon as practicable and not later than the specified days after the date on which the person determines that the breach occurred.
Texas	S 947	Criminal Offense for Damaging Critical Infrastructure	Enacted	Relates to creating a criminal offense for damaging certain critical infrastructure facilities and providing for the prosecution of that conduct as manslaughter in certain circumstances; increases a criminal penalty.
Texas	S 1030	Regulation of Bulk Power System Equipment	Failed - Adjourned	Relates to the regulation of bulk-power system equipment by the Public Utility Commission of the state.
Texas	S 1111	System Resiliency Planning	Failed - Adjourned	Relates to transmission and distribution system resiliency planning by and cost recovery for electric utilities.
Texas	S 1204	State and Local Government Data Breach Discovery	Failed - Adjourned	Relates to state and local government information technology infrastructure, information security, and data breach and exposure reporting.
Texas	S 1205	Modernization of Information Technology	Failed - Adjourned	Relates to the modernization of information technology of state agencies and certain local governments.
Texas	S 1315	Computer Science Strategic Advisory Committee	Failed - Adjourned	Relates to the establishment of a computer science strategic advisory committee and a grant program for the professional development and training of computer science classroom teachers.
Texas	S 1537	Espionage and Intellectual Property Theft Prevention	Failed - Adjourned	Relates to measures to prevent espionage and intellectual property theft at public institutions of higher education.
Texas	S 1565	Policy Frameworks for Research Security	Enacted	Provides that the governing board of each institution of higher education shall establish a policy framework that promotes secure academic research at the institution while mitigating the risk of foreign espionage and interference; provides that the governing board of a university system must establish a separate policy framework for each institution of higher education under the governing board's management and control.
Texas	S 1847	Unemployment Benefits Eligibility	Failed - Adjourned	Relates to the eligibility of certain individuals for unemployment benefits and the validity of certain claims for unemployment benefits submitted to the State Workforce Commission.
Texas	S 1861	Provision of Virtual Education in Public Schools	Failed - Adjourned	Relates to the provision of virtual education in public schools and to certain waivers and modifications by the commissioner of education to the method of calculating average daily attendance in an emergency or crisis for purposes of preserving school district funding entitlements under the Foundation School Program during that emergency or crisis; authorizes a fee.
Texas	S 1893	Prohibiting the Use of Certain Social Media	Enacted	Provides that a social media application or service poses a risk to this state under specified circumstances; provides that a governmental entity shall adopt a policy prohibiting the installation or use of a covered application on any device owned or leased by the governmental entity and requiring the removal of covered applications from those devices.
Texas	S 1986	Use of Certain Unmanned Aircraft	Failed - Adjourned	Relates to prohibiting the acquisition or use of certain unmanned aircraft by a governmental entity.
Texas	S 2001	Security of Election Systems	Failed - Adjourned	Relates to the security of election systems.
Texas	S 2159	Prohibiting the Use of Certain Social Media Application	Failed - Adjourned	Relates to prohibiting the use of certain social media applications and services on devices owned or leased by state agencies.
Texas	S 2358	Security Procedures for Digital Applications	Failed - Adjourned	Relates to security procedures for digital applications that pose a network security risk to state agencies.
Texas	S 2377	Homeland Security	Failed - Adjourned	Relates to homeland security, including the creation of the State Homeland Security Division in the Department of Public Safety, the operations of the Homeland Security Council, the creation of a homeland security fusion center, and the duties of state agencies and local governments in preparing for, reporting, and responding to cybersecurity breaches; provides administrative penalties; creates criminal offenses.
Texas	S 2490	Local Government Issuance of Certificates of Obligation	Failed - Adjourned	Relates to the issuance of certificates of obligation by local governments.
Utah	H 65	Division of Technology Services	Enacted	Modifies provisions related to the Division of Technology Services; defines terms; modifies and clarifies duties of the Division of Technology Services in relation to procurement, contract management, and security assessment; makes technical and conforming changes.
Utah	H 155	Independent Election Audits	Failed	Requires an independent attestation engagement in relation to certain election matters; requires the lieutenant governor to contract with an independent accounting firm to conduct an attestation engagement to evaluate the accuracy, validity, and completeness of certain election audits, statistics, and results; describes contract requirements; provides for access by the independent accounting firm to, and for the protection of, records needed for the attestation engagement.
Utah	H 545	Cybersecurity Infrastructure Modifications	Enacted	Provides that on or before specified date, the chief information officer shall develop uniform technology policies, standards, and procedures for use by executive branch agencies in implementing zero trust architecture and multi-factor authentication on all systems.
Utah	S 38	Health and Human Services Recodification	Enacted	Recodifies portions of the Utah Health Code and Utah Human Services Code; recodifies provisions regarding the Department of Health and Human Services, licensing and certifications, recovery services, and child support administration.
Utah	S 127	Cybersecurity Amendments	Enacted	Enacts provisions relating to cybersecurity; amends the disclosure requirement for system security breaches; requires the Division of Technology Services to report certain information regarding consolidation of networks used by governmental entities; creates the Utah Cyber Center and defines the center's duties, including but not limited to identifying, analyzing, and, when appropriate, mitigating cyber threats and vulnerabilities, as well as coordinating cybersecurity resilience planning.
Vermont	H 136	Prohibiting the Use of Social Media Platforms	Pending - Carryover	Relates to prohibiting the use of certain social media platforms on state-owned devices and networks.
Vermont	H 231	Provide Notice of a Cybersecurity Breach	Pending - Carryover	Relates to requiring municipalities to provide notice of a cybersecurity breach.
Vermont	H 291	Cybersecurity Advisory Council	Enacted	Relates to the creation of the cybersecurity advisory council.
Vermont	H 344	Minimum Security Standards for Connected Devices	Pending - Carryover	Relates to adopting minimum security standards for connected devices.
Vermont	S 139	Public Safety Communications	Pending - Carryover	Relates to the modernization of public safety communications in Vermont.
Virginia	H 29	Budget Bill	Enacted	Appropriates the public revenues and provides a portion of such revenues for the two years ending, respectively, on the specified date, and the specified date.
Virginia	H 30	Budget Bill	Enacted	Relates to appropriations of the budget submitted by the governor of Virginia; provide a portion of the revenues for the two years ending respectively on the specified date, and the specified date.
Virginia	H 442	Income Tax Credit	Failed	Relates to income tax credit; relates to employers of G3 Program or cybersecurity graduates; creates a nonrefundable individual and corporate income tax credit for employers that hire eligible employees who are graduates of the Get Skilled, Get a Job, Give Back Program (G3 Program) or graduates with a degree in cybersecurity from a Virginia four-year institution of higher education; provides that the credit is available for taxable years 2022 through 2026, is equal to $1,000 per eligible employee hired.
Virginia	H 466	Cybersecurity and Information Technology Professionals	Failed	Relates to register of volunteer cybersecurity and information technology professionals; directs the secretary of administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities.
Virginia	H 1205	Division of Legislative Automated Systems	Failed	Relates to Division of Legislative Automated Systems; relates to duties; relates to cybersecurity department; directs the Division of Legislative Automated Systems to create and manage a cybersecurity department to monitor the technological systems of the General Assembly of Virginia and the agencies that directly serve the General Assembly for cybersecurity threats.
Virginia	H 1290	Public Bodies	Enacted	Relates to public bodies; relates to security of government databases and data communications.
Virginia	H 1304	Information Technology Advisory Council	Enacted	Relates to Information Technology Advisory Council; relates to membership; relates to duties; relates to report.
Virginia	H 2385	Administration of State Government	Failed	Relates to administration of state government; relates to prohibited actions; relates to civil penalty; prohibits state agencies from entering into a contract for goods or services with a scrutinized company, defined in the bill as any company owned or operated by the government of China, other than a company for which the Committee on Foreign Investment in the United States has determined that there are no unresolved national security concerns regarding the transaction that created such ownership.
Virginia	H 2389	Mortgage Lending and Brokerage Entities	Enacted	Provides that a mortgage lender or broker licensed by the State Corporation Commission may allow employees or exclusive agents to work from a remote location under specified circumstances, including but not limited to if the licensee has written policies and procedures for the supervision of employees or exclusive agents working from a remote location and access to the licensee's platforms and customer information is in accordance with the licensee's comprehensive written information security plan.
Virginia	S 30	Budget Bill	Failed	Relates to Budget Bill; provides for all appropriations of the budget submitted by the governor of Virginia in accordance with the provisions of Section 2.2-1509, Code of Virginia, and to provide a portion of revenues for the two years ending respectively on June 30, 2023, and June 30, 2024.
Virginia	S 703	Information Technology Advisory Council	Enacted	Concerns Information Technology Advisory Council (ITAC) membership powers and duties; redefines the purpose and powers and duties of the Information Technology Advisory Council; increases the membership of the ITAC; allows for legislative members to be appointed to the ITAC.
Virginia	S 764	Public Bodies	Enacted	Relates to public bodies; relates to security of government databases and data communications.
Virginia	S 769	Unemployment Compensation	Enacted	Relates to unemployment compensation; relates to program integrity.
Virginia	S 1459	Administration of State Government	Enacted	Relates to administration of state government; relates to prohibited applications and websites; prohibits any employee or agent of any executive branch agency or person or entity contracting with any such agency from downloading or using any application, including TikTok or WeChat, or accessing any website developed by ByteDance Ltd.
Washington	H 1464	Critical Constituent and State Operational Data	Pending - Carryover	Concerns the protection of critical constituent and state operational data against the financial and personal harm caused by ransomware and other malicious cyber activities.
Washington	H 1480	All Hazard Emergency Management	Pending - Carryover	Concerns energy resilience, cybersecurity, and all-hazard emergency management.
Washington	S 5518	Cybersecurity	Enacted	Relates to cybersecurity; defines ransomware; creates the cybersecurity advisory committee for the purpose of providing advice and recommendations that strengthen cybersecurity in both industry and public sectors across all critical infrastructure sectors.
Washington	S 5619	Cybersecurity Governance Framework	Pending - Carryover	Establishes a cybersecurity governance framework within state government.
Washington	S 5843	Security Breaches of Election Systems	Pending	Concerns security breaches of election systems and election-related systems.
West Virginia	H 2542	Tik Tok Through a Government Device	Failed - Adjourned	Makes it illegal for any state employee to access Tik Tok through a government device.
West Virginia	H 2588	Indexing Unemployment Benefits	Failed - Adjourned	Relates to indexing unemployment benefits based on the state average unemployment rate.
West Virginia	H 2768	Use Gov Domains and E Mail Addresses	Failed - Adjourned	Requires all state entities and Chapter 30 boards to use .gov domains and email addresses.
West Virginia	H 2840	Expenditures of Federal Appropriations	Failed - Adjourned	Relates to expenditures of federal appropriations from Congress to the secretary of state for purposes that further the administration of federal elections held in the state.
West Virginia	H 2898	High Risk Technologies on Government Systems	Failed - Adjourned	Bans high risk technologies on government systems.
West Virginia	H 3157	Duties Functions Prohibitions and Restrictions	Failed - Adjourned	Relates to clarifying the duties, functions, prohibitions and restrictions applicable to the State Fusion Center.
West Virginia	H 3389	Health Care Professionals Preceptor Tax Credit	Failed - Adjourned	Allocates a percentage of county excise taxes received from transfers of title to real estate in each county for funding improvements to election administration, infrastructure, and physical and cyber security; allocates a percentage of county excise taxes received from transfers of title to real estate in each county for funding other county purposes including, but not limited to, compliance with the Uniform Real Property Electronic Recording Act.
West Virginia	H 3486	Percentage of County Excise Taxes	Failed - Adjourned	Allocates a percentage of county excise taxes received from transfers of title to real estate in each county for election administration improvements.
West Virginia	HCR 67	Blockchain Technology	Failed - Adjourned	Requests a study of the effects of using blockchain technology on vital public and government data security.
West Virginia	S 59	Jobs and Reemployment Act	Failed - Adjourned	Provides for unemployment benefit calculations; provides that in addition to compliance with all other eligibility requirements, an individual shall be eligible and shall remain eligible for unemployment benefits only if he or she actively seeks, and continues to seek, work by conducting at least a specified number of work search activities weekly.
West Virginia	S 82	Unemployment Benefits Program	Failed - Adjourned	Relates to unemployment benefits program.
West Virginia	S 215	No TikTok on Government Devices Act	Failed - Adjourned	Creates No TikTok on Government Devices Act.
West Virginia	S 426	Deemed Unsafe or High Risk on Government Systems	Failed - Adjourned	Provides that all state agencies, including without limitation agencies within the executive, legislative, and judicial branches, all constitutional officers, local government entities, county boards of education, and all state institutions of higher education, shall enforce statewide standards developed by the chief information security officer regarding high-risk technology platforms, services, applications, programs, or products.
West Virginia	S 631	Funding and Requirements for Federal Elections	Enacted	Relates to the expenditure of federal appropriations from Congress to the secretary of state for purposes that further the administration of federal elections held in the state, payable from the County Assistance Voting Equipment Fund; clarifies the uniform statewide deadline for electronically submitted voter registration applications; changes the deadline by which county clerks must report voter participation history after an election into the statewide voter registration system.
West Virginia	S 643	Administration of Federal Elections Held	Failed - Adjourned	Updates administration of federal elections held in state.
Wisconsin	A 263	Governmental Use of Certain Mobile Software Application	Pending	Concerns state and local governmental use of certain mobile or online software applications and electronic devices.
Wisconsin	S 250	State and Local Governmental Use of Electronic Devices	Pending	Concerns state and local governmental use of certain mobile or online software applications and electronic devices.
Wyoming	H 184	Enterprise Technology Services	Failed	Relates to the administration of government; clarifies duties of the Department of Enterprise Technology Services; creates and provides duties for the Division of Information Security within the Department of Enterprise Technology Services; creates positions; makes conforming amendments; requires reporting; provides rulemaking authority.
Wyoming	H 196	Wyoming Infrastructure Protection Act	Failed - Adjourned	Relates to trade and commerce; requires the office of homeland security to establish a reporting system for concerns regarding critical infrastructure as specified; authorizes the governor to specify countries and companies as threats to critical infrastructure; provides definitions; specifies applicability; provides an appropriation; authorizes positions; provides for an effective date.
Wyoming	H 282	Critical Infrastructure Resiliency	Failed	Relates to public utilities; creates the critical infrastructure resiliency initiative; specifies purposes for the initiative; creates the critical resilient infrastructure board; specifies members, duties and powers of the board; provides definitions; appropriates funds.
Wyoming	H 286	Enterprise Technology Services	Failed - Adjourned	Relates to the administration of government; consolidates the Department of Enterprise Technology Services and the duties of the state chief information officer into the Department of Administration and Information; makes conforming amendments; provides applicability; transfers employees; transfers appropriations; provides rulemaking authority; requires reports.

LexisNexis Terms and Conditions

Contact NCSL
Use this form to reach NCSL staff.
Email
Full Name
What is your role?
Is this a press or media inquiry?
Message
Captcha
Admin Email

Related Resources

Updated May 15, 2025

Broadband Policy Toolkit

This NCSL toolkit covers the state policy landscape and considerations to address broadband deployment, adoption and affordability, and provides a wide variety of resources for policymakers.

Technology

Updated May 15, 2025

Artificial Intelligence 2025 Legislation

This webpage covers key legislation introduced during the 2025 legislative session related to AI issues generally.

Technology

Table

Updated May 05, 2025

Legislative Use of Artificial Intelligence

These NCSL resources provide further insights and details about legislative use of AI.

About State Legislatures Technology

Summary Cybersecurity 2023 Legislation

Overview

2023 Introductions and Enactments

Contact NCSL

Related Resources

Broadband Policy Toolkit

Artificial Intelligence 2025 Legislation

Legislative Use of Artificial Intelligence

Contact Us

Denver

Washington, D.C.