Alabama
|
H 68
|
Cybersecurity Requirements
|
Failed - Adjourned
|
Relates to cybersecurity. Requires the secretary of the office of information technology to adopt rules to govern government entities that possess or access sensitive personally identifying information, including adopting the minimum standards of the National Institute of Standards and Technology Cybersecurity Framework.
|
Alabama
|
H 144
|
Supplemental Appropriations
|
Enacted
|
Makes supplemental appropriations for the fiscal year ending on Sept. 30, 2024, from the education trust fund to various agencies and entities a total specified amount, including funding to the University of Alabama in Huntsville for one-time expenses for cybersecurity.
|
Alabama
|
H 145
|
Public Education Appropriations
|
Enacted
|
Makes appropriations for the support, maintenance and development of public education in Alabama, for debt service, and for capital outlay for the fiscal year ending a specified date. Appropriations included are to K-12 schools statewide for a virtual cybersecurity training platform; workshops, training, and collaborative support for cybersecurity; and to improve cybersecurity.
|
Alabama
|
H 364
|
District-owned Devices Internet Safety Policy
|
Failed - Adjourned
|
Relates to public K-12 education; requires each local B+oard of Education to adopt an internet safety policy for district-owned devices used in schools; prohibits the use of certain platforms, like TikTok; requires instruction in grades six through 12 on the potential effects of social media use; requires the state Department of Education to publish instructional material used online; and to require the state Board of Education to adopt rules.
|
Alabama
|
H 439
|
School System Technology Directors Qualifications
|
Enacted
|
Relates to public K-12 education; renames the position of technology coordinator to technology director; provides for the minimum qualifications of technology directors for each school system; provides a waiver process for certain school systems; requires each individual serving in the role of technology director to complete a training program and continuing education instruction by the Alabama Leaders in Educational Technology.
|
Alabama
|
H 453
|
Crimes and Offenses
|
Enacted
|
Relates to crimes and offenses; amends certain section to the Code of Alabama 1975; provides for the crime of unauthorized entry of a critical infrastructure facility.
|
Alabama
|
S 241
|
Unmanned Aircraft Systems
|
Failed - Adjourned
|
Relates to unmanned aircraft systems; requires the secretary of the state law enforcement agency to take certain actions regarding unmanned aircraft systems; and to prohibit a county, municipality, or other political subdivision of the state from purchasing certain unmanned aircraft systems.
|
Alabama
|
H 68
|
Cybersecurity Requirements
|
Failed - Adjourned
|
Relates to cybersecurity. Requires the secretary of the Office of Information Technology to adopt rules to govern government entities that possess or access sensitive personally identifying information, including adopting the minimum standards of the National Institute of Standards and Technology Cybersecurity Framework.
|
Alabama
|
H 144
|
Supplemental Appropriations
|
Enacted
|
Makes supplemental appropriations for the fiscal year ending a specified date, from the education trust fund to various agencies and entities a total specified amount, including funding to the University of Alabama in Huntsville for one-time expenses for cybersecurity.
|
Alaska
|
H 94
|
Foreign Contracts and Commerce and Investments
|
Failed - Adjourned
|
Relates to the use of the ports in the state; relates to contracts with certain foreign-owned entities; relates to the use of TikTok; relates to commerce with certain foreign-owned entities; relates to investments of state funds in certain foreign-owned entities.
|
Alaska
|
H 129
|
Voter Registration
|
Failed - Adjourned
|
Relates to voter registration; relates to candidate legal funds; relates to voting; relates to special needs voting; relates to absentee voting; relates to defamation claims based on the use of synthetic media; relates to the use of synthetic media in electioneering communications. Requires development of a cybersecurity program by the Division of Elections to defend the voter registration records against cyber-attacks and data breaches.
|
Alaska
|
H 252
|
Foreign Adversaries Transaction Prohibition
|
Failed - Adjourned
|
Prohibits certain transactions by or with foreign adversaries related to critical infrastructure.
|
Alaska
|
H 324
|
Insurance Data Security
|
Failed - Adjourned
|
Relates to insurance data security.
|
Alaska
|
S 134
|
Insurance Data Security
|
Enacted
|
Relates to insurance data security; amends specified rules of state civil procedure and state rules of evidence. Requires a risk assessment; information security program; investigation of a cybersecurity event; notification of cybersecurity event; and provides penalties.
|
Alaska
|
S 177
|
Artificial Intelligence
|
Failed - Adjourned
|
Relates to artificial intelligence. Requires a state agency who contract with a person for a system that employs artificial intelligence for consequential decisions only to implement security and privacy controls as specified by the National Institute of Standards and Technology.
|
Arizona
|
H 2436
|
State Contracts and Foreign Adversary and Prohibition
|
Failed - Adjourned
|
Relates to state contracts; relates to foreign adversary; relates to prohibition.
|
Arizona
|
H 2485
|
Criminal Damage and Trespassing and Critical Facilities
|
Failed - Adjourned
|
Relates to criminal damage; relates to trespassing; relates to critical facilities.
|
Arizona
|
H 2504
|
Forced Organ Harvesting and Insurance and Prohibition
|
Vetoed
|
Provides that a subscription contract may limit coverage to a subscriber for genetic sequencing if the genetic sequencing is performed on a device that is either produced by a company that is domiciled in a foreign adversary or produced by a company that is owned or substantially controlled by a company that is domiciled in a foreign adversary.
|
Arizona
|
S 1123
|
Critical Infrastructure and Prohibited Agreements
|
Failed - Adjourned
|
Provides that a business in this state or governmental entity in this state may not enter into an agreement involving critical infrastructure in this state with a company if under the agreement, the company, directly or remotely, would be able to access or control critical infrastructure in this state, except for access that is specifically allowed for product warranty and support purposes.
|
Arizona
|
S 1208
|
Critical Telecommunications Infrastructure
|
Failed - Adjourned
|
Relates to critical telecommunications infrastructure; relates to construction requirements.
|
Arizona
|
S 1338
|
Pacific Conflict and Committee and Audits
|
Failed
|
Requires the governor to conduct an impact assessment on substantial threats to state or national security, state or national economic security, or national public health.
|
Arizona
|
S 1500
|
Drones and Prohibition and Autonomous Vehicles
|
Failed - Adjourned
|
Relates to drones. Prohibits an agency from purchasing or acquiring a drone manufactured by a country of concern.
|
Arizona
|
S 1591
|
Criminal Damage and Fine and Business Victims
|
Failed - Adjourned
|
Provides that a person commits criminal damage by recklessly defacing or damaging property of another person, recklessly tampering with property of another person so as substantially to impair its function or value, recklessly damaging property of a utility, recklessly parking any vehicle in such a manner as to deprive livestock of access to the only reasonably available water, recklessly drawing or inscribing a message, slogan, sign or symbol that is made on any public or private building.
|
Arizona
|
S 1638
|
Pacific Conflict Stress Test Act
|
Enacted
|
Provides that the Department of Emergency and Military Affairs, to the extent possible, shall identify any threats posed to the state in the event of a Pacific conflict; provides that the department, to the extent possible, shall complete a comprehensive risk assessment, including all vulnerabilities and recommendations for emergency response strategies, for, among other things, critical infrastructure and telecommunications infrastructure, and provide mitigation strategies and suggestions.
|
Arkansas
|
HR 1014
|
Foreign Digital Asset Mining Software Prohibition
|
Failed
|
Authorizes the introduction of a non-appropriation bill to prohibit the use of a computer or software manufactured, assembled, or developed by a covered foreign entity in digital asset mining.
|
Arkansas
|
SR 12
|
Foreign Digital Asset Mining Software Prohibition
|
Adopted
|
Authorizes the introduction of a non-appropriation bill to prohibit the use of a computer or software manufactured, assembled, or developed by a covered foreign entity in digital asset mining.
|
California
|
A 107
|
Budget Act of 2024
|
Enacted
|
Makes appropriations for the support of state government for the specified fiscal year. Declares the bill as a budget bill. The bill requires the Office of Emergency Services to provide a report to the legislature on the state and local cybersecurity grant program and funding to establish and operate the Office of Elections Cybersecurity.
|
California
|
A 108
|
Budget Act of 2024
|
Failed
|
Amends the Budget Act of 2024 by amending, adding, and repealing items of appropriation and making other changes. Funding includes money to community colleges to implement data security measures, hire cybersecurity staff and establish of systemwide cybersecurity teams.
|
California
|
A 109
|
Budget Act of 2023
|
Failed
|
Provides that the Budget Act of 2023 made appropriations for the support of state government for the specified fiscal year. Amends the Budget Act of 2023 by amending and adding items of appropriation and making other changes. Appropriates funding to establish and operate the Office of Elections Cybersecurity.
|
California
|
A 155
|
Higher Education Budget Trailer Bill
|
Failed
|
Appropriates funds to the state school fund for the support of community college districts. Funding includes money to community colleges to implement data security measures, hire cybersecurity staff and establish of systemwide cybersecurity teams.
|
California
|
A 157
|
Budget Act of 2024
|
Enacted
|
Provides that the Budget Act of 2024 made appropriations for the support of state government for the specified fiscal year. Amends the Budget Act of 2024 by amending, adding, and repealing items of appropriation and making other changes. Includes funding for community college districts to implement local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts.
|
California
|
A 740
|
Department of General Services: Drone Cybersecurity
|
Failed
|
Requires the Department of General Services, in consultation with the chief of the Office of Information Security, to adopt rules and regulations, by a specified date, to ensure that each unmanned aircraft and unmanned aircraft system used by a government entity, as defined, in part, to include local governmental entities, for any purpose meets appropriate safeguards to ensure the confidentiality, integrity, and availability of any data collected, transmitted, or stored by that unmanned aircraft or system.
|
California
|
A 749
|
State Agencies: Information Security: Uniform Standards
|
Failed
|
Requires every state agency, as defined and subject to specified exceptions, to implement Zero Trust architecture for all data, hardware, software, internal systems, and essential third-party software, including for on-premises, cloud, and hybrid environments, to achieve prescribed levels of maturity based on the Cybersecurity and Infrastructure Security Agency (CISA) Maturity Model by specified dates.
|
California
|
A 1170
|
Political Reform Act of 1974: Filing Requirements
|
Enacted
|
Provides that the Political Reform Act of 1974 requires that public officials file periodic statements of economic interests. Requires public officials and candidates for whom the Fair Political Practices Commission is the filing officer to file their original statements of economic interests electronically with the commission. Requires the commission to redact the signature, personal address, and telephone number of a filer, and related information about a filer's business, tenant, or family member.
|
California
|
A 1206
|
Voter Registration Database: Electronic Registration
|
Failed
|
Prohibits the disclosure of any information or data related to citizenship and certain types of driver's licenses and identification cards. Requires the secretary of state to receive a certification from the Department of Technology that all proper cybersecurity protections are in place prior to sending any data or information to the Electronic Registration Information Center.
|
California
|
A 1533
|
Electricity
|
Enacted
|
Provides that existing law establishes an adviser position in the State Energy Resources Conservation and Development Commission to ensure the full and adequate participation of interested groups and the public in commission proceedings. Requires the commission to consider the National Institute of Standards and Technology's reliability and cybersecurity protocols, or other cybersecurity protocols that are equally or more protective, and shall adopt, at a minimum, the North American Electric Reliability Corporation's Critical Infrastructure Protection standards.
|
California
|
A 2057
|
Associate Degree for Transfer
|
Enacted
|
Extends the Associate Degree for Transfer Intersegmental Implementation Committee. Requires transfer model curricula drafts to be submitted to the office of the Chancellor of the California Community Colleges for the high-unit science, technology, engineering, and mathematics pathways of biology, chemistry, computer science, engineering, environmental science, mathematics, and physics for purposes of meeting admissions eligibility to the California State University and University of California segments, and other institutions.
|
California
|
A 2715
|
Ralph M. Brown Act: Closed Sessions
|
Enacted
|
Provides that existing law authorizes a legislative body to hold a closed session with specified individuals on, among other things, matters posing a threat to the security of essential public services. Authorizes a legislative body to hold a closed session with other law enforcement or security personnel and to hold a closed session on a threat to critical infrastructure controls or critical infrastructure information relating to cybersecurity.
|
California
|
A 2777
|
Office of Information Security: Baseline Information
|
Failed
|
Provides that existing law establishes the Office of Information Security to ensure the confidentiality, integrity, and availability of state systems and applications. Requires the office to develop a Baseline Information Security Score metric to estimate the information security status of applicable state agencies, departments, and offices, and requires the metric to utilize readily available information, including, among other things, compliance certifications submitted to the office.
|
California
|
A 3138
|
License Plates and Registration Cards: Alternative
|
Enacted
|
Authorizes any vehicle to be offered an alternative device to a license plate or registration card that includes vehicle location technology. Specifies requirements for how vehicle location technology is disabled or enabled and prohibits an alternative device from recording or transmitting personal identifiable information. Requires the Department of Motor Vehicles to delete data from an alternative device or the provider of an alternative device that the department is not authorized to receive. Requires information technology security, privacy, and cybersecurity evaluations and measures to protect against unauthorized access to information and the device.
|
California
|
S 107
|
Budget Act of 2024
|
Failed - Adjourned
|
Makes appropriations for the support of state government for the specified fiscal year. Declares the bill as a budget bill. Appropriates funds to establish and operate the Office of Elections Cybersecurity. Appropriates funds to community college districts to implement local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts.
|
California
|
S 108
|
Budget Act of 2024
|
Enacted
|
Amends the Budget Act of 2024 by amending, adding, and repealing items of appropriation and making other changes. Includes appropriations to community college districts to implement local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts.
|
California
|
S 109
|
Budget Act of 2023
|
Enacted
|
Amends the Budget Act of 2023 by amending and adding items of appropriation and making other changes. Appropriates funds to establish and operate the Office of Elections Cybersecurity.
|
California
|
S 155
|
Higher Education Budget Trailer Bill
|
Enacted
|
Includes appropriations to community college districts to implement local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts.
|
California
|
S 157
|
Budget Act of 2024
|
Failed - Adjourned
|
Provides that the Budget Act of 2024 made appropriations for the support of State government for the specified fiscal year. Provides funds for community college districts to implement local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts. To receive the funds, entities must complete an annual cybersecurity self-assessment of their information technology infrastructure to determine their National Institute of Standards and Technology (NIST) Computer Systems Laboratory (CSL) score and report their current phase in Cal-Secure standards.
|
California
|
S 896
|
Generative Artificial Intelligence Accountability Act
|
Enacted
|
Requires the Department of Technology, under the guidance of the Government Operations Agency, the Office of Data and Innovation, and the Department of Human Resources, to report to the Governor. Requires the Office of Emergency Services to, as appropriate, perform a risk analysis of potential threats posed by the use of generative artificial intelligence to California's critical infrastructure, including those that could lead to mass casualty events and would require a high-level summary of the analysis.
|
California
|
S 1047
|
Safe and Secure Innovation for Frontier AI Models Act
|
Vetoed
|
Enacts the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act to, among other things, require that a developer, before beginning to initially train a covered model implement a reasonable administrative, technical, and physical cybersecurity protections to prevent unauthorized access to, misuse of, or unsafe post-training modifications of, the covered model and all covered model derivatives controlled by the developer. Refer to Section 22603.
|
Colorado
|
H 1136
|
Encouraging Healthier Social Media Use by Youth
|
Enacted
|
Concerns measures to encourage healthier social media use by youth, and, in connection therewith, making an appropriation. The Colorado Department of Education must create a resource bank which includes curricula related to cybersecurity.
|
Colorado
|
H 1336
|
Broadband Deployment
|
Enacted
|
Creates the Broadband Deployment grant program under the Broadband office that includes funding for network upgrades that strengthen cybersecurity.
|
Colorado
|
S 139
|
Creation of 911 Services Enterprise
|
Enacted
|
Concerns the creation of the 911 services enterprise; provides that the enterprise is authorized to impose a fee on service users; creates the 911 services enterprise cash fund, adds a requirement for the commission to include in its state of 911 annual report the activity of the enterprise including its use of its revenue. The fund can be used for cybersecurity support.
|
Colorado
|
S 147
|
Streamlining the Updating of Telecom Equipment
|
Failed - Adjourned
|
Concerns streamlining the updating of telecommunications equipment.
|
Colorado
|
S 151
|
Telecommunications Security
|
Enacted
|
Requires the Division of Homeland Security and Emergency Management within the Department of Public Safety to promulgate rules related to the removal, discontinuance, or replacement of certain critical telecommunications infrastructure that utilizes equipment manufactured by a federally banned entity.
|
Connecticut
|
S 1
|
Health and Safety
|
Enacted
|
Requires no later than Jan. 1, 2025, and not less than annually thereafter, each hospital licensed pursuant to chapter 368v of the general statutes, shall submit the hospital's plans and processes to respond to a cybersecurity disruption of the hospital's operations to an audit by an independent, certified cybersecurity auditor or cybersecurity expert credentialed by the Information Systems Audit and Control Association.
|
Connecticut
|
S 3
|
Consumer Protection
|
Failed - Adjourned
|
Concerns consumer protection. Requires personally identifying information collected through a microphone in a connected device shall implement and maintain reasonable security measures to protect such personally identifying information from any unauthorized access, acquisition, destruction, disclosure, modification or use thereof.
|
Connecticut
|
S 227
|
Municipal Internet Web Sites
|
Failed - Adjourned
|
Requires each municipality to register a ".gov" internet top-level domain.
|
Delaware
|
H 91
|
Aggravated Criminal Mischief Critical Utilities
|
Enacted
|
Provides that a person is guilty of aggravated criminal mischief when the person knowingly damages or tampers with critical utility infrastructure with the intent to interrupt or impair utility operations or the delivery, supply, or receipt of utility services; defines critical utility infrastructure as, among other things, electric generation, transmission, or distribution facilities, and natural gas, propane, compressed natural gas, liquid natural gas, or renewable natural gas facilities.
|
District of Columbia
|
B 424
|
State Water Critical Infrastructure
|
To Congress
|
Amends the Freedom of Information Act of 1976 to exempt from disclosure critical infrastructure information or plans that contain critical infrastructure information for the critical infrastructures of the District of Columbia Water and Sewer Authority.
|
Florida
|
H 275
|
Intentional Damage to Critical Infrastructure
|
Enacted
|
Provides criminal penalties for improperly tampering with critical infrastructure resulting in specified monetary damage or cost to restore; provides for civil liability upon a conviction for such violations; provides criminal penalties for trespass upon critical infrastructure; provides notice requirements; provides criminal penalties for the unauthorized access to or tampering with specified electronic devices or networks of critical infrastructure; provides an effective date.
|
Florida
|
H 473
|
Cybersecurity Incident Liability
|
Vetoed
|
Provides that county, municipality, other political subdivision of the state, covered entity, or third-party agent that complies with certain requirements is not liable in connection with a cybersecurity incident; requires covered entities and third-party agents to adopt revised frameworks, standards, laws, or regulations within a specified time period; provides that a private cause of action is not established; provides that certain failures are not evidence of negligence.
|
Florida
|
H 1363
|
Traffic Enforcement
|
Enacted
|
Provides that a contract awarded by another governmental entity or by a consortium or cooperative of governmental entities outside the state may not be used to procure contracts with manufacturers or vendors of school bus infraction detection systems, speed detection systems, traffic infraction detectors, or other specified camera systems; requires approval by the governing body at a regular or special meeting before contracting or renewing a contract to place or install traffic infraction detectors.
|
Florida
|
H 1461
|
Public Records and Investigations
|
Failed - Adjourned
|
Provides exemption from public records requirements for information relating to investigations by Department of Legal Affairs and law enforcement agencies of certain AI transparency violations; provides for future legislative review and repeal of exemption; provides statement of public necessity.
|
Florida
|
H 1501
|
Health Care Innovation
|
Failed
|
Creates Health Care Innovation Council within the Department of Health for specified purpose; requires council to submit annual reports to governor and Legislature. Requires a member of the Health Care Innovation Council to include a representative of the private sector who has senior-level experience in cybersecurity or software engineering in the health care sector. Best practice recommendations must include cybersecurity and the protection of health care data and systems.
|
Florida
|
H 1555
|
Cybersecurity
|
Enacted
|
Relates to cybersecurity; provides that Florida Center for Cybersecurity may also be referred to as Cyber Florida; provides that the center is established under the direction of the president of the University of South Florida, or his or her designee; revises the mission and goals of the center; authorizes the center to take certain actions relating to certain initiatives.
|
Florida
|
H 1669
|
Elections
|
Failed - Adjourned
|
Requires the Department of State to adopt rules relating to election security; requires the Department of State to create certain manuals which includes cybersecurity protocols; authorizes PACs and political committees to have poll watchers; authorizes designate watchers for absentee vote processing locations; provides requirements for printed ballots and voter certificate envelopes; requires retention of materials; requires audits; provides requirements for transportation and chain of custody for ballots; revises storage, identification, and signature verification requirements.
|
Florida
|
H 5001
|
General Appropriations Act
|
Enacted
|
Appropriates funds for Cyber Florida, cybersecurity for elections; enterprise cybersecurity resiliency program; statewide cybersecurity operations.
|
Florida
|
PCB 6043
|
Open Government Sunset Review Act
|
Failed - Adjourned
|
Concerns Open Government Sunset Review Act; provides exemptions from public record requirements for certain security information held by the Department of the Lottery, information about lottery games, personal identifying information of retailers and vendors for purposes of background checks, and certain financial information held by the department.
|
Florida
|
S 340
|
Intentional Damage to Critical Infrastructure
|
Failed
|
Relates to intentional damage to critical infrastructure; provides criminal penalties for causing intentional harm or damage to critical infrastructure; provides for civil liability for such violations; provides for construction.
|
Florida
|
S 614
|
Practice of Acupuncture
|
Failed
|
Revises education requirements for acupuncture licensure, beginning on specified dates; authorizes acupuncturist assistants to assist in the practice of acupuncture under the direct supervision of an acupuncturist; revises continuing education requirements for acupuncture licensure renewal to include practice management, such as cybersecurity practices.
|
Florida
|
S 658
|
Cybersecurity Incident Liability
|
Failed
|
Provides that a county, municipality, commercial entity, or third-party agent that complies with certain requirements is not liable in connection with a cybersecurity incident; requires certain entities to adopt certain revised frameworks or standards within a specified time period; specifies that the defendant in certain actions has a certain burden of proof.
|
Florida
|
S 1344
|
Computer Science Education
|
Failed
|
Provides that state academic standards include computer science skills; requires K-12 public schools to provide computer science instruction, includes cybersecurity; requires the department to publish specified information on its website relating to computer science education and certain industry certifications; requires the department to adopt and publish by a specified date a strategic plan for computer science education; creates the AI in Education Task Force within the department.
|
Florida
|
S 1464
|
Traffic Enforcement
|
Failed
|
Relates to traffic enforcement; provides that provisions exempting the purchase of commodities or contractual services from competitive bidding requirements do not apply to contracts for certain camera systems; prohibits certain camera systems or components thereof constructed by a Chinese manufacturer from being used for traffic enforcement in the state; requires a county or municipality to enact an ordinance to authorize placement or installation of traffic infraction detectors.
|
Florida
|
S 1624
|
Energy Resources
|
Failed
|
Relates to energy resources; allows resiliency facilities in certain land use categories in local government comprehensive plans and specified districts if certain criteria are met; prohibits amendments to a local governments comprehensive plan, land use map, zoning districts, or land development regulations in a manner that would conflict with resiliency facility classification after a specified date; requires the Public Service Commission to conduct an assessment of the security and resiliency of the state's electric grid and natural gas facilities against physical threats and cyber threats.
|
Florida
|
S 1662
|
Cybersecurity
|
Failed
|
Relates to cybersecurity; amends section 287.0591; provides that certain firms are disqualified from being awarded specified state contracts if certain conditions exist; amends section 1004.444; provides that the Florida Center for Cybersecurity may also be referred to as “Cyber Florida;” provides that the center is established under the direction of the president of the University of South Florida, or his or her designee; revises the mission and goals of the center; authorizes the center to take certain actions relating to certain initiatives; requires the Department of Management Services to contract with an independent verification and validation provider for specified services for all agency staff and vendor work to implement the enterprise cybersecurity resiliency program; requires such provider to complete an assessment of the current program by a specified date; requires that the assessment include recommendations based on certain evaluations; requires that the contract require that monthly reports and deliverables be simultaneously provided to specified entities and parties; provides an effective date.
|
Florida
|
S 1680
|
Artificial Intelligence Transparency
|
Enacted
|
Creates the Government Technology Modernization Council; requires the council to submit specified recommendations to the legislature and specified reports to the governor and the legislature by specified dates. Requires the council to evaluate common standards for artificial intelligence safety and security measures.
|
Florida
|
S 1682
|
Public Records and Artificial Intelligence Transparency
|
Failed
|
Provides an exemption from public records requirements for information relating to investigations by the Department of Legal Affairs and law enforcement agencies of certain artificial intelligence transparency violations; provides that certain information received by the department remains confidential and exempt upon completion or inactive status of an investigation; provides for future legislative review and repeal of the exemption; provides a statement of public necessity.
|
Florida
|
S 1790
|
Public Records and Investigations
|
Failed
|
Provides an exemption from public records requirements for information relating to investigations by the Department of Legal Affairs and Law Enforcement Agencies of certain data privacy violations; provides for future legislative review and repeal of the exemption; provides a statement of public necessity.
|
Florida
|
S 1794
|
Public Records and Investigations
|
Failed
|
Provides an exemption from public records requirements for information relating to investigations by the Department of Legal Affairs and Law Enforcement Agencies of certain data privacy violations; provides for future legislative review and repeal of the exemption; provides a statement of public necessity.
|
Florida
|
S 7018
|
Health Care Innovation Council
|
Enacted
|
Creates the Health Care Innovation Council to tap into the best knowledge and experience available by regularly bringing together subject matter experts to explore and discuss innovations in technology, workforce, and service delivery models that can be exhibited as best practices, implemented, or scaled in order to improve the quality and delivery of health care; provides for a revolving loan program for applicants seeking to implement innovative solutions. Requires the Council to lead discussions on recommended cybersecurity structures.
|
Georgia
|
H 949
|
Elections and Primaries Generally
|
Failed - Adjourned
|
Relates to elections and primaries generally, to provide that voting devices or systems used in primaries, elections, and runoffs in this state shall not utilize any form of wireless network cards or wireless technology; provides for the removal or disabling of such cards or technology before using such systems or devices in voting; provides for related matters; repeals conflicting laws.
|
Georgia
|
S 161
|
Counties and Municipal Corporations
|
Failed - Adjourned
|
Ensures that counties and municipalities are protected from cyber-attacks directed at contractors and suppliers by requiring certain provisions in county and municipal contracts; relates to the Georgia Technology Authority, so as to ensure that state agencies are protected from cyber-attacks directed at contractors and suppliers by requiring certain provisions in contracts entered into by the state and its agencies; provides for related matters.
|
Georgia
|
S 346
|
Department of Administrative Services
|
Failed - Adjourned
|
Relates to general authority, duties, and procedure of the Department of Administrative Services, to prohibit companies owned or operated by Iran to bid on or submit a proposal for a state contract; provides for definitions; provides for certifications; provides penalties for false certifications; provides for related matters; repeals conflicting laws.
|
Georgia
|
S 502
|
Department of Administrative Services
|
Failed - Adjourned
|
Relates to state government. Regulates and provides for certain activities by state government; expands a prohibition on certain companies bidding on or submitting a proposal for a state contract to include all companies owned or operated by foreign adversaries; prohibits state agencies from contracting for advertising or marketing services with certain companies or from supporting certain companies; provides for definitions; provides for certifications.
|
Guam
|
B 190
|
Marianas Cyber Working Group
|
Enacted
|
Creates the Marianas Cyber Security Working Group.
|
Guam
|
R 574
|
Recognition Resolution
|
Pending
|
Recognizes the month of October as Cybersecurity Awareness month and commends our Government of Guam agencies and stakeholders in their efforts to ensure our cybersecurity resilience.
|
Hawaii
|
H 1543
|
Uniform Information Practices Disclosure Exemptions
|
Failed - Adjourned
|
Excludes critical infrastructure information from disclosure requirements under the Uniform Information Practices Act.
|
Hawaii
|
H 1783
|
Electronic Credentials Regulatory Framework
|
Failed - Adjourned
|
Authorizes and establishes a regulatory framework for the issuance, use, and acceptance of electronic credentials. Establishes electronic credential data shall be subject to all relevant state data security and privacy protection laws and regulations.
|
Hawaii
|
H 2152
|
Generative Artificial Intelligence
|
Failed - Adjourned
|
Establishes a plan for the use of generative artificial intelligence in state agencies, departments, and government branches; requires the Office of Enterprise Technology Services to carry out risk assessments, including an assessment on the risks that the state's uses, or potential uses, of generative AI pose to critical infrastructure in the state, and to prepare guidelines for state uses; requires reports to the legislature.
|
Hawaii
|
H 2289
|
Voting Systems Security
|
Failed - Adjourned
|
Imposes new security requirements for voting systems; deems as election fraud certain acts relating to the provision of valuable consideration, including gifts and loans, for the purpose of bribery; relates to election tampering, and security breaches; appropriates moneys for video security surveillance recording equipment for the state's voting system; declares that the appropriation exceeds the state general fund expenditure ceiling for fiscal year 2024-2025.
|
Hawaii
|
H 2460
|
Critical Infrastructure Information
|
Failed - Adjourned
|
Provides that critical infrastructure information received or maintained by the Office of Homeland Security in connection with the state critical infrastructure security and resilience program shall be confidential and shall not be disclosed; provides that the office may share such information with federal agencies and state and county agencies within the state for the purposes of the security of critical infrastructure of protected systems, provided that the information shall remain confidential.
|
Hawaii
|
H 2461
|
Homeland Security
|
Failed - Adjourned
|
Establishes within the Department of Law Enforcement an Office of Homeland Security; provides that the director shall employ appropriate personnel and make expenditures as may be necessary; provides that the director shall appoint an administrator of homeland security and a Hawaii cybersecurity, economic, education, and infrastructure security coordinator who shall be exempt from the Civil Service Law, subject to removal by the director, and receive compensation as the director may determine.
|
Hawaii
|
H 2582
|
Critical Infrastructure Information
|
Failed - Adjourned
|
Excludes critical infrastructure information from disclosure requirements under the Uniform Information Practices Act; provides that critical infrastructure information related to the security of critical infrastructure or protected systems, including documents, records, or other information concerning actual, potential, or threatened interference with, attacks on, compromise of, or incapacitation of critical infrastructure of protected systems is not required to disclose.
|
Hawaii
|
S 2415
|
Voting Systems Security
|
Failed - Adjourned
|
Imposes new security requirements for voting systems; deems certain acts relating to election tampering or security breaches as acts of election fraud; appropriates moneys for video security surveillance recording equipment for the state's voting system; declares that the appropriation exceeds the state general fund expenditure ceiling for fiscal year 2024-2025.
|
Hawaii
|
S 2844
|
Critical Infrastructure Information
|
Failed - Adjourned
|
Excludes critical infrastructure information from disclosure requirements under the Uniform Information Practices Act.
|
Hawaii
|
S 3149
|
Critical Infrastructure Information
|
Failed - Adjourned
|
Enhances sharing of critical infrastructure information between infrastructure owners and operators and the state government; defines and protects critical infrastructure information that is crucial for direct support of the security and resilience of the state; provides homeland security partners reassurance that their proprietary information provided to the state government will be protected from disclosure.
|
Hawaii
|
S 3150
|
Homeland Security
|
Failed - Adjourned
|
Establishes the cybersecurity, economic, education, and infrastructure security coordinator within the Department of Law Enforcement; amends sections 76-16 and 128a-3, HRS.
|
Idaho
|
H 519
|
Critical Infrastructure
|
Failed - Adjourned
|
Expands existing law to provide for the crimes of impeding critical infrastructure and critical infrastructure trespass.
|
Illinois
|
H 4433
|
Insurance Data Security Law
|
Pending
|
Creates the Insurance Data Security law; sets forth provisions concerning an information security program, investigations of cybersecurity events, and notifications of cybersecurity events; provides that the director of insurance shall have power to examine and investigate the affairs of any licensee to determine whether the licensee has been or is engaged in any conduct in violation of the act.
|
Illinois
|
H 4592
|
Identification Card Act and the Vehicle Code
|
Enacted
|
Amends the Identification Card Act and the Vehicle Code; allows the secretary of state to issue a mobile Identification Card or mobile driver’s license to an individual who is otherwise eligible to hold a physical credential, in addition to an identification card or driver’s license; provides that no person, public entity, private entity, or agency shall establish a policy that requires an electronic credential instead of a physical credential. Includes requirements for privacy and tracking of data.
|
Illinois
|
H 4625
|
Courses of Study Article of the School Code
|
Pending
|
Provides that all school districts shall, with guidance and standards provided by the state Board of Education and a group of educators convened by the state Board of Education, ensure that students receive developmentally appropriate opportunities to gain digital literacy skills beginning in elementary school; provides that digital literacy instruction shall include developmentally appropriate instruction in digital citizenship skills, media and cybersecurity.
|
Illinois
|
H 4746
|
Criminal Code of 2012
|
Pending
|
Amends the Criminal Code of 2012; creates the Critical Infrastructure Protection Law Article within the Code; defines critical infrastructure facility; provides for criminal penalties, based upon the value of the property, for knowingly damaging, destroying, vandalizing, defacing, tampering with, or stealing equipment or assets of or in a critical infrastructure facility; provides that any person who violates the article is liable to the owner of the property for compensatory damages.
|
Illinois
|
H 5365
|
Government Finance Research Center
|
Pending
|
Amends the University of Illinois Act; provides that, subject to appropriation, not later than a specified date, the Government Finance Research Center at the University of Illinois at Chicago, in coordination with an intergovernmental advisory committee, must issue a report evaluating the efficiency of Department of Innovation and Technology to determine whether the Department of Innovation and Technology has been adequately supporting cybersecurity upgrades for state agencies.
|
Illinois
|
H 5511
|
Progressive Design-Build Pilot Program Act
|
Enacted
|
Relates to Metropolitan Pier and Exposition Authority Act concerning requirements for contracts for professional services entered by the Metropolitan Pier and Exposition Authority; specifies that the provisions apply to contracts in excess of specified amount for architectural, engineering, or land surveying services provided to the authority and contracts in excess of specified amount for certain other services. Amends the Freedom of Information Act Information, which includes an exemption under this item may include such things as details pertaining to the mobilization or deployment of personnel or equipment, to the operation of communication systems or protocols, to cybersecurity vulnerabilities, or to tactical operations.
|
Illinois
|
HR 887
|
Recognition Resolution
|
Adopted
|
Recognizes the value of Registered Apprenticeship programs during National Apprenticeship Week, Nov. 17 to Nov. 23, 2024; commends the Workforce Innovation Network and the Black Community Providers Network for their support of registered apprenticeship programs, industry awareness, and the expansion of apprenticeship, especially during National Apprenticeship Week.
|
Illinois
|
HR 889
|
Recognition Resolution
|
Adopted
|
Recognizes National Apprenticeship Week, held from Nov. 17 to Nov. 23, 2024, as it celebrates its 10th anniversary; recognizes the value of registered apprenticeship programs and of promoting industry awareness during National Apprenticeship Week.
|
Illinois
|
S 47
|
Tort Immunity and Government Employees
|
Pending
|
Amends the Local Governmental and Governmental Employees Tort Immunity Act; provides that a public entity or a public employee is not liable for injury caused by any unauthorized access to government records, data, or electronic information systems by any person or entity.
|
Illinois
|
S 251
|
State Fiscal Year 2024 Appropriations
|
Enacted
|
Adds, changes, and repeals various state fiscal Year 2024 appropriations; makes appropriations and reappropriations for capital and operating expenditures, and other purposes. Includes funding for the cybersecurity liaison program.
|
Illinois
|
S 2682
|
Women in Technology
|
Enacted
|
Creates the Increasing Representation of Women in Technology Working Group Act and creates the Increasing Representation of Women in Technology Working Group; modifies the membership of the working group; provides that the state Workforce Innovation Board, in consultation with a state public college or university, shall provide administrative and other support to the working group; modifies the duties of the working group and the report requirements.
|
Illinois
|
S 2978
|
Driver and Motor Vehicle Records Data Privacy Law
|
Pending
|
Amends the Vehicle Code; creates the Driver and Motor Vehicle Records Data Privacy Law; provides that the purpose is to comply with the federal Driver's Privacy Protection Act in order to protect the interest of individuals in their personal privacy by prohibiting the disclosure and use of personal information contained in their motor vehicle record, except as authorized by the individual or by law; adds provisions concerning disclosure of social security number.
|
Illinois
|
S 3086
|
Infrastructure Facility Criminal Damage
|
Pending
|
Amends the Criminal Code of 2012; provides that a person also commits criminal damage to property when he or she intentionally damages, destroys, or tampers with equipment in a critical infrastructure facility without authorization from the critical infrastructure facility; provides that a violation is: a class four felony when the damage to property does not exceed $500; relates to as class three felony when the damage to property exceeds $500 but does not exceed $10,000.
|
Illinois
|
S 3223
|
Military Code
|
Pending
|
Amends the Military Code; requires the governor to organize and maintain within this state, on a reserve basis, a volunteer civilian cybersecurity auxiliary force, known as the Cyber Auxiliary Force, that is capable of being expanded and trained to educate and protect from cyber incidents state, county, and local government entities and critical infrastructure, including election systems, businesses, and the citizens of this state.
|
Illinois
|
S 3495
|
Pacific Conflict Stress Test Act
|
Pending
|
Creates the Pacific Conflict Stress Test Act; provides that the governor shall produce and publish a state risk assessment no later than the day before the annual address made to the General Assembly by the governor, and annually thereafter; provides that the state risk assessment shall include all substantial risks to state or national security, state or national economic security, State or national public health, or any combination of those matters, occurring within and threatening the state.
|
Illinois
|
S 3541
|
Procurement Protection Act
|
Pending
|
Creates the Procurement Protection Act; provides that a company domiciled within the jurisdiction of foreign adversary or a federally banned corporation shall be ineligible to bid or submit proposal for contracts with the state.
|
Illinois
|
S 3624
|
Light Detection and Ranging Technology Security Act
|
Pending
|
Creates the Light Detection and Ranging Technology Security Act; provides that all state infrastructure located within or serving shall be constructed so as not to include any light detection and ranging equipment manufactured in or by, including any equipment whose critical or necessary components are manufactured in or by, a company domiciled within a country of concern, or a company owned by a company domiciled in a country of concern.
|
Illinois
|
S 3729
|
Unmanned Aerial Systems Security Act
|
Pending
|
Creates the Unmanned Aerial Systems Security Act; provides that a government agency may use a drone only if the manufacturer of the drone meets the minimum security requirements specified in the act.
|
Illinois
|
S 3747
|
Secure Telecommunications Act
|
Pending
|
Creates the Secure Telecommunications Act; provides that all critical telecommunications infrastructure located within or serving the state shall be constructed so as not to include any equipment manufactured by a federally banned corporation or any equipment banned at the federal level; provides that all critical telecommunications infrastructure located within or serving the state shall be constructed so as not to include any equipment manufactured in or by a foreign adversary.
|
Indiana
|
H 1177
|
Foreign Countries Limitations on Interests
|
Failed - Adjourned
|
Relates to limitations on interests of foreign countries; prohibits the state, a state agency, and a political subdivision from entering into a contract with a prohibited person for the provision of goods or services; amends the amount of a gift received from a foreign source that must be reported by a postsecondary educational institution; prohibits certain individuals and business entities from purchasing real property located within the state.
|
Indiana
|
H 1243
|
Various Education and Workforce Related Matters
|
Enacted
|
Makes various changes to the education law concerning the state diploma requirements and designations and satisfying certain course requirement by obtaining a diploma, criteria to receive a waiver from postsecondary readiness competency requirements, minimum number of alternate diplomas that may be counted in determining a school's or school corporation's graduation rate, and use of the terms statewide assessment program and statewide summative assessment; relates to high school equivalency diploma program. Includes requirements to provide instruction on internet safety, including cybersecurity.
|
Indiana
|
H 1430
|
State Information Technology TikTok
|
Failed - Adjourned
|
Relates to TikTok on state information technology; provides that an individual who is issued an electronic device by the state of the state for purposes of the individual's work for or on behalf of the state of the state may not, install the TikTok application on the electronic device, or use the electronic device to access the website of a corporation that owns and distributes the TikTok application; requires the office of technology to configure any electronic device managed by the office.
|
Indiana
|
S 150
|
Technology
|
Enacted
|
Creates the Artificial Intelligence Task Force; provides that political subdivisions, state agencies, school corporations, and state educational institutions may adopt a technology resources policy and cybersecurity policy, subject to specified guidelines; provides that a person with which a state agency enters into a licensing contract for use of a software application designed to run on generally available desktop or server hardware may not restrict the hardware on which the agency runs the software.
|
Indiana
|
S 220
|
Financial Institutions and Consumer Credit
|
Enacted
|
Amends state code provisions concerning accounting practices for credit unions to reflect a new accounting standard that replaces the allowance for loan and lease losses accounting methodology with the allowance for credit losses methodology, as required by the Financial Accounting Standards Board; establishes a new chapter in the state code article containing general provisions with respect to financial institutions to report cyber incidents.
|
Iowa
|
H 2032
|
School Districts Use of District Management Levy
|
Failed - Adjourned
|
Allows school districts to use the district management levy for cybersecurity costs.
|
Iowa
|
H 2596
|
Qualifications for Public Contract Proposals
|
Failed - Adjourned
|
Relates to qualifications to bid on or submit a proposal for certain public contracts and provides penalties.
|
Iowa
|
H 2622
|
State Government Entities Associated With Budget
|
Failed
|
Relates to the powers, duties, and responsibilities of state government entities associated with the budget, financial control, and information technology; makes penalties applicable, and makes appropriations.
|
Iowa
|
H 2708
|
State Government Entities Associated with the Budget
|
Enacted
|
Relates to the powers, duties, and responsibilities of state government entities associated with the budget, financial control, and information technology; makes penalties applicable, and makes appropriations. Relates to policies for cybersecurity. Amends procurement policies to require cybersecurity.
|
Iowa
|
S 2375
|
State Government Entities Associated With the Budget
|
Failed - Adjourned
|
Relates to the powers, duties, and responsibilities of state government entities associated with the budget, financial control, and information technology; makes penalties applicable, and makes appropriations.
|
Iowa
|
S 2409
|
State Government Entities Associated With the Budget
|
Failed
|
Relates to the powers, duties, and responsibilities of state government entities associated with the budget, financial control, and information technology; makes penalties applicable, and makes appropriations.
|
Kansas
|
H 2551
|
Certain Claims Against the State
|
Enacted
|
Concerns appropriations for the specified fiscal years for state agencies; authorizes and directs payment of certain claims against the state; authorizes certain transfers, capital improvement projects and fees, imposing certain restrictions and limitations, and directing or authorizing certain receipts, disbursements, procedures and acts incidental to the foregoing. Creates a matching fund to local communities that qualify as eligible entities for any federal grant program moneys related to water, transportation, energy, cybersecurity or broadband infrastructure.
|
Kansas
|
H 2762
|
Digital Drivers License and Identification Card
|
Failed - Adjourned
|
Relates to providing for digital proof of driver's license and digital proof of identification card and regulating the use thereof.
|
Kansas
|
H 2787
|
Kansas Insurance Guaranty Association Act
|
Enacted
|
Relates to the Kansas Insurance Guaranty Association Act and the Kansas Life and Health Insurance Guaranty Association Act; updates certain definitions, terms and conditions thereto; establishes continuity of guaranty fund coverage when a policy is transferred from one insurer to another and of guaranty fund coverage related to cybersecurity insurance; including health maintenance organizations as member insurers; broadens the assessment base for long-term care insolvencies.
|
Kansas
|
H 2820
|
Acquisition of Critical Components of Drone Technology
|
Failed - Adjourned
|
Relates to prohibiting the acquisition of critical components of drone technology from countries of concern and requiring the divesture of such technology.
|
Kansas
|
H 2842
|
Information Technology Services
|
Failed - Adjourned
|
Relates to transferring all information technology services under the chief information technology officer of each branch of government, creating chief information security officers within the judicial and legislative branches, requiring a chief information security officer to be appointed by the attorney general, secretary of state, state treasurer and insurance commissioner and requiring the chief information security officers to implement certain minimum cybersecurity standards.
|
Kansas
|
S 28
|
Insurance Group Funded Pools Refund Fund
|
Enacted
|
Relates to discontinuing payments to certain group-funded insurance pools, refunding existing balances thereof and abolishing such funds and establishing the group-funded pools refund fund. Creates a matching fund to local communities that qualify as eligible entities for any federal grant program moneys related to water, transportation, energy, cybersecurity or broadband infrastructure.
|
Kansas
|
S 271
|
Drone Technology
|
Vetoed
|
Concerns infrastructure; relates to drone technology; prohibits the acquisition of critical components of drone technology from countries of concern; relates to state contracts; prohibits state-level agencies from procuring final or finished goods or services from a foreign principal.
|
Kansas
|
S 291
|
Transferring Cybersecurity Employees
|
Enacted
|
Relates to transferring cybersecurity employees under the chief information technology officer of each branch; creates a chief information security officer within the judicial and legislative branches; requires the attorney general, Kansas Bureau of Investigation, secretary of state, state treasurer and insurance commissioner to appoint chief information security officers; places the duty of cybersecurity under the chief information technology officer.
|
Kansas
|
S 477
|
Digital Drivers Licenses and Identification Cards
|
Failed - Adjourned
|
Relates to providing for digital proof of driver's license and digital proof of identification card and regulating the use thereof.
|
Kentucky
|
H 139
|
Cyber Program
|
Failed - Adjourned
|
Establishes the Kentucky cybersecurity program and governing board within the Council on Postsecondary Education; establishes the purpose and duties of KentuckyCYBER Governing Board; creates the KentuckyCYBER fund, appropriation.
|
Kentucky
|
H 319
|
Cyber Program
|
Failed - Adjourned
|
Establishes the Kentucky cybersecurity program and governing board within the Council on Postsecondary Education; establishes the purpose and duties of KentuckyCYBER Governing Board; creates the KentuckyCYBER fund.
|
Louisiana
|
H 1
|
Appropriations
|
Enacted
|
Provides for the ordinary operating expenses of state government for fiscal year. Appropriates funding for the Louisiana cybersecurity talent initiative
Fund.
|
Louisiana
|
H 507
|
Crime of Unauthorized Entry of Critical Infrastructure
|
Enacted
|
Relates to the elements of the crime of unauthorized entry of a critical infrastructure and provides for penalties; amends the definition of critical infrastructure to add water control structures, including floodgates or pump stations; specifies the penalty for whoever commits a second or subsequent offense; specifies the fine for whoever commits the crime of unauthorized entry of a critical infrastructure during the existence of a state of emergency; clarifies when certain penalties are applicable.
|
Louisiana
|
H 700
|
Utilities
|
Enacted
|
Relates to broadband; provides for a grant program by the office of broadband to prevent utility damage; provides for a public records exemption; provides for liability; provides for obligations; provides for reporting requirements; provides for coordination with parishes and municipalities; allows a local government to establish a fee; provides for reimbursement for grantees; provides for failure to perform protocols. Provides funds to improve cybersecurity.
|
Louisiana
|
H 845
|
Procurement for Information Technology
|
Enacted
|
Provides that the Joint Legislative Committee on Technology and Cybersecurity has the authority to review and approve procurement requests related to technology or cybersecurity; adds competitive sealed bids, competitive sealed proposals, reverse auction, cooperative purchasing, and an invitation to negotiate as methods of procurement for information technology; adds professional services and consulting services contracts related to IT to the types of contracts eligible for multi-year contracts.
|
Louisiana
|
H 915
|
Aircraft and Aviation
|
Failed - Adjourned
|
Prohibits the procurement of certain unmanned aircraft systems.
|
Louisiana
|
S 162
|
Commercial Regulations
|
Failed - Adjourned
|
Provides for digital transaction providers to collect convenience charges, taxes and fees. Provides that the digital transaction provider shall obtain a cyber liability insurance with a company qualified to do business in Louisiana, in the amount of $1 million which names the state the department, the department's employees, the Office of Technology Services and its employee as additional insureds.
|
Maine
|
S 374
|
Contract with the State
|
Enacted
|
Provides that a person that submits a bid or proposal for a contract with the state for goods or services shall certify that the person is not a foreign adversary business entity; provides that a person that submits a false certification under this section commits a civil violation for which a fine may be adjudged in an amount that is twice the amount of the contract for which the bid or proposal was submitted or a specified amount, whichever is greater.
|
Maryland
|
H 227
|
Information Technology
|
Failed - Adjourned
|
Alters the definitions of information technology and major information technology development project for the purpose of certain provisions of law governing information processing and security; requires a unit of state government to submit certain information to the secretary of information technology relating to a major information technology development project; alters certain responsibilities of the secretary relating to major information technology development projects.
|
Maryland
|
H 459
|
State Administrator of Elections
|
Failed - Adjourned
|
Requires the state Board of Elections to evaluate the performance of the state administrator of elections; requires the state administrator to provide a performance evaluation of the election director of each local board of elections to the local board; requires each local board to confer with the state administrator in appointing an election director, maintain a warehouse, and provide for early voting center expenses; requires, rather than authorizes, election directors to take certain actions. Includes reporting requirements for security violations and cybersecurity requirements for equipment.
|
Maryland
|
H 617
|
Prohibited Mobile and Web Applications
|
Failed - Adjourned
|
Prohibits certain employees, agents, or entities on any information technology owned or leased by a unit of state government from downloading or using any application, including TikTok or WeChat, or access any website developed by ByteDance Ltd. or Tencent Holdings Ltd.; requires by the specified date, the Department of Budget and Management, in collaboration with the Department of Information Technology, to prepare certain guidance for units of state government regarding access to certain.
|
Maryland
|
H 760
|
Office of Legislative Audits Local School Systems
|
Enacted
|
Requires each local school system, on or before a certain date, to submit a report to the Joint Audit and Evaluation Committee on the status of implementation of corrective actions to address repeat findings and recommendations identified by the Office of Legislative Audits in the most recent audit; requires each local school system to publish the report on its website. Requires cybersecurity findings to be redacted according to auditing best practices.
|
Maryland
|
H 795
|
Peace and Conflict Studies Curriculum Content Standards
|
Failed - Adjourned
|
Requires the State Board of Education to develop curriculum content standards for a high school course on specific subjects, including, cybersecurity.
|
Maryland
|
H 1123
|
Cybersecurity for Hospitals
|
Failed - Adjourned
|
Requires the state Health Care Commission to adopt minimum cybersecurity standards for hospitals and take certain other actions related to the cybersecurity of hospitals, including supporting hospitals that do not meet the minimum cybersecurity standards; requires hospitals to comply with the cybersecurity standards adopted by the commission; requires the secretary of health to consider cybersecurity standards for hospitals when issuing a license to a hospital.
|
Maryland
|
H 1128
|
Talent Innovation Program and Fund
|
Enacted
|
Establishes the Talent Innovation Program in the Maryland Department of Labor to increase access to high-quality job training; establishes the Talent Innovation Fund; requires interest earnings of the fund to be credited to the fund; relates to the Talent Innovation Program and Talent Innovation fund; includes cybersecurity, health care, biotechnology, manufacturing and artificial intelligence.
|
Maryland
|
H 1188
|
Information Technology Projects Modernization
|
Failed - Adjourned
|
Alters the duties of the secretary of information technology related to modernization of information technology systems; alters the authority of the Board of Public Works over certain information technology projects; establishes the information technology investment fund as a special, nonlapsing fund and the Technology Investment Board within the Department of Information Technology; alters the duties and membership of the Modernize Maryland Oversight Commission.
|
Maryland
|
H 1210
|
Cybersecurity Measures Income Tax Credit
|
Failed - Adjourned
|
Authorizes a credit against the state income tax for a certain small business that employs specified number or fewer employees for costs incurred by the small business during the taxable year for certain cybersecurity measures undertaken by the small business; makes the credit refundable; applies the act to all taxable years beginning after the specified date.
|
Maryland
|
H 1420
|
Office of Peoples Counsel Cybersecurity Expert
|
Failed - Adjourned
|
Requires the Office of People's Counsel to hire at least one assistant people's counsel with cybersecurity expertise to perform certain duties; requires certain public service companies to engage with a third party to conduct an assessment that analyzes certain critical software; requires a certain certification to be submitted to the Office of People's Counsel; requires certain regulations adopted by the Public Service Commission to include cyber resilience.
|
Maryland
|
H 1486
|
Cyber Maryland Fund and Program
|
Failed - Adjourned
|
Requires the state Technology Development Corporation to administer the cyber state fund and program; authorizes the fund to be used for administrative expenses of the program, including hiring staff, consultants and other professionals as necessary to implement, maintain, and administer the program and the fund; requires the corporation to adopt certain standards.
|
Maryland
|
S 247
|
Modernize Maryland Oversight Commission
|
Failed - Adjourned
|
Alters the membership and responsibilities of the Modernize Maryland Oversight Commission; requires the Department of Information Technology to provide staff for the commission.
|
Maryland
|
S 361
|
State Debt Creation
|
Enacted
|
Authorizes the creation of a state debt in the specified amount; requires that certain grantees convey certain easements under certain circumstances to the state historical trust; requires the Department of General Services to record certain correct information in certain grant agreements under certain circumstances, notwithstanding certain differences; repeals certain state Consolidated Capital Bond Loan Preauthorization acts; specifies that certain authorizations may be used only for certain purposes. Includes funding for a cybersecurity grant.
|
Maryland
|
S 417
|
State Administrator of Elections
|
Enacted
|
Requires the state Board of Elections to evaluate the performance of the state administrator of elections; requires the state administrator to provide a performance evaluation of the election director of each local board of elections to the local board; requires each local board to confer with the state administrator in appointing an election director, maintain a warehouse, and provide for early voting center expenses; requires, rather than authorizes, election directors to take certain actions, like notification after a security breach of a voting system.
|
Maryland
|
S 474
|
Critical Infrastructure Streamlining Act of 2024
|
Enacted
|
Alters and establishes the definition of generating station for the purpose of exempting the construction of certain generating facilities used to produce electricity for the purpose of onsite emergency backup and certain test and maintenance operations from the requirement to obtain a certificate of public convenience and necessity or certain other related approvals under certain circumstances. The Department of the Environment is not required to make reports public if they pose a cybersecurity risk.
|
Maryland
|
S 649
|
9-1-1 Trust Fund
|
Enacted
|
Alters the purposes of the 9-1-1 trust fund to include funding the costs of telecommunications cardiopulmonary resuscitation training; provides that the purposes of the 9-1-1 Trust Fund include funding costs to maintain the cybersecurity of 9-1-1 systems, enhanced 9-1-1 systems, and Next Generation 9-1-1 services, the costs of 9-1-1 specialist recruitment activities, and the cost of telecommunications cardiopulmonary resuscitation training.
|
Maryland
|
S 692
|
Workgroup to Study Data Security
|
Failed - Adjourned
|
Establishes the Workgroup to Study Data Security to study certain data protection standards, identify existing standards that would best be assimilated by state agencies, and develop recommendations on and assess certain fiscal impacts; requires the workgroup to submit an interim report on a specified date, and a final report of its findings and recommendations to the governor and the General Assembly.
|
Maryland
|
S 757
|
Prohibited Applications and Websites
|
Failed - Adjourned
|
Prohibits certain employees, agents, or entities on any information technology owned or leased by a unit of state government from downloading or using any application, including TikTok or WeChat, or accessing any website developed by ByteDance Ltd. or Tencent Holdings Ltd.; requires by specified date, the Department of Budget and Management, in collaboration with the Department of Information Technology, to prepare guidance for units of state government regarding access to certain applications.
|
Maryland
|
S 816
|
Cyber Maryland Fund and Program
|
Enacted
|
Requires the Maryland Technology Development Corporation to administer the Cyber Maryland fund; alters the use of the fund; requires the corporation to adopt certain standards.
|
Maryland
|
S 980
|
Computer Science Education Content Standards
|
Failed - Adjourned
|
Requires public high schools to promote and increase the enrollment of certain students in high school computer science courses; requiring, beginning on or before the specified date, the state Board of Education to update computer science content standards to include cybersecurity; requires county boards of education to provide developmentally appropriate computer science instruction in public elementary and middle schools in the county.
|
Maryland
|
S 981
|
Local Cybersecurity Preparedness and Support Fund
|
Failed - Adjourned
|
Authorizes the governor for fiscal years 2026 and 2027, to include in the annual budget bill an appropriation of specified amount for the local cybersecurity support fund; requires the Department of Information Technology to provide sufficient information security officers to assist the director of local cybersecurity.
|
Maryland
|
S 982
|
Information Technology Projects Modernization
|
Enacted
|
Alters the duties of the secretary of information technology related to modernization of information technology systems; renames the major information technology development fund; requires a certain amount of the fund to be set aside for certain projects each fiscal year; requires the Board of Public Works to expedite the placement on an agenda and approval of certain contracts; provides for the terms of certain commission members.
|
Massachusetts
|
H 4601
|
Makes Appropriations for the Fiscal Year
|
Pending
|
Makes appropriations for the specified fiscal year for the maintenance of the departments, boards, commissions, institutions, and certain activities of the commonwealth. Appropriates funding for the operation of an information technology audit unit within the office of the state auditor to conduct audits of high-risk information technology related activities including, cybersecurity, data access, systems operations, data integrity and regulatory compliance. Appropriations to the Massachusetts Cybersecurity Innovation Fund, which includes funding for cybersecurity workforce training.
|
Massachusetts
|
H 4772
|
Insurer's Insolvency Fund
|
Pending
|
Modernizes the state insurer's insolvency fund. Relates to requirements for cybersecurity insurance.
|
Massachusetts
|
H 4800
|
Appropriations for the Fiscal Year 2025
|
Enacted
|
Makes appropriations for the specified fiscal year for the maintenance of the departments, boards, commissions, institutions, and certain activities of the commonwealth. Appropriates funding for the operation of an information technology audit unit within the office of the state auditor to conduct audits of high-risk information technology related activities including, cybersecurity, data access, systems operations, data integrity and regulatory compliance. Appropriations to the Massachusetts Cybersecurity Innovation Fund, which includes funding for cybersecurity workforce training.
|
Massachusetts
|
H 4889
|
Information Technology Needs
|
Enacted
|
Provides for a program of capital investments for information technology and data and cybersecurity improvements; provides funding for costs associated with certain initiatives, projects and expenditures, including, but not limited to, the purchase, procurement, acquisition, licensing and implementation of artificial intelligence and machine learning systems for the various state agencies and instrumentalities; establishes the information technology federal reimbursement fund.
|
Massachusetts
|
H 5008
|
Issued Bonds
|
Enacted
|
Provides for the terms of certain bonds to be issued by the commonwealth; provides that the bonds that the state treasurer may issue shall be issued for a term not to exceed a specified number of years; provides that all such bonds shall be payable not later than the specified date, as recommended by the governor in a message to the general court; relates to the fair housing fund and a program of capital investments for information technology, data, and cybersecurity improvements.
|
Massachusetts
|
S 2800
|
Bill Making Appropriations
|
Pending
|
Relates to appropriations for the specified fiscal year for the maintenance of the departments, boards, commissions, institutions and certain activities of the Commonwealth. Appropriates funding for the state auditor to conduct audits of high-risk information technology related activities including, cybersecurity, data access, systems operations, data integrity and regulatory compliance. Appropriations to the Massachusetts Cybersecurity Innovation Fund, which includes funding for cybersecurity workforce training.
|
Massachusetts
|
S 2806
|
Technology Services and Security
|
Pending
|
Relates to technology services and security. Appropriates funding for capital investments for information technology and data and cyber security improvements to various state programs, services, agencies, institutions and properties and technology infrastructure.
|
Massachusetts
|
S 2811
|
Technology Services
|
Pending
|
Relates to technology services. Authorizes the cybersecurity control board to promulgate rules for cybersecurity standards or requirements for covered entities.
|
Massachusetts
|
S 2814
|
Information Technology
|
Pending
|
Relates to provide for the future information technology needs. Appropriates funding for capital investments for information technology and data and cyber security improvements to various state programs, services, agencies, institutions and properties and technology infrastructure.
|
Massachusetts
|
S 2827
|
Municipalities and Local Governments
|
Pending
|
Relates to empowering municipalities and local governments. Includes reporting requirements for cities, towns and districts for cybersecurity incidents.
|
Massachusetts
|
S 2869
|
Economic Leadership
|
Pending
|
Relates to strengthening state's economic leadership. Appropriates funding, including $5 million to Massachusetts Bay Community College for the design and construction of the center for cybersecurity education and $5 million for the creation and operation of a cyber range and workforce development and educational resources.
|
Michigan
|
H 4414
|
Data Security
|
Pending
|
Provides department to create resources concerning digital literacy and cyber safety on public website.
|
Michigan
|
H 5283
|
Health Records
|
Pending
|
Requires Health Information Technology Commission to designate health information exchange for certain entities and data that must comply with all the state and federal laws that pertain to cyber security and data protection.
|
Michigan
|
H 5503
|
School Aid
|
Enacted
|
Makes appropriations to aid in the support of the public schools, the intermediate school districts, community colleges, and public universities of the state; makes appropriations for certain other purposes relating to education; provides for the disbursement of the appropriations; authorizes the issuance of certain bonds and provide for the security of those bonds. Requires a comprehensive safety and security assessment for vendors and other security measures.
|
Michigan
|
H 5931
|
School Aid
|
Pending
|
Creates the school consolidation and infrastructure fund; provides funding to support the cost of a feasibility study or analysis of consolidation of assets; including cybersecurity functions.
|
Michigan
|
H 6268
|
Insurance and Other
|
Pending
|
Modifies data security enforcement.
|
Michigan
|
S 402
|
Voting and Elections Database
|
Pending
|
Creates Voting and Elections Database and Institute Act, including cybersecurity standards.
|
Michigan
|
S 669
|
Public Records
|
Pending
|
Provides applicability of cybersecurity for the Freedom of Information Act to the legislature and governor's office.
|
Michigan
|
S 737
|
State Universities
|
Pending
|
Provides creation of a coordinated cybersecurity defense organization and security operations center for this state's public universities.
|
Michigan
|
S 888
|
Identity Theft
|
Pending
|
Modifies the Identity Theft Protection Act. Requires an agency that owns, possesses, collects, or accesses personal information shall implement to adopt a cybersecurity framework.
|
Michigan
|
S 948
|
Electronic Voting Systems
|
Pending
|
Modifies standards for electronic voting systems and modifies maintenance of electronic voting system source codes.
|
Minnesota
|
H 3431
|
State Government and Appropriations
|
Failed - Adjourned
|
Relates to state government; specifies administrative courts and work product data; requires cybersecurity incident reports; modifies the Administrative Procedure Act; modifies certain salaries of employees of the office of administrative hearings; makes technical changes to department of administration, department of information technology services, and state personnel management provisions; establishes a state building renewable energy, storage, and electric vehicle account.
|
Minnesota
|
H 4132
|
Elections
|
Failed - Adjourned
|
Relates to elections; requires certain municipalities to use a .gov domain.
|
Minnesota
|
H 4348
|
Financial Institutions
|
Failed - Adjourned
|
Relates to financial institutions; establishes a nonbank data security law.
|
Minnesota
|
H 4749
|
Cybersecurity
|
Failed - Adjourned
|
Relates to cybersecurity; requires reporting of cybersecurity incidents impacting public sector organizations in the state.
|
Minnesota
|
H 4772
|
Voting Rights
|
Enacted
|
Provides for funding and policy and technical changes to elections and campaign finance provisions, including elections administration, campaign finance and lobbying, and census and redistricting; establishes the Minnesota Voting Rights Act; modifies the crime of using deep fakes to influence elections; modifies certain notary provisions; transfers funds to the Voting Operations, Technology, and Election Resources Account; appropriates funds to the Campaign Finance and Public Disclosure Board. Requires every county and each municipality that administers absentee voting to use a .gov domain for the website address used by the county or municipality.
|
Minnesota
|
H 5216
|
State Government
|
Enacted
|
Relates to state government; provides policy for crime victims, law enforcement, criminal justice, corrections, public safety, crime, predatory offenders, restorative practices restitution program, Clemency Review Commission, protective orders, judicial data privacy, judiciary, public defense, civil law, contracts for deed, and state government data; provides for the Uniform Public Expression Protection Act; establishes the state board of civil legal aid.
|
Minnesota
|
H 5245
|
Reimbursement Amount for Attorney Fees
|
Failed - Adjourned
|
Relates to judiciary; provides for funding and related policy changes to Supreme Court and district courts; establishes the state board of civil legal aid; modifies safe at home program certification; provides for restorative process for certain acts; appropriates money. Appropriates funds for the judicial branch court cybersecurity program.
|
Minnesota
|
H 5324
|
State Government
|
Failed - Adjourned
|
Relates to state government; establishes a state funded county and city cybersecurity grant program; requires a report; appropriates money.
|
Minnesota
|
H 5344
|
Higher Education
|
Failed - Adjourned
|
Relates to higher education; provides funding to Metropolitan State University for cyber range services; appropriates money.
|
Minnesota
|
S 4039
|
Elections
|
Failed - Adjourned
|
Relates to elections; requires certain municipalities to use a .gov domain.
|
Minnesota
|
S 4097
|
Relates to Commerce
|
Enacted
|
Relates to commerce; adds, modifies various provisions related to insurance; regulates financial institutions; modifies provisions governing financial institutions; provides for certain consumer protections and privacy; modifies provisions governing commerce; makes technical changes; establishes civil and criminal penalties; authorizes administrative rulemaking. Requires financial institutions to retain information regarding a cybersecurity event for five years.
|
Minnesota
|
S 4157
|
Provisions Governing Financial Institutions
|
Failed - Adjourned
|
Relates to commerce; adds and modifies various provisions governing financial institutions; makes technical changes. Requires a financial institution to establish a written incident response plan designed to promptly respond to and recover from any security event, including a cyber security event, materially affecting the confidentiality, integrity, or availability of customer information the financial institution controls.
|
Minnesota
|
S 4364
|
State Government
|
Failed - Adjourned
|
Relates to state government; prohibits download or use of the TikTok application on state telecommunications devices, with certain exceptions.
|
Minnesota
|
S 4376
|
Financial Institutions
|
Failed - Adjourned
|
Relates to financial institutions; establishes a nonbank data security law.
|
Minnesota
|
S 4729
|
Elections
|
Failed
|
Modifies various provisions related to election administration; modifies various provisions relating to campaign finance and lobbying; amends requirements related to voter registration; amends absentee voting laws; modifies the authority of the campaign finance and public disclosure board to impose a civil penalty and late fees; requiring local governments to use a .gov domain.
|
Minnesota
|
S 4874
|
Reporting of Cybersecurity Incidents
|
Failed - Adjourned
|
Relates to cybersecurity; requires reporting of cybersecurity incidents impacting public-sector organizations in state; provides that beginning on a specified date, the head of or the decision-making body for a public agency must report a cybersecurity incident that impacts the public agency to the commissioner.
|
Minnesota
|
S 4892
|
State Government
|
Failed - Adjourned
|
Relates to state government; clarifies discretionary powers and duties for the department of information technology services; makes conforming changes. Amends statutes related to cyber security systems. Requires the state chief information officer or security officer, may advise and consult on security strategy and programs for state entities and political subdivisions.
|
Minnesota
|
S 5337
|
Public Safety
|
Failed
|
Provides for funding and related policy changes to the department of public safety, department of corrections, judiciary, and the clemency review commission; requires reports; appropriates funds; provides funding for court cyber security, psychological services, pay rate increases for psychological examiners and court reporters.
|
Minnesota
|
S 5416
|
Higher Education
|
Failed - Adjourned
|
Relates to higher education; provides funding to Metropolitan State University for cyber range services; appropriates money.
|
Mississippi
|
H 297
|
Department of Information Technology Services
|
Enacted
|
Requires the department of finance and administration to develop and implement a process that creates a preferred vendor list for disaster debris removal and monitoring; stipulates that the provisions of this section shall not apply to small unmanned aircraft systems manufactured in the People's Republic of China and purchased prior to a specified date.
|
Mississippi
|
H 925
|
Restrict Use of Wireless Devices by Students
|
Failed
|
Requires each district school board and charter school governing board to adopt an internet safety policy for student access to the internet provided by the school district; prescribes the requirements for the policy; requires each school district and charter school governing board to prohibit and prevent student access to social media through internet access provided by the school district; prohibits the use of certain platforms on district owned devices and through internet access provided by the school.
|
Mississippi
|
H 1575
|
Cybersecurity Standards
|
Failed
|
Provides that a local governmental entity or commercial entity that adopts and substantially complies with certain cybersecurity standards is not liable in connection with a cybersecurity incident; requires cybersecurity programs to align with the standards established by certain national organizations and the requirements of specified federal laws; declares that this act does not establish a private cause of action and that an entity's failure to comply with cybersecurity requirements.
|
Mississippi
|
S 2296
|
National Security in Public Purchasing Act
|
Failed
|
Creates the Mississippi National Security in Public Purchasing Act.
|
Mississippi
|
S 2698
|
Cyber Safety Review Board
|
Enacted
|
Creates the Cyber Safety Review Board; stipulates that the board shall be responsible for ensuring a collaborative effort to address cybersecurity threats to the state; names the voting members of the board; names the ex officio nonvoting members of the board; allows the voting members of the board to add ex officio nonvoting members of the board as necessary; allows the board to adopt rules which govern the time and place of meetings according to certain requirements.
|
Mississippi
|
S 2703
|
Cybersecurity Ransomware Incidents
|
Failed
|
Requires state agencies to report ransomware incidents to the enterprise security program and the state department of information technology services; defines terms; requires that reports note the severity level of the incident according to the levels defined by the national cyber incident response plan of the U.S. Department of Homeland Security; prohibits state agencies from paying or otherwise complying with a ransom demand.
|
Mississippi
|
H 297
|
Department of Information Technology Services
|
Enacted
|
Requires the Department of Finance and Administration to develop and implement a process that creates a preferred vendor list for disaster debris removal and monitoring; stipulates that the provisions of this section shall not apply to small, unmanned aircraft systems manufactured in the People's Republic of China and purchased prior to a specified date.
|
Mississippi
|
S 2777
|
Cybersecurity Incident Liability
|
Failed
|
Provides that a county or municipality and any other political subdivision of the state shall not be liable in connection with a cybersecurity incident if the entity adopts certain cybersecurity standards; provides a rebuttable presumption against liability for commercial entities that are in substantial compliance with this act by adopting a cybersecurity program that substantially aligns with certain specified cybersecurity standards.
|
Missouri
|
H 1415
|
Unmanned Aerial Systems Security Act of 2024
|
Failed - Adjourned
|
Establishes the Unmanned Aerial Systems Security Act of 2024.
|
Missouri
|
H 1416
|
Light Detection Ranging Technology Security Act
|
Failed - Adjourned
|
Establishes the Light Detection & Ranging Technology Security Act.
|
Missouri
|
H 1776
|
Telecommunications Security Act of 2024
|
Failed - Adjourned
|
Establishes the Telecommunications Security Act of 2024.
|
Missouri
|
H 2141
|
Use of Chinese Owned Social Media Applications
|
Failed - Adjourned
|
Prohibits the use of specific social media applications on state owned devices.
|
Missouri
|
H 2173
|
Grant Program for Employers To Enhance Cybersecurity
|
Failed - Adjourned
|
Creates a grant program for employers to enhance cybersecurity.
|
Missouri
|
H 2316
|
Cybersecurity and Informational Security Standards
|
Failed - Adjourned
|
Establishes cybersecurity and informational security standards to safeguard insurance company customer information.
|
Missouri
|
H 2864
|
Elections
|
Failed - Adjourned
|
Modifies provisions relating to elections. Requires all software used by election authorities shall be subject to review by an entity that specializes in cyber security reviews to determine whether the software has the capability to alter ballot images, voter selections, or vote tallies.
|
Missouri
|
S 923
|
Protecting Public Assets
|
Failed - Adjourned
|
Relates to protecting public assets from adversarial foreign interests.
|
Missouri
|
S 1108
|
Insurance Companies Data Security
|
Failed - Adjourned
|
Relates to insurance companies' data security.
|
Missouri
|
S 1158
|
TikTok and State-Owned IT
|
Failed - Adjourned
|
Requires the Office of Administration to establish guidelines for the removal of TikTok from state-owned information technology.
|
Missouri
|
S 1280
|
Public Service Commission
|
Failed - Adjourned
|
Relates to the public service commission, including cybersecurity requirements for public utilities.
|
Missouri
|
S 1337
|
Social Media Application Use
|
Failed - Adjourned
|
Creates new provisions relating to prohibiting the use of certain social media applications.
|
Missouri
|
S 1355
|
Employer Cybersecurity Enhancement Grants
|
Failed - Adjourned
|
Creates a grant for employers to enhance cybersecurity.
|
Montana
|
No regular 2024 session
|
|
|
|
Nebraska
|
L 43
|
First Freedom Act
|
Enacted
|
Allows records relating to cybersecurity to be withheld; provides for state information technology commission duties; prohibits agencies from imposing certain filing and reporting requirements on charitable organizations; adopts the Personal Privacy Protection Act.
|
Nebraska
|
L 1300
|
Pacific Conflict Stress Test Act
|
Enacted
|
Adopts the Pacific Conflict Stress Test Act, the Foreign Adversary Contracting Prohibition Act, the Nebraska Nonprofit Security Grant Program Act, and the Wildland Fire Response Act; defines terms; provides security requirements for chemical facilities; provides for preemption; creates the Commission on Asian American Affairs and provide for its membership, powers, duties, and compensation.
|
Nebraska
|
L 1302
|
Cybersecurity Preparedness Act
|
Failed - Adjourned
|
Adopts the Cybersecurity Preparedness Act.
|
Nebraska
|
L 1303
|
Ethical Hacker Employment
|
Failed - Adjourned
|
Requires the employment of an ethical hacker by the specified state Patrol.
|
Nevada
|
No regular 2024 session
|
|
|
|
New Hampshire
|
H 86
|
Contract Prohibition
|
Failed
|
Prohibits the state from entering contracts with Chinese government owned or affiliated technology manufacturers.
|
New Hampshire
|
H 91
|
Department of Health and Human Services
|
Failed
|
Establishes a Data Privacy and Information Technology Security Governance Board within the Department of Health and Human Services to oversee data privacy risk calculation and risk mitigation efforts; makes an appropriation to the department for classified employees to accomplish these objectives.
|
New Jersey
|
A 253
|
State Technology Contracts Restrictions
|
Pending
|
Prohibits state contracts for technology with Chinese government-owned or affiliated companies.
|
New Jersey
|
A 535
|
State Critical Infrastructure
|
Pending
|
Prohibits any foreign company created under laws of foreign adversary from participating in critical infrastructure.
|
New Jersey
|
A 817
|
Higher Education Cyber Security Plans
|
Pending
|
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyberattacks.
|
New Jersey
|
A 828
|
State Issued Electronic Devices TikTok Prohibition
|
Pending
|
Prohibits download or use of TikTok application on any state issued electronic device.
|
New Jersey
|
A 1204
|
Cybersecurity Infrastructure Study
|
Pending
|
Requires state cybersecurity and communications integration cell to study cybersecurity infrastructure and establish cybersecurity guidelines.
|
New Jersey
|
A 1410
|
Executive Branch and State College Cybersecurity
|
Pending
|
Requires each principal department in executive branch and each state college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
|
New Jersey
|
A 1484
|
Feasibility of Paperless State Government
|
Pending
|
Establishes a task force to study the feasibility of a paperless executive branch of state government; provides for membership; provides that the task force shall study, among other things, opportunities and risks associated with using electronic registrations and electronic transactions, cybersecurity protections and technology upgrades, opportunities and risks associated with a paperless electronic permit submission process, and the feasibility of a paperless records retention process.
|
New Jersey
|
A 1687
|
Office of Supportive Action Functionality Experts
|
Pending
|
Establishes office of supportive action functionality experts to prepare for catastrophic loss of technological services.
|
New Jersey
|
A 1912
|
State Employee Cybersecurity Practices
|
Pending
|
Requires state employees to receive best cybersecurity practices.
|
New Jersey
|
A 2199
|
Cybersecurity Incidents
|
Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
|
New Jersey
|
A 2200
|
Cybersecurity Plans
|
Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.
|
New Jersey
|
A 2226
|
Information Security Standards and Guidelines
|
Pending
|
Concerns information security standards and guidelines for state and local government.
|
New Jersey
|
A 2424
|
Governmental Employees Cybersecurity Awareness Training
|
Pending
|
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.
|
New Jersey
|
A 2453
|
Comprehensive Information Security Program
|
Pending
|
Requires certain persons and business entities to maintain comprehensive information security program.
|
New Jersey
|
A 2568
|
Debarment of Contractors Computer Crime Conviction
|
Pending
|
Concerns debarment of contractors for conviction of certain computer related crimes.
|
New Jersey
|
A 2999
|
Instruction on Cybersecurity
|
Pending
|
Requires instruction on cybersecurity in grades nine through 12; requires Office of Secretary of Higher Education to develop cybersecurity model curricula; establishes loan redemption programs for individuals in certain cybersecurity occupations.
|
New Jersey
|
A 3294
|
Anonymous Communications Safeguards
|
Pending
|
Requires safeguards for anonymity and confidentiality with respect to communications presented through phone lines, electronic communication systems, or websites dedicated to accepting anonymous tips for use by law enforcement in criminal investigations.
|
New Jersey
|
A 3540
|
Deceptive Audio or Visual Media
|
Pending
|
Establishes criminal penalties for production or dissemination of deceptive audio or visual media, commonly known as deepfakes.
|
New Jersey
|
A 3897
|
Cybersecurity Incident Reporting
|
Pending
|
Requires municipalities, counties, and school districts to report cybersecurity incidents; provides that the attorney general, in consultation with the New Jersey Cybersecurity and Communications Integration Cell, shall develop an online cybersecurity incident reporting form on the New Jersey cybersecurity and communications integration cells internet website.
|
New Jersey
|
A 3949
|
Cybersecurity Incidents Reports and Training
|
Pending
|
Requires certain procedures, reports, and training for municipalities, counties, and school districts in response to cybersecurity incidents.
|
New Jersey
|
A 4020
|
Public Water Systems Grant Programs
|
Pending
|
Directs Department of Community Affairs to establish grant programs for public water systems. Directs Department of Community Affairs to establish grant programs for public water systems. Funds can be used to improve the sharing of information concerning water quality, water infrastructure needs, and water technology, including cybersecurity technology, between or among public water systems.
|
New Jersey
|
A 4363
|
Nonprofit Smart Technology Security Infrastructure
|
Pending
|
Provides funding to nonprofit organizations to implement smart technology and AI systems to enhance security infrastructure.
|
New Jersey
|
A 4768
|
Cyber Security Reserve Corps
|
Pending
|
Establishes Cyber Security Reserve Corps; appropriates monies.
|
New Jersey
|
A 4862
|
Town Center Microgrid Pilot Program Act
|
Pending
|
Relates to the New Jersey Town Center Microgrid Pilot Program Act. Requires the board to assist a pilot agency in evaluating provisions of a proposed power purchase agreement and tariff, including assistance in matters of energy pricing, maintenance, termination of the agreement, removal of infrastructure, assignment of contract, cybersecurity, liability insurance, electrical system connection and interfaces, and system upgrades.
|
New Jersey
|
AJR 40
|
Cyber Security Awareness Month
|
Pending
|
Designates a specified month of each year as Cyber Security Awareness Month.
|
New Jersey
|
S 205
|
Advanced Cyber Infrastructure Strategic Plan
|
Pending
|
Directs the state cybersecurity and communications integration cell, office of information technology, and the State Big Data Alliance to develop an advanced cyber infrastructure strategic plan.
|
New Jersey
|
S 510
|
State Issued Electronic Devices TikTok Ban
|
Pending
|
Prohibits download or use of TikTok application on any state issued electronic device.
|
New Jersey
|
S 513
|
Power Supply Interruptions
|
Pending
|
Upgrades offense of criminal mischief if person interrupts or impairs power supply.
|
New Jersey
|
S 728
|
Foreign Companies Technology Products
|
Pending
|
Prohibits government entities from procuring and using technology products and services from companies owned by, controlled by, or domiciled in certain foreign countries.
|
New Jersey
|
S 731
|
Critical Infrastructure Foreign Company Involvement
|
Pending
|
Prohibits any foreign company created under laws of foreign adversary from participating in critical infrastructure.
|
New Jersey
|
S 1053
|
Cybersecurity Infrastructure and Guidelines
|
Pending
|
Requires the state cybersecurity and communications integration cell to study cybersecurity infrastructure and establish cybersecurity guidelines.
|
New Jersey
|
S 1414
|
Grant Programs for Public Water System
|
Pending
|
Directs Department of Community Affairs to establish grant programs for public water systems. Funds can be used to improve the sharing of information concerning water quality, water infrastructure needs, and water technology, including cybersecurity technology, between or among public water systems.
|
New Jersey
|
S 1580
|
Nonprofit Partnerships Funding
|
Pending
|
Establishes the innovation partnership; provides funding for certain nonprofit partnerships to promote certain emerging technology businesses, with a focus on cybersecurity.
|
New Jersey
|
S 1862
|
State Technology Contracts Restrictions
|
Pending
|
Prohibits state contracts for technology with Chinese government owned or affiliated companies.
|
New Jersey
|
S 2271
|
Review of Colleges Cybersecurity Infrastructure
|
Pending
|
Requires each government entity in the state to conduct review of cybersecurity infrastructure and make recommendations.
|
New Jersey
|
S 2464
|
Breaches of Security Affirmative Defense
|
Pending
|
Creates affirmative defense for certain breaches of security.
|
New Jersey
|
S 3100
|
Cybersecurity Plans
|
Pending
|
Requires businesses in financial essential infrastructure and health care industries to develop cybersecurity plans and report cybersecurity incidents; provides that the New Jersey Cybersecurity and Communications Integration Cell, in consultation with the attorney general, shall adopt rules and regulations that establish standards for the definitions and implementation of organization accountabilities and responsibilities for cyber risk management activities.
|
New Jersey
|
S 3101
|
Business and Industries Cybersecurity Incident Reports
|
Pending
|
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
|
New Jersey
|
S 3220
|
Cybersecurity Employment Grant Program
|
Pending
|
Establishes cybersecurity employment grant program for qualified businesses; appropriates funds.
|
New Jersey
|
S 3222
|
Cybersecurity Model Curricula
|
Pending
|
Requires instruction on cybersecurity in grades nine through 12; requires the Office of Secretary of Higher Education to develop cybersecurity model curricula; establishes loan redemption programs for individuals in certain cybersecurity occupations.
|
New Jersey
|
S 3313
|
Cybersecurity Incidents Response Procedures
|
Pending
|
Requires certain procedures, reports, and training for municipalities, counties, and school districts in response to cybersecurity incidents.
|
New Jersey
|
S 3569
|
Cybersecurity Grant Program
|
Pending
|
Establishes the state cybersecurity grant program; appropriates $5 million from the general fund.
|
New Jersey
|
S 3665
|
State Employees Cybersecurity Training
|
Pending
|
Requires certain state employees to receive training in cybersecurity best practices.
|
New Jersey
|
SJR 105
|
Cybersecurity Task Force
|
Pending
|
Establishes State Cybersecurity Task Force.
|
New Mexico
|
H 72
|
Create Cybersecurity Fund
|
Failed - Adjourned
|
Relates to cybersecurity; creates the cybersecurity fund; directs rulemaking to establish requirements and procedures for disbursements from the fund; makes an appropriation.
|
New Mexico
|
S 129
|
Cybersecurity Act
|
Vetoed
|
Establishes reporting requirements for public entities receiving state appropriations in certain situations; requires certification of compliance with certain information security standards; changes the membership of the cybersecurity advisory committee; provides that the cybersecurity office shall oversee cybersecurity and information security-related functions for agencies and may, among other things, approve agency cybersecurity and information security requests for proposals and invitations for bids.
|
New Mexico
|
S 211
|
Science Education Promotion Fund
|
Failed - Adjourned
|
Creates the science education promotion fund within the Economic Development Department. Grants can be given to educational institutions to develop strategic plans, which include a five-year plan proposed by an institution to increase the institution's educational curriculum, degree offerings at the institution or graduates from the institution in any of the following fields: aerospace; bioscience; cybersecurity; and others.
|
New York
|
A 2833
|
Procurement Requirements
|
To Governor
|
Relates to procurement requirements for end point device security.
|
New York
|
A 2852
|
Municipal Websites
|
To Governor
|
Requires municipalities to maintain municipal websites.
|
New York
|
A 5736
|
Secure Our Data Act
|
Pending
|
Establishes the Secure Our Data Act; defines ransomware and other malware protection.
|
New York
|
A 7166
|
Emergency Response Plans
|
Pending
|
Provides that each electric corporation shall annually submit to the Public Service Commission an emergency response plan for review and approval; provides that, to support reasonably prompt restoration of service in the case of an emergency event, emergency response plans should include details of staffing, equipment and a performance schedule with the goal of achieving restoration of service based upon a time-based restoration schedule established by the commission.
|
New York
|
A 7331
|
Governmental Entities
|
Pending
|
Amends the state technology law, in relation to requiring governmental entities to implement multifactor authentication for local and remote network access.
|
New York
|
A 7748
|
Climate Change Property Tax Relief Act
|
Pending
|
Provides that where an eligible property that has sustained damages is located within an eligible municipality, an abatement of real property taxes shall be granted equal to the damages to such eligible property; provides that to receive an abatement, the owner shall submit an application to the local assessor which shall include supporting documentation and photographs, and shall describe in reasonable detail the damage caused to and the condition of the property following a major or local disaster, including a cyber event.
|
New York
|
A 8894
|
Long Island Power Authority Public Power Act
|
Pending
|
Amends the Public Authorities Law, the Executive Law, the Public Service Law and the State Finance Law, in relation to powers and duties of the Department of Public Service and the Long Island Power Authority; establishes a community stakeholder board; provides that the community stakeholder board shall, among other things, review and assess the authorities and board of trustees operational plans which include cybersecurity personnel and provide an opinion on the merits of the plan and future revisions to it to the authority.
|
New York
|
A 9265
|
Contractors Working on Covered Projects
|
Enacted
|
Amends the labor law, in relation to requiring contractors and subcontractors employed by the state to submit their payrolls or transcripts to the fiscal officer; provides that a contractor or subcontractor who fails to furnish records relating to its employees, shall be subject to a penalty by the fiscal officer of $100 for each day, includes requirements to secure personally identifiable information in an online database.
|
New York
|
A 9312
|
State and Local Procurement Laws
|
Pending
|
Amends the state finance law and the general municipal law, in relation to prohibiting procurement of certain technology that pose security threats.
|
New York
|
A 9430
|
Legislative Oversight of Automated Decision Making Act
|
Pending
|
Amends the state technology law, in relation to automated decision-making by state agencies. Requires an impact assessment to check for any cybersecurity vulnerabilities and privacy risks.
|
New York
|
A 10332
|
Hudson Valley Power Authority
|
Pending
|
Establishes the Hudson Valley Power Authority to own and operate electricity service and to create or acquire one or more wholly owned subsidiaries or membership interests in subsidiaries; establishes energy observatory corporations for studying and enabling effective community governance of power authorities; includes cybersecurity requirements; makes related provisions.
|
New York
|
A 10455
|
Community College Workforce Guarantee Program
|
Pending
|
Establishes the State University of New York Community College Workforce Guarantee Program.
|
New York
|
A 10605
|
State Employees Who Use a Computer
|
Pending
|
Requires state employees who use a computer to complete at least 25% of such employees' required duties to undergo annual cyber security training.
|
New York
|
S 3353
|
Municipal Websites
|
Pending
|
Requires municipalities to maintain municipal websites.
|
New York
|
S 5007
|
Secure Our Data Act
|
Pending
|
Amends the state technology law, relates to establishing the "Secure Our Data Act."
|
New York
|
S 5600
|
Contents of Emergency Response Plans
|
Pending
|
Relates to the contents of emergency response plans required to be submitted to the Public Service Commission by electric corporations; requires such plans to include details of staffing, equipment, and ability to perform toward certain standards; requires the public service commission to establish a time-based restoration schedule.
|
New York
|
S 6474
|
Governmental Entities
|
Pending
|
Requires governmental entities to implement multifactor authentication for local and remote network access; requires public websites to encrypt all exchanges and to comply with privacy standards.
|
New York
|
S 6875
|
Democracy During Detention Act
|
Pending
|
Amends the Election Law, the Correction Law and the New York City Charter, in relation to voting rights and access for incarcerated individuals; provides that the board of elections of each county may establish by majority vote, in lieu of the absentee balloting program, a polling place at any correctional facility for at least a specified number of hours of operation beginning the specified day prior to any general, primary, run-off primary. Prior to the establishment of a polling place pursuant to subdivision one or two of this section, the Board of Elections shall develop a facility voter access plan, including cybersecurity plans.
|
New York
|
S 7907
|
Commission to Study EU Protection Data Regulation
|
Pending
|
Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state.
|
New York
|
S 9364
|
State and Local Procurement Laws
|
Pending
|
Amends the state finance law and the general municipal law, in relation to prohibiting procurement of certain technology that poses security threats.
|
North Carolina
|
H 971
|
Human Trafficking Awareness Training
|
Enacted
|
Exempts an official or employee that is engaged in identifying potential security or cybersecurity threats from specific requirements.
|
North Dakota
|
No regular 2024 session
|
|
|
|
Ohio
|
H 33
|
Operating Appropriations for the Biennium
|
Enacted
|
Makes operating appropriations for the biennium beginning a specified date, and ending a specified date, to levy taxes; provides authorization and conditions for the operation of state programs. Appropriations for cybersecurity workforce development. Requires state agencies immediately to remove any covered application from all equipment they own or lease, including TikTok.
|
Ohio
|
H 74
|
Information Technology Systems and Shared Services
|
Pending
|
Requires state approval of voter registration systems and ballots on demand voting systems; modifies the procedures for registering electors through the Bureau of Motor Vehicles; requires the attorney general to certify the title of a statewide initiative or referendum petition; creates the Cybersecurity and Fraud Advisory Board to improve cybersecurity and fraud prevention with respect to the information technology systems and shared services used across state agencies.
|
Ohio
|
H 507
|
Legal Safe Harbor to Specified Cybersecurity Program
|
Pending
|
Extends legal safe harbor to political subdivisions that implement a specified cybersecurity program.
|
Ohio
|
S 335
|
Implement Recommendations of Sunset Review Committee
|
Pending
|
Implements the recommendations of the Sunset Review Committee, to eliminate certain state insurance laws that have been suspended since the enactment by Congress of the Affordable Care Act. Changes the membership of the board of voting machine systems examiners the secretary of state appoints to include a cybersecurity expert, as a nonvoting member of the board.
|
Ohio
|
SR 345
|
Honorary Resolution
|
Adopted
|
Honors the Delaware area career center cybersecurity team as the 2024 CyberPatriot Program State Champion.
|
Oklahoma
|
H 1151
|
Procurement Protection Act of 2024
|
Failed - Adjourned
|
Creates the Procurement Protection Act; provides for procurement restrictions for certain entities; provides for civil penalties; provides for exceptions; requires the disclosure of certain procurements.
|
Oklahoma
|
H 1195
|
Secure Telecommunications Act of 2024
|
Failed - Adjourned
|
Prohibits certain critical telecommunications infrastructure equipment; requires removal and replacement of certain prohibited equipment; states that removal, discontinuation, or replacement of prohibited equipment shall not require additional permits provided certain conditions are met; requires the payment of certain registration fees; requires registration prior to providing service; authorizes the corporation commission to prescribe a certain registration form.
|
Oklahoma
|
H 3024
|
Crimes and Punishments
|
Failed - Adjourned
|
Relates to crimes and punishments; relates to trespass to critical infrastructure facilities; expands scope of certain prohibited act; defines term; modifies definition; provides an effective date.
|
Oklahoma
|
H 3025
|
Public Health and Safety
|
Failed - Adjourned
|
Relates to crimes and punishments; relates to trespass to critical infrastructure facilities; expands scope of certain prohibited act; defines term; modifies definition; provides an effective date.
|
Oklahoma
|
H 3068
|
Purchase of Small Unmanned Aircraft Systems
|
Failed - Adjourned
|
Relates to state government; defines terms; prohibits purchase of small unmanned aircraft systems manufactured by certain foreign entities; prohibits operation of small unmanned aircraft systems manufactured by certain foreign entities after certain date; provides exceptions; provides for codification; provides an effective date.
|
Oklahoma
|
S 543
|
Insurance Data Security
|
Enacted
|
Relates to insurance data security; creates the Insurance Data Security Act; provides short title; establishes act jurisdiction; construes provision; defines terms; requires licensees to develop data security program with certain inclusions; establishes intent of security programs created pursuant to act; directs licensee to conduct risk assessment; directs licensee to take certain action following risk assessment result; requires certain supervising boards to take certain actions to implement program.
|
Oklahoma
|
S 1205
|
Office of Management and Enterprise Services
|
Failed - Adjourned
|
Relates to the office of management and enterprise services; relates to the State Finance Act; modifies responsibilities of chief information officer; modifies duties of the information services division of the office of management and enterprise services; terminates authority of state governmental technology applications review board; relates to the Information Technology Consolidation and Coordination Act; modifies definitions; modifies duties of chief information officer.
|
Oregon
|
H 4152
|
Cybersecurity
|
Failed
|
Relates to cybersecurity; requires the office of Enterprise Information Services to study cybersecurity.
|
Pennsylvania
|
H 1854
|
Emergency Communication Services
|
Failed - Adjourned
|
Amends 911 emergency communication services statutes; provides for definitions, for telecommunications management and for counties; provides for addressing authorities and for next generation 911 call delivery; provides for 911 system plan, for fund, for payment, collection and remittance of surcharge by providers of 911 communications services, for payment, collection and remittance of surcharge. Requires a security operations center to support the operations and security of the NG911 system.
|
Pennsylvania
|
HR 309
|
Joint State Government Commission
|
Failed - Adjourned
|
Directs the Joint State Government Commission to conduct a study reviewing the risk to critical infrastructure from foreign purchases of critical infrastructure assets and adjacent land in this commonwealth.
|
Pennsylvania
|
HR 407
|
Designation Resolution
|
Adopted
|
Designates a specified week as apprenticeship week, with a focus on cybersecurity professionals.
|
Pennsylvania
|
S 379
|
Prohibition of Unauthorized Applications
|
Failed - Adjourned
|
Provides that no state-owned electronic device may have an unauthorized foreign adversary controlled application downloaded or installed on the device; provides that an individual may not access or attempt to access an unauthorized foreign adversary controlled application through a state-owned wireless network; provides exceptions for law enforcement activities, security interests, security research, or risk mitigation actions.
|
Pennsylvania
|
S 745
|
Information Technology Commodities and Services
|
Failed - Adjourned
|
Provides that a contract for the procurement of end point devices shall require that those devices, services and solutions be capable of being configured, secured and maintained in a manner that meets the National Institute of Standards and Technology guidelines in the NIST Special Publication 800-Series Publications, or industry best practices for computer security to the extent that the guidelines or industry best practices are applicable to the end point devices, services and solutions being procured.
|
Puerto Rico
|
H 1530
|
Cybersecurity Act
|
Enacted
|
Relates to the Cybersecurity Act; establishes as a principle of public policy that security to government data is essential to support innovation processes and foster development and sustainable economic growth of all sectors in Puerto Rico; creates the position of the chief information security officer under the Office of the Puerto Rico Innovation and Technology Service; establishes its powers and duties in order to guarantee the execution of the public policy established in this law.
|
Puerto Rico
|
H 1678
|
TikTok or WeChat
|
Failed - Adjourned
|
Prohibits the use or installation of the application of the social network TikTok or WeChat or their successors or any service developed or provided by ByteDance Limited or Tencent Holdings Limited or by any entity belonging to the latter two, in any electronic device belonging to the three branches or powers of the government, namely, legislative, executive and judicial; includes municipalities and private institutions that provide, offer or render, any service, program or activity.
|
Puerto Rico
|
H 2111
|
Political Campaigns
|
Failed - Adjourned
|
Relates to the law for the supervision of the financing of political campaigns, for the purposes of establishing the steps to follow if a candidate for political office is a victim of cyberattacks through the use of artificial intelligence during the campaign period.
|
Puerto Rico
|
HJR 318
|
Transportation and Public Works
|
Failed - Adjourned
|
Relates to order the Department of Transportation and public works to eliminate all fines and toll costs for traveling without balance through the island's toll stations granted as of April 2022, due to the cyberattack suffered by the system of AutoExpresso and until its culmination; announces and establishes what the protocol will be and the next steps to follow so that citizens can make claims for improper charges on their accounts; awards a credit to the accounts of the persons who paid said fines.
|
Puerto Rico
|
HJR 333
|
AutoExpreso system
|
Failed - Adjourned
|
Relates to order the Department of Transportation and public works, the highways and transportation authority and the government of the commonwealth, to establish a voluntary moratorium of certain days so that users duly registered in the AutoExpreso system, can pay any balance accumulated as a result of the seizure of information due to the cyberattack on the control of the AutoExpreso system between the specified date until the date on which the system administrator company.
|
Puerto Rico
|
HR 468
|
Ransomware Cyber Attack Study
|
Adopted
|
Orders the House Committee on Finance and Budget to carry out an investigation into the cyberattack caused by ransomware in 2017, causing a state of emergency in the Department of the Treasury.
|
Puerto Rico
|
S 118
|
Office of Security Information Management Powers
|
To governor
|
Amends Law 20 of 2017 to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.
|
Puerto Rico
|
S 1393
|
Cyber Security Training Act
|
Failed - Adjourned
|
Creates the Cyber Security Training Act; establishes as public policy of the government of Puerto Rico mandatory training on cybersecurity for the protection and proper management of information systems and assets; establishes the cyber security training program; imposes penalties.
|
Puerto Rico
|
SJR 294
|
AutoExpreso System
|
Failed - Adjourned
|
Relates to order the Department of Transportation and public works and the highways and transportation authority to establish a series of measures in favor of the user of the AutoExpreso system, in response to the cyberattack that occurred on this system on a specified date.
|
Puerto Rico
|
SR 595
|
Cyber Attack
|
Adopted
|
Relates to order the compliance and restructuring commission of the Senate of Puerto Rico to investigate everything related to the cyberattack suffered by the AutoExpreso recharge system, operated by the company Professional Account Management.
|
Puerto Rico
|
SR 726
|
AutoExpreso Recharging System
|
Adopted
|
Relates to investigating on everything related to the cyberattack suffered by the AutoExpreso recharging system, operated by the Professional Account Management Company.
|
Rhode Island
|
H 7281
|
Statutory Provisions on Domestic and Foreign Insurers
|
Enacted
|
Amends the statutory provisions regarding domestic and foreign insurers and insurer examinations to provide provisions regarding cybersecurity events involving the state consumers.
|
Rhode Island
|
S 2802
|
Insurance Examinations Statutory Provisions
|
Enacted
|
Amends the statutory provisions regarding domestic and foreign insurers and insurer examinations to provide provisions regarding cybersecurity events involving Rhode Island consumers.
|
South Carolina
|
H 4596
|
Websites and Applications That Threaten Cybersecurity
|
Failed - Adjourned
|
Requires all agencies and departments of the state and its political subdivisions to prohibit the electronic devices it manages from access and use of websites and applications that threaten cybersecurity and infrastructure from foreign and domestic threats, such as TikTok.
|
South Carolina
|
H 4702
|
Computer Science Education
|
Failed - Adjourned
|
Enacts the South Carolina Computer Science Education Initiative Act so as to provide for the expansion and enhancement of computer science education in public high schools through the creation and implementation of a statewide computer science education plan and the requirement that each public school offers at least one computer science course that meets certain criteria, and to provide related requirements of the state board of education and the state Department of Education.
|
South Dakota
|
S 187
|
Local Government Cybersecurity Services Initiative
|
Enacted
|
Makes an appropriation to establish cybersecurity services initiative for counties and municipalities and to declare an emergency; appropriates a specified sum to the office of the attorney general, for purposes of creating a cybersecurity services initiative for counties and municipalities throughout the state; provides that funds must be disbursed according to the specific needs of the project and in such a way that best advances the cybersecurity needs of the counties and municipalities to be served.
|
Tennessee
|
H 1445
|
Higher Education
|
Failed - Adjourned
|
Prohibits a public institution of higher education that provides internet access to students, faculty, staff, or the public from allowing an individual to access a video platform using the institution's network if the video platform is owned by a company headquartered outside of the United States.
|
Tennessee
|
H 1733
|
State Government
|
Enacted
|
Relates to state entities; provides that a state entity shall not submit payment with an entity that has engaged in a cybersecurity incident on an information technology system by encrypting data and then subsequently offering to decrypt that data in exchange for a ransom payment; provides that a state entity experiencing a ransom request in connection with a cybersecurity incident shall immediately notify and consult with the technology and innovation division of the state Bureau of Investigation.
|
Tennessee
|
H 1841
|
Public Contracts
|
Failed - Adjourned
|
Prohibits certain foreign entities from submitting bids for contracts with the state or a political subdivision of the state; requires entities bidding on contracts to make certain disclosures and certifications related to the entities' business relationship with certain foreign entities; provides for civil penalties if the disclosures or certifications are false.
|
Tennessee
|
H 1842
|
Use of Physical Broadband Infrastructure and Equipment
|
Failed - Adjourned
|
Prohibits the use of physical broadband infrastructure and equipment from certain entities and countries in the construction or use of existing critical telecommunications infrastructure; establishes related requirements and penalties.
|
Tennessee
|
H 2265
|
Criminal Offenses
|
Enacted
|
Relates to critical infrastructure; provides that a person who knowingly destroys, injures, interrupts, or interferes with critical infrastructure or its operation commits the offense of critical infrastructure vandalism; provides that a person who uses, alters, encrypts, ransoms, destroys, or otherwise renders unavailable, without authorization, the electronic data, electronic devices, or networks of a provider of critical infrastructure or of a farm commits critical infrastructure vandalism.
|
Tennessee
|
H 2434
|
Tort Liability and Reform
|
Enacted
|
Declares a private entity to be not civilly liable in a class action resulting from a cybersecurity event unless the cybersecurity event was caused by willful, wanton, or gross negligence on the part of the private entity.
|
Tennessee
|
H 2470
|
Department of Education
|
Failed - Adjourned
|
Requires the Department of Education to contract with a vendor to provide internet security software for school-issued electronic devices in selected local education agencies as part of a two-year pilot program.
|
Tennessee
|
H 2802
|
Public Contracts
|
Failed - Adjourned
|
Prescribes certain contractual and reporting requirements to protect the integrity of financial transactions in this state.
|
Tennessee
|
S 467
|
Criminal Offenses
|
Failed - Adjourned
|
Increases the punishment, from a Class E felony to a Class C felony, for a person who commits the offense of critical infrastructure vandalism and the damages caused by the offense is at least $1,000.
|
Tennessee
|
S 834
|
Higher Education
|
Enacted
|
Prohibits a public postsecondary institution that provides internet access to students, faculty, staff, or the public from allowing an individual to access a social media platform using the institution's network if the platform is owned by a company based in the People's Republic of China.
|
Tennessee
|
S 1825
|
State Government
|
Failed - Adjourned
|
Prohibits a state governmental entity from contracting with, negotiating with, or paying an individual or entity if the state governmental entity has proof satisfactory after a proper inquiry that the individual or entity is a system hacker.
|
Tennessee
|
S 2018
|
Tort Liability and Reform
|
Failed - Adjourned
|
Declares a private entity to be not civilly liable in a class action resulting from a cybersecurity event unless the cybersecurity event was caused by willful, wanton, or gross negligence on the part of the private entity.
|
Tennessee
|
S 2040
|
Criminal Offenses
|
Failed - Adjourned
|
Adds using, altering, encrypting, ransoming, destroying, or otherwise rendering unavailable without authorization, electronic data, electronic devices, or network providers of critical infrastructure or of a farm to the offense of committing criminal infrastructure vandalism.
|
Tennessee
|
S 2095
|
Higher Education Research Security
|
Enacted
|
Provides that each public institution of higher education shall safeguard its academic research from foreign adversaries by establishing a research security policy that promotes a security culture, furthers national security interests, and mitigates threats to the integrity and conduct of the institutions research against undue foreign influence; provides that each institution shall implement a research security policy and make the policy readily available on the institutions website.
|
Tennessee
|
S 2132
|
Department of Education
|
Failed - Adjourned
|
Requires the Department of Education to contract with a vendor to provide internet security software for school-issued electronic devices in selected local education agencies as part of a two-year pilot program.
|
Tennessee
|
S 2544
|
Public Contracts
|
Failed - Adjourned
|
Prescribes certain contractual and reporting requirements to protect the integrity of financial transactions in this state.
|
Tennessee
|
S 2857
|
Physical Broadband Infrastructure
|
Failed - Adjourned
|
Prohibits the use of physical broadband infrastructure and equipment from certain entities and countries in the construction or use of existing critical telecommunications infrastructure; establishes related requirements and penalties.
|
Tennessee
|
S 2859
|
Public Contracts
|
Failed - Adjourned
|
Prohibits certain foreign entities from submitting bids for contracts with the state or a political subdivision of the state; requires entities bidding on contracts to make certain disclosures and certifications related to the entities' business relationship with certain foreign entities; provides for civil penalties if the disclosures or certifications are false.
|
Utah
|
H 239
|
State Employee Cybersecurity Training Requirements
|
Vetoed
|
Provides for a state cybersecurity awareness training program for all state executive branch employees; requires the Division of Technology services to create a yearly cybersecurity training course; requires all state executive branch employees to complete the cybersecurity training course once a year.
|
Utah
|
H 584
|
Economic Interruption Amendments
|
Enacted
|
Addresses the economic interruption of a business or governmental entity due to property damage or theft; creates a crime for property damage resulting in economic interruption of a business or governmental entity; creates a sentencing enhancement for property damage resulting in economic interruption of a business or governmental entity when the defendant has previous convictions of that same offense; creates a crime for theft resulting in economic interruption of a business or governmental entity.
|
Utah
|
S 98
|
Online Data Security and Privacy Amendments
|
Enacted
|
Relates to cybersecurity, breach notification requirements, and authorized domain name extensions; describes breach notification and reporting responsibilities to the Utah Cyber Center; provides that specified information may be deemed confidential and classified as a protected record; provides that a person providing notification of a breach of system security shall provide certain information, including but not limited to the date of the breach and the total number of people affected.
|
Utah
|
S 232
|
Minor Data Protection Amendments
|
Failed
|
Modifies the Protection of Personal Information Act. Requires a person who conducts business or offers services in the state, including educational services or healthcare, that collects or maintains the personal information of a minor to implement procedures that include multi-factor authentication and zero trust architecture practices.
|
Vermont
|
H 136
|
Prohibiting the Use of Social Media Platforms
|
Failed - Adjourned
|
Relates to prohibiting the use of certain social media platforms on state-owned devices and networks.
|
Vermont
|
H 231
|
Provide Notice of a Cybersecurity Breach
|
Failed - Adjourned
|
Relates to requiring municipalities to provide notice of a cybersecurity breach.
|
Vermont
|
H 344
|
Minimum Security Standards for Connected Devices
|
Failed - Adjourned
|
Relates to adopting minimum security standards for connected devices.
|
Virginia
|
H 651
|
Information Technologies Agency
|
Vetoed
|
Direct the Virginia Information Technologies Agency to assess the creation of a cyber civilian corps for the commonwealth.
|
Virginia
|
H 666
|
State Agencies Electronic Information Breach
|
Failed
|
Relates to state agencies; relates to electronic information breach; requires every state agency to promptly notify affected citizens of the commonwealth in the event of a breach of such state agencies electronic information system from unauthorized uses, intrusions, or other security threats, which breach compromises such citizens personal information; requires the chief information officer to provide requirements for such notifications.
|
Virginia
|
H 862
|
Electric Utilities
|
Enacted
|
Relates to electric utilities; relates to integrated resource plans; relates to grid-enhancing technologies and advanced conductors; requires an electric utility to include in a comprehensive assessment of the potential application of grid-enhancing technologies and advanced conductors in a manner that ensures grid reliability and safeguards the cybersecurity and physical security of the electric distribution grid.
|
Virginia
|
H 868
|
Computer Trespass
|
Failed - Adjourned
|
Relates to computer trespass; relates to elementary and secondary schools; relates to school board; relates to penalty; makes it a Class 6 felony for the offense of computer trespass when such offense is committed against any elementary or secondary school or school board.
|
Virginia
|
H 1095
|
Commonwealth Information Security Requirements
|
Failed
|
Relates to commonwealth information security requirements; requires state public bodies, defined in the bill, to comply with the commonwealth's security policies and standards, ensure each of their employees completes information security training, conduct regular security audits, report the results of such audits to the appropriate entity, and implement security monitoring and enter into memoranda of understanding with the CIO for sharing information with the commonwealth's central information security.
|
Virginia
|
S 222
|
Commonwealth Information Security Requirements
|
Enacted
|
Relates to commonwealth information security requirements; provides that no public body may use, whether directly or through work with or on behalf of another public body, any hardware, software, or services that have been prohibited by the U.S. Department of Homeland Security for use on federal systems; requires every public body to report all known incidents that threaten the security of the commonwealth's data or communications or result in exposure of data protected by federal or state laws.
|
Virginia
|
S 442
|
Computer Trespass
|
Failed - Adjourned
|
Relates to computer trespass; relates to elementary and secondary schools; relates to school board; relates to penalty; makes it a Class 6 felony for the offense of computer trespass when such offense is committed against any elementary or secondary school or school board.
|
Virginia
|
S 757
|
Unmanned Aircraft System
|
Pending
|
Relates to trespass with an unmanned aircraft system; relates to contracted defense facility; relates to penalty; creates a Class 4 felony for any person who knowingly and intentionally causes an unmanned aircraft system to enter the property of a contracted defense facility, defined in the bill, and obtains or attempts to obtain any videographic or still image of any information subject to the export control laws of the United States located within such facility.
|
U.S. Virgin Islands
|
B 86
|
Bureau of Information Technology Background Checks
|
Enacted
|
Requires background checks for all personnel and employees of the bureau of information technology, agencies that have data centers, and any employee who handles classified information.
|
Washington
|
H 1464
|
Critical Constituent and State Operational Data
|
Failed - Adjourned
|
Concerns the protection of critical constituent and state operational data against the financial and personal harm caused by ransomware and other malicious cyber activities.
|
Washington
|
H 1480
|
All Hazard Emergency Management
|
Failed - Adjourned
|
Concerns energy resilience, cybersecurity, and all-hazard emergency management.
|
Washington
|
H 2435
|
Tiktok in Washington
|
Failed - Adjourned
|
Bans TikTok in Washington.
|
Washington
|
S 5619
|
Cybersecurity Governance Framework
|
Failed - Adjourned
|
Establishes a cybersecurity governance framework within state government.
|
Washington
|
S 5843
|
Security Breaches of Election Systems
|
Enacted
|
Concerns security breaches of election systems and election-related systems.
|
Washington
|
SR 8657
|
Women in Cloud
|
Adopted
|
Recognizes Women in Cloud, which is a global network of women tech founders, executives, tech professionals, and allies who focus on training and workforce development efforts.
|
West Virginia
|
H 4805
|
Election Crimes and Security
|
Failed - Adjourned
|
Creates a Division of Election Crimes and Security within the office of the secretary of state and gives the secretary of state the authority to recommend prosecution to the appropriate judicial jurisdiction. The division of election crimes and security shall be authorized to investigate allegations and suspicions of election crimes and violations, security issues, potential for security breaches, and campaign violations.
|
West Virginia
|
H 4986
|
Computer Science and Cybersecurity Instruction
|
Enacted
|
Provides that the state superintendent of schools, or designee, shall seek, apply for, and if received, administer, and distribute through the Division of PK through 12 Adult Instruction and Career Engagement, any grants or other financial assistance that the federal government and other public or private sources shall make available for purposes of providing computer science and cybersecurity instruction to adults.
|
West Virginia
|
H 5072
|
Drones Use Produced in the United States
|
Failed - Adjourned
|
Requires drones used by state and county personnel to be produced in the United States.
|
West Virginia
|
H 5091
|
Critical Infrastructure Protection Act
|
Enacted
|
Removes the requirement that a critical infrastructure facility be enclosed by a fence or other physical barrier or be clearly marked with a sign or signs; increases felony penalties; adds second offense penalties for a person who willfully damages, destroys, vandalizes, defaces, or tampers with equipment in a critical infrastructure facility causing damage in excess of a specified amount; provides for forfeiture of items of property which are used in perpetration of theft or damage to infrastructure.
|
West Virginia
|
H 5247
|
Election Reform and Protections
|
Failed - Adjourned
|
Provides for election reform and protections. Defines voter election fraud which includes a cyberattack or manipulation. Requires voting tabulators to meet specific requirements.
|
West Virginia
|
H 5338
|
Consumer Data Protection Act
|
Vetoed
|
Provides for an affirmative legal defense to certain types of businesses against certain types of lawsuits claiming that the business failed to implement reasonable cybersecurity protections and that, as a result, a data breach of personal information or restricted information occurred, if the business creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, operational, and physical safeguards for the protection of personal information.
|
West Virginia
|
H 5424
|
Eligibility for and Amount of Unemployment Benefits
|
Failed - Adjourned
|
Modifies the unemployment insurance program. Requires verifying the identity of an applicant prior to awarding benefits and requiring multi-factor authentication as part of online applications.
|
West Virginia
|
H 5613
|
Plans to Protect State from Major Crises
|
Failed - Adjourned
|
Requires the governor to create plans to protect state from major crises, like cyberattacks to communication systems.
|
West Virginia
|
S 840
|
Unemployment Benefits
|
Failed - Adjourned
|
Modifies the unemployment insurance program. Requires verifying the identity of an applicant prior to awarding benefits and requiring multi-factor authentication as part of online applications.
|
Wisconsin
|
A 263
|
Governmental Use of Certain Mobile Software Application
|
Failed
|
Concerns state and local governmental use of certain mobile or online software applications and electronic devices.
|
Wisconsin
|
S 250
|
State and Local Governmental Use of Electronic Devices
|
Failed
|
Concerns state and local governmental use of certain mobile or online software applications and electronic devices.
|
Wyoming
|
H 100
|
Critical Infrastructure Resiliency
|
Failed
|
Relates to public utilities; creates the critical infrastructure resiliency initiative; specifies purposes for the initiative; creates the critical resilient infrastructure board; specifies members, duties and powers of the board; provides definitions; appropriates funds; provides for an effective date.
|