A09312 Summary:
| BILL NO | A09312B |
| SAME AS | SAME AS S09364-B |
| SPONSOR | Rajkumar |
| COSPNSR | Alvarez, Dickens, Lemondes, Brown K, Stern |
| MLTSPNSR | |
| Add §163-e, St Fin L; add §103-h, Gen Muni L | |
| Aligns state and local procurement laws with federal law prohibiting the procurement of certain information and communications technology and electronic parts or products which are determined to pose a risk to state and national security. | |
A09312 Actions:
| BILL NO | A09312B | |||||||||||||||||||||||||||||||||||||||||||||||||
| 02/27/2024 | referred to governmental operations | |||||||||||||||||||||||||||||||||||||||||||||||||
| 05/17/2024 | amend and recommit to governmental operations | |||||||||||||||||||||||||||||||||||||||||||||||||
| 05/17/2024 | print number 9312a | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/02/2024 | amend and recommit to governmental operations | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/02/2024 | print number 9312b | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/04/2024 | reference changed to ways and means | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/06/2024 | reported referred to rules | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/06/2024 | reported | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/06/2024 | rules report cal.503 | |||||||||||||||||||||||||||||||||||||||||||||||||
| 06/06/2024 | ordered to third reading rules cal.503 | |||||||||||||||||||||||||||||||||||||||||||||||||
A09312 Memo:
Go to topNEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
submitted in accordance with Assembly Rule III, Sec 1(f)
TITLE OF BILL: An act to amend the state finance law and the general municipal law, in relation to prohibiting procurement of certain technology that poses security threats PURPOSE OR GENERAL IDEA OF BILL: To prohibit the state and all municipalities from procuring technology that poses a security threat. SUMMARY OF PROVISIONS: Section 1 amends the state finance law by adding a new section 163-e prohibiting the state from procurement of technology from companies prohibited from federal procurement under certain sections of Public Law; or a company for which procurement was determined to be a national security threat; and designates entities with waiver authority. Section 2 amends the general municipal law by adding a new section 103-h providing for the same procurement prohibition for municipalities. Section 3-directs the Office of General Services to promulgate rules and regulations on state procurement, as well as issue guidance to local procurement authorities. Section 4 is the effective date. JUSTIFICATION: Security experts in the federal government have determined that govern- ment use of technology from certain international companies poses a threat to national security, due to the companies' close ties to another country's government. This technology has the genuine potential to surreptitiously transmit sensitive data to another country, and act as a "back door" for another country to engage in cyberattacks. Due to the security concern, Congress has passed multiple laws prohibit- ing this technology from federal procurement. Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 estab- lished a policy that the federal government would actively maintain and update a list of prohibited international tech products that posed a security threat. Section 5459 of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 prohibited federal procurement of technology containing semiconductors from certain international compa- nies. ' Additionally, the Department of Defense Inspector General's report "Audit of the DoD's Management of the Cybersedurity Risks for Government Purchase Card Purchases of Commercial Off-the-Shelf Items" (DODIG-2019- 106) concluded that the US Navy's procurement of technology from certain, international companies Constituted a threat to national secu- rity. Nonetheless, New York is one of 49 states that still procures technology from these companies, with contracts worth tens of millions of dollars. This bill prohibits the State and all municipalities from procurement of technology from the companies whose procurement the federal government determined to be a national security threat, protecting sensitive infor- mation and preventing cyberattacks. This will also support the growing domestic semiconductor industry, including the planned $100 billion semicondudtor plant in Clay, New York. The act takes effect in five years, a time when there is projected to be a robust domestic semicon- ductor industry. PRIOR LEGISLATIVE HISTORY: New bill. FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS: Minimal. EFFECTIVE DATE: This act shall take effect five years-after it shall have become a law. Effective immediately, the office of.general services is authorized to promulgate rules and regulations and issue guidance to all state agen- cies and local procurement authorities necessary for the implementation of this act on its effective date, including providing updates on prohibited or excluded entities for procurement contracts in conformity with federal law, rules and regulations.
A09312 Text:
Go to topSTATE OF NEW YORK ________________________________________________________________________ 9312--B IN ASSEMBLY February 27, 2024 ___________ Introduced by M. of A. RAJKUMAR, ALVAREZ, DICKENS, LEMONDES, K. BROWN -- read once and referred to the Committee on Governmental Operations -- committee discharged, bill amended, ordered reprinted as amended and recommitted to said committee -- again reported from said committee with amendments, ordered reprinted as amended and recommitted to said committee AN ACT to amend the state finance law and the general municipal law, in relation to prohibiting procurement of certain technology that poses security threats The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. The state finance law is amended by adding a new section 2 163-e to read as follows: 3 § 163-e. Restriction on purchasing certain technology which poses a 4 security threat. 1. (a) Notwithstanding any inconsistent provision of 5 law, the state and any department, bureau, board, commission, authority, 6 and any other agency or instrumentality of the state shall not enter 7 into or renew any contract or agreement to procure information and 8 communications technology, including hardware, systems, devices, soft- 9 ware, or services that include embedded or incidental information tech- 10 nology, which are prohibited from federal procurement pursuant to 11 section 889 of Public Law 115-232 of 2018. 12 (b) The term "information and communications technology" means: 13 (i) information technology, as defined in section 11101 of title 40; 14 (ii) information systems, as defined in 44 U.S.C. 3502; and 15 (iii) telecommunications equipment and telecommunications services, as 16 those terms are defined in section 3 of the Communications Act of 1934 17 (47 U.S.C. 153). 18 (c) The term "information and communications technology" shall not 19 include automated-decision making systems. 20 2. The chief information officer shall, in consultation with the divi- 21 sion of homeland security and emergency services and the office of 22 general services, establish and update regularly a list of restricted 23 information and communications technology. Technology on this list shall EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD14405-06-4A. 9312--B 2 1 not be procured by any state agency, state or local authority, or poli- 2 tical subdivision unless a waiver is issued pursuant to subdivision 3 three of this section or the chief information officer determines that 4 the technology shall only be restricted in limited circumstances. 5 The list shall: 6 (a) contain information and communications technologies that pose a 7 security risk to the state of New York or its political subdivisions. In 8 determining whether information and communications technology poses such 9 a risk, the chief information officer shall consult relevant federal 10 sources, including the department of defense inspector general report 11 no. DODIG-2019-106, as well as any other source that shall be determined 12 to be relevant; 13 (b) describe the scope of each restriction, such as whether it is 14 generally prohibited or prohibited in certain circumstances or from 15 certain entities; 16 (c) include an explanation as to why items were included on the list; 17 and 18 (d) be published online and communicated to all relevant procurement 19 officers in all state agencies, state authorities, and political subdi- 20 visions. 21 3. The commissioner of homeland security and emergency services, the 22 commissioner of the office of general services, the adjutant general, 23 the chief information officer, the chief cyber officer, the chief tech- 24 nology officer of the city of New York and any federal agency authorized 25 under section 889 of Public Law 115-232 of 2018, may provide a waiver 26 from this section if: 27 (a) any such entity determines the waiver is in the interests of the 28 state or political subdivision; 29 (b) no compliant product or service is available to be procured as, 30 and when, needed at United States market prices or a price that is not 31 considered prohibitively expensive; and 32 (c) such waiver could not reasonably be expected to compromise the 33 security or integrity of a computer network operated by an instrumental- 34 ity of the state. 35 4. Nothing in this section shall be construed: 36 (a) to require any information and communications technology resident 37 in equipment, systems, or services as of the day before the effective 38 date of this section to be removed or replaced; 39 (b) to prohibit or limit the utilization of such information and 40 communications technology throughout the lifecycle of such existing 41 equipment; or 42 (c) to require the recipient of a state contract, grant, loan, or loan 43 guarantee to replace information and communications technology resident 44 in equipment, systems, or services before the effective date of this 45 section. 46 § 2. The general municipal law is amended by adding a new section 47 103-h to read as follows: 48 § 103-h. Restriction on purchasing certain technology which poses a 49 security threat. 1. (a) Notwithstanding any inconsistent provision of 50 law a political subdivision shall not enter into or renew any contract 51 or agreement to procure information and communications technology, 52 including hardware, systems, devices, software, or services that include 53 embedded or incidental information technology, which are prohibited from 54 federal procurement pursuant to section 889 of Public Law 115-232 of 55 2018, or which are included on the list created pursuant to subdivision 56 two of section one hundred sixty-three-e of the state finance law.A. 9312--B 3 1 (b) The term "information and communications technology" means: 2 (i) information technology, as defined in 40 U.S.C. 11101; 3 (ii) information systems, as defined in 44 U.S.C. 3502; and 4 (iii) telecommunications equipment and telecommunications services, as 5 those terms are defined in section 3 of the Communications Act of 1934 6 (47 U.S.C. 153). 7 2. The commissioner of homeland security and emergency services, the 8 commissioner of the office of general services, the adjutant general, 9 the chief information officer, the chief cyber officer, the chief tech- 10 nology officer of the city of New York and any federal agency authorized 11 under section 889 of Public Law 115-232 of 2018, may provide a waiver 12 from this section if: 13 (a) any such entity determines the waiver is in the interest of the 14 political subdivision; 15 (b) no compliant product or service is available to be procured as, 16 and when, needed at United States market prices or a price that is not 17 considered prohibitively expensive; and 18 (c) such waiver could not reasonably be expected to compromise the 19 security or integrity of a computer network operated by an instrumental- 20 ity of the state. 21 4. Nothing in this section shall be construed: 22 (a) to require any information and communications technology resident 23 in equipment, systems, or services as of the day before the effective 24 date of this section to be removed or replaced; 25 (b) to prohibit or limit the utilization of such information and 26 communications technology throughout the lifecycle of such existing 27 equipment; or 28 (c) to require the recipient of a state contract, grant, loan, or loan 29 guarantee to replace information and communications technology resident 30 in equipment, systems, or services before the effective date of this 31 section. 32 § 3. No later than the effective date of this act, the office of 33 general services shall promulgate rules and regulations and issue guid- 34 ance to all state agencies and local procurement authorities necessary, 35 including providing updates on prohibited or excluded entities for 36 procurement contracts in conformity with federal law, rules and regu- 37 lations, no later than sixty days after any entity is prohibited or 38 excluded. 39 § 4. This act shall take effect two years after it shall have become a 40 law. Effective immediately, the office of general services is authorized 41 to promulgate rules and regulations and issue guidance to all state 42 agencies and local procurement authorities necessary for the implementa- 43 tion of this act on its effective date, including providing updates on 44 prohibited or excluded entities for procurement contracts in conformity 45 with federal law, rules and regulations.