•  Summary 
  •  
  •  Actions 
  •  
  •  Committee Votes 
  •  
  •  Floor Votes 
  •  
  •  Memo 
  •  
  •  Text 
  •  
  •  LFIN 
  •  
  •  Chamber Video/Transcript 

A09312 Summary:

BILL NOA09312B
 
SAME ASSAME AS S09364-B
 
SPONSORRajkumar
 
COSPNSRAlvarez, Dickens, Lemondes, Brown K, Stern
 
MLTSPNSR
 
Add §163-e, St Fin L; add §103-h, Gen Muni L
 
Aligns state and local procurement laws with federal law prohibiting the procurement of certain information and communications technology and electronic parts or products which are determined to pose a risk to state and national security.
Go to top    

A09312 Actions:

BILL NOA09312B
 
02/27/2024referred to governmental operations
05/17/2024amend and recommit to governmental operations
05/17/2024print number 9312a
06/02/2024amend and recommit to governmental operations
06/02/2024print number 9312b
06/04/2024reference changed to ways and means
06/06/2024reported referred to rules
06/06/2024reported
06/06/2024rules report cal.503
06/06/2024ordered to third reading rules cal.503
Go to top

A09312 Memo:

NEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A9312B
 
SPONSOR: Rajkumar
  TITLE OF BILL: An act to amend the state finance law and the general municipal law, in relation to prohibiting procurement of certain technology that poses security threats   PURPOSE OR GENERAL IDEA OF BILL: To prohibit the state and all municipalities from procuring technology that poses a security threat.   SUMMARY OF PROVISIONS: Section 1 amends the state finance law by adding a new section 163-e prohibiting the state from procurement of technology from companies prohibited from federal procurement under certain sections of Public Law; or a company for which procurement was determined to be a national security threat; and designates entities with waiver authority. Section 2 amends the general municipal law by adding a new section 103-h providing for the same procurement prohibition for municipalities. Section 3-directs the Office of General Services to promulgate rules and regulations on state procurement, as well as issue guidance to local procurement authorities. Section 4 is the effective date.   JUSTIFICATION: Security experts in the federal government have determined that govern- ment use of technology from certain international companies poses a threat to national security, due to the companies' close ties to another country's government. This technology has the genuine potential to surreptitiously transmit sensitive data to another country, and act as a "back door" for another country to engage in cyberattacks. Due to the security concern, Congress has passed multiple laws prohibit- ing this technology from federal procurement. Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 estab- lished a policy that the federal government would actively maintain and update a list of prohibited international tech products that posed a security threat. Section 5459 of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 prohibited federal procurement of technology containing semiconductors from certain international compa- nies. ' Additionally, the Department of Defense Inspector General's report "Audit of the DoD's Management of the Cybersedurity Risks for Government Purchase Card Purchases of Commercial Off-the-Shelf Items" (DODIG-2019- 106) concluded that the US Navy's procurement of technology from certain, international companies Constituted a threat to national secu- rity. Nonetheless, New York is one of 49 states that still procures technology from these companies, with contracts worth tens of millions of dollars. This bill prohibits the State and all municipalities from procurement of technology from the companies whose procurement the federal government determined to be a national security threat, protecting sensitive infor- mation and preventing cyberattacks. This will also support the growing domestic semiconductor industry, including the planned $100 billion semicondudtor plant in Clay, New York. The act takes effect in five years, a time when there is projected to be a robust domestic semicon- ductor industry.   PRIOR LEGISLATIVE HISTORY: New bill.   FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS: Minimal.   EFFECTIVE DATE: This act shall take effect five years-after it shall have become a law. Effective immediately, the office of.general services is authorized to promulgate rules and regulations and issue guidance to all state agen- cies and local procurement authorities necessary for the implementation of this act on its effective date, including providing updates on prohibited or excluded entities for procurement contracts in conformity with federal law, rules and regulations.
Go to top

A09312 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                         9312--B
 
                   IN ASSEMBLY
 
                                    February 27, 2024
                                       ___________
 
        Introduced by M. of A. RAJKUMAR, ALVAREZ, DICKENS, LEMONDES, K. BROWN --
          read  once and referred to the Committee on Governmental Operations --
          committee discharged, bill amended, ordered reprinted as  amended  and
          recommitted  to  said  committee -- again reported from said committee
          with amendments, ordered reprinted as amended and recommitted to  said
          committee

        AN  ACT to amend the state finance law and the general municipal law, in
          relation to prohibiting procurement of certain technology  that  poses
          security threats
 
          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:
 
     1    Section 1. The state finance law is amended by adding  a  new  section
     2  163-e to read as follows:
     3    §  163-e.  Restriction  on purchasing certain technology which poses a
     4  security threat. 1. (a) Notwithstanding any  inconsistent  provision  of
     5  law, the state and any department, bureau, board, commission, authority,
     6  and  any  other  agency  or instrumentality of the state shall not enter
     7  into or renew any contract  or  agreement  to  procure  information  and
     8  communications  technology,  including hardware, systems, devices, soft-
     9  ware, or services that include embedded or incidental information  tech-
    10  nology,  which  are  prohibited  from  federal  procurement  pursuant to
    11  section 889 of Public Law 115-232 of 2018.
    12    (b) The term "information and communications technology" means:
    13    (i) information technology, as defined in section 11101 of title 40;
    14    (ii) information systems, as defined in 44 U.S.C. 3502; and
    15    (iii) telecommunications equipment and telecommunications services, as
    16  those terms are defined in section 3 of the Communications Act  of  1934
    17  (47 U.S.C. 153).
    18    (c)  The  term  "information  and communications technology" shall not
    19  include automated-decision making systems.
    20    2. The chief information officer shall, in consultation with the divi-
    21  sion of homeland security and  emergency  services  and  the  office  of
    22  general  services,  establish  and update regularly a list of restricted
    23  information and communications technology. Technology on this list shall
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD14405-06-4

        A. 9312--B                          2
 
     1  not be procured by any state agency, state or local authority, or  poli-
     2  tical  subdivision  unless  a  waiver  is issued pursuant to subdivision
     3  three of this section or the chief information officer  determines  that
     4  the technology shall only be restricted in limited circumstances.
     5    The list shall:
     6    (a)  contain  information  and communications technologies that pose a
     7  security risk to the state of New York or its political subdivisions. In
     8  determining whether information and communications technology poses such
     9  a risk, the chief information officer  shall  consult  relevant  federal
    10  sources,  including  the department of defense  inspector general report
    11  no. DODIG-2019-106, as well as any other source that shall be determined
    12  to be relevant;
    13    (b) describe the scope of each restriction,  such  as  whether  it  is
    14  generally  prohibited  or  prohibited  in  certain circumstances or from
    15  certain entities;
    16    (c) include an explanation as to why items were included on the  list;
    17  and
    18    (d)  be  published online and communicated to all relevant procurement
    19  officers in all state agencies, state authorities, and political  subdi-
    20  visions.
    21    3.  The  commissioner of homeland security and emergency services, the
    22  commissioner of the office of general services,  the  adjutant  general,
    23  the  chief information officer, the chief cyber officer, the chief tech-
    24  nology officer of the city of New York and any federal agency authorized
    25  under section 889 of Public Law 115-232 of 2018, may  provide  a  waiver
    26  from this section if:
    27    (a)  any  such entity determines the waiver is in the interests of the
    28  state or political subdivision;
    29    (b) no compliant product or service is available to  be  procured  as,
    30  and  when,  needed at United States market prices or a price that is not
    31  considered prohibitively expensive; and
    32    (c) such waiver could not reasonably be  expected  to  compromise  the
    33  security or integrity of a computer network operated by an instrumental-
    34  ity of the state.
    35    4. Nothing in this section shall be construed:
    36    (a)  to require any information and communications technology resident
    37  in equipment, systems, or services as of the day  before  the  effective
    38  date of this section to be removed or replaced;
    39    (b)  to  prohibit  or  limit  the  utilization of such information and
    40  communications technology throughout  the  lifecycle  of  such  existing
    41  equipment; or
    42    (c) to require the recipient of a state contract, grant, loan, or loan
    43  guarantee  to replace information and communications technology resident
    44  in equipment, systems, or services before the  effective  date  of  this
    45  section.
    46    §  2.  The  general  municipal  law is amended by adding a new section
    47  103-h to read as follows:
    48    § 103-h.  Restriction on purchasing certain technology which  poses  a
    49  security  threat.  1.  (a) Notwithstanding any inconsistent provision of
    50  law a political subdivision shall not enter into or renew  any  contract
    51  or  agreement  to  procure  information  and  communications technology,
    52  including hardware, systems, devices, software, or services that include
    53  embedded or incidental information technology, which are prohibited from
    54  federal procurement pursuant to section 889 of  Public  Law  115-232  of
    55  2018,  or which are included on the list created pursuant to subdivision
    56  two of section one hundred sixty-three-e of the state finance law.

        A. 9312--B                          3
 
     1    (b) The term "information and communications technology" means:
     2    (i) information technology, as defined in 40 U.S.C. 11101;
     3    (ii) information systems, as defined in 44 U.S.C. 3502; and
     4    (iii) telecommunications equipment and telecommunications services, as
     5  those  terms  are defined in section 3 of the Communications Act of 1934
     6  (47 U.S.C. 153).
     7    2.  The commissioner of homeland security and emergency services,  the
     8  commissioner  of  the  office of general services, the adjutant general,
     9  the chief information officer, the chief cyber officer, the chief  tech-
    10  nology officer of the city of New York and any federal agency authorized
    11  under  section  889  of Public Law 115-232 of 2018, may provide a waiver
    12  from this section if:
    13    (a) any such entity determines the waiver is in the  interest  of  the
    14  political subdivision;
    15    (b)  no  compliant  product or service is available to be procured as,
    16  and when, needed at United States market prices or a price that  is  not
    17  considered prohibitively expensive; and
    18    (c)  such  waiver  could  not reasonably be expected to compromise the
    19  security or integrity of a computer network operated by an instrumental-
    20  ity of the state.
    21    4. Nothing in this section shall be construed:
    22    (a) to require any information and communications technology  resident
    23  in  equipment,  systems,  or services as of the day before the effective
    24  date of this section to be removed or replaced;
    25    (b) to prohibit or limit  the  utilization  of  such  information  and
    26  communications  technology  throughout  the  lifecycle  of such existing
    27  equipment; or
    28    (c) to require the recipient of a state contract, grant, loan, or loan
    29  guarantee to replace information and communications technology  resident
    30  in  equipment,  systems,  or  services before the effective date of this
    31  section.
    32    § 3. No later than the effective date  of  this  act,  the  office  of
    33  general  services shall promulgate rules and regulations and issue guid-
    34  ance to all state agencies and local procurement authorities  necessary,
    35  including  providing   updates   on prohibited  or excluded entities for
    36  procurement contracts in conformity with federal law,  rules  and  regu-
    37  lations,  no  later  than  sixty  days after any entity is prohibited or
    38  excluded.
    39    § 4. This act shall take effect two years after it shall have become a
    40  law. Effective immediately, the office of general services is authorized
    41  to promulgate rules and regulations and  issue  guidance  to  all  state
    42  agencies and local procurement authorities necessary for the implementa-
    43  tion  of  this act on its effective date, including providing updates on
    44  prohibited or excluded entities for procurement contracts in  conformity
    45  with federal law, rules and regulations.
Go to top