Aligns state and local procurement laws with federal law prohibiting the procurement of certain information and communications technology and electronic parts or products which are determined to pose a risk to state and national security.
NEW YORK STATE ASSEMBLY MEMORANDUM IN SUPPORT OF LEGISLATION submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A9312B
SPONSOR: Rajkumar
 
TITLE OF BILL:
An act to amend the state finance law and the general municipal law, in
relation to prohibiting procurement of certain technology that poses
security threats
 
PURPOSE OR GENERAL IDEA OF BILL:
To prohibit the state and all municipalities from procuring technology
that poses a security threat.
 
SUMMARY OF PROVISIONS:
Section 1 amends the state finance law by adding a new section 163-e
prohibiting the state from procurement of technology from companies
prohibited from federal procurement under certain sections of Public
Law; or a company for which procurement was determined to be a national
security threat; and designates entities with waiver authority.
Section 2 amends the general municipal law by adding a new section 103-h
providing for the same procurement prohibition for municipalities.
Section 3-directs the Office of General Services to promulgate rules and
regulations on state procurement, as well as issue guidance to local
procurement authorities.
Section 4 is the effective date.
 
JUSTIFICATION:
Security experts in the federal government have determined that govern-
ment use of technology from certain international companies poses a
threat to national security, due to the companies' close ties to another
country's government. This technology has the genuine potential to
surreptitiously transmit sensitive data to another country, and act as a
"back door" for another country to engage in cyberattacks.
Due to the security concern, Congress has passed multiple laws prohibit-
ing this technology from federal procurement. Section 889 of the John S.
McCain National Defense Authorization Act for Fiscal Year 2019 estab-
lished a policy that the federal government would actively maintain and
update a list of prohibited international tech products that posed a
security threat. Section 5459 of the James M. Inhofe National Defense
Authorization Act for Fiscal Year 2023 prohibited federal procurement of
technology containing semiconductors from certain international compa-
nies.
' Additionally, the Department of Defense Inspector General's report
"Audit of the DoD's Management of the Cybersedurity Risks for Government
Purchase Card Purchases of Commercial Off-the-Shelf Items" (DODIG-2019-
106) concluded that the US Navy's procurement of technology from
certain, international companies Constituted a threat to national secu-
rity.
Nonetheless, New York is one of 49 states that still procures technology
from these companies, with contracts worth tens of millions of dollars.
This bill prohibits the State and all municipalities from procurement of
technology from the companies whose procurement the federal government
determined to be a national security threat, protecting sensitive infor-
mation and preventing cyberattacks. This will also support the growing
domestic semiconductor industry, including the planned $100 billion
semicondudtor plant in Clay, New York. The act takes effect in five
years, a time when there is projected to be a robust domestic semicon-
ductor industry.
 
PRIOR LEGISLATIVE HISTORY:
New bill.
 
FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS:
Minimal.
 
EFFECTIVE DATE:
This act shall take effect five years-after it shall have become a law.
Effective immediately, the office of.general services is authorized to
promulgate rules and regulations and issue guidance to all state agen-
cies and local procurement authorities necessary for the implementation
of this act on its effective date, including providing updates on
prohibited or excluded entities for procurement contracts in conformity
with federal law, rules and regulations.
STATE OF NEW YORK
________________________________________________________________________
9312--B
IN ASSEMBLY
February 27, 2024
___________
Introduced by M. of A. RAJKUMAR, ALVAREZ, DICKENS, LEMONDES, K. BROWN --
read once and referred to the Committee on Governmental Operations --
committee discharged, bill amended, ordered reprinted as amended and
recommitted to said committee -- again reported from said committee
with amendments, ordered reprinted as amended and recommitted to said
committee
AN ACT to amend the state finance law and the general municipal law, in
relation to prohibiting procurement of certain technology that poses
security threats
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. The state finance law is amended by adding a new section
2 163-e to read as follows:
3 § 163-e. Restriction on purchasing certain technology which poses a
4 security threat. 1. (a) Notwithstanding any inconsistent provision of
5 law, the state and any department, bureau, board, commission, authority,
6 and any other agency or instrumentality of the state shall not enter
7 into or renew any contract or agreement to procure information and
8 communications technology, including hardware, systems, devices, soft-
9 ware, or services that include embedded or incidental information tech-
10 nology, which are prohibited from federal procurement pursuant to
11 section 889 of Public Law 115-232 of 2018.
12 (b) The term "information and communications technology" means:
13 (i) information technology, as defined in section 11101 of title 40;
14 (ii) information systems, as defined in 44 U.S.C. 3502; and
15 (iii) telecommunications equipment and telecommunications services, as
16 those terms are defined in section 3 of the Communications Act of 1934
17 (47 U.S.C. 153).
18 (c) The term "information and communications technology" shall not
19 include automated-decision making systems.
20 2. The chief information officer shall, in consultation with the divi-
21 sion of homeland security and emergency services and the office of
22 general services, establish and update regularly a list of restricted
23 information and communications technology. Technology on this list shall
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD14405-06-4
A. 9312--B 2
1 not be procured by any state agency, state or local authority, or poli-
2 tical subdivision unless a waiver is issued pursuant to subdivision
3 three of this section or the chief information officer determines that
4 the technology shall only be restricted in limited circumstances.
5 The list shall:
6 (a) contain information and communications technologies that pose a
7 security risk to the state of New York or its political subdivisions. In
8 determining whether information and communications technology poses such
9 a risk, the chief information officer shall consult relevant federal
10 sources, including the department of defense inspector general report
11 no. DODIG-2019-106, as well as any other source that shall be determined
12 to be relevant;
13 (b) describe the scope of each restriction, such as whether it is
14 generally prohibited or prohibited in certain circumstances or from
15 certain entities;
16 (c) include an explanation as to why items were included on the list;
17 and
18 (d) be published online and communicated to all relevant procurement
19 officers in all state agencies, state authorities, and political subdi-
20 visions.
21 3. The commissioner of homeland security and emergency services, the
22 commissioner of the office of general services, the adjutant general,
23 the chief information officer, the chief cyber officer, the chief tech-
24 nology officer of the city of New York and any federal agency authorized
25 under section 889 of Public Law 115-232 of 2018, may provide a waiver
26 from this section if:
27 (a) any such entity determines the waiver is in the interests of the
28 state or political subdivision;
29 (b) no compliant product or service is available to be procured as,
30 and when, needed at United States market prices or a price that is not
31 considered prohibitively expensive; and
32 (c) such waiver could not reasonably be expected to compromise the
33 security or integrity of a computer network operated by an instrumental-
34 ity of the state.
35 4. Nothing in this section shall be construed:
36 (a) to require any information and communications technology resident
37 in equipment, systems, or services as of the day before the effective
38 date of this section to be removed or replaced;
39 (b) to prohibit or limit the utilization of such information and
40 communications technology throughout the lifecycle of such existing
41 equipment; or
42 (c) to require the recipient of a state contract, grant, loan, or loan
43 guarantee to replace information and communications technology resident
44 in equipment, systems, or services before the effective date of this
45 section.
46 § 2. The general municipal law is amended by adding a new section
47 103-h to read as follows:
48 § 103-h. Restriction on purchasing certain technology which poses a
49 security threat. 1. (a) Notwithstanding any inconsistent provision of
50 law a political subdivision shall not enter into or renew any contract
51 or agreement to procure information and communications technology,
52 including hardware, systems, devices, software, or services that include
53 embedded or incidental information technology, which are prohibited from
54 federal procurement pursuant to section 889 of Public Law 115-232 of
55 2018, or which are included on the list created pursuant to subdivision
56 two of section one hundred sixty-three-e of the state finance law.
A. 9312--B 3
1 (b) The term "information and communications technology" means:
2 (i) information technology, as defined in 40 U.S.C. 11101;
3 (ii) information systems, as defined in 44 U.S.C. 3502; and
4 (iii) telecommunications equipment and telecommunications services, as
5 those terms are defined in section 3 of the Communications Act of 1934
6 (47 U.S.C. 153).
7 2. The commissioner of homeland security and emergency services, the
8 commissioner of the office of general services, the adjutant general,
9 the chief information officer, the chief cyber officer, the chief tech-
10 nology officer of the city of New York and any federal agency authorized
11 under section 889 of Public Law 115-232 of 2018, may provide a waiver
12 from this section if:
13 (a) any such entity determines the waiver is in the interest of the
14 political subdivision;
15 (b) no compliant product or service is available to be procured as,
16 and when, needed at United States market prices or a price that is not
17 considered prohibitively expensive; and
18 (c) such waiver could not reasonably be expected to compromise the
19 security or integrity of a computer network operated by an instrumental-
20 ity of the state.
21 4. Nothing in this section shall be construed:
22 (a) to require any information and communications technology resident
23 in equipment, systems, or services as of the day before the effective
24 date of this section to be removed or replaced;
25 (b) to prohibit or limit the utilization of such information and
26 communications technology throughout the lifecycle of such existing
27 equipment; or
28 (c) to require the recipient of a state contract, grant, loan, or loan
29 guarantee to replace information and communications technology resident
30 in equipment, systems, or services before the effective date of this
31 section.
32 § 3. No later than the effective date of this act, the office of
33 general services shall promulgate rules and regulations and issue guid-
34 ance to all state agencies and local procurement authorities necessary,
35 including providing updates on prohibited or excluded entities for
36 procurement contracts in conformity with federal law, rules and regu-
37 lations, no later than sixty days after any entity is prohibited or
38 excluded.
39 § 4. This act shall take effect two years after it shall have become a
40 law. Effective immediately, the office of general services is authorized
41 to promulgate rules and regulations and issue guidance to all state
42 agencies and local procurement authorities necessary for the implementa-
43 tion of this act on its effective date, including providing updates on
44 prohibited or excluded entities for procurement contracts in conformity
45 with federal law, rules and regulations.