Bill Summary for S 83 (2023-2024)

Printer-friendly: Click to view

Bill Information:

View NCGA Bill Details2023-2024 Session
Senate Bill 83 (Public) Filed Wednesday, February 8, 2023
AN ACT REGARDING THE USE OF HIGH RISK PLATFORMS ON GOVERNMENT NETWORKS AND GOVERNMENT DEVICES.
Intro. by Moffitt, Perry, Hanig.

View: All Summaries for BillTracking:

Bill summary

Senate committee substitute to the 1st edition deletes the content of the 1st edition and replaces it with the following text. Makes conforming changes to the act's titles.

Enacts new GS 143-805 to Article 84 of GS Chapter 143 (various technology regulations) governing high-risk platforms on government networks and devices. Defines network and device. Also defines high risk platform as the following applications, websites, and other products that pose an unacceptable level of cybersecurity threat to data: (1) TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited, (2) WeChat or any successor application or service developed or provided by Tencent Holdings Limited or an entity owned by Tencent Holdings Limited, (3) Telegram or any successor application or service developed or provided by Telegram FZ LLC or an entity owned by Telegram FZ LLC.

Defines public agency as any of the following: (1) all agencies and constitutional officers of the state, including all boards, departments, divisions, constituent institutions of The University of North Carolina, community colleges, and other units of government in the executive branch; (2) units of local government as defined in GS 159-7 (a municipal corporation that is not subject to the State Budget Act and that has the power to levy taxes, including a consolidated city-county, and all boards, agencies, commissions, authorities, and institutions thereof that are not municipal corporations); (3) public authorities as defined in GS 159-7 (a municipal corporation (other than a unit of local government) that is not subject to the State Budget Act or a local governmental authority, board, commission, council, or agency that (i) is not a municipal corporation; (ii) is not subject to the State Budget Act; and (iii) operates on an area, regional, or multi-unit basis, and the budgeting and accounting systems of which are not fully a part of the budgeting and accounting systems of a unit of local government); and (4) public school units as defined in GS 115C-5 (local school administrative units, charter schools, and regional schools).

Bars public agencies, the judicial branch, and the legislative branch from using any high risk platform on the entity's network. Bars public agencies, the judicial branch, and the legislative branch from permitting their employees, elected officials, or appointees to install, use, or otherwise access a high risk platform on a device owned, leased, maintained, or otherwise controlled by any of these entities. Bars public agencies from permitting their students to access a high risk platform as described above on a device owned, leased, maintained, or otherwise controlled by the public agency.

Exempts officials or employees engaged in certain activities as part of their official duties (investigating or prosecuting crimes; identifying security or cybersecurity threats; protecting human life; establishing, testing, and maintaining firewalls, protocols, and otherwise implementing the statute; and participating in judicial or quasi-judicial proceedings) from the ban on installing, using, or otherwise accessing high risk platforms. Specifies that the new statute does not apply to users of an authorized account paying for use of communications services (cable, video programming, telecommunications, broadband, or high-speed Internet access service to the public, or any sector of the public, for a fee) under Article 16A of Chapter 160A of the General Statutes, including those communications services exempted under GS 160A-340.2(b) (communication services to an unserved area) or (c) (a city or joint agency providing communications services under certain conditions).

Specifies annual reporting requirements for public agencies to be submitted to the Chief Information Officer (CIO) by August 1 on the number of incidences of unauthorized uses and attempted uses of a high risk platform on that  public agency's network; whether those unauthorized uses were by an employee, elected official, appointee, or student of that public agency; and whether any of those unauthorized uses were on a device owned, leased, maintained, or otherwise controlled by that public agency. Requires CIO to submit a compilation of that information to the specified NCGA committee.

Requires public agencies and the judicial and legislative branches to each adopt a policy governing the use of its network and the use of high risk platforms on devices owned, leased, maintained, or otherwise controlled by these entities by July 1, 2023.

Requires employees, elected officials, or appointees of a public agency, the judicial branch, and the legislative branch who have a high risk platform on a device owned, leased, maintained, or otherwise controlled by these entities to remove, delete, or uninstall the high risk device no later than April 15, 2023. Requires students of public agencies to do the same.

Amends GS 14-456 (making it criminal offense to deny computer services to authorized users) and GS 14-456.1 (making it a criminal offense to deny government computer services to authorized users) to exempt the denial of high-risk platforms as set forth in new GS 143-805 from these laws.

Requires CIO to publish recommendations for appropriate access to high risk platforms for the purposes authorized by the new GS 143-805 by no later than April 15, 2023.

Effective April 1, 2023.