The proposed bill would update current statutes by introducing several new provisions aimed at enhancing the security of Arizona's critical infrastructure. It would prohibit any software used for critical infrastructure from being produced by a Chinese company and require annual certification from critical communications infrastructure providers regarding the use of prohibited equipment. Additionally, it would preclude governmental entities from entering contracts with Chinese companies that provide access to critical infrastructure and mandate the Arizona Corporation Commission (ACC) to publish an annual list of prohibited equipment. The bill also establishes a Risk-Based Oversight Program for the ACC, which includes self-certification and audit provisions for service providers. Moreover, the bill would define critical infrastructure and critical communications infrastructure, allow exceptions for purchasing prohibited equipment under specific conditions, and establish a new chapter (Chapter 42) outlining prohibited agreements with the People's Republic of China. It specifies conditions under which such agreements may be permissible and requires a secure communications channel for critical infrastructure providers during emergencies. The bill aims to modernize the existing legal framework by incorporating relevant updates and removing obsolete language that no longer reflects current practices or standards, thereby streamlining the statute and enhancing clarity and compliance.

Statutes affected:
Introduced Version: 18-105
House Engrossed Version: 18-105