The proposed bill, titled "Limitation on Liability for Cybersecurity Incidents," introduces a new section, 768.401, to the Florida Statutes. This section defines key terms such as "covered entity," "cybersecurity standards or frameworks," and "third-party agent." It establishes that counties, municipalities, and other political subdivisions, as well as covered entities and third-party agents, will not be held liable for cybersecurity incidents if they comply with specified cybersecurity standards, frameworks, and disaster recovery plans. Additionally, the bill outlines that a presumption against liability exists for covered entities and third-party agents that maintain a compliant cybersecurity program, and it specifies the burden of proof in related civil actions.

The bill also clarifies that it does not create a private cause of action and that evidence of a defendant's potential liability shield cannot be used in court to establish negligence. Furthermore, it mandates that covered entities and third-party agents must update their cybersecurity programs within one year of any relevant changes to frameworks or regulations to maintain their liability protections. The amendments made by this act will apply to any class action filed before, on, or after its effective date.