The bill amends Florida Statutes to establish new cybersecurity standards and liability protections for local governments and their vendors. It prohibits local governments from imposing cybersecurity standards or processes on vendors that exceed established guidelines, except when necessary to comply with state or federal laws. The bill defines "vendor" and specifies that local governments cannot adopt or enforce inconsistent cybersecurity standards for contracts entered into or amended after July 1, 2026.

Additionally, the bill creates a new section that limits liability for local governments, covered entities, and third-party agents in connection with cybersecurity incidents, provided they comply with certain cybersecurity standards and frameworks. It establishes a presumption against liability for covered entities and third-party agents that maintain a compliant cybersecurity program. The bill also clarifies that no private cause of action is created and outlines the burden of proof for defendants in civil actions related to cybersecurity incidents. Overall, the legislation aims to enhance cybersecurity practices while providing legal protections for local governments and their partners.

Statutes affected:
H 635 Filed: 282.3185
H 635 c1: 282.3185