The proposed bill aims to enhance cybersecurity by prohibiting the use of certain applications on government-issued devices. It mandates public employers to block access to these "prohibited applications," which are defined as internet applications created or maintained by foreign entities that pose security risks, such as data collection, cyber-espionage, or misinformation campaigns. Public employers are required to restrict access to these applications on their networks and devices, and they must also retain the ability to remotely uninstall any such applications if necessary. Exceptions are made for law enforcement officers who may need to use these applications for public safety or investigative purposes.

Additionally, the bill outlines the responsibilities of the Department of Technology, Management, and Budget, which must compile and maintain a list of prohibited applications, update it quarterly, and establish procedures for granting waivers to allow certain employees to access these applications under specific conditions. Employees are required to remove any prohibited applications from their devices within 15 days of the list being updated. The act is set to take effect on July 1, 2025, and includes provisions for the department to promulgate rules for its implementation.