Florida Senate - 2026                        COMMITTEE AMENDMENT
       Bill No. SB 692
       
       
       
       
       
       
                                Ì434400bÎ434400                         
       
                              LEGISLATIVE ACTION                        
                    Senate             .             House              
                                       .                                
                                       .                                
                                       .                                
                                       .                                
                                       .                                
       —————————————————————————————————————————————————————————————————




       —————————————————————————————————————————————————————————————————
       The Committee on Governmental Oversight and Accountability
       (Leek) recommended the following:
       
    1         Senate Amendment (with title amendment)
    2  
    3         Delete lines 33 - 71
    4  and insert:
    5         Section 1. Paragraph (a) of subsection (4) of section
    6  282.3185, Florida Statutes, is amended to read:
    7         282.3185 Local government cybersecurity.—
    8         (4) CYBERSECURITY STANDARDS.—
    9         (a)1. Each local government shall adopt cybersecurity
   10  standards that safeguard its data, information technology, and
   11  information technology resources to ensure availability,
   12  confidentiality, and integrity. The cybersecurity standards must
   13  be consistent with generally accepted best practices for
   14  cybersecurity, including the National Institute of Standards and
   15  Technology Cybersecurity Framework.
   16         2. A local government may not impose cybersecurity
   17  standards or processes on a vendor that exceed the standards or
   18  processes established under this paragraph, except as necessary
   19  to comply with state or federal laws, or with industry-specific
   20  requirements applicable to regulated sectors. For purposes of
   21  this paragraph, "vendor" means a sole proprietorship,
   22  partnership, corporation, trust, estate, cooperative,
   23  association, or other commercial entity that contracts with a
   24  local government to provide information technology commodities
   25  or services.
   26         3. A local government may not adopt or enforce any
   27  cybersecurity standards or processes that are inconsistent with
   28  this paragraph for contracts entered into or amended on or after
   29  July 1, 2026.
   30  
   31  ================= T I T L E  A M E N D M E N T ================
   32  And the title is amended as follows:
   33         Delete lines 3 - 11
   34  and insert:
   35         liability; amending s. 282.3185, F.S.; prohibiting
   36         local governments from imposing certain cybersecurity
   37         standards or processes on vendors; defining the term
   38         "vendor"; prohibiting local governments from adopting
   39         or enforcing certain cybersecurity standards or
   40         processes; creating s. 768.401, F.S.;