WeVote

Bill

Bill

H 3363

An Act relative to cyber procurement projects

194th Legislature (2025-2026) Introduced by Kim Ferguson and 4 co-sponsors

Massachusetts bill requires state IT procurement to favor vendors with cybersecurity insurance, while uninsured firms may still bid and win.

Hearing scheduled for 07/15/2025 from 01:00 PM-05:00 PM in B-1
0
WeVote Research Nonpartisan
Bill Summary · H 3363

Summary of H.3363: An Act relative to cyber procurement projects

Overview

H.3363, introduced February 27, 2025, is a Massachusetts bill titled “An Act relative to cyber procurement projects.” The bill would amend Chapter 30B of the General Laws by adding a new Section 24. The core idea is to influence how state agencies procure information technology (IT) goods or services by encouraging cybersecurity insurance among vendors.

  • Status: Hearing scheduled for July 15, 2025 (1:00 PM – 5:00 PM) in room B-1.
  • Primary sponsor: Representative Bradley H. Jones, Jr. (and cosponsors listed in the petition text).
  • Referred to: Committee on State Administration and Regulatory Oversight.
  • Related/preceding measures: House Docket No. 1336 (the bill text here), with historical reference to similar matters in prior sessions (e.g., House No. 3062 of 2023-2024).

Key Provisions

  • Insertion of new Section 24 into Chapter 30B, after Section 23 (as appearing in the 2022 Official Edition).
  • Core requirement: “Any state agency procuring information technology goods or services shall give preference to vendors which carry cybersecurity insurance.”
  • Non-exclusionary language: The provision explicitly states that the preference “shall not be construed to preclude vendors without cybersecurity insurance from submitting solicitations to the state or being awarded bids by the state for information technology goods or services.” In other words, insurers are given a preferential consideration, but uninsured vendors can still compete and win.
  • Scope: Applies specifically to procurement of IT goods or services by state agencies.

Affected Parties

  • State agencies: Required to consider cybersecurity insurance as a factor in IT procurement decisions, i.e., they must give preference to insured vendors when awarding IT contracts.
  • IT vendors and suppliers: Vendors with cybersecurity insurance may gain a competitive advantage in state IT procurements; uninsured vendors remain eligible to compete, though they may face a potential disadvantage in the award process.
  • Potential taxpayers and system stakeholders: Indirectly affected through procurement practices aimed at improving cybersecurity in state IT acquisitions.

Procedural and Timeline Details

  • Introduction: February 27, 2025.
  • Committee action: Referred to the Committee on State Administration and Regulatory Oversight.
  • Hearing: Scheduled for July 15, 2025, from 1:00 PM to 5:00 PM (room B-1).
  • Legislative path: The bill moves through standard committee review before potential floor action in the House and Senate.

Additional Context

  • The bill complements broader efforts to bolster cybersecurity in public sector IT procurement by linking contract awards to vendor cybersecurity risk management, via insurance coverage.
  • The text provided does not specify an effective date beyond passage, nor any budgetary impact or regulatory rulemaking details. Such elements, if enacted, would typically be addressed in committee discussions and subsequent amendments.

If you’d like, I can provide a side-by-side comparison with related bills (HD 1336/2023-2024) or draft a plain-language Q&A for stakeholders.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.