WeVote

Bill

Bill

HB 2271

Motor vehicles; modifying definition of transporter; effective date.

2025 Regular Session Introduced by Nicole Miller

HB 2271 makes permanent Kansas’ centralized cybersecurity framework, requiring CISOs for agencies, NIST-aligned programs, annual training, audits, and separate IT/cyber funding wit

Second Reading referred to Rules
0
WeVote Research Nonpartisan
Bill Summary · HB 2271

Summary — HB 2271 (2025 session, Kansas)

Main purpose

HB 2271 would remove the July 1, 2026 sunset that was placed on a package of statutory changes enacted in 2024 (House Sub. for SB 291). Removing that sunset makes permanent the statutory framework for centralizing and strengthening cybersecurity and certain IT administration functions across Kansas state government.

The bill was introduced by the House Committee on Legislative Modernization at the request of Representative Penn.

Key provisions made permanent

By eliminating the expiration date, the bill would permanently preserve the following requirements established in 2024 SB 291:

  • Appointment of a Chief Information Security Officer (CISO) for each of these offices/branches:
    • Department of Insurance, Secretary of State, State Treasurer, Attorney General, Kansas Bureau of Investigation (KBI), Office of Judicial Administration (Judicial Branch), and the Legislative Branch.
  • Requirement that each covered entity develop a cybersecurity program compliant with the NIST Cybersecurity Framework (CSF).
    • Statutory targets included achieving CSF Tier 3 by July 1, 2028 and Tier 4 by July 1, 2030 (as originally enacted).
  • Annual cybersecurity awareness training for employees — with revocation of access to state devices/network for employees who fail to complete required training.
  • Coordination with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to request annual security audits; results of such audits are to remain confidential and exempt from disclosure under the Kansas open records law.
  • Integration of cybersecurity services with branch CISOs by July 1, 2027.
  • Direction to the Information Technology Executive Council (ITEC) to:
    • Develop an IT integration plan for executive branch IT services;
    • Produce cost estimates for providing IT services to state and county-funded district courts;
    • Provide certain reports (the bill adds the Joint Committee on Information Technology as an explicit recipient of two ITEC reports).
  • Mandate that all State websites be hosted on a .gov domain (deadline in prior law: February 1, 2025).
  • Require separate line-item appropriations for IT and cybersecurity expenditures beginning FY 2026 (i.e., IT/cyber costs cannot be commingled with other appropriations).
  • Fiscal enforcement: a 5% appropriation reduction for agencies found noncompliant with NIST-based cybersecurity program requirements.
  • Periodic reporting and other compliance-related reporting obligations to the Legislature.

Who is affected

  • Executive branch agencies (state cabinet-level and other agencies), specifically offices named above.
  • Judicial Branch (Office of Judicial Administration) and the Legislative Branch — both must comply and hire CISOs.
  • County-funded district courts (subject to cost-estimate work and potential service provisions).
  • Division of the Budget and Office of Information Technology Services (OITS) — required to collect/produce expenditure data and implement appropriation/transfer provisions.
  • Joint Committee on Information Technology and other legislative oversight committees (as recipients of reports).

Timeline and procedural notes

  • The original sunset in 2024 SB 291 was scheduled for July 1, 2026. HB 2271 would remove that sunset, making the statutory structure permanent.
  • Integration deadline for branch cybersecurity services: July 1, 2027 (from 2024 law).
  • Many implementation tasks and reporting deadlines were already assigned by the 2024 law and would remain in force if the sunset is removed.

Fiscal impact (summary of fiscal note)

  • Office of Information Technology Services (OITS): unable to provide a definitive fiscal effect until its consolidation study and 2026 legislative reports are complete. Note: $15.0 million SGF was already appropriated for consolidation in FY2026 under 2024 law.
  • Office of Judicial Administration: estimates increased ongoing SGF expenditures (detailed FY 2026 requests and total ongoing requests reported in the fiscal note — approximately $459,500 noted across several line items).
  • Attorney General: estimated SGF increases of $60,000 in FY 2026 and FY 2027 for cybersecurity software.
  • Legislative Administrative Services: expects increased expenditures for a CISO and related procurement but could not estimate a total.
  • Division of the Budget cautions that required historical expenditure data are not readily available; shifting funds and separating federal vs. state funds may create federal tracking/commingling issues and will require additional study and time to implement.

Current status (as reflected in available entries)

  • Introduced January 30, 2025 (filed by Committee on Legislative Modernization / request of Rep. Penn).
  • Committee activity and hearings occurred; committee recommended the bill as substituted.
  • House actions show the bill passed the House and later was vetoed by the Governor (veto date recorded April 18, 2025) per the legislative action entries in the record provided.

Practical effect

If enacted (i.e., if the veto is overridden or the veto is otherwise resolved), HB 2271 would make permanent the statewide cybersecurity consolidation and oversight regime created in 2024 — increasing centralization of cybersecurity leadership (CISOs), creating NIST-aligned program requirements, imposing reporting and appropriation changes, and enabling financial penalties for noncompliance. Implementation will require additional funding, administrative effort, and data collection to operationalize the appropriation and transfer provisions.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.