WeVote

Bill

Bill

PS 1126

Para enmendar los Artículos 2, 3, 4, 6, 7, 10 y añadir los nuevos Artículos 7-A y 11-A de la Ley 40-2014, según enmedada, conocida como Ley de Ciberseguridad del Estado Libre Asociado de Puerto Rico con el propósito de fortalecer el marco jurídico de ciberseguridad del Gobierno de Puerto Rico, reforzar la resiliencia digital y la continuidad de servicios esenciales, ampliar facultades regulatorias y establecer mecanismos de supervisión, notificación y financiamiento; y para otros fines relacionados.

2025-2028 Session

Puerto Rico strengthens government cybersecurity law by expanding regulatory powers, requiring breach notifications, and establishing financing for digital resilience and essential service continuity.

Referido a Comisión(es)
0
WeVote Research Nonpartisan
Bill Summary · PS 1126

Legislative bill overview

Bill PS 1126 amends Puerto Rico's 2014 Cybersecurity Law (Law 40-2014) to strengthen government cybersecurity protections, enhance digital resilience, and ensure continuity of essential services. The bill expands regulatory authority, adds new supervisory mechanisms, establishes breach notification requirements, and creates financing structures for cybersecurity improvements across government agencies.

Why is this important

Cybersecurity breaches can cripple government services, compromise citizen data, and disrupt critical infrastructure like healthcare and utilities. As cyberattacks become more sophisticated and frequent, Puerto Rico's government—serving 3.2+ million residents—needs updated legal frameworks to prevent incidents, respond effectively, and maintain public trust. This modernization reflects global best practices in government cybersecurity governance.

Potential points of contention

  • Budgetary impact: New financing mechanisms and supervisory structures require significant government expenditure during fiscal constraints; unclear who bears costs
  • Private sector scope: Ambiguity around whether "essential services" regulation extends to private companies providing utilities or telecommunications, raising compliance concerns
  • Data notification requirements: Breach notification timelines and disclosure obligations may vary from federal standards, creating dual-compliance burdens for entities operating across jurisdictions

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.