WeVote

Bill

Bill

HB 2574

Removing the expiration on certain cybersecurity requirements, modifying the duties of chief information security officers and cybersecurity programs, requiring assessment of executive branch agency compliance with cybersecurity requirements, providing for consideration of such compliance by the legislature during the budget process and creating the judicial branch technology oversight council.

2025-2026 Regular Session

Kansas bill makes cybersecurity requirements permanent, strengthens CISO authority, mandates agency compliance assessments tied to budgeting, and creates judicial technology oversight.

Approved by Governor on Monday, April 6, 2026
0
WeVote Research Nonpartisan
Bill Summary · HB 2574

Legislative bill overview

HB 2574 makes cybersecurity requirements permanent (removing sunset provisions), expands the role and authority of chief information security officers (CISOs), requires state agencies to regularly assess their cybersecurity compliance, and establishes a new judicial branch technology oversight council. The bill integrates cybersecurity compliance assessments into the legislative budget process.

Why is this important

Cybersecurity breaches of government systems can expose sensitive citizen data, disrupt essential services, and create financial liabilities for the state. This bill aims to create sustained, accountable cybersecurity governance across Kansas government by removing temporary measures that could lapse and establishing ongoing compliance monitoring tied to budget decisions.

Potential points of contention

  • Cost and burden on agencies: Expanded CISO duties and mandatory compliance assessments require resources; smaller agencies may struggle with implementation
  • Judicial branch autonomy: Creating a separate technology oversight council for courts could be viewed as legislative oversight of judicial independence or as necessary accountability, depending on perspective
  • Enforcement mechanism unclear: The bill links compliance to budget processes, but consequences for non-compliance and enforcement authority need clarification
  • Scope of requirements: The bill removes expiration dates on "certain" cybersecurity requirements, but which requirements qualify and who determines this remains ambiguous in the summary

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.