WeVote

Bill

Bill

AB 869

State agencies: information security: Zero Trust architecture.

2025-2026 Regular Session Introduced by Jacqui Irwin

California state agencies must adopt Zero Trust cybersecurity architecture requiring continuous user and device verification to protect sensitive government data and systems.

In committee: Held under submission.
0
WeVote Research Nonpartisan
Bill Summary · AB 869

Legislative bill overview

AB 869 requires California state agencies to implement Zero Trust architecture—a cybersecurity framework that assumes no user or device should be automatically trusted and requires continuous verification—for their information security systems. The bill mandates agencies adopt this approach as a security standard for protecting state data and networks.

Why is this important

State agencies handle sensitive citizen data, financial records, and critical infrastructure information. Cybersecurity breaches can compromise privacy, disrupt services, and cost taxpayers millions. Zero Trust architecture represents modern security best practices that many private sector organizations and federal agencies have already adopted to reduce breach risks.

Potential points of contention

  • Implementation costs: Converting existing systems to Zero Trust architecture requires significant upfront investment in new technologies, training, and IT infrastructure that could strain agency budgets
  • Operational disruption: Implementing continuous verification systems may slow workflows and create friction for employees during transition periods
  • Mandate flexibility: Some agencies with legacy systems or unique operational needs may struggle with one-size-fits-all requirements, potentially necessitating costly exceptions or exemptions

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.