 |
ARIZONA STATE SENATE
Fifty-Seventh Legislature, First Regular Session
REVISED
critical Infrastructure; foreign adversary; prohibition
Purpose
Establishes the Arizona Critical Infrastructure Protection Act which prohibits, and requires the removal and replacement of, critical infrastructure software and communications equipment produced by the People's Republic of China, preempts contracts and agreements that would allow access or control of critical infrastructure in Arizona and outlines exceptions and registration, reporting and publishing requirements relating to prohibited technologies and equipment.
Background
The federal Committee on Foreign Investment in the United States (CFIUS) is charged with conducting investigations of the effects of covered transactions on national security if the transaction would result in the control of any critical infrastructure of or within the United States by or on behalf of any foreign person. If CFIUS determines that the transaction could impair national security, and that such impairment has not been mitigated, CFIUS must take necessary actions in connection with the transaction to protect the national security of the United States. Covered transactions include investments by a foreign person in any unaffiliated U.S. business that owns, operates, manufactures, supplies or services critical infrastructure (50 U.S.C. § 4565).
The federal Secure and Trusted Communications Networks Reimbursement Program (federal Program) is administered by the Federal Communications Commission to reimburse providers of advanced communications services with up to 10 million customers for the removal, replacement and disposal of communications equipment and services produced by Huawei Technologies Company or ZTE Corporation that was obtained on or before June 30, 2020, from the Company's or Corporation's network. Advanced communication service providers must annually certify possession of advanced communication equipment and services and report on the location, type, original cost, estimated replacement cost and any replacement plans, date of acquisition and a detailed justification for obtaining the covered equipment or services (FCC).
The Arizona Corporation Commission (ACC) consists of five elected commissioners and is responsible for regulating public utilities, facilitating incorporation of businesses and organizations, granting or denying rate adjustments, enforcing safety and public service requirements and approving securities matters (A.R.S. Title 40, Chapters 1 and 2).
The Joint Legislative Budget Committee fiscal note estimates that H.B. 2696 would increase state costs, the magnitude of which is undetermined. The ACC estimates a fiscal impact of $12 million annually and 45 new full-time equivalent positions (JLBC fiscal note).
Provisions
1. Prohibits any software that is used for critical infrastructure in Arizona from being produced by a company that is headquartered in or under the control of the People's Republic of China.
2. Prohibits any critical communications infrastructure within Arizona from including any equipment that is manufactured by a corporation domiciled in the People's Republic of China.
3. Requires any equipment of critical communications infrastructure in Arizona that is currently manufactured by a corporation domiciled in the People's Republic of China to be replaced with nonprohibited equipment.
4. Requires, by January 1 of each year, a critical communications infrastructure provider (communications provider) that is a participant in the federal Program to certify to the ACC any instances of prohibited critical communications equipment being used, along with the geographic coordinates of the areas served by the prohibited equipment.
5. Requires a communications provider that is certified by the ACC to:
a) submit a quarterly status report to the ACC detailing federal Program compliance; and
b) each quarter, produce a map of Arizona detailing the areas that are serviced by critical communications infrastructure that includes equipment that is manufactured by a corporation domiciled in the People's Republic of China.
6. Precludes any communications provider that removes, discontinues or replaces any prohibited communications equipment from being required to obtain an additional permit from any state agency or political subdivision of the state for the removal, discontinuance or replacement.
7. Prohibits a governmental entity or critical infrastructure service provider (service provider) in Arizona from entering or renewing a contract with a vendor of wi-fi routers, modem systems, lidar technology, camera-based school bus infraction detection systems, speed detection systems, traffic infraction detector systems or any other camera systems, battery technology or smart meter technology or a vendor of any other technology if:
a) the vendor is owned by the government of the People's Republic of China;
b) the government of the People's Republic of China has a controlling interest in the vendor;
c) the vendor is selling a product that is produced by the government of the People's Republic of China or a company domiciled in China; or
d) the vendor's product includes cellular internet-of-things modules from the People's Republic of China or product produced by a Chinese military company operating within the United States as identified by the William M. Thornberry National Defense Authorization Act for FY 2021.
8. Requires, by March 31, 2026, and each year thereafter, each governmental entity and service provider in Arizona to certify to the ACC that the entity or provider does not use any technology that includes cellular internet-of-things modules or any wi-fi router or modem system, lidar technology, camera-based school bus infraction detection system, speed detection system, traffic infraction detector system or any other camera system, battery technology or smart meter technology that is produced by:
a) a company that is owned by the government of the People's Republic of China;
b) a company in which the People's Republic of China has a controlling interest; or
c) the government of the People's Republic of China or a company domiciled in China.
9. Requires the ACC, by December 31, 2025, and each year thereafter, to publish a list of all technologies that are prohibited by the Arizona Critical Infrastructure Protection Act (prohibited technology) and post the list on the ACC's website.
10. Directs, within 90 days of the prohibited technologies list being published, each governmental entity and service provider in Arizona to remove any prohibited technology that is on the list.
11. Allows a government entity or service provider to continue to purchase and use prohibited technology if:
a) there are no other reasonable providers of the prohibited technology;
b) the purchase or use of the prohibited technology is preapproved by the ACC; and
c) not purchasing or using the prohibited technology would pose a greater threat to the state than the threat associated with the prohibited technology.
13. Allows a government entity or publicly regulated utility in the state to enter into an agreement or contract involving critical infrastructure in Arizona with the People's Republic of China if:
a) no other reasonable option exists for addressing a need that is relevant to critical infrastructure in Arizona;
b) the agreement or contract is preapproved by the ACC; or
c) not entering into the agreement would pose a greater threat to the state than the threat associated with entering into the agreement or contract.
14. Requires the ACC to establish a secure and dedicated communications channel for critical infrastructure providers and military installations across the state to connect with the ACC and the Governor's Office in the event of an emergency that damages critical communications infrastructure.
15. Defines critical infrastructure as infrastructure that is owned or operated by the state, a political subdivision of the state or a publicly regulated utility and that are:
a) gas and oil production, storage or delivery systems;
b) water supply refinement, storage or delivery systems;
c) electrical power delivery systems;
d) telecommunications networks;
e) transportation systems and services;
f) personal data storage systems, including cybersecurity; or
g) emergency services.
16. Defines critical communications infrastructure as all physical broadband infrastructure and equipment that supports the transmission of information and that allows the user to engage in communications, including service provided directly to the public.
17. Defines a cellular internet-of-things module is a hardware component that includes a cellular radio transceiver and is designed to provide cellular network connectivity to an internet-of-things device.
18. Defines a school bus infraction detection system as an automated system installed on a school bus consisting of cameras, sensors and software designed to detect, record and document traffic violations, such as illegally passing the bus when its stop arm is extended and warning lights are activated, to enhance student safety and enforce compliance with traffic laws.
19. Defines a company as a:
a) sole proprietorship, organization, association, corporation, partnership, joint venture, limited partnership, limited liability partnership or limited liability company, including a wholly owned subsidiary, majority-owned subsidiary, parent company or affiliate of those entities or business associations, that exists to make a profit; or
b) a nonprofit organization.
20. Defines domiciled as located in a country where either the company is registered, the company's affairs are primarily completed or the majority of the company's ownership shares are held.
21. Designates this legislation as the Arizona Critical Infrastructure Protection Act.
22. Becomes effective on the general effective date.
Revisions
· Updates the fiscal impact statement.
House Action
TI 2/5/25 DPA 4-2-0-1
3rd Read 3/10/25 32-24-4
Prepared by Senate Research
April 29, 2025
KJA/slp