[{"_1":2,"_99":-5,"_100":-5},"loaderData",{"_3":4,"_26":27},"root",{"_5":6,"_17":10,"_18":19,"_20":21,"_22":10,"_23":-5,"_24":-5,"_25":10},"user",{"_7":8,"_9":10,"_11":10,"_12":-5,"_13":-5,"_14":15,"_16":-5},"roles",[],"isAuthenticated",false,"isPremium","planName","subscriptionStatus","featureFlags",{},"insightsBudget","isDevelopmentHost","userPreferences",{},"recaptchaSiteKey","6LcvOJcUAAAAAHsB-gPGfGktcRlKpH7OTIU_dMTD","isImpersonating","impersonation","affiliateStatus","isFreedomPortal","routes/v2/article/layout",{"_28":29,"_30":31},"notFound",true,"relatedArticles",[32,76,88],{"_33":34,"_35":36,"_37":38,"_39":40,"_41":42,"_43":44,"_45":46,"_47":48,"_49":50,"_51":52,"_53":54,"_55":56,"_57":58,"_59":60,"_61":62,"_63":64,"_65":66,"_67":68,"_69":70,"_71":72,"_73":74,"_75":74},"mediaId",6576733,"mediaKeyId","3058619-d9fd9752e308d1a17f30953fe1f1ba57","parentId",3058619,"title","Committee hears competing views on AI bill; sponsors propose definition and linkage to national‑security vendor rules","audioSeconds",1299,"startMs",3257000,"endMs",4556000,"viewUrl","/Search/View?dp=1&key=3058619-d9fd9752e308d1a17f30953fe1f1ba57&start=3257&end=4556","thumbnailUrl","https://assets.pipeline.soar.com/3058619-d9fd9752e308d1a17f30953fe1f1ba57/thumbnail_3257000.jpg","articleUrl","/articles/6576733/Oregon/Committee-hears-competing-views-on-AI-bill-sponsors-propose-definition-and-linkage-to-nationalsecurity-vendor-rules","mediaUrl","https://secure.pipeline.soar.com/6576733-1dec2c138b3615a7e1617f8c6ba25820/orig.mp4?Expires=1770993435&Signature=k~P3nO-iQH0k0V8By3Dq1wtQZGQsIBb-xXNbwE0dUlwnc4o4rEAvjpx7vaKDlqALisdD~apgwTlN7oe0KlKRV8Ur-SCV8ox25elKCg7Lr~eCSSRUhIhx4mdVl1lWVztK9nbiba7n8ju3kKSdrzVtbBM1GLH6RfNLYm1tMSZccXwmLfwCLQhTNaWO5ierXr2LElsZeHQz6-8vb0v7tBnbZI~RF9rOgHXe5FyER2~VTDm3x8mCfivRIcYElKw5C8~R7UWGfBG2roOSFJD8C9DIILdIn4EZhrjg6K8fHKFzdWFL1Ca6hZwvuZ7xSY0~-vxTia09v4KwmopvaK3hTba3Iw__&Key-Pair-Id=KUT5TJCACFTXG","author","Oregon State Legislature","date","2025-04-18T00:00:00Z","article","Co‑Chair Nathanson opened a public hearing on House Bill 3,936, a measure that would restrict use of certain artificial‑intelligence products on state information technology assets. Committee staff described a dash‑1 amendment that inserts a statutory definition of artificial intelligence and aligns AI‑specific language across statutes that govern the executive branch, the secretary of state and the state treasurer.

Representative Darcy Edwards, sponsor of the dash‑1 amendment, told the committee the change is intended to modernize existing covered‑vendor and procurement statutes so agencies can identify AI capabilities that pose risk. ‘‘By inserting this definition into key statutes … the bill ensures consistency and clarity across government entities,’’ Edwards said, arguing the statutory definition aligns with national and international standards and will support later policy development, risk management and vendor accountability.

Rebecca Gladstone, testifying on behalf of the League of Women Voters of Oregon, urged caution and opposed a blanket ban based on country of incorporation. The League recommended a standards‑based, risk‑based vetting process that evaluates AI systems against privacy, security and ethical standards regardless of country of origin. ‘‘Banning AI owned or developed by a foreign corporate entity is shortsighted,’’ Gladstone said, adding that ‘‘rather than banning AI systems based on country of origin, Oregon should prohibit using any AI regardless of origin that fails to meet strict standards.’’

Committee staff noted Representative Edwards’ dash‑1 amendment removes or narrows language that would single out foreign incorporation and instead focuses on products or vendors that present national‑security or state‑cybersecurity threats as defined in existing covered‑vendor law (House Bill 3,127, 2023).

Questions and context

Members asked for examples of how AI is already embedded across agency systems and where risk may lie; Edwards noted AI capabilities are widespread and evolving quickly and that breaches and incidents across state agencies have demonstrated the need to clarify statutory coverage. Several senators and representatives emphasized the need for further discussion and clear standards that keep security protections aligned with procurement policy.

No committee vote was taken during the hearing; the public testimony record closed and staff noted opportunities for additional amendments or standards work in later sessions.","mediaType","Video","parentTitle","Joint Committee On Information Management and Technology 04/18/2025 1:00 PM","oneSentenceSummary","Co‑Chair Nathanson opened a public hearing on House Bill 3,936, which would add a statutory definition of artificial intelligence and apply that definition to statutes that govern covered vendors and procurement for state agencies.","taxTitle","Information Management and Technology, Joint, Committees, Legislative, Oregon","taxId",18221,"location","Oregon","headline","","shortSummary",{"_33":77,"_35":36,"_37":38,"_39":78,"_41":79,"_43":80,"_45":81,"_47":82,"_49":83,"_51":84,"_53":85,"_55":56,"_57":58,"_59":86,"_61":62,"_63":64,"_65":87,"_67":68,"_69":70,"_71":72,"_73":74,"_75":74},6576737,"Representative seeks limited waiver process so state agencies can request use of banned vendor platforms",995,2251000,3246000,"/Search/View?dp=1&key=3058619-d9fd9752e308d1a17f30953fe1f1ba57&start=2251&end=3246","https://assets.pipeline.soar.com/3058619-d9fd9752e308d1a17f30953fe1f1ba57/thumbnail_2251000.jpg","/articles/6576737/Oregon/Representative-seeks-limited-waiver-process-so-state-agencies-can-request-use-of-banned-vendor-platforms","https://secure.pipeline.soar.com/6576737-869a630be9c89519d942aadcaac2fb93/orig.mp4?Expires=1770993435&Signature=n8D8hXc77ARJfY7r7k6eij0Hb23KMLicXbqgem9gkQPyHdQkKhz-aq2WyXokUEykmEKWcupcOFj~eqQ9W5GyZsvwmFZzjpWJTIupsx1g6QrPn5m0x2srLAeB8GgpKNTmUfMbum4eyxBF6Kl9gpF6l139d0lcfMFSC9s~XNF3zJHqYWDVXCXwtejzLOB6QDF23hao2u4KQpxWy~F0Ow5yxyMUv2EICtZfCUXvDuGwh6juogpo300jG0BVINf6TUsflWwylDYYyZW098AOtdajrn6fAzM~1ABWehO8c6c~uoek5ln~W0psQLwxFYYkpym-S56q404StsX0pyeNqYsrJg__&Key-Pair-Id=KUT5TJCACFTXG","Co‑Chair Nathanson opened a public hearing on House Bill 3,684, which would allow a state agency to apply for and obtain a limited waiver from prohibitions that currently bar certain vendors and products from use on state information technology assets.

Representative Vanessa Hartman, sponsor, told the committee the bill does not roll back the 2023 covered‑vendor law but proposes a narrow waiver process so agencies can request permission when use of a covered product advances an agency mission, such as public safety communications or constituent outreach. ‘‘It doesn’t roll back the ban. It just simply allows agencies to apply, for a waiver to use platforms like TikTok and others when it directly supports their mission,’’ Hartman said.

Mia Noren, appearing on behalf of TikTok, described uses of the platform for civic engagement, small business promotion and public information. Noren said TikTok has more than 1.3 million monthly active users in Oregon and cited examples from other jurisdictions where agencies used the platform for road closure alerts, youth safety campaigns and emergency messaging. ‘‘These are just a few examples of the meaningful public interest driven uses of the platform,’’ Noren said.

Committee members asked for additional detail about the waiver’s scope, whether a granted waiver would be limited to a particular product or use and how frequently the platform is used for Amber Alerts and library communications. Noren offered to provide follow‑up materials and directed non‑sensitive supplemental information to committee staff for distribution.

League of support and process questions

Hartman and Noren said other states have implemented exemption processes for covered platforms and the bill’s sponsor named Washington, California, New Jersey, Nevada and others as having permissive or waiver approaches for some agencies. Committee members emphasized the bill’s language contemplates a limited waiver and oversight rather than an automatic blanket exception.

No vote or formal action was taken on HB 3,684 during the hearing; committee staff closed the public hearing and moved to the next item on the agenda.","At a public hearing, sponsors and a TikTok representative urged a waiver process enabling state agencies to seek permission to use covered platforms for public information and constituent engagement; testimony cited examples and economic data. No committee vote was taken.",{"_33":89,"_35":36,"_37":38,"_39":90,"_41":91,"_43":92,"_45":92,"_47":93,"_49":94,"_51":95,"_53":96,"_55":56,"_57":58,"_59":97,"_61":62,"_63":64,"_65":98,"_67":68,"_69":70,"_71":72,"_73":74,"_75":74},6576741,"Committee adopts amendment to shift cybersecurity bill toward assessments, sends measure to Ways and Means",0,3084000,"/Search/View?dp=1&key=3058619-d9fd9752e308d1a17f30953fe1f1ba57&start=3084&end=3084","https://assets.pipeline.soar.com/3058619-d9fd9752e308d1a17f30953fe1f1ba57/thumbnail_3084000.jpg","/articles/6576741/Oregon/Committee-adopts-amendment-to-shift-cybersecurity-bill-toward-assessments-sends-measure-to-Ways-and-Means","https://secure.pipeline.soar.com/6576741-34a5c1aec3b75bf6dc2d43939f4c297c/orig.mp4?Expires=1770993435&Signature=AZet0UPc~4VPmbwhJndDUSqToODNqKtEj1~IOxs1XQ-KmFKagoIu0~eccYJBlAI7c5s3YV6WfwDw4KeajSYAGLjL0flWzIpC8iZ-z~yVN1mEfxudhn0n2VgzVI7SFl6XXtu7b4p63tlxWmodtbtsiwyI9V4eIuKoJ5jJ9mrPPUp-eOzXvfkym0XYpGgHuj6cHtXk6hW8H53nrRZHxIKynhLC0dwlKbO2JL7MUb46bOMcmJpngPGqGw6lSP6D~D9mRU52tMzEw5AAf0kjUCzUhv4as7Mc3PDzDd~lpymLdLBKS~cnpXVHsuupbYnojqJEvX8rVB--X6PvGt~4TvdvIw__&Key-Pair-Id=KUT5TJCACFTXG","Co‑Chair Nathanson on Friday opened a work session on House Bill 3,228 and, after discussion, the Joint Committee on Information Management and Technology voted to adopt a dash‑1 amendment and to report the bill to the Joint Committee on Ways and Means.

The dash‑1 amendment narrows the bill’s original focus from a broad study of public‑body cyber insurance to a program of assessments and targeted assistance. The amendment directs the Oregon Cybersecurity Advisory Council to conduct more detailed assessments that identify and document cybersecurity vulnerabilities and “recommend actions to address the reasons that public bodies are unable to meet cybersecurity insurance coverage requirements,” and it extends the advisory council’s reporting deadline to the interim committees of the Legislative Assembly from December 31, 2025, to September 30, 2026. The amendment also extends a scheduled repeal date from January 2, 2026, to January 2, 2027, and allows monies in the Cybersecurity Resilience Fund to pay for assessments, documentation of coverage shortfalls and cybersecurity training in addition to the fund’s originally listed uses.

Why it matters: Committee members said many smaller local governments, school districts and special districts still cannot meet insurers’ underwriting requirements even as more cyber‑insurance options have become available. The adopted amendment is intended to catalogue needs, create road maps for remediation and target limited state resources where they are most needed before the state considers larger subsidy or insurance‑pool measures.

Committee discussion and expert testimony

Committee staff summarized the amendment’s changes before the witnesses spoke. ‘‘If that amendment were to be adopted … the Oregon Cybersecurity Advisory Council would instead be directed to conduct more detailed assessments to identify and document cybersecurity vulnerabilities and recommend actions to address the reasons that public bodies are unable to meet cyber security insurance coverage requirements,’’ staff member Sean told the panel.

Frank Stratton, executive director of the Special Districts Association of Oregon, said statewide public‑entity insurance pools already provide a basic backstop that many smaller entities could not obtain on the commercial market but that higher coverage levels require meeting underwriting standards. ‘‘We’ve put together very, options, and 1 is very basic option … you don’t have to meet really any underwriting requirements to get that very basic level of coverage,’’ Stratton said, adding that ‘‘there’s a whole lot of entities … that can’t get up to another level and wouldn’t be able to buy cyber insurance without us.’’

Greg Hart, cybersecurity specialist with City County Insurance Services, said the amendment and the center’s assessments could increase the number of counties that qualify for higher coverage. ‘‘On the counties, yes, it would potentially get us to’’ higher coverage levels, Hart said, noting the pool’s coverage limits ‘‘go up to 2,000,000’’ and that some larger counties may need higher limits from other markets.

Biroli Shilada, director of the Oregon Cybersecurity Center of Excellence and a professor at Portland State University, described the proposed scope and cost of the assessment program. He said the center’s initial assessments are designed as a first pass to identify shortcomings and to produce an individualized report for each assessed entity. ‘‘This is not going to be an … thorough 3 week long assessment … but give us … to identify what are the shortcomings,’’ Shilada said, adding that the proposal budgets about $1.7 million to run assessments and that remediation costs would vary ‘‘from very 1,500, low cost, or it could be very, very expensive depending on each vulnerability assessed.’’ He said the center would use supervised students paid about $15 to $25 an hour to keep costs low and contrasted that with private consultants who ‘‘could be running anywhere from 400 to a thousand dollars an hour.’’

Committee action

Senator Manning moved adoption of the dash‑1 amendment to House Bill 3,228; the motion passed with no recorded objections. Manning then moved that the bill be reported out ‘‘with a due pass as amended recommendation and be referred to the Joint Committee on Ways and Means by prior reference.’’ The committee approved that motion and the bill was sent to Ways and Means.

What the amendment does and next steps

The amendment refocuses the bill on documenting vulnerabilities, producing entity‑level reports and supporting training; it pushes the advisory council’s report deadline to September 30, 2026; extends a statutory repeal date to January 2, 2027; and allows fund monies to pay for assessments and training. The committee did not adopt additional appropriations on the floor; the bill will now move to Ways and Means for budget consideration.

Committee members and witnesses repeatedly emphasized that assessment reports will give agencies and local governments a roadmap for remediation and that some fixes—training, administrative changes or use of state contracts—can be implemented quickly while equipment or infrastructure upgrades may require additional funds or federal grants. The committee closed the work session and moved on to other hearings.","The Joint Committee on Information Management and Technology adopted a dash-1 amendment to House Bill 3228 to fund and direct assessments of public‑body cybersecurity vulnerabilities, expand allowable uses of a proposed Cybersecurity Resilience Fund and extend reporting and repeal deadlines. The committee then reported the bill to Ways and Means.","actionData","errors"]

Article not found

Committee hears competing views on AI bill; sponsors propose definition and linkage to national‑security vendor rules

Representative seeks limited waiver process so state agencies can request use of banned vendor platforms

Committee adopts amendment to shift cybersecurity bill toward assessments, sends measure to Ways and Means