Indiana mandates cybersecurity policies for public entities by July 2025

On April 21, 2025, the Indiana Senate introduced Senate Bill 472, a legislative measure aimed at enhancing cybersecurity protocols across public entities in the state. The bill mandates that political subdivisions, state educational institutions, and school corporations adopt uniform cybersecurity policies developed by a designated office, ensuring a standardized approach to safeguarding technology resources.

Key provisions of Senate Bill 472 require public entities to establish comprehensive cybersecurity policies based on guidelines set forth by the office. For school corporations, the bill emphasizes collaboration with the Department of Education to create tailored policies. Additionally, the legislation mandates that all employees complete a training program focused on the adopted technology resources and cybersecurity policies, reinforcing the importance of cybersecurity awareness within public institutions.

The bill also outlines specific prohibitions for employees regarding the use of public technology resources, including engaging in lobbying outside their official duties, participating in illegal activities, or violating established cybersecurity policies. Furthermore, it stipulates disciplinary procedures for any breaches of these policies, aiming to create a culture of accountability.

As the bill progresses, it has sparked discussions among lawmakers regarding its implications for public sector operations and the potential costs associated with implementing these cybersecurity measures. Supporters argue that the bill is crucial for protecting sensitive information and maintaining public trust, especially in an era where cyber threats are increasingly prevalent. However, some critics express concerns about the financial burden on smaller public entities and the feasibility of compliance.

Senate Bill 472 is set to take effect on July 1, 2025, and will require public entities to submit their cybersecurity policies biennially to the office for review. This legislative move reflects a growing recognition of the need for robust cybersecurity frameworks in public institutions, aiming to mitigate risks and enhance the overall security posture of Indiana's public sector. As the bill moves through the legislative process, its final form and the extent of its impact on Indiana's cybersecurity landscape remain to be seen.