Citizen Portal
Sign In

Senate committee advances cybersecurity bill that creates liability presumption for compliant entities

Senate Committee on Governmental Oversight and Accountability · January 26, 2026

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

The Senate Governmental Oversight and Accountability Committee advanced SB 692 after adopting an amendment that prevents local governments from imposing higher vendor cybersecurity standards than the state and creates a presumption against liability for entities that follow the state-aligned frameworks.

The Senate Committee on Governmental Oversight and Accountability on Tuesday advanced SB 692, a bill proposing a presumption against liability for businesses and protections for local governments that align with updated cybersecurity frameworks.

Sponsor Senator Leith said the proposal is “a proactive attempt to incentivize businesses to do everything they can to prevent cyberattacks and data breaches,” explaining that entities that demonstrate compliance with the updated frameworks and incident-reporting rules would receive a presumption against negligence claims.

The committee adopted amendment barcode 434400, explained by Senator Leake, which bars local governments from imposing cybersecurity requirements on vendors that exceed the state standard (pegged to generally accepted best practices including the NIST framework) and applies to contracts entered into or amended on or after July 1, 2026. Chair Mayfield called the amendment adopted after two organizations waived in support.

Opponents raised concerns about the bill’s practical effect on accountability. Laura Yeoman of the Florida Justice Association said the local-government provision “would get this immunity simply for adopting a policy without any regard for actual operational compliance,” arguing that a policy-only approach could shield governments from scrutiny and that a retroactivity clause could affect pending class actions.

Supporters from the business and policy community said the bill strikes a balance by encouraging reporting and adoption of modern cybersecurity practices. Adam Bassford of the Association of Industry of Florida said, “We feel like this bill strikes that fantastic balance,” while Turner Lozel of the James Madison Institute said protections will incentivize reporting to law enforcement and strengthen statewide awareness of threats.

Sponsor closing remarks emphasized compliance obligations beyond policy adoption, including disaster recovery plans and multi-factor authentication, and said the protections require proof of operational compliance. The committee later reported the committee substitute for SB 692 favorably by roll call.

What’s next: SB 692 will move on from committee as reported favorably; committees and chambers next in line will consider the committee substitute per the Senate process.