Citizen Portal
Sign In

House adopts school cybersecurity standards; related security funding measure fails

Utah House of Representatives · February 17, 2026

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

The Utah House passed third-substitute HB42 to set baseline cybersecurity standards for schools after auditors found multiple breaches. A companion funding measure (HB43) that would create a distribution formula and potential future funding was amended but failed on the floor, 25–47.

SALT LAKE CITY — The Utah House on Feb. 17 approved a bill to set baseline cybersecurity standards for K–12 schools, responding to recent audits and multiple breaches that exposed student records.

Third substitute House Bill 42, sponsored by Representative Sam Wilcox, passed the chamber 70–2 after floor debate and the adoption of a negotiated substitute that sponsors said reflects agreement with school and technical partners. Wilcox told colleagues the measure responds to an audit and “at least four major breaches, including the PowerSchools breach,” and said the incidents left “hundreds of thousands of records that were compromised.”

The bill lays out basic minimum standards and clarifies which entities will deliver training and services. Wilcox said the legislation negotiates responsibilities among the Utah Education and Telehealth Network (UETN), the Utah Cybersecurity Board and other partners, arguing that the standards themselves are low-cost while training and implementation may require additional resources.

“Most of this bill does not have any fiscal tie to it,” Wilcox said on the House floor. “Most of what we're asking for ... don't actually cost anything outside of the initial training.”

Lawmakers pressed the sponsor on implementation details. Representative Zachary Hawkins and others asked how the standards relate to a request-for-application (RFA) tied to school cybersecurity grants; Wilcox said the RFA would support districts if funded but that the statutory standards stand on their own. Wilcox added the Cybersecurity Board would ultimately be accountable for implementation and that UETN, which provides internet backbone services to many districts, will play a distribution and delivery role.

A companion bill, first substitute HB43, proposed a funding framework for school security and would have adopted a distribution formula prioritizing rural districts and set aside 10% for law enforcement to be paid for training. Representative Wilcox and Representative Sam Hawkins described Amendment 1 (a proration provision) as a technical improvement; Wilcox said the plan was intended to ensure ongoing training capacity and to compensate law enforcement partners that support schools.

During questioning Representative Tracy Miller noted the fiscal note labeled the bill $0 but included a possible range of “$35 to $46 million” if appropriations were made in the future. Wilcox confirmed HB43 is a “trigger” bill that establishes a plan for how money would be spent if ongoing funding was later provided, but that no appropriation is required by the bill itself.

After debate and floor amendments, the funding bill failed on the floor 25–47. Representative Wilcox then moved to circle (delay) a separate personnel-standards bill, HB44, pending further updates.

What’s next: With HB42 adopted, the state will have a statutory baseline for school cybersecurity standards. Funding and delivery mechanisms may be addressed in future appropriations or separate legislation; HB43’s failure leaves open whether lawmakers will provide ongoing money to implement training at scale.