All Roll Calls
Yes: 159 • No: 3
KansasHB 25742025–2026 Regular SessionHouse
Removing the expiration on certain cybersecurity requirements, modifying the duties of chief information security officers and cybersecurity programs, requiring assessment of executive branch agency compliance with cybersecurity requirements, providing for consideration of such compliance by the legislature during the budget process and creating the judicial branch technology oversight council.
Sponsored By: Sponsor information unavailable
Signed by Governor
government efficiencylegislative modernization
Your PRIA Score
Score Hidden
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
7 provisions identified: 2 benefits, 2 costs, 3 mixed.
Budget penalties for cyber noncompliance
Beginning October 1, 2028, the budget director checks each year if every state agency followed the cybersecurity law. If an agency did not, the director certifies 5% of its state general fund money and 5% of its special revenue funds. For special revenue funds with no spending limit, the director sets a limit 5% lower. Lawmakers receive a written report and may consider lapsing funds and cutting IT and cybersecurity spending limits by up to 10% during budget hearings.
IT centralization, .gov sites, and budget lines
The state expands the IT Executive Council and tasks it with moving executive IT services into the Office of Information Technology Services. The plan is due by January 15, 2026. All government websites must use a .gov domain by February 1, 2025. Starting July 1, 2025, IT and cybersecurity costs must appear as separate budget lines. By July 1, 2027, each branch’s CIO and CISO run that branch’s cybersecurity, and KPERS remains under the Treasurer’s CISO. The courts’ CIO must file cost estimates, including KANWIN access, before January 1, 2026.
Statewide executive cybersecurity office and rules
The governor appoints an Executive Branch Chief Information Security Officer. The CISO sets statewide security standards and training and runs the Kansas Information Security Office (KISO). KISO asks for annual CISA audits, reviews each agency, and requires written fix plans. Programs must follow the NIST Cybersecurity Framework 2.0, and executive staff must complete yearly training or lose access. Agencies must name a security officer, get a written CISO clearance before buying cyber tools that affect state systems, and report any data breach to the executive CISO within 12 hours. If election data is involved, they must also notify the Secretary of State. The state creates an Information Technology Security Fund; money is spent only if lawmakers appropriate it.
CISOs and training for elected offices
The Insurance Department, Secretary of State, Attorney General, State Treasurer (including KPERS), and KBI must each appoint a CISO. Each office must run a program that follows NIST CSF 2.0, reach tier 3 by July 1, 2028 and tier 4 by July 1, 2030, and request annual CISA audits. The leaders and staff must take yearly cybersecurity training or lose access. These provisions expire on July 1, 2026.
New cyber leaders for courts and legislature
The law creates IT oversight councils for the courts and the legislature. The chief justice and the Legislative Coordinating Council pick members. Each council sets branch IT and security rules and reviews big projects. The courts and legislature also appoint a Chief Information Security Officer. All judges, justices, legislators, and staff must take yearly cybersecurity training or lose access. The branch CISOs request annual CISA audits and must report any failed audit with a fix plan within 30 days. These CISO sections end on July 1, 2026.
Cybersecurity audit reports kept confidential
Cybersecurity audit results and related reports for the courts, the legislature, the Insurance Department, the Secretary of State, and the State Treasurer are confidential. They are not open under the Kansas Open Records Act. This secrecy ends on July 1, 2030 unless lawmakers renew it.
Which agencies these cyber rules cover
The law updates who counts as an executive branch agency for these cybersecurity rules. It adds the judicial council and excludes elected offices, the Adjutant General’s Department, KPERS, the Board of Regents, and regents’ schools for the listed sections. It also repeals older IT and cybersecurity laws to consolidate rules.
Sponsors & Cosponsors
Sponsors
There is no primary sponsor on record.
Cosponsors
There are no cosponsors for this bill.
Roll Call Votes
House vote • 4/23/2026
Yea: 38 Nay: 2
Yes: 38 • No: 2
House vote • 4/23/2026
Yea: 121 Nay: 1
Yes: 121 • No: 1
Actions Timeline
Approved by Governor on Monday, April 6, 2026
4/9/2026HouseEnrolled and presented to Governor on Friday, March 27, 2026
3/26/2026HouseFinal Action - Passed; Yea: 38 Nay: 2
3/19/2026SenateCommittee of the Whole - Be passed
3/18/2026SenateCommittee Report recommending bill be passed by Committee on Government Efficiency
3/16/2026SenateHearing: Thursday, March 12, 2026, 9:30 AM Room 144-S
3/12/2026SenateReferred to Committee on Government Efficiency
2/26/2026SenateReceived and Introduced
2/25/2026SenateFinal Action - Passed as amended; Yea: 121 Nay: 1
2/19/2026HouseCommittee of the Whole - Committee Report be adopted
2/18/2026HouseCommittee of the Whole - Be passed as amended
2/18/2026HouseCommittee Report recommending bill be passed as amended by Committee on Legislative Modernization
2/17/2026HouseHearing: Monday, February 2, 2026, 9:00 AM Room 218-N
2/2/2026HouseReferred to Committee on Legislative Modernization
1/29/2026HouseIntroduced
1/28/2026House
Bill Text
As Amended by House Committee
As introduced
Enrolled
Related Bills
HB 2761 — Enacting the speech-language pathology assistant act to provide for the licensure of speech-language pathology assistants.
HB 2739 — Relating to housing code requirements, removing the definition of apartment houses from chapter 31 of the Kansas Statutes Annotated, providing requirements for adoption of the international fire code, 2024 edition, and providing that certain state accessibility standards are not applicable to moderate income housing program and Kansas investor tax credit housing act projects.
HB 2737 — Enacting the taxpayer agreement act to provide for an alternative method of tax increment financing of municipal economic development projects through taxpayer agreements.
HB 2711 — Modifying and updating procedures for dissolution of cities of the third class.
SB 473 — Authorizing Audubon of Kansas to convey certain property in Wabaunsee county and requiring any deeds or conveyances related to such property be reviewed and approved by the state historical society.
HB 2702 — Providing that applicants for a physician assistant license submit to a criminal record check, providing for the collaboration between physicians and physician assistants and requiring the revocation of a physician assistant license under certain circumstances.