(a) “Artificial intelligence” means a machine-based system that is capable, for a given set of human-defined objectives, of making predictions, recommendations or decisions influencing real or virtual environments and uses machine- or human-based inputs to:
(A) Perceive real or virtual environments;
(B) Abstract the perceptions into models through analysis in an automated manner; and
(C) Use model inference to formulate options for information or action.
(b) “Covered product” means:
(A) Any form of hardware, software or service provided by a covered vendor.
(B) Any hardware, software or service that uses artificial intelligence and the artificial intelligence is developed or owned by a covered vendor.
(c) “Covered vendor” means any of the following corporate entities, or any parent, subsidiary, affiliate or successor entity of the following corporate entities:
(A) Ant Group Co., Limited.
(B) ByteDance Limited.
(C) Huawei Technologies Company Limited.
(D) Kaspersky Lab.
(E) Tencent Holdings Limited.
(F) ZTE Corporation.
(d) “State information technology asset” means any form of hardware, software or service for data processing, office automation or telecommunications used directly by the office of the State Treasurer or used to a significant extent by a contractor in the performance of a contract with the office of the State Treasurer.
(2) Except as provided in subsection (4) of this section, the State Treasurer shall:
(a) Prohibit a covered product from being:
(A) Installed or downloaded onto a state information technology asset; or
(B) Used or accessed by a state information technology asset;
(b) Remove any covered product that is installed or downloaded onto a state information technology asset; and
(c) Implement all measures necessary to prevent the:
(A) Installation or download of a covered product onto a state information technology asset; or
(B) Use or access of a covered product by a state information technology asset.
(3) For any corporate entity that the State Chief Information Officer designates as a covered vendor under ORS 276A.344, the State Treasurer may:
(a) Prohibit a covered product from being:
(A) Installed or downloaded onto a state information technology asset; or
(B) Used or accessed by a state information technology asset;
(b) Remove any covered product that is installed or downloaded onto a state information technology asset; and
(c) Implement all measures necessary to prevent the:
(A) Installation or download of a covered product onto a state information technology asset; or
(B) Use or access of a covered product by a state information technology asset.
(4) If the State Treasurer adopts risk mitigation standards and procedures related to the installation, download, use or access of a covered product, the State Treasurer may, for investigatory, regulatory or law enforcement purposes, permit the:
(a) Installation or download of the covered product onto a state information technology asset; or
(b) Use or access of the covered product by a state information technology asset. [2023 c.256 §5; 2025 c.396 §4]
OPEN DATA STANDARD