 |
ARIZONA STATE SENATE
Fifty-Seventh Legislature, First Regular Session
critical Infrastructure; foreign adversary; prohibition
Purpose
Establishes the Arizona Critical Infrastructure Protection Act which prohibits, and requires the removal of, any critical communications infrastructure software or equipment that is produced by the People's Republic of China, preempts a government entity or publicly regulated utility from entering into a contract or agreement that would allow China to access or control critical infrastructure in Arizona and outlines related exceptions and registration and reporting requirements for governmental entities and critical communications infrastructure providers that use prohibited technologies or contract with a vendor of prohibited technologies.
Background
The federal Committee on Foreign Investment in the United States (CFIUS) is charged with conducting investigations of the effects of covered transactions on national security if the transaction would result in the control of any critical infrastructure of or within the United States by or on behalf of any foreign person. If CFIUS determines that the transaction could impair national security, and that such impairment has not been mitigated, CFIUS must take necessary actions in connection with the transaction to protect the national security of the United States. Covered transactions include investments by a foreign person in any unaffiliated U.S. business that owns, operates, manufactures, supplies or services critical infrastructure (50 U.S.C. ยง 4565).
The federal Secure and Trusted Communications Networks Reimbursement Program (federal Program) is administered by the Federal Communications Commission to reimburse providers of advanced communications services with up to 10 million customers for the removal, replacement and disposal of communications equipment and services produced by Huawei Technologies Company or ZTE Corporation that was obtained on or before June 30, 2020, from the Company's or Corporation's network. Advanced communication service providers must annually certify possession of advanced communication equipment and services and report on the location, type, original cost, estimated replacement cost and any replacement plans, date of acquisition and a detailed justification for obtaining the covered equipment or services (FCC).
The Arizona Corporation Commission (ACC) consists of five elected commissioners and is responsible for public utilities regulation, facilitating incorporation of businesses and organizations, granting or denying rate adjustments, enforcing safety and public service requirements and approving securities matters (A.R.S. Title 40, Chapters 1 and 2).
There is no anticipated fiscal impact to the state General Fund associated with this legislation.
Provisions
1. Prohibits any software that is used for critical infrastructure in Arizona from being produced by a company that is headquartered in or under the control of the People's Republic of China.
2. Prohibits any critical communications infrastructure within Arizona from including any equipment that is manufactured by a corporation domiciled in the People's Republic of China.
3. Requires any equipment of critical communications infrastructure in Arizona that is currently manufactured by a corporation domiciled in the People's Republic of China to be replaced with nonprohibited equipment.
4. Requires, by January 1 of each year, a critical communications infrastructure provider that is a participant in the federal Program to certify to the ACC any instances of prohibited critical communications equipment being used, along with the geographic coordinates of the areas served by the prohibited equipment.
5. Requires a critical communications infrastructure provider that is certified by the ACC to:
a) submit a status report to the ACC every quarter detailing compliance with the federal Program; and
b) each quarter, produce a map of Arizona detailing the areas that are serviced by critical communications infrastructure that includes equipment that is manufactured by a corporation domiciled in the People's Republic of China.
6. Precludes any communications provider that removes, discontinues or replaces any prohibited communications equipment from being required to obtain an additional permit from any state agency or political subdivision of the state for the removal, discontinuance or replacement.
7. Prohibits a governmental entity or critical infrastructure service provider in Arizona from entering into or renewing a contract with a vendor of wi-fi routers, modem systems, lidar technology, camera-based school bus infraction detection systems, speed detection systems, traffic infraction detector systems or any other camera systems, battery technology or smart meter technology or a vendor of any other technology if:
a) the vendor is owned by the government of the People's Republic of China;
b) the government of the People's Republic of China has a controlling interest in the vendor;
c) the vendor is selling a product that is produced by the government of the People's Republic of China or a company domiciled in China; or
d) the vendor's product includes cellular internet-of-things modules from the People's Republic of China or product produced by a Chinese military company operating within the United States as identified by the William M. Thornberry National Defense Authorization Act for FY 2021.
8. Requires, by March 31, 2026, and each year thereafter, each governmental entity and critical infrastructure service provider in Arizona to certify to the ACC that the provider does not use any technology that includes cellular internet-of-things modules or any wi-fi router or modem system, lidar technology, camera-based school bus infraction detection system, speed detection system, traffic infraction detector system or any other camera system, battery technology or smart meter technology that is produced by:
a) a company that is owned by the government of the People's Republic of China;
b) a company in which the People's Republic of China has a controlling interest; or
c) the government of the People's Republic of China or a company domiciled in China.
9. Requires the ACC, by December 31, 2025, and each year thereafter, to publish a list of all technologies that are prohibited by the Arizona Critical Infrastructure Protection Act and post the list on the ACC's website.
10. Directs, within 90 days of the prohibited technologies list being published, each governmental entity and critical infrastructure service provider in Arizona to remove any technology that is included by the ACC on the list.
11. Allows a government entity or critical infrastructure provider to continue to purchase and use any prohibited technology if:
a) there are no other reasonable providers of the prohibited technology;
b) the purchase or use of the prohibited technology is preapproved by the ACC; and
c) not purchasing or using the prohibited technology would pose a greater threat to the state than the threat associated with the prohibited technology.
13. Allows a government entity or publicly regulated utility in the state to enter into an agreement or contract involving critical infrastructure in Arizona with the People's Republic of China if:
a) no other reasonable option exists for addressing a need that is relevant to critical infrastructure in Arizona;
b) the agreement or contract is preapproved by the ACC; or
c) not entering into the agreement would pose a greater threat to the state than the threat associated with entering into the agreement or contract.
14. Requires the ACC to establish a secure and dedicated communications channel for critical infrastructure providers and military installations across the state to connect with the ACC and the Governor's Office in the event of an emergency that damages critical communications infrastructure.
15. Defines critical infrastructure as infrastructure that is owned or operated by the state, a political subdivision of the state or a publicly regulated utility and that are:
a) gas and oil production, storage or delivery systems;
b) water supply refinement, storage or delivery systems;
c) electrical power delivery systems;
d) telecommunications networks;
e) transportation systems and services;
f) personal data storage systems, including cybersecurity; or
g) emergency services.
16. Defines critical communications infrastructure as all physical broadband infrastructure and equipment that supports the transmission of information and that allows the user to engage in communications, including service provided directly to the public.
17. Defines a cellular internet-of-things module is a hardware component that includes a cellular radio transceiver and is designed to provide cellular network connectivity to an internet-of-things device.
18. Defines a school bus infraction detection system as an automated system installed on a school bus consisting of cameras, sensors and software designed to detect, record and document traffic violations, such as illegally passing the bus when its stop arm is extended and warning lights are activated, to enhance student safety and enforce compliance with traffic laws.
19. Defines a company as a:
a) sole proprietorship, organization, association, corporation, partnership, joint venture, limited partnership, limited liability partnership or limited liability company, including a wholly owned subsidiary, majority-owned subsidiary, parent company or affiliate of those entities or business associations, that exists to make a profit; or
b) a nonprofit organization.
20. Defines domiciled as located in a country where either the company is registered, the company's affairs are primarily completed or the majority of the company's ownership shares are held.
21. Designates this legislation as the Arizona Critical Infrastructure Protection Act.
22. Becomes effective on the general effective date.
House Action
TI 2/5/25 DPA 4-2-0-1
3rd Read 3/10/25 32-24-4
Prepared by Senate Research
March 24, 2025
KJA/slp