States Passed 99 Cybersecurity-Related Bills in 2025

Staff Editor 2026-02-26
States Passed 99 Cybersecurity-Related Bills in 2025

States Passed 99 Cybersecurity-Related Bills in 2025

https://www.govtech.com/security/study-states-passed-99-cybersecurity-related-bills-in-2025

Publish Date: 2026-02-26 16:40:00

Source Domain: www.govtech.com

State governments passed a total of 99 cybersecurity-related bills in 2025, creating a total of 393 new statutory requirements, a new report has found.

The February white paper, Tracking Cybersecurity Policy Developments Across State Legislatures, is from the University of California, Berkeley Center for Long-Term Cybersecurity (CLTC), and it takes a comprehensive look at enacted state cybersecurity laws. Shannon Pierson, senior fellow at CLTC and lead author, said the project grew out of the lack of clear, centralized data showing what states are actually doing in cyber.

Of note, Maryland passed 14 of the laws, Texas passed 11, Arkansas passed nine and Florida four. The remaining 33 states passed between one to three bills each.


“I compiled this list using open-source methods, and I wanted to give it to other researchers as well as lawmakers and folks in the cybersecurity and hacking community,” Pierson said. “I wanted this to be a resource for people to learn and also to become engaged and interested.”

Pierson and co-author Sree Varsha Bhanoor, a UC Berkeley graduate student, used LegiScan for research and excluded data privacy and artificial intelligence laws to keep the focus on primarily cyber-specific bills. Bills and the resulting policy actions are now searchable via a public database. The project took about a year and only includes legislation that was passed into law.

More than half, or 51 percent, align with the governance function of the National Institute of Standards and Technology Cybersecurity Framework. Governance laws reflect an emphasis on leadership structures, oversight and reporting requirements. States continue to build or expand centralized cybersecurity offices, establish statewide strategies and require agencies to implement baseline protections.

The most common policy action was mandating cybersecurity controls, such as encryption, access management and secure…

Source

More Stories

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
When Steve Jobs Revealed The iPhone, Most Of The Industry Shrugged. CrowdStrike CEO Says AI Could Be Anot

When Steve Jobs Revealed The iPhone, Most Of The Industry Shrugged. CrowdStrike CEO Says AI Could Be Anot

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy