H.B. 165
Signed into LawCritical Infrastructure Amendments
HB0165S04 (Substitute)
Critical Infrastructure Amendments
Introduction
Jan 20
House Rules
House Committee
Feb 2
House Floor Vote
Feb 10
Senate Rules
Feb 17
Senate Committee
Feb 18
Senate 2nd Reading
Feb 25
Senate 3rd Reading
Feb 26
House Concurrence
Feb 26
Governor Signed
Mar 17
What This Bill Does
This bill enacts provisions regarding foreign adversary threats to critical infrastructure.
Key Provisions
This bill:
- defines terms;
- directs the Utah Cyber Center to develop guidance on foreign adversary threats to critical infrastructure;
- prohibits use of federally banned equipment in critical infrastructure;
- authorizes voluntary security assessments for critical infrastructure involving foreign adversary technology;
- provides for coordination between the Utah Cyber Center and governmental entities on critical infrastructure security;
- prohibits governmental entities and critical infrastructure providers from contracting for or deploying technology included on a prohibited list maintained by the Utah Cyber Center;
- requires the Utah Cyber Center to publish and maintain a prohibited list of foreign adversary technologies that pose a risk to critical infrastructure;
- prohibits entities with access to critical infrastructure from entering into agreements with foreign principals that would allow remote access to or control of critical infrastructure; and
- authorizes the Utah Cyber Center to approve exceptions to the prohibitions under specified circumstances.
Plain-Language Summary
AI-generated summary. We recommend consulting the bill text for important decisions.
New rules for protecting Utah's critical systems — power grids, water systems, emergency communications, and government data networks — from foreign adversary threats take effect under this bill. It directs the Utah Cyber Center to develop and annually update security guidance for government agencies, publish a prohibited list of foreign adversary technologies (drawing from existing federal ban lists), and bar government entities and critical infrastructure providers from purchasing or deploying anything on that list starting July 1, 2026. The bill also prohibits any company or government entity with significant access to critical infrastructure from entering into agreements that would give a foreign adversary government, party, or business remote access to or control over those systems, with a narrow exception when no reasonable alternative exists.
H.B. 165
Signed into LawCritical Infrastructure Amendments
Current version: HB0165S04 (Substitute)
Introduction
Jan 20
House Rules
House Committee
Feb 2
House Floor Vote
Feb 10
Senate Rules
Feb 17
Senate Committee
Feb 18
Senate 2nd Reading
Feb 25
Senate 3rd Reading
Feb 26
House Concurrence
Feb 26
Governor Signed
Mar 17
IntroductionJan 20
House Rules
House CommitteeFeb 2
House Floor VoteFeb 10
Senate RulesFeb 17
Senate CommitteeFeb 18
Senate 2nd ReadingFeb 25
Senate 3rd ReadingFeb 26
House ConcurrenceFeb 26
Governor SignedMar 17
What This Bill Does
This bill enacts provisions regarding foreign adversary threats to critical infrastructure.
Key Provisions
This bill:
- defines terms;
- directs the Utah Cyber Center to develop guidance on foreign adversary threats to critical infrastructure;
- prohibits use of federally banned equipment in critical infrastructure;
- authorizes voluntary security assessments for critical infrastructure involving foreign adversary technology;
- provides for coordination between the Utah Cyber Center and governmental entities on critical infrastructure security;
- prohibits governmental entities and critical infrastructure providers from contracting for or deploying technology included on a prohibited list maintained by the Utah Cyber Center;
- requires the Utah Cyber Center to publish and maintain a prohibited list of foreign adversary technologies that pose a risk to critical infrastructure;
- prohibits entities with access to critical infrastructure from entering into agreements with foreign principals that would allow remote access to or control of critical infrastructure; and
- authorizes the Utah Cyber Center to approve exceptions to the prohibitions under specified circumstances.
Plain-Language Summary
AI-generated summary. We recommend consulting the bill text for important decisions.
New rules for protecting Utah's critical systems — power grids, water systems, emergency communications, and government data networks — from foreign adversary threats take effect under this bill. It directs the Utah Cyber Center to develop and annually update security guidance for government agencies, publish a prohibited list of foreign adversary technologies (drawing from existing federal ban lists), and bar government entities and critical infrastructure providers from purchasing or deploying anything on that list starting July 1, 2026. The bill also prohibits any company or government entity with significant access to critical infrastructure from entering into agreements that would give a foreign adversary government, party, or business remote access to or control over those systems, with a narrow exception when no reasonable alternative exists.
Votes
Motion: Favorable Recommendation
Motion: Favorable Recommendation
Documents
Floor Debates
Committee Hearings
Other Versions
Substitute #4
Substitute #3
Original
Subjects
Action History74
Governor Signed
Lieutenant Governor's office for filing
House/ to Governor
Executive Branch - Governor
House/ received enrolled bill from Printing
Clerk of the House
House/ enrolled bill to Printing
Clerk of the House
Enrolled Bill Returned to House or Senate
Clerk of the House
Last updated Mar 26, 2026, 9:39 PM