Bill > HB4235

This bill establishes the "prohibited applications on government-issued devices act," which aims to enhance cybersecurity for state and local government entities by restricting the use of certain applications on government-owned electronic devices. The bill defines "prohibited applications" as internet applications created by foreign principals from countries like China, Russia, Iran, and others that pose potential security risks, such as collecting sensitive data, conducting cyber-espionage, or tracking users. Public employers are required to block these applications from their networks, restrict access on government-issued devices, and maintain the ability to remotely remove such applications. Employees and officers are generally prohibited from downloading or accessing these applications, with a narrow exception for law enforcement conducting investigations. The Department of Technology, Management, and Budget will compile and maintain a quarterly updated list of prohibited applications and establish procedures for potential waivers. Employees must remove any listed prohibited applications from their devices within 15 days of the list being updated. Entities can request a waiver for specific circumstances, which must include details about the proposed activity, risk mitigation strategies, and a limited timeframe. The bill takes effect on December 31, 2025, and reflects the legislature's intent to secure government technology systems and protect sensitive information.

Government Affairs

https://legislature.mi.gov/Bills/Bill?ObjectName=2025-HB-4235