Bill > HB5330

This bill establishes comprehensive cybersecurity and data protection requirements for small unmanned aircraft systems (drones) used by public entities or contractors. Starting one year after the bill's effective date, any drone under 55 pounds must meet stringent security standards, including storing and transmitting all data exclusively within the United States in compliance with privacy laws and federal cybersecurity guidelines. The bill mandates end-to-end encryption, secure network operation, multifactor authentication, role-based access controls, and tamper-proof hardware. Drones must also incorporate real-time monitoring systems, implement automatic data deletion policies (within 45 days), and undergo annual security audits to obtain certifications from recognized cybersecurity standards like NIST, ISO 27001, and SOC 2. The Michigan State Police Department is tasked with establishing detailed regulations for implementation, including security assessments, privacy protection measures, network security controls, operator training requirements, and enforcement mechanisms. Non-compliant drones will be disqualified from use by public entities or their contractors, ensuring a robust framework for drone cybersecurity and data protection.

Transportation and Infrastructure

https://legislature.mi.gov/Bills/Bill?ObjectName=2025-HB-5330