New York State has enacted a new cybersecurity-focused procurement law that restricts the technology products state and local government agencies are allowed to purchase.
The law requires the State Chief Information Officer to create and maintain a list of technology products and vendors that government agencies are prohibited from buying due to cybersecurity and national security risks.
The restrictions primarily apply to technology supplied by companies that may be subject to foreign government control or data-sharing obligations, which lawmakers said could pose risks to sensitive government information.
Under the law, state and municipal agencies must avoid purchasing any product placed on the restricted list unless a formal waiver is approved. Waivers are permitted only in limited cases where no reasonable alternative exists.
The legislation is part of a broader effort by New York to strengthen digital security across government systems following a rise in cyber incidents affecting public sector institutions.
State and local agencies will be required to comply with the law once the implementation period begins.