Back to Oklahoma

HB4132 • 2026

Technology; liability protections; counties; municipalities; cybersecurity frameworks; State Auditor and Inspector; effective date.

Technology; liability protections; counties; municipalities; cybersecurity frameworks; State Auditor and Inspector; effective date.

Technology
Active

The official status still shows this bill as active or still awaiting another formal step.

Sponsor
Steagall
Last action
2026-04-01
Official status
Second Reading referred to Technology and Telecommunications
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Technology; liability protections; counties; municipalities; cybersecurity frameworks; State Auditor and Inspector; effective date.

Technology; liability protections; counties; municipalities; cybersecurity frameworks; State Auditor and Inspector; effective date.

What This Bill Does

  • Technology; liability protections; counties; municipalities; cybersecurity frameworks; State Auditor and Inspector; effective date.
  • Bill Summaries/Fiscal Impact for HB 4132 (House): Introduced (2/18/2026)

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-04-01 Senate

    Second Reading referred to Technology and Telecommunications

  2. 2026-03-23 House

    Engrossed, signed, to Senate

  3. 2026-03-23 Senate

    First Reading

  4. 2026-03-17 House

    General Order

  5. 2026-03-17 House

    Third Reading, Measure passed: Ayes: 77 Nays: 0

  6. 2026-03-17 House

    Referred for engrossment

  7. 2026-03-05 House

    CR; Do Pass Government Oversight Committee

  8. 2026-03-05 House

    Authored by Senator Alvord (principal Senate author)

  9. 2026-02-18 House

    Policy recommendation to the Government Oversight committee; Do Pass County and Municipal Government

  10. 2026-02-18 House

    Coauthored by Representative(s) Fetgatter

  11. 2026-02-11 House

    Remove Representative Fetgatter as principal House author and substitute with Representative Steagall

  12. 2026-02-11 House

    Withdrawn from Rules Committee

  13. 2026-02-11 House

    Referred to Government Oversight

  14. 2026-02-11 House

    Referred to County and Municipal Government

  15. 2026-02-03 House

    Second Reading referred to Rules

  16. 2026-02-02 House

    First Reading

  17. 2026-02-02 House

    Authored by Representative Fetgatter

Official Summary Text

Technology; liability protections; counties; municipalities; cybersecurity frameworks; State Auditor and Inspector; effective date.
Bill Summaries/Fiscal Impact for HB 4132 (House): Introduced (2/18/2026)

Current Bill Text

Read the full stored bill text
ENGR. H. B. NO. 4132 Page 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

ENGROSSED HOUSE
BILL NO. 4132 By: Steagall and Fetgatter of
the House

and

Alvord of the Senate

An Act relating to technology; providing liability
protections for counties and municipalities that
adopt recognized cybersecurity frameworks; providing
requirements for safe harbor qualification;
permitting counties and municipalities to submit
summary information to State Auditor and Inspector;
providing for codification; and providing an
effective date.

BE IT ENACTED BY THE PEOPLE OF THE STATE OF OKLAHOMA:
SECTION 1. NEW LAW A new section of law to be codified
in the Oklahoma Statutes as Section 1000 of Title 75A, unless there
is created a duplication in numbering, reads as follows:
A. No county or municipality shall be held liable in a civil
lawsuit for damages resulting from a data breach or cybersecurity
incident if, at the time of the breach or incident, the county or
municipality had adopted and reasonably conformed its practices to
one or more of the following frameworks:

ENGR. H. B. NO. 4132 Page 2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

1. The National Institute of Standards and Technology (NIST)
Cybersecurity Framework;
2. The Center for Internet Security (CIS) Critical Security
Controls; or
3. The ISO/IEC 27000 series of information security standards.
B. To qualify for safe harbor under this section, a county or
municipality shall:
1. Complete and submit an annual self-certification by the
county or municipality information technology officer or designee to
the governing body of the county or municipality affirming
conformity to the selected framework;
2. Maintain documentation and records demonstrating
implementation of cybersecurity practices, including, but not
limited to, policies, asset inventories, multifactor authentication,
patching, backups, employee training, incident response, business
continuity, and disaster recovery plans; and
3. Obtain an independent review by a qualified external
assessor not less than once every three (3) years, with the
resulting report to be retained by the county or municipality and
deemed confidential pursuant to the Oklahoma Open Records Act.
C. A county or municipality may voluntarily submit summary
information regarding its self-certification or independent review
to the State Auditor and Inspector for the purpose of statewide
benchmarking and education.

ENGR. H. B. NO. 4132 Page 3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

SECTION 2. This act shall become effective November 1, 2026.
Passed the House of Representatives the 17th day of March, 2026.

Presiding Officer of the House
of Representatives

Passed the Senate the _____ day of __________, 2026.

Presiding Officer of the Senate