Back to Oregon

HB3228 • 2025

Directs the Oregon Cybersecurity Advisory Council to conduct assessments to address the reasons why public bodies in this state are unable to meet cybersecurity insurance coverage requirements.

Directs the Oregon Cybersecurity Advisory Council to conduct assessments to address the reasons why public bodies in this state are unable to meet cybersecurity insurance coverage requirements.

Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Representative Nathanson,, Senator Woods,, Representative Mannix
Last action
2025-06-27
Official status
In House Committee
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Directs the Oregon Cybersecurity Advisory Council to conduct assessments to address the reasons why public bodies in this state are unable to meet cybersecurity insurance coverage requirements.

<b>Digest: Makes a council assess why public bodies are not able to get cybersecurity insurance.

What This Bill Does

  • <b>Digest: Makes a council assess why public bodies are not able to get cybersecurity insurance.
  • Tells the council to submit a report on its findings.
  • Creates a fund.
  • (Flesch Readability Score: 62.9).</b> [<i>Digest: Makes a council study the use of cybersecurity insurance for public bodies.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2025-06-27 House

    In committee upon adjournment.

  2. 2025-04-21 House

    Recommendation: Do pass with amendments, be printed A-Engrossed, and be referred to Ways and Means by prior reference.

  3. 2025-04-21 House

    Referred to Ways and Means by prior reference.

  4. 2025-04-18 House

    Work Session held.

  5. 2025-03-21 House

    Public Hearing held.

  6. 2025-01-17 House

    Referred to Information Management and Technology with subsequent referral to Ways and Means.

  7. 2025-01-13 House

    First reading. Referred to Speaker's desk.

Official Summary Text

<b>Digest: Makes a council assess why public bodies are not able to get cybersecurity insurance. Tells the council to submit a report on its findings. Creates a fund. (Flesch Readability Score: 62.9).</b>
[<i>Digest: Makes a council study the use of cybersecurity insurance for public bodies. Tells the council to submit a report on its findings. Creates a fund. (Flesch Readability Score: 63.0).</i>]
[<i>Requires the Oregon Cybersecurity Advisory Council to study the use of cybersecurity insurance for public bodies.</i>] <b>Directs the Oregon Cybersecurity Advisory Council to conduct assessments to address the reasons why public bodies in this state are unable to meet cybersecurity insurance coverage requirements.</b> Directs the advisory council to submit findings to the interim committees of the Legislative Assembly related to information management and technology not later than [<i>December 31, 2025</i>] <b>September 30, 2026</b>.
Establishes the Oregon Cybersecurity Resilience Fund. Appropriates moneys in the fund to the Higher Education Coordinating Commission for distribution to the Oregon Cybersecurity Center of Excellence to assist public bodies with cybersecurity insurance requirements and cybersecurity <b> vulnerabilities, training and</b> incidents.
Declares an emergency, effective on passage.
Relating to: Relating to cybersecurity; declaring an emergency.
Current location: In House Committee

Current Bill Text

Read the full stored bill text
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
83rd OREGON LEGISLATIVE ASSEMBLY--2025 Regular Session
A-Engrossed
House Bill 3228
Ordered by the House April 21
Including House Amendments dated April 21
Sponsored by Representative NATHANSON, Senator WOODS, Representative MANNIX (Presession filed.)
SUMMARY
The following summary is not prepared by the sponsors of the measure and is not a part of the body thereof subject
to consideration by the Legislative Assembly. It is an editor’s brief statement of the essential features of the
measure. The statement includes a measure digest written in compliance with applicable readability standards.
Digest: Makes a council assess why public bodies are not able to get cybersecurity in-
surance. Tells the council to submit a report on its findings. Creates a fund. (Flesch Read-
ability Score: 62.9).
[Digest: Makes a council study the use of cybersecurity insurance for public bodies. Tells the
council to submit a report on its findings. Creates a fund. (Flesch Readability Score: 63.0).]
[Requires the Oregon Cybersecurity Advisory Council to study the use of cybersecurity insurance
for public bodies. ] Directs the Oregon Cybersecurity Advisory Council to conduct assessments
to address the reasons why public bodies in this state are unable to meet cybersecurity in-
surance coverage requirements. Directs the advisory council to submit findings to the interim
committees of the Legislative Assembly related to information management and technology not later
than [ December 31, 2025 ] September 30, 2026.
Establishes the Oregon Cybersecurity Resilience Fund. Appropriates moneys in the fund to the
Higher Education Coordinating Commission for distribution to the Oregon Cybersecurity Center of
Excellence to assist public bodies with cybersecurity insurance requirements and cybersecurity
vulnerabilities, training and incidents.
Declares an emergency, effective on passage.
A BILL FOR AN ACT
Relating to cybersecurity; and declaring an emergency.
Be It Enacted by the People of the State of Oregon:
SECTION 1.
(1) The Oregon Cybersecurity Advisory Council shall conduct assessments
to identify and document cybersecurity vulnerabilities and recommend actions to address the
reasons why public bodies, as defined in ORS 174.109, throughout this state are unable to
meet cybersecurity insurance coverage requirements. The advisory council shall submit a
report in the manner provided by ORS 192.245, and may include recommendations for legis-
lation, to the interim committees of the Legislative Assembly related to information man-
agement and technology no later than September 30, 2026.
(2) The State Chief Information Officer and the Oregon Cybersecurity Center of Excel-
lence shall provide staff and support services to the advisory council necessary for the ad-
visory council to complete the assessments and report.
SECTION 2. Section 1 of this 2025 Act is repealed on January 2, 2027.
SECTION 3. (1) The Oregon Cybersecurity Resilience Fund is established in the State
Treasury, separate and distinct from the General Fund. Interest earned by the Oregon
Cybersecurity Resilience Fund must be credited to the fund.
(2) Moneys in the fund shall consist of:
(a) Amounts donated to the fund;
(b) Amounts appropriated or otherwise transferred to the fund by the Legislative As-
NOTE: Matter in boldfaced type in an amended section is new; matter [ italic and bracketed] is existing law to be omitted.
New sections are in boldfaced type.
LC 1367
A-Eng. HB 3228
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sembly; and
(c) Other amounts deposited in the fund from any source.
(3) Moneys in the fund are continuously appropriated to the Higher Education Coordi-
nating Commission for distribution to the Oregon Cybersecurity Center of Excellence for the
purposes of assisting public bodies, as defined in ORS 174.109, with:
(a) Assessing and documenting cybersecurity vulnerabilities and the specific
cybersecurity insurance coverage requirements that the public bodies are unable to meet;
(b) Meeting cybersecurity insurance coverage requirements;
(c) Cybersecurity training; and
(d) Preparing and planning for, mitigating, responding to and recovering from a
cyberattack, information security incident or data breach.
SECTION 4.
This 2025 Act being necessary for the immediate preservation of the public
peace, health and safety, an emergency is declared to exist, and this 2025 Act takes effect
on its passage.
[2]