Back to Oregon

HB3936 • 2025

Prohibits any hardware, software or service that uses artificial intelligence from being installed or downloaded onto or used or accessed by state information technology assets if the artificial intelligence is developed or owned by a covered vendor.

Prohibits any hardware, software or service that uses artificial intelligence from being installed or downloaded onto or used or accessed by state information technology assets if the artificial intelligence is developed or owned by a covered vendor.

Technology
Enacted

This bill passed the Legislature and reached final enactment based on the latest official action.

Sponsor
Representative Edwards, Representative Nelson
Last action
2025-07-25
Official status
Chapter Number Assigned
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Prohibits any hardware, software or service that uses artificial intelligence from being installed or downloaded onto or used or accessed by state information technology assets if the artificial intelligence is developed or owned by a covered vendor.

<b>Digest: Bans the use of AI on state assets if the AI is developed or owned by a covered vendor.

What This Bill Does

  • <b>Digest: Bans the use of AI on state assets if the AI is developed or owned by a covered vendor.
  • (Flesch Readability Score: 80.6).</b> [<i>Digest: Bans the use of AI on state assets if the AI is owned or developed by a foreign corporate entity.
  • (Flesch Readability Score: 68.0).</i>] Prohibits any hardware, software or service that uses artificial intelligence from being installed or downloaded onto or used or accessed by state information technology assets if the artificial intelligence is developed or owned by a [<i>corporate entity that is incorporated or registered under the laws of a foreign country</i>]<b> covered vendor</b>.
  • Provides for exceptions.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2025-07-25 House

    Chapter 396, (2025 Laws): Effective date January 1, 2026.

  2. 2025-06-24 House

    Governor signed.

  3. 2025-06-16 House

    Speaker signed.

  4. 2025-06-16 Senate

    President signed.

  5. 2025-06-12 Senate

    Third reading. Carried by Robinson. Passed. Ayes, 27; Excused, 3--Nash, Smith DB, Starr.

  6. 2025-06-11 Senate

    Carried over to 06-12 by unanimous consent.

  7. 2025-06-10 Senate

    Carried over to 06-11 by unanimous consent.

  8. 2025-06-09 Senate

    Carried over to 06-10 by unanimous consent.

  9. 2025-06-05 Senate

    Carried over to 06-09 by unanimous consent.

  10. 2025-06-04 Senate

    Carried over to 06-05 by unanimous consent.

  11. 2025-06-03 Senate

    Carried over to 06-04 by unanimous consent.

  12. 2025-06-02 Senate

    Carried over to 06-03 by unanimous consent.

  13. 2025-05-29 Senate

    Recommendation: Do pass the A-Eng. bill.

  14. 2025-05-29 Senate

    Second reading.

  15. 2025-05-15 Senate

    First reading. Referred to President's desk.

  16. 2025-05-15 Senate

    Referred to Information Management and Technology.

  17. 2025-05-14 House

    Third reading. Carried by Edwards. Passed. Ayes, 52; Excused, 3--Nguyen H, Owens, Wallan; Excused for Business of the House, 4--Boshart Davis, Drazan, Harbick, Reschke.

  18. 2025-05-13 House

    Second reading.

  19. 2025-05-12 House

    Recommendation: Do pass with amendments and be printed A-Engrossed.

  20. 2025-05-09 House

    Work Session held.

  21. 2025-04-18 House

    Public Hearing held.

  22. 2025-03-18 House

    First reading. Referred to Speaker's desk.

  23. 2025-03-18 House

    Referred to Information Management and Technology.

Official Summary Text

<b>Digest: Bans the use of AI on state assets if the AI is developed or owned by a covered vendor. (Flesch Readability Score: 80.6).</b>
[<i>Digest: Bans the use of AI on state assets if the AI is owned or developed by a foreign corporate entity. (Flesch Readability Score: 68.0).</i>]
Prohibits any hardware, software or service that uses artificial intelligence from being installed or downloaded onto or used or accessed by state information technology assets if the artificial intelligence is developed or owned by a [<i>corporate entity that is incorporated or registered under the laws of a foreign country</i>]<b> covered vendor</b>. Provides for exceptions.
Relating to: Relating to the security of state assets.
Current location: Chapter Number Assigned

Current Bill Text

Read the full stored bill text
83rd OREGON LEGISLATIVE ASSEMBLY--2025 Regular Session
Enrolled
House Bill 3936
Sponsored by Representative EDWARDS; Representative NELSON
CHAPTER .................................................
AN ACT
Relating to the security of state assets; amending ORS 276A.340, 276A.344, 276A.346 and 276A.348.
Be It Enacted by the People of the State of Oregon:
SECTION 1.
ORS 276A.340 is amended to read:
276A.340. As used in ORS 276A.340 to 276A.344:
(1) “Artificial intelligence” means a machine-based system that is capable, for a given set
of human-defined objectives, of making predictions, recommendations or decisions influenc-
ing real or virtual environments and uses machine- or human-based inputs to:
(a) Perceive real or virtual environments;
(b) Abstract the perceptions into models through analysis in an automated manner; and
(c) Use model inference to formulate options for information or action.
[(1)] (2) “Covered product” means :
(a) Any form of hardware, software or service provided by a covered vendor.
(b) Any hardware, software or service that uses artificial intelligence and the artificial
intelligence is developed or owned by a covered vendor.
[(2)] (3) “Covered vendor” means any of the following corporate entities, or any parent, subsid-
iary, affiliate or successor entity of the following corporate entities:
(a) Ant Group Co., Limited.
(b) ByteDance Limited.
(c) Huawei Technologies Company Limited.
(d) Kaspersky Lab.
(e) Tencent Holdings Limited.
(f) ZTE Corporation.
(g) Any other corporate entity designated a covered vendor by the State Chief Information Of-
ficer under ORS 276A.344.
[(3)] (4) “State agency” means any board, commission, department, division, office or other entity
of state government, as defined in ORS 174.111, except that state government does not include the
Secretary of State or State Treasurer.
[(4)] (5) “State information technology asset” means any form of hardware, software or service
for data processing, office automation or telecommunications used directly by a state agency or used
to a significant extent by a contractor in the performance of a contract with a state agency.
SECTION 2.
ORS 276A.344 is amended to read:
276A.344. (1) The State Chief Information Officer shall adopt:
(a) Rules pertaining to the designation of a corporate entity as a covered vendor under ORS
276A.340 [(2)(g)] (3)(g); and
Enrolled House Bill 3936 (HB 3936-A) Page 1
(b) Policies and standards for state agencies to implement the provisions of ORS 276A.342.
(2) The rules adopted under this section must include:
(a) The definition of “national security threat” for purposes of protecting state information
technology assets;
(b) Criteria and a process for determining when a corporate entity poses a national security
threat; and
(c) Criteria and a process for determining when a corporate entity no longer poses a national
security threat.
(3) The policies and standards adopted under this section must include:
(a) The procedures for providing state agencies, the Secretary of State and the State Treasurer
notice that a corporate entity is designated or no longer designated a covered vendor under ORS
276A.340 [(2)(g)] (3)(g);
(b) The time schedules for implementing the requirements under ORS 276A.342 with regard to
a corporate entity that is designated a covered vendor by the State Chief Information Officer; and
(c) The time schedules for incorporating the requirements under ORS 276A.342 into a state
agency’s information security plans, standards or measures.
SECTION 3.
ORS 276A.346 is amended to read:
276A.346. (1) As used in this section:
(a) “Artificial intelligence” means a machine-based system that is capable, for a given
set of human-defined objectives, of making predictions, recommendations or decisions influ-
encing real or virtual environments and uses machine- or human-based inputs to:
(A) Perceive real or virtual environments;
(B) Abstract the perceptions into models through analysis in an automated manner; and
(C) Use model inference to formulate options for information or action.
[(a)] (b) “Covered product” means :
(A) Any form of hardware, software or service provided by a covered vendor.
(B) Any hardware, software or service that uses artificial intelligence and the artificial
intelligence is developed or owned by a covered vendor.
[(b)] (c) “Covered vendor” means any of the following corporate entities, or any parent, subsid-
iary, affiliate or successor entity of the following corporate entities:
(A) Ant Group Co., Limited.
(B) ByteDance Limited.
(C) Huawei Technologies Company Limited.
(D) Kaspersky Lab.
(E) Tencent Holdings Limited.
(F) ZTE Corporation.
[(c)] (d) “State information technology asset” means any form of hardware, software or service
for data processing, office automation or telecommunications used directly by the office of the Sec-
retary of State or used to a significant extent by a contractor in the performance of a contract with
the office of the Secretary of State.
(2) Except as provided in subsection (4) of this section, the Secretary of State shall:
(a) Prohibit a covered product from being:
(A) Installed or downloaded onto a state information technology asset; or
(B) Used or accessed by a state information technology asset;
(b) Remove any covered product that is installed or downloaded onto a state information tech-
nology asset; and
(c) Implement all measures necessary to prevent the:
(A) Installation or download of a covered product onto a state information technology asset; or
(B) Use or access of a covered product by a state information technology asset.
(3) For any corporate entity that the State Chief Information Officer designates as a covered
vendor under ORS 276A.344, the secretary may:
(a) Prohibit a covered product from being:
Enrolled House Bill 3936 (HB 3936-A) Page 2
(A) Installed or downloaded onto a state information technology asset; or
(B) Used or accessed by a state information technology asset;
(b) Remove any covered product that is installed or downloaded onto a state information tech-
nology asset; and
(c) Implement all measures necessary to prevent the:
(A) Installation or download of a covered product onto a state information technology asset; or
(B) Use or access of a covered product by a state information technology asset.
(4) If the secretary adopts risk mitigation standards and procedures related to the installation,
download, use or access of a covered product, the secretary may, for investigatory, regulatory or
law enforcement purposes, permit the:
(a) Installation or download of the covered product onto a state information technology asset;
or
(b) Use or access of the covered product by a state information technology asset.
SECTION 4.
ORS 276A.348 is amended to read:
276A.348. (1) As used in this section:
(a) “Artificial intelligence” means a machine-based system that is capable, for a given
set of human-defined objectives, of making predictions, recommendations or decisions influ-
encing real or virtual environments and uses machine- or human-based inputs to:
(A) Perceive real or virtual environments;
(B) Abstract the perceptions into models through analysis in an automated manner; and
(C) Use model inference to formulate options for information or action.
[(a)] (b) “Covered product” means :
(A) Any form of hardware, software or service provided by a covered vendor.
(B) Any hardware, software or service that uses artificial intelligence and the artificial
intelligence is developed or owned by a covered vendor.
[(b)] (c) “Covered vendor” means any of the following corporate entities, or any parent, subsid-
iary, affiliate or successor entity of the following corporate entities:
(A) Ant Group Co., Limited.
(B) ByteDance Limited.
(C) Huawei Technologies Company Limited.
(D) Kaspersky Lab.
(E) Tencent Holdings Limited.
(F) ZTE Corporation.
[(c)] (d) “State information technology asset” means any form of hardware, software or service
for data processing, office automation or telecommunications used directly by the office of the State
Treasurer or used to a significant extent by a contractor in the performance of a contract with the
office of the State Treasurer.
(2) Except as provided in subsection (4) of this section, the State Treasurer shall:
(a) Prohibit a covered product from being:
(A) Installed or downloaded onto a state information technology asset; or
(B) Used or accessed by a state information technology asset;
(b) Remove any covered product that is installed or downloaded onto a state information tech-
nology asset; and
(c) Implement all measures necessary to prevent the:
(A) Installation or download of a covered product onto a state information technology asset; or
(B) Use or access of a covered product by a state information technology asset.
(3) For any corporate entity that the State Chief Information Officer designates as a covered
vendor under ORS 276A.344, the State Treasurer may:
(a) Prohibit a covered product from being:
(A) Installed or downloaded onto a state information technology asset; or
(B) Used or accessed by a state information technology asset;
Enrolled House Bill 3936 (HB 3936-A) Page 3
(b) Remove any covered product that is installed or downloaded onto a state information tech-
nology asset; and
(c) Implement all measures necessary to prevent the:
(A) Installation or download of a covered product onto a state information technology asset; or
(B) Use or access of a covered product by a state information technology asset.
(4) If the State Treasurer adopts risk mitigation standards and procedures related to the in-
stallation, download, use or access of a covered product, the State Treasurer may, for investigatory,
regulatory or law enforcement purposes, permit the:
(a) Installation or download of the covered product onto a state information technology asset;
or
(b) Use or access of the covered product by a state information technology asset.
Passed by House May 14, 2025
..................................................................................
Timothy G. Sekerak, Chief Clerk of House
..................................................................................
Julie Fahey, Speaker of House
Passed by Senate June 12, 2025
..................................................................................
Rob Wagner, President of Senate
Received by Governor:
........................M.,........................................................., 2025
Approved:
........................M.,........................................................., 2025
..................................................................................
Tina Kotek, Governor
Filed in Office of Secretary of State:
........................M.,........................................................., 2025
..................................................................................
Tobias Read, Secretary of State
Enrolled House Bill 3936 (HB 3936-A) Page 4