KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Tennessee

HB0549 • 2026

State Government

AN ACT to amend Tennessee Code Annotated, Title 4, relative to critical infrastructure.

Labor Technology
Active

The official status still shows this bill as active or still awaiting another formal step.

Sponsor
Cochran, Rose
Last action
2025-02-05
Official status
Assigned to s/c Public Service Subcommittee
Effective date
Not listed

Plain English Breakdown

The bill does not provide detailed information on penalties for non-compliance.

Tennessee Critical Infrastructure Protection Act

This act aims to protect Tennessee's critical infrastructure by prohibiting foreign adversaries from accessing it and requiring companies with access to such infrastructure to follow strict security measures.

What This Bill Does

  • Defines 'critical infrastructure' as systems that are vital for the state or nation’s security, economy, public health, or a combination of these factors.
  • Prohibits companies and government entities from entering agreements with foreign adversaries that would allow them direct access to critical infrastructure in Tennessee.
  • Requires companies accessing critical infrastructure to file a certification form and pay a fee to the Department of Commerce and Insurance.
  • Sets rules for hiring employees who have access to critical infrastructure, including background checks and restrictions on foreign nationals.
  • Limits the use of data centers or cloud services that are foreign entities.

Who It Names or Affects

  • Companies with significant access to Tennessee's critical infrastructure
  • Governmental entities in Tennessee
  • Foreign companies and governments listed as adversaries

Terms To Know

Critical Infrastructure
Systems or assets that are vital for the state or nation’s security, economy, public health, or a combination of these factors.
Foreign Adversary
Countries listed in 15 CFR 791.4, including China, Cuba, Iran, North Korea, and Russia.

Limits and Unknowns

  • The bill does not specify what happens if a company fails to comply with the certification requirements.
  • It is unclear how this act will be enforced or what penalties companies might face for non-compliance.

Bill History

  1. 2025-02-12 Tennessee General Assembly

    Passed on Second Consideration, refer to Senate State and Local Government Committee

  2. 2025-02-10 Tennessee General Assembly

    Introduced, Passed on First Consideration

  3. 2025-02-05 Tennessee General Assembly

    Assigned to s/c Public Service Subcommittee

  4. 2025-02-05 Tennessee General Assembly

    P2C, ref. to State & Local Government Committee

  5. 2025-02-03 Tennessee General Assembly

    Intro., P1C.

  6. 2025-01-29 Tennessee General Assembly

    Filed for introduction

  7. 2025-01-28 Tennessee General Assembly

    Filed for introduction

Official Summary Text

This bill enacts the
"Tennessee Critical Infrastructure Protection Act
,
"
the purpose of which is to
protect critical infrastructure in
this state by prohibiting foreign adversaries from accessing state critical infrastructure, assessing the state's vulnerability to sanctioned communications equipment, and prohibiting the use of adversary cameras and laser sensor technologies in this sta
t
e's transportation systems.
As used in this bill, "critical
infrastructure" means systems and assets, whether physical or virtual, so vital to this state or the United States that the incapacity or destruction of such systems and assets would have a debil
itating impact on state or national security, state or national economic security, state or national public health, or any combination of those matters. A critical infrastructure may be publicly or privately owned, and includes, but is not limited to

(
i
)
g
as and oil production, storage, or delivery systems;

(
ii
)
w
ater supply, refinement, storage, or delivery systems;

(
iii
)
t
elecommunications networks;

(
iv
)
e
lectrical power delivery systems;

(
v
)
e
mergency services;

(
vi
)
t
ransportation systems and services;
or

(
vii
)
p
ersonal data or otherwise classified information storage systems, including cybersecurity
.

As used in this bill, a "foreign
adversary" means those countries listed in 15 CFR 791.4, as amended
, which, as of the preparation of this summary, inclu
des t
he People's Republic of China, including the Hong Kong Special Administrative Region and the Macau Special Administrative Region (China);
the
Republic of Cuba (Cuba);
the
Islamic Republic of Iran (Iran);
the
Democratic People's Republic of Korea (Nort
h Korea);
and the
Russian Federation (Russia)
.

This bill generally prohibits a
company or other entity that constructs, repairs, operates, or otherwise has significant access to critical infrastructure
from
enter
ing
into an agreement relating to critical
infrastructure in this state with a foreign principal from a foreign adversary country if the agreement would allow such foreign principal to directly or remotely access or control critical infrastructure in this state.

This bill generally prohibits a
g
overnmental entity
from
enter
ing
into a contract or other agreement relating to critical infrastructure in this state with a company that is a foreign principal from a foreign adversary country if the agreement would allow such foreign principal to directly or remotely access or control

critical infrastructure in this state.

However, this bill authorizes
a governmental or non-governmental entity
to
enter into a contract or agreement relating to critical infrastructure with a foreign principal from a foreign adversary country or use prod
ucts or services produced by such foreign principal if
(i) t
here is no other reasonable option for addressing the need relevant to state critical infrastructure;
(ii) t
he contract is pre-approved by the department of finance and administration; and

(
iii
)
n
ot entering into such a contract or agreement would pose a greater threat to the state than the threat associated with entering into the contract.

CERTIFICATION REQUIRED

In order
to access critical infrastructure,
this bill requires
a company t
o
file a
certification form with and pay a certification fee to the department
of commerce and insurance ("department")
on a registration form created by the department.
In order to
maintain registration as a company with access to critical infrastructure, a compa
ny must
comply with all of the following.



Identify all employee positions in the organization that have access to critical infrastructure
.



Before hiring such a person or allowing such a person to continue to have access to critical infrastructure, obtain from the department of safety or a private vendor the
c
riminal history of the prospective employee and

any other background information considered necessary by the company or required by the department to protect critical infrastructure from foreign adversary infiltration or interference
.



Prohibit foreign nationals from an adversary nation from having access to critical infrastructure
.



Disclose any ownership of, partnership with, or control from an entity not domiciled within the United States
.



Store and process all data generated by such critical infrastructure on domestic servers
.



Not use cloud service providers or data centers that are foreign entities
.



Immediately report any cyberattack, security breach, or suspicious activity to the department
.



Be in compliance with
this bill
.

This bill requires

t
he department
to
set the fee in an amount sufficient to cover the costs of administering the certification process
.

H
owever
,
such fee
must
not exceed $150.

This bill requires t
he department
to
revoke the certification of a company that is not in compliance with th
e provisions under this heading.

NOTIFICATION AND INVESTIGATION

This bill requires an
owner of a critical infrastructure installation
to
notify the department of a proposed sale or t
ransfer of such critical infrastructure to, or investment in such critical infrastructure by, an entity domiciled outside of the United States or an entity with any foreign adversary ownership.

This bill provides that the
department has 30 days from the
receipt of the notice to investigate the proposed sale, transfer, or investment therein. If the department reasonably determines that the proposed sale or transfer of, or investment in, critical infrastructure is a threat to state critical infrastructure

security, state economic security, state public health, or any combination of those matters, then the attorney general
must
file a request for an injunction opposing the proposed sale, transfer, or investment on behalf of the department. Upon a finding by
a court that such sale, transfer, or investment poses a reasonable threat to state critical infrastructure security, state economic security, state or national public health, or any combination of those matters, then the court
must
permanently enjoin the
proposed sale, transfer, or investment.

This bill requires t
he department
to
notify critical infrastructure entities of known or suspected cyber threats, vulnerabilities, and adversarial activities to
(i) i
dentify and close similar threats, vulnerabiliti
es, and activities in like critical infrastructure installations or processes
;
and
(ii) m
aintain operational security and normal functioning of critical infrastructure.

The notification given is intended to protect the rights of private critical infrastru
cture entities by reducing the extent to which trade secrets or other proprietary information is shared between entities, to the extent that such precaution does not inhibit the ability of the department to effectively communicate the threat of a known or

suspected exploit or adversarial activity.

SOFTWARE

This bill prohibits
software used in state infrastructure located within or serving this state
from
includ
ing
software produced by a company headquartered in and subject to the laws of a foreign advers
ary, or a company under the direction or control of a foreign adversary.

All software used in state infrastructure in operation within or serving this state, including state infrastructure that is not permanently disabled, must comply with
this bill
.

This bill prohibits a
ny state infrastructure provider that removes, discontinues, or replaces any prohibited software
from
be
ing
required to obtain additional permits from a state agency or political subdivision for the removal, discontinuance, or replacem
ent of such software as long as the state agency or political subdivision is properly notified of the necessary replacements and such agency or subdivision can reasonably determine that the replacement software is similar to the existing software.

VENDOR
OF A SCHOOL BUS SYSTEMS

On or after July 1, 2025,
this bill prohibits
a governmental entity or critical infrastructure provider
from
knowingly enter
ing
into or renew
ing
a contract with a contracting vendor of a school bus infraction detection system, spe
ed detection system, traffic infraction detector, or other camera system used for enforcing traffic if
(i) t
he contracting vendor is owned by the government of a foreign adversary;
(ii) t
he government of a foreign adversary has a controlling interest in th
e contracting vendor; or

(
iii
)
t
he contracting vendor is selling a product produced by a government of a foreign adversary, a company primarily domiciled in a foreign adversary, or a company owned or controlled by a company primarily domiciled in a foreign
adversary.

LIGHT DETECTION AND RANGING (LiDAR) TECHNOLOGY PROVIDER

On or after July 1, 2025,
this bill prohibits
a governmental entity
from
knowingly enter
ing
into or renew
ing
a contract with a LiDAR technology provider if

(
i
)
t
he contracting vendor is
owned by the government of a foreign adversary; (
ii
)
t
he government of a foreign adversary has a controlling interest in the contracting vendor; or

(
iii
)
t
he contracting vendor is selling a product produced by a government of a foreign adversary, a compan
y primarily domiciled in a foreign adversary, or a company owned or controlled by a company primarily domiciled in a foreign adversary.

On or after July 1, 2025,
this bill requires
the department of safety
to
create a public listing of prohibited traffic
camera and Light Detection and Ranging (LiDAR) technologies for governmental entities and critical infrastructure providers.

VENDOR OF A WI-FI ROUTER OR MODEM SYSTEM

On or after July 1, 2025,
this bill prohibits
a governmental entity
from
knowingly ent
er
ing
into or renew
ing
a contract with a contracting vendor of a Wi-Fi router or modem system if

(
i
)
t
he contracting vendor is owned by the government of a foreign adversary;

(
ii
)
t
he government of a foreign adversary has a controlling interest in the cont
racting vendor; or

(
iii
)
t
he contracting vendor is selling a product produced by a government of a foreign adversary, a company primarily domiciled in a foreign adversary, or a company owned or controlled by a company primarily domiciled in a foreign adver
sary.

On or after July 1, 2025,
this bill requires
every critical infrastructure provider in this state
to
certify to the department that it does not use a Wi-Fi router or modem system
(i) p
roduced by a company that is owned by the government of a foreig
n adversary;

(
ii
)
p
roduced by a company in which a foreign adversary has a controlling interest; or

(
iii
)
p
roduced by a company primarily domiciled in a foreign adversary, or a company owned or controlled by a company primarily domiciled in a foreign adver
sary.

On or after July 1, 2025,
this bill requires
the department
to
create, maintain, and update a public listing of prohibited Wi-Fi router and modem system technologies for government entities and critical infrastructure providers.

COMMUNICATIONS
PROVIDER

This bill requires

a
communications provider providing service in this state and that still utilizes equipment from a federally banned corporation in providing service to this state
to
file a registration form with and pay a registration fee to
the department by September 1, 2025, and on January 1 on each year thereafter. The communications provider
must
register with the department prior to providing service. The department
must
prescribe the registration form to be filed pursuant to this sect
ion.

This bill requires a
communications provider
to
provide the department with the name, address, telephone number, and email address of a person with managerial responsibility for the operations.

A communications provider
must do all of the following
:



Submit a registration fee at the time of submission of the registration form. The department
must
set the fee in an amount sufficient to cover the costs of administering the registration process but not to exceed $50
.



Keep the information required by this section current and notify the commission of any changes to such information within 60 days after the change
.



Certify to the department by January 1 each year all instances of prohibited critical communications equipment or services covered under
this bill
if the communications provider is a participant in the Federal Secure and Trusted Communications Networks Reimbursement Program, established by the federal Secure and Trusted Communications Networks Act of 2019, along with the geographic coordinates of the areas served by such prohibited equipment.

If a communications provider certifies to the department that the provider is a participant in the federal Secure and Trusted Communications Networks Reimbursement Program pursuant to
this bill,
then
thi
s bill requires
the provider
to
submit a status report to the department every quarter to prove the provider's compliance with the reimbursement program.

This bill requires the
department
to
issue an administrative fine to a communications provider who
(
i) v
iolates
the provisions under this heading
, with the fine to be not less than $5,000 and not greater than $25,000 for each day of noncompliance; and
(ii) k
nowingly submits a false registration form described in this section, with the fine to be not less
than $10,000 and not greater than $20,000 for each day of noncompliance.

This bill provides that a
communications provider who fails to comply with
the provisions under this heading
is prohibited from receiving any state or local funds for the developme
nt or support of new or existing critical communications infrastructure, including the Tennessee communications universal service fund, and is prohibited from receiving any federal funds subject to distribution by state or local governments for the develo
p
ment or support of new or existing critical communications infrastructure.

This bill requires

t
he department
to
develop and publish, on a quarterly basis, a map of known prohibited communications equipment as covered in this chapter within all communicat
ions within or serving this state. The map must
(i) c
learly indicate the location of the prohibited equipment and the communications area serviced by the prohibited equipment;

(
ii
)
i
dentify the communications provider who owns or is otherwise responsible
for the prohibited equipment;

(
iii
)
m
ake clearly legible the areas serviced by the prohibited equipment; and

(
iv
)
d
escribe the nature of the prohibited equipment by stating, at a minimum, the prohibited equipment manufacturer and equipment type or purpose.

Current Bill Text

Read the full stored bill text 
SENATE BILL 378
By Rose

HOUSE BILL 549
By Cochran

HB0549
000268
- 1 -

AN ACT to amend Tennessee Code Annotated, Title 4,
relative to critical infrastructure.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF TENNESSEE:
SECTION 1. Tennessee Code Annotated, Title 4, is amended by adding the following
as a new chapter:
4-59-101.
(a) This chapter is known and may be cited as the "Tennessee Critical
Infrastructure Protection Act."
(b) The purpose of this chapter is to protect critical infrastructure in this state by
prohibiting foreign adversaries from accessing state critical infrastructure, assessing the
state's vulnerability to sanctioned communications equipment, and prohibiting the use of
adversary cameras and laser sensor technologies in this state's transportation systems.
4-59-102. As used in this chapter:
(1) "Company" means:
(A) A for-profit sole proprietorship, organization, association, corporation,
partnership, joint venture, limited partnership, limited liability partnership, or
limited liability company, including a wholly owned subsidiary, majority-owned
subsidiary, parent company, or affiliate of those entities or business associations
that exists to make a profit; or
(B) A nonprofit organization;
(2) "Critical infrastructure" means systems and assets, whether physical or
virtual, so vital to this state or the United States that the incapacity or destruction of such

- 2 - 000268

systems and assets would have a debilitating impact on state or national security, state
or national economic security, state or national public health, or any combination of
those matters. A critical infrastructure may be publicly or privately owned, and includes,
but is not limited to:
(A) Gas and oil production, storage, or delivery systems;
(B) Water supply, refinement, storage, or delivery systems;
(C) Telecommunications networks;
(D) Electrical power delivery systems;
(E) Emergency services;
(F) Transportation systems and services; or
(G) Personal data or otherwise classified information storage systems,
including cybersecurity;
(3) "Cybersecurity" means an information system or nonpublic information stored
on an information system;
(4) "Department" means the department of commerce and insurance;
(5) "Domicile" means either the country in which a company is registered, or
where the company's affairs are primarily completed, or where the majority of ownership
share is held;
(6) "Foreign adversary" means those countries listed in 15 CFR 791.4, as
amended;
(7) "Foreign principal" means:
(A) The government or any official of the government of a foreign
adversary;
(B) A political party or member of a political party or any subdivision of a
political party of a foreign adversary;

- 3 - 000268

(C) A partnership, association, corporation, organization, or other
combination of persons organized under the laws of or having its principal place
of business in a foreign adversary, or a subsidiary of such entity, or owned or
controlled wholly or in part by a person, entity, or collection of persons or entities
of a foreign adversary;
(D) A person who is domiciled in a foreign adversary and is not a citizen
or lawful permanent resident of the United States; or
(E) A person, entity, or collection of persons or entities, described in
subdivisions (7)(A)-(D) having a controlling interest in a partnership, association,
corporation, organization, trust, or other legal entity or subsidiary formed for the
purpose of owning real property; and
(8) "Software" means a program or routine, or a set of one (1) or more programs
or routines that are used or intended for use to cause one (1) or more computers or
pieces of computer-related peripheral equipment, or any combination thereof, to perform
a task or set of tasks, as it relates to state infrastructure, or operational software.
4-59-103.
(a) A company or other entity that constructs, repairs, operates, or otherwise has
significant access to critical infrastructure shall not enter into an agreement relating to
critical infrastructure in this state with a foreign principal from a foreign adversary country
if the agreement would allow such foreign principal to directly or remotely access or
control critical infrastructure in this state.
(b) A governmental entity shall not enter into a contract or other agreement
relating to critical infrastructure in this state with a company that is a foreign principal
from a foreign adversary country if the agreement would allow such foreign principal to
directly or remotely access or control critical infrastructure in this state.

- 4 - 000268

(c) Notwithstanding subsections (a) and (b), a governmental or non-
governmental entity may enter into a contract or agreement relating to critical
infrastructure with a foreign principal from a foreign adversary country or use products or
services produced by such foreign principal if:
(1) There is no other reasonable option for addressing the need relevant
to state critical infrastructure;
(2) The contract is pre-approved by the department of finance and
administration; and
(3) Not entering into such a contract or agreement would pose a greater
threat to the state than the threat associated with entering into the contract.
4-59-104.
(a) In order to access critical infrastructure, a company must file a certification
form with and pay a certification fee to the department on a registration form created by
the department.
(b) To maintain registration as a company with access to critical infrastructure, a
company must:
(1) Identify all employee positions in the organization that have access to
critical infrastructure;
(2) Before hiring a person described in subsection (a) or allowing such
person to continue to have access to critical infrastructure, obtain from the
department of safety or a private vendor the:
(A) Criminal history of the prospective employee; and
(B) Any other background information considered necessary by
the company or required by the department to protect critical
infrastructure from foreign adversary infiltration or interference;

- 5 - 000268

(3) Prohibit foreign nationals from an adversary nation from having
access to critical infrastructure;
(4) Disclose any ownership of, partnership with, or control from an entity
not domiciled within the United States;
(5) Store and process all data generated by such critical infrastructure on
domestic servers;
(6) Not use cloud service providers or data centers that are foreign
entities;
(7) Immediately report any cyberattack, security breach, or suspicious
activity to the department; and
(8) Be in compliance with § 4-59-103.
(c) The department shall set the fee in an amount sufficient to cover the costs of
administering the certification process, however such fee may not exceed one hundred
fifty dollars ($150).
(d) The department shall revoke the certification of a company that is not in
compliance with this section.
4-59-105.
(a) An owner of a critical infrastructure installation shall notify the department of
a proposed sale or transfer of such critical infrastructure to, or investment in such critical
infrastructure by, an entity domiciled outside of the United States or an entity with any
foreign adversary ownership.
(b) The department has thirty (30) days from the receipt of the notice required in
subsection (a) to investigate the proposed sale, transfer, or investment therein. If the
department reasonably determines that the proposed sale or transfer of, or investment
in, critical infrastructure is a threat to state critical infrastructure security, state economic

- 6 - 000268

security, state public health, or any combination of those matters, then the attorney
general and reporter shall file a request for an injunction opposing the proposed sale,
transfer, or investment on behalf of the department. Upon a finding by a court that such
sale, transfer, or investment poses a reasonable threat to state critical infrastructure
security, state economic security, state or national public health, or any combination of
those matters, then the court shall permanently enjoin the proposed sale, transfer, or
investment.
(c)
(1) The department shall notify critical infrastructure entities of known or
suspected cyber threats, vulnerabilities, and adversarial activities to:
(A) Identify and close similar threats, vulnerabilities, and activities
in like critical infrastructure installations or processes, in accordance with
§ 4-59-104(b)(7); and
(B) Maintain operational security and normal functioning of critical
infrastructure.
(2) The notification given pursuant to this subsection (c) is intended to
protect the rights of private critical infrastructure entities by reducing the extent to
which trade secrets or other proprietary information is shared between entities, to
the extent that such precaution does not inhibit the ability of the department to
effectively communicate the threat of a known or suspected exploit or adversarial
activity.
4-59-106.
(a) No software used in state infrastructure located within or serving this state
shall include software produced by a company headquartered in and subject to the laws

- 7 - 000268

of a foreign adversary, or a company under the direction or control of a foreign
adversary.
(b) All software used in state infrastructure in operation within or serving this
state, including state infrastructure that is not permanently disabled, must comply with §
4-59-105.
(c) Any state infrastructure provider that removes, discontinues, or replaces any
prohibited software shall not be required to obtain additional permits from a state agency
or political subdivision for the removal, discontinuance, or replacement of such software
as long as the state agency or political subdivision is properly notified of the necessary
replacements and such agency or subdivision can reasonably determine that the
replacement software is similar to the existing software.
4-59-107.
(a) On or after July 1, 2025, a governmental entity or critical infrastructure
provider shall not knowingly enter into or renew a contract with a contracting vendor of a
school bus infraction detection system, speed detection system, traffic infraction
detector, or other camera system used for enforcing traffic if:
(1) The contracting vendor is owned by the government of a foreign
adversary;
(2) The government of a foreign adversary has a controlling interest in
the contracting vendor; or
(3) The contracting vendor is selling a product produced by a
government of a foreign adversary, a company primarily domiciled in a foreign
adversary, or a company owned or controlled by a company primarily domiciled
in a foreign adversary.

- 8 - 000268

(b) On or after July 1, 2025, a governmental entity shall not knowingly enter into
or renew a contract with a Light Detection and Ranging (LiDAR) technology provider if:
(1) The contracting vendor is owned by the government of a foreign
adversary;
(2) The government of a foreign adversary has a controlling interest in
the contracting vendor; or
(3) The contracting vendor is selling a product produced by a
government of a foreign adversary, a company primarily domiciled in a foreign
adversary, or a company owned or controlled by a company primarily domiciled
in a foreign adversary.
(c) On or after July 1, 2025, the department of safety shall create a public listing
of prohibited traffic camera and Light Detection and Ranging (LiDAR) technologies for
governmental entities and critical infrastructure providers.
4-59-108.
(a) On or after July 1, 2025, a governmental entity shall not knowingly enter into
or renew a contract with a contracting vendor of a Wi-Fi router or modem system if:
(1) The contracting vendor is owned by the government of a foreign
adversary;
(2) The government of a foreign adversary has a controlling interest in
the contracting vendor; or
(3) The contracting vendor is selling a product produced by a
government of a foreign adversary, a company primarily domiciled in a foreign
adversary, or a company owned or controlled by a company primarily domiciled
in a foreign adversary.

- 9 - 000268

(b) On or after July 1, 2025, every critical infrastructure provider in this state
shall certify to the department that it does not use a Wi-Fi router or modem system:
(1) Produced by a company that is owned by the government of a foreign
adversary;
(2) Produced by a company in which a foreign adversary has a
controlling interest; or
(3) Produced by a company primarily domiciled in a foreign adversary, or
a company owned or controlled by a company primarily domiciled in a foreign
adversary.
(c) On or after July 1, 2025, the department shall create, maintain, and update a
public listing of prohibited Wi-Fi router and modem system technologies for government
entities and critical infrastructure providers.
4-59-109.
(a) A communications provider providing service in this state and that still utilizes
equipment from a federally banned corporation in providing service to this state shall file
a registration form with and pay a registration fee to the department by September 1,
2025, and on January 1 on each year thereafter. The communications provider shall
register with the department prior to providing service. The department shall prescribe
the registration form to be filed pursuant to this section.
(b) A communications provider shall provide the department with the name,
address, telephone number, and email address of a person with managerial
responsibility for the operations.
(c) A communications provider shall:

- 10 - 000268

(1) Submit a registration fee at the time of submission of the registration
form. The department shall set the fee in an amount sufficient to cover the costs
of administering the registration process but not to exceed fifty dollars ($50.00);
(2) Keep the information required by this section current and notify the
commission of any changes to such information within sixty (60) days after the
change; and
(3) Certify to the department by January 1 each year all instances of
prohibited critical communications equipment or services covered under Section
3 of this act if the communications provider is a participant in the Federal Secure
and Trusted Communications Networks Reimbursement Program, established by
the federal Secure and Trusted Communications Networks Act of 2019, 47
U.S.C. § 1601 et seq., along with the geographic coordinates of the areas served
by such prohibited equipment.
(d) If a communications provider certifies to the department that the provider is a
participant in the federal Secure and Trusted Communications Networks Reimbursement
Program pursuant to subdivision (c)(3), then the provider shall submit a status report to
the department every quarter to prove the provider's compliance with the reimbursement
program.
(e) The department shall issue an administrative fine to a communications
provider who:
(1) Violates this section, with the fine to be not less than five thousand
dollars ($5,000) and not greater than twenty-five thousand dollars ($25,000) for
each day of noncompliance; and

- 11 - 000268

(2) Knowingly submits a false registration form described in this section,
with the fine to be not less than ten thousand dollars ($10,000) and not greater
than twenty thousand dollars ($20,000) for each day of noncompliance.
(f) A communications provider who fails to comply with this section is prohibited
from receiving any state or local funds for the development or support of new or existing
critical communications infrastructure, including the Tennessee communications
universal service fund, and is prohibited from receiving any federal funds subject to
distribution by state or local governments for the development or support of new or
existing critical communications infrastructure.
(g) The department shall develop and publish, on a quarterly basis, a map of
known prohibited communications equipment as covered in this chapter within all
communications within or serving this state. The map must:
(1) Clearly indicate the location of the prohibited equipment and the
communications area serviced by the prohibited equipment;
(2) Identify the communications provider who owns or is otherwise
responsible for the prohibited equipment;
(3) Make clearly legible the areas serviced by the prohibited equipment;
and
(4) Describe the nature of the prohibited equipment by stating, at a
minimum, the prohibited equipment manufacturer and equipment type or
purpose.
SECTION 2. If any provision of this act or its application to any person or circumstance
is held invalid, then the invalidity does not affect other provisions or applications of the act that
can be given effect without the invalid provision or application, and to that end, the provisions of
this act are severable.

- 12 - 000268

SECTION 3. This act takes effect July 1, 2025, the public welfare requiring it.