FL S0692

Prohibits local governments from imposing cybersecurity standards on vendors that exceed state standards, except when required by state/federal law or industry-specific regulations, effective July 1, 2026

Grants local governments immunity from liability for cybersecurity incidents if they implement policies substantially complying with recognized frameworks (NIST, ISO/IEC 27000, CIS Controls, etc.), disaster recovery plans, and multi-factor authentication

Creates a presumption against liability in class actions for businesses and third-party agents that maintain cybersecurity programs complying with recognized standards or applicable federal regulations (HIPAA, Gramm-Leach-Bliley Act, FISMA)

Requires entities to update cybersecurity programs within one year of any revisions to applicable frameworks, standards, or regulations to retain liability protection

Specifies that non-compliance with the liability shield provisions cannot be used as evidence of negligence or fault in civil actions, and the defendant bears the burden of proving compliance