IL HB4725

Requires all public utilities in Illinois to establish security policies that include safeguards restricting physical and electronic access to critical infrastructure and computerized control systems

Mandates annual affidavits by July 31 from senior security executives certifying their security policies meet 13 specific requirements, including documentation, annual updates, risk assessments, third-party assessments every 2 years, and supply chain risk management

Requires electric utilities to follow North American Electric Reliability Corporation standards, gas utilities to follow Transportation Security Agency guidelines, and water utilities to follow American Water Works Association standards

Obligates regulated entities to report notable, unusual, or significant cybersecurity incidents to the Illinois Commerce Commission within 48 hours or as soon as practicable

Protects all attestations, reports, and submissions from public inspection unless otherwise ordered by the Commission, while requiring entities to provide annual written or oral reports on their cybersecurity programs including training efforts, organizational structure, and incident summaries