MI HB4235

Prohibits employees and officers of public employers (state, local governments, school districts, public universities) from downloading or accessing "prohibited applications" on government-issued devices

Defines prohibited applications as internet applications created, maintained, or owned by foreign principals from countries of concern (China, Russia, Iran, North Korea, Cuba, Venezuela's Maduro regime, and Syria) that engage in activities like data collection, surveillance, cyber-espionage, or disinformation campaigns

Requires public employers to block prohibited applications on their networks and VPNs, restrict access on government devices, and retain ability to remotely wipe such applications from devices

Directs the Department of Technology, Management, and Budget to compile and maintain a quarterly-updated list of prohibited applications within 90 days of the act's effective date, and employees must remove listed applications within 15 days of updates

Allows waivers for up to one year for specific employees or officers upon written request, with exceptions for law enforcement officers when use is necessary for public safety or investigations; takes effect December 31, 2025