NY A02237

Prohibits New York state agencies, authorities, and political subdivisions from entering into or renewing contracts for information and communications technology banned under federal law (Section 889 of Public Law 115-232 of 2018)

Requires the Chief Information Officer, in consultation with Homeland Security and Emergency Services and the Office of General Services, to maintain and publish a list of restricted technologies that pose security risks to the state

Authorizes waivers from designated officials (including commissioners, adjutant general, chief cyber officer, and NYC chief technology officer) if the waiver is in the state's interest, no compliant alternative is available at reasonable cost, and security would not be compromised

Exempts existing technology already in use before the effective date, allowing agencies to continue utilizing such equipment through its full lifecycle without mandatory replacement

Takes effect two years after becoming law, with the Office of General Services authorized to begin developing rules, regulations, and guidance immediately upon passage