14718.
(a) As used in this section, the following terms apply:(1) “Government entity” includes all of the following:
(A) Each state agency as that term is defined in subdivision (a) of Section 8557.
(B) The California State University.
(C) Each political subdivision, as that term is defined in subdivision (b) of Section 8557.
(2) “Unmanned aircraft” has the same meaning as defined in Section 853.5.
(3) “Unmanned aircraft system” has the same meaning as defined in Section 853.5.
(b) By January 1, 2025, the department, in consultation with the Chief of the Office of Information Security, shall adopt rules and regulations that do all of the following:
(1) Ensure that each unmanned aircraft and unmanned aircraft system used by a government entity for any purpose meets appropriate safeguards to ensure the confidentiality, integrity, and availability of any data collected, transmitted, or stored by that unmanned aircraft or unmanned aircraft system. These safeguards shall, at a minimum, do all of the following:
(A) Prohibit the use of unmanned aircraft or unmanned aircraft systems that are manufactured by an entity identified pursuant to any of the following:
(i) Section 889 of the National Defense Authorization Act for Fiscal Year 2019.
(ii) The United States Department of Defense pursuant to Section 1260H of the National Defense Authorization Act for Fiscal Year 2021.
(iii) Section 817 of the National Defense Authorization Act for Fiscal Year 2023.
(B) Prohibit use of unmanned aircraft or unmanned aircraft systems that are manufactured by an entity included on the Entity List as designated by the United States Secretary of Commerce.
(C) Prohibit use of unmanned aircraft or unmanned aircraft systems that are manufactured by a subsidiary of an entity identified pursuant to subparagraph (A) or (B).
(D) Prohibit any government entity from selling, renting, leasing, or engaging in any other commercial transaction pursuant to which the government entity receives monetary or other valuable consideration for the data.
(E) Require collection, transmission, storage, processing, and use of the data to be conducted in a manner that is reasonably necessary and proportionate to the lawful purposes for which the data is collected, transmitted, stored, processed, or used.
(2) Specify requirements for a comprehensive plan to be adopted by a government entity to discontinue the use of unmanned aircraft and unmanned aircraft systems that are not in compliance with the rules and regulations adopted under paragraph (1). The requirements for the plan shall, at a minimum, include ensuring the confidentiality, integrity, and availability of data collected, transmitted, or stored by unmanned aircraft or unmanned aircraft systems, the use of which is discontinued under this section.
(c) The department may consult with state and federal agencies and departments and any relevant federal guidance in developing the rules and regulations under subdivision (b).
(d) Beginning on the date the department adopts the rules and regulations pursuant to paragraph (1) of subdivision (b), a government entity may use an unmanned aircraft or unmanned aircraft system it did not previously use only if that unmanned aircraft or unmanned aircraft system complies with all of the requirements set by those rules and regulations.
(e) (1) By July 1, 2025, a government entity that uses an unmanned aircraft or unmanned aircraft system not in compliance with the rules and regulations adopted pursuant to paragraph (1) of subdivision (b) shall submit to the department a comprehensive plan that complies with the rules and regulations adopted pursuant to paragraph (2) of subdivision (b) for discontinuing the use of the noncompliant unmanned aircraft or unmanned aircraft system.
(2) By January 1, 2026, each government entity shall cease the use of any unmanned aircraft or unmanned aircraft system that does not comply with the rules and regulations adopted under subdivision (b).
(3) Upon approval by the department, each government entity that submitted a comprehensive plan under paragraph (1) shall execute that plan.
(f) (1) The requirements of this section shall apply to unmanned aircraft and unmanned aircraft systems purchased or otherwise acquired by a government entity, as well as to unmanned aircraft and unmanned aircraft systems used by a government entity pursuant to a contractual arrangement or other agreement with a third party, regardless of whether the unmanned aircraft or unmanned aircraft systems is operated by the government entity or by the third party.
(2) This subdivision shall only apply to contracts entered into, amended, or renewed on or after the effective date of this section.
(g) Notwithstanding any other requirements of this section, use of unmanned aircraft or unmanned aircraft systems that would otherwise be prohibited under this section is permitted in either of the following circumstances:
(1) If, on application by a government entity, the department finds both of the following:
(A) The proposed use is necessary or essential for the government entity.
(B) No nonprohibited unmanned aircraft or unmanned aircraft system can fulfill the proposed use.
(2) The use is for purposes of cybersecurity research.
(h) The department shall prepare an annual report setting forth each finding made pursuant to paragraph (1) of subdivision (g) during that calendar year and submit the report to the Assembly Committee on Privacy and Consumer Protection and the Senate Committee on Judiciary by February 15 of the following year.
(i) The provisions of this section are severable. If any provision of this section or its application is held invalid, that invalidity shall not affect other provisions or applications that can be given effect without the invalid provision or application.