Michigan House Bill HB5849

The implementation of HB5849 is expected to significantly enhance the cybersecurity posture of data centers by requiring them to have detailed plans in place for incident responses and disaster recovery. This includes maintaining safety-critical systems, redundant controls, and ongoing reviews of security measures. The penalties for non-compliance are stringent, allowing for civil fines of $25,000 per day for violations. This framework not only sets a robust standard for operational security in data centers but also emphasizes the need for resilience in the face of various threats.

House Bill 5849 establishes mandatory security measures for certain data centers operating within the state of Michigan. The bill delineates the responsibilities of data center operators in protecting against cyberattacks and potential physical or cyber disruptions. Operators are required to implement a risk-based cybersecurity and resilience program, which must align with nationally recognized frameworks such as the NIST cybersecurity framework. The focus on aligning with established standards underscores the importance of cybersecurity in today’s digital infrastructure landscape.

Notably, the bill could prompt discussions concerning the balance between state regulation and the operational flexibility of data center operators. While proponents argue that these regulations are essential for protecting critical infrastructure and ensuring public safety, opponents may raise concerns about the cost and complexity associated with compliance. Additionally, the broad definitions and requirements could lead to challenges in interpretation and implementation, which may affect smaller operators differently than larger organizations.