N.Y.
State Finance Law Section 163-E
Restriction on purchasing certain technology which poses a security threat
1.
(a) Notwithstanding any inconsistent provision of law, the state and any department, bureau, board, commission, authority, and any other agency or instrumentality of the state shall not enter into or renew any contract or agreement to procure technology, including hardware, systems, devices, software, or services that include embedded or incidental information technology, which are prohibited from federal procurement pursuant to section 889 of Public Law 115-232 of 2018.(b)
The term “technology” shall have the same meaning as such term is defined in subdivision ten of § 160 (Definitions)section one hundred sixty of this article.2.
The office of information technology services shall, in consultation with the division of homeland security and emergency services and the office of general services, establish and update regularly a list of restricted technology. Technology on this list shall not be procured by any state agency, state or local authority, or political subdivision unless a waiver is issued pursuant to subdivision three of this section or the office of information technology services determines that the technology shall only be restricted in limited circumstances. The list shall:(a)
contain technologies that pose a security risk to the state of New York or its political subdivisions. In determining whether technology poses such a risk, the office of information technology services shall consult relevant federal sources, including the department of defense inspector general report no. DODIG-2019-106, as well as any other source that shall be determined to be relevant; and(b)
be published online and communicated to all relevant procurement officers in all state agencies, state authorities, and political subdivisions.3.
The office of information technology services, in collaboration with the division of homeland security and emergency services, the office of general services, the division of military and naval affairs, and the chief cyber officer, may provide a waiver from this section if:(a)
any such entity determines the waiver is in the interests of the state or political subdivision;(b)
no compliant product or service is available to be procured as, and when, needed at United States market prices or a price that is not considered prohibitively expensive; and(c)
such waiver could not reasonably be expected to compromise the security or integrity of a computer network operated by an instrumentality of the state.(d)
Any state agency, state or local authority, or political subdivision seeking a waiver from any federal agency authorized under section 889 of Public Law 115-232 of 2018 must provide notice of any such waiver granted to the office of information technology services within thirty days of waiver approval.4.
An unmanned aerial vehicle or other equipment or service relating to the operation of an unmanned aerial vehicle from a business or entity that would otherwise be subject to restriction under subdivision one or two of this section must be exempt from such restriction if:(a)
any photograph, image, recording or other information collected by the state agency, state or local authority, or political subdivision from the operation of the unmanned aerial vehicle or other equipment or service relating to the operation of the unmanned aerial vehicle:(i)
is stored and maintained exclusively within the United States; and(ii)
is not accessible to the business or entity that would otherwise be subject to restriction; or(iii)
is operated using software developed and maintained in the United States.(b)
the provisions of this subdivision shall not be construed to discourage the purchase or acquisition of any unmanned aerial vehicle or other equipment or service relating to the operation of an unmanned aerial vehicle that is manufactured in the United States.5.
Nothing in this section shall be construed:(a)
to require any technology resident in equipment, systems, or services as of the day before the effective date of this section to be removed or replaced;(b)
to prohibit or limit the utilization of such technology throughout the lifecycle of such existing equipment; or(c)
to require the recipient of a state contract, grant, loan, or loan guarantee to replace technology resident in equipment, systems, or services before the effective date of this section. * NB Effective December 19, 2027
Source:
Section 163-E — Restriction on purchasing certain technology which poses a security threat, https://www.nysenate.gov/legislation/laws/STF/163-E (updated Feb. 20, 2026; accessed Feb. 21, 2026).
