House Engrossed Senate Bill grid security; cybersecurity; reviews; commission State of Arizona Senate Fifty-seventh Legislature First Regular Session 2025 SENATE BILL 1501 An Act amending title 40, chapter 2, article 6.2, Arizona Revised Statutes, by adding section 40-360.14; relating to the power plant and transmission line siting committee. (TEXT OF BILL BEGINS ON NEXT PAGE)
House Engrossed Senate Bill grid security; cybersecurity; reviews; commission
State of Arizona Senate Fifty-seventh Legislature First Regular Session 2025
SENATE BILL 1501
House Engrossed Senate Bill
grid security; cybersecurity; reviews; commission
State of Arizona
Senate
Fifty-seventh Legislature
First Regular Session
2025
SENATE BILL 1501
An Act
amending title 40, chapter 2, article 6.2, Arizona Revised Statutes, by adding section 40-360.14; relating to the power plant and transmission line siting committee.
(TEXT OF BILL BEGINS ON NEXT PAGE)
Be it enacted by the Legislature of the State of Arizona: Section 1. Title 40, chapter 2, article 6.2, Arizona Revised Statutes, is amended by adding section 40-360.14, to read: START_STATUTE40-360.14. Grid security review; plan; cybersecurity A. notwithstanding section 40-360.02, The commission shall conduct a grid security review AT LEAST ONCE EVERY TWO YEARS OR AS A PART OF THE COMMISSION'S INTEGRATED RESOURCE PLANNING PROCESS OR BIENNIAL TRANSMISSION ASSESSMENT. THE COMMISSION SHALL ADOPT AN ORDER SPECIFYING THE FREQUENCY OR PROCESS WITHIN WHICH IT WILL CONDUCT a REVIEW AND MAY MODIFY OR AMEND the ORDER FROM TIME TO TIME AS THE COMMISSION DEEMS REASONABLE AND IN THE PUBLIC INTEREST PURSUANT TO SECTION 40-252. B. in conducting the review, each investor-owned public service corporation doing business in this state shall: 1. research and evaluate the generation and grid management technologies that can protect against or withstand a physical attack and a cyberattack. 2. evaluate the dangers associated with an electromagnetic pulse and the steps NECESSARY to secure a CONTINUOUS supply of ELECTRICITY TO the RESIDENTS of this state in the event of an electromagnetic pulse. 3. EVALUATE new information technology systems and how protections are implemented, as required. 4. UPDATE AND SUBMIT THE PUBLIC SERVICE CORPORATION'S CYBERSECURITY AND GRID PROTECTION PROTOCOLS TO THE COMMISSION FOR REVIEW. C. IN CONDUCTING THE REVIEW, THE COMMISSION SHALL: 1. CONFIRM THAT EACH INVESTOR-OWNED PUBLIC SERVICE CORPORATION DOING BUSINESS IN THIS STATE HAS ACTIVE CYBERSECURITY AND GRID PROTECTION PROTOCOLS IN PLACE. 2. CONFIRM WHETHER EACH CYBERSECURITY AND GRID PROTECTION PROTOCOL SUBMITTED TO THE COMMISSION IS ADEQUATE, INADEQUATE OR NEEDS MODIFICATIONS. 3. make recommendations to rectify deficiencies and develop security plans that evaluate and consider the time and costs that are associated with implementing changes.END_STATUTE D. THE REVIEW, PLANS, PROTOCOLS, DANGERS OR DEFICIENCIES AND ALL OTHER INFORMATION OR CONTENT RECEIVED, REVIEWED, CREATED OR PROVIDED PURSUANT TO THIS SECTION are not OPEN TO PUBLIC INSPECTION. Sec. 2. Legislative findings and intent It is the policy of this state to: 1. Diversify portfolios of energy generation assets to reduce costs and ensure additional grid reliability. 2. Prepare for the effects of electromagnetic pulses through targeted approaches that coordinate whole-of-government activities and encourage private-sector engagement.
Be it enacted by the Legislature of the State of Arizona:
Section 1. Title 40, chapter 2, article 6.2, Arizona Revised Statutes, is amended by adding section 40-360.14, to read:
START_STATUTE40-360.14. Grid security review; plan; cybersecurity
A. notwithstanding section 40-360.02, The commission shall conduct a grid security review AT LEAST ONCE EVERY TWO YEARS OR AS A PART OF THE COMMISSION'S INTEGRATED RESOURCE PLANNING PROCESS OR BIENNIAL TRANSMISSION ASSESSMENT. THE COMMISSION SHALL ADOPT AN ORDER SPECIFYING THE FREQUENCY OR PROCESS WITHIN WHICH IT WILL CONDUCT a REVIEW AND MAY MODIFY OR AMEND the ORDER FROM TIME TO TIME AS THE COMMISSION DEEMS REASONABLE AND IN THE PUBLIC INTEREST PURSUANT TO SECTION 40-252.
B. in conducting the review, each investor-owned public service corporation doing business in this state shall:
1. research and evaluate the generation and grid management technologies that can protect against or withstand a physical attack and a cyberattack.
2. evaluate the dangers associated with an electromagnetic pulse and the steps NECESSARY to secure a CONTINUOUS supply of ELECTRICITY TO the RESIDENTS of this state in the event of an electromagnetic pulse.
3. EVALUATE new information technology systems and how protections are implemented, as required.
4. UPDATE AND SUBMIT THE PUBLIC SERVICE CORPORATION'S CYBERSECURITY AND GRID PROTECTION PROTOCOLS TO THE COMMISSION FOR REVIEW.
C. IN CONDUCTING THE REVIEW, THE COMMISSION SHALL:
1. CONFIRM THAT EACH INVESTOR-OWNED PUBLIC SERVICE CORPORATION DOING BUSINESS IN THIS STATE HAS ACTIVE CYBERSECURITY AND GRID PROTECTION PROTOCOLS IN PLACE.
2. CONFIRM WHETHER EACH CYBERSECURITY AND GRID PROTECTION PROTOCOL SUBMITTED TO THE COMMISSION IS ADEQUATE, INADEQUATE OR NEEDS MODIFICATIONS.
3. make recommendations to rectify deficiencies and develop security plans that evaluate and consider the time and costs that are associated with implementing changes.END_STATUTE
D. THE REVIEW, PLANS, PROTOCOLS, DANGERS OR DEFICIENCIES AND ALL OTHER INFORMATION OR CONTENT RECEIVED, REVIEWED, CREATED OR PROVIDED PURSUANT TO THIS SECTION are not OPEN TO PUBLIC INSPECTION.
Sec. 2. Legislative findings and intent
It is the policy of this state to:
1. Diversify portfolios of energy generation assets to reduce costs and ensure additional grid reliability.
2. Prepare for the effects of electromagnetic pulses through targeted approaches that coordinate whole-of-government activities and encourage private-sector engagement.