Bill Text: IA HSB704 | 2023-2024 | 90th General Assembly | Introduced
Bill Title: A bill for an act relating to the procurement and operation of drones, and providing penalties.
Spectrum: Committee Bill
Status: (Introduced) 2024-02-14 - Subcommittee recommends passage. Vote Total: 3-0. [HSB704 Detail]
Download: Iowa-2023-HSB704-Introduced.html
House
Study
Bill
704
-
Introduced
HOUSE
FILE
_____
BY
(PROPOSED
COMMITTEE
ON
PUBLIC
SAFETY
BILL
BY
CHAIRPERSON
THOMPSON)
A
BILL
FOR
An
Act
relating
to
the
procurement
and
operation
of
drones,
and
1
providing
penalties.
2
BE
IT
ENACTED
BY
THE
GENERAL
ASSEMBLY
OF
THE
STATE
OF
IOWA:
3
TLSB
6258YC
(3)
90
sc/ns
H.F.
_____
Section
1.
NEW
SECTION
.
29D.1
Definitions.
1
For
purposes
of
this
chapter:
2
1.
“Country
of
concern”
means
the
People’s
Republic
of
3
China,
the
Russian
Federation,
the
Islamic
Republic
of
Iran,
4
the
Democratic
People’s
Republic
of
Korea,
the
Republic
of
5
Cuba,
the
Venezuelan
regime
of
Nicolas
Maduro,
or
the
Syrian
6
Arab
Republic,
including
an
agent
of
or
an
entity
under
7
significant
control
of
such
foreign
country
of
concern,
or
8
an
entity
deemed
a
country
of
concern
by
the
governor
in
9
consultation
with
appropriate
federal
and
state
officials.
10
2.
“Data”
means
any
information,
document,
media,
or
11
machine-readable
material,
regardless
of
physical
form
or
12
characteristics,
that
is
created
or
obtained
by
a
government
13
agency
in
the
course
of
official
agency
business.
14
3.
“Department”
means
the
department
of
homeland
security
15
and
emergency
management.
16
4.
“Drone”
means
an
unmanned
aircraft,
watercraft,
ground
17
vehicle,
or
robotic
device
that
is
controlled
remotely
by
a
18
human
operator
or
that
operates
autonomously
through
computer
19
software
or
other
programming.
Drones
shall
be
classified
as
20
follows:
21
a.
“Tier
one”
means
a
drone
that
does
not
collect,
transmit,
22
or
receive
data
during
flight,
such
as
a
drone
that
navigates
23
along
preprogrammed
waypoints
or
a
tethered
drone.
A
drone
24
used
by
any
school,
including
a
postsecondary
institution,
25
exclusively
as
an
interactive
device
for
instructing
a
group
of
26
students
is
a
tier
one
drone.
27
b.
“Tier
two”
means
a
drone
that
can
collect,
transmit,
or
28
receive
only
flight
control
data,
excluding
visual
and
auditory
29
data.
30
c.
“Tier
three”
means
a
drone
that
can
collect,
transmit,
or
31
receive
any
data,
including
visual
or
auditory
data.
32
5.
“Flight-mapping
software”
means
a
program
or
ground
33
control
system
that
allows
the
user
to
do
any
of
the
following:
34
a.
Input
a
set
of
coordinates
or
locations
to
which
the
35
-1-
LSB
6258YC
(3)
90
sc/ns
1/
9
H.F.
_____
drone
will
autonomously
fly
in
a
predetermined
flight
pattern.
1
b.
Control
the
flight
path
or
destination
of
the
drone
from
2
a
device
other
than
a
dedicated
handheld
controller
within
3
sight
of
the
drone.
4
6.
“Geofence”
means
a
virtual
geographic
boundary
defined
by
5
a
global
positioning
system,
radio
frequency
identification,
or
6
other
location
positioning
technology
created
to
prevent
the
7
use
of
a
drone
within
a
geographic
area.
8
7.
“Government
agency”
means
a
state,
county,
or
municipal
9
government
entity
or
any
other
unit
of
government
in
this
state
10
established
pursuant
to
state
or
local
law.
11
8.
“Open
data”
means
data
structured
in
a
way
that
enables
12
the
data
to
be
fully
discoverable
and
usable
by
the
public.
13
“Open
data”
does
not
include
data
restricted
from
public
14
disclosure
based
on
federal
or
state
laws
and
regulations
15
including
but
not
limited
to
those
related
to
privacy,
16
confidentiality,
security,
personal
health,
business
or
trade
17
secret
information,
and
exemptions
from
state
public
records
18
laws
or
data
for
which
a
government
agency
is
statutorily
19
authorized
to
assess
a
fee
for
its
distribution.
20
9.
“Research
and
accountability
purposes”
means
drone
use
21
in
direct
support
of
research
authorized
by
a
state
government
22
agency
or
a
federal
agency
on
drone
hardware,
operating
23
systems,
software,
communications
systems
and
protocols,
24
components,
and
data
practices
for
the
purpose
of
understanding
25
the
existence,
extent,
and
mitigation
of
potential
threats
and
26
vulnerabilities.
27
10.
“Sensitive
location”
means
a
location
in
this
state
28
where
drone
usage
is
restricted
as
provided
in
section
29D.7,
29
including
all
of
the
following:
30
a.
Military
locations.
31
b.
Power
stations.
32
c.
Physical
or
virtual
systems
and
assets,
whether
publicly
33
or
privately
owned,
the
incapacity
of
which
would
debilitate
34
state
or
national
security,
economic
security,
or
public
35
-2-
LSB
6258YC
(3)
90
sc/ns
2/
9
H.F.
_____
health,
including
all
of
the
following:
1
(1)
Gas
and
oil
production,
storage,
or
delivery
systems.
2
(2)
Water
supply,
refinement,
storage,
or
delivery
systems.
3
(3)
Telecommunications
networks.
4
(4)
Electrical
power
delivery
systems.
5
(5)
Emergency
services.
6
(6)
Transportation
systems
and
services.
7
(7)
Personal
data
or
other
classified
information
storage
8
systems,
including
cybersecurity.
9
d.
Other
locations
determined
to
be
sensitive
by
the
10
department
of
homeland
security
and
emergency
management
in
11
consultation
with
relevant
state
and
federal
authorities.
12
Sec.
2.
NEW
SECTION
.
29D.2
Applicability.
13
1.
A
government
agency
shall
not
use
a
drone
unless
it
is
14
manufactured
by
a
manufacturer,
and
used
in
a
manner,
that
15
meets
the
minimum
security
requirements
of
this
chapter.
16
2.
a.
A
government
agency
using
a
drone
for
research
17
and
accountability
purposes
is
exempt
from
the
requirements
18
in
sections
29D.3,
29D.5,
and
29D.6.
If
using
an
otherwise
19
prohibited
drone
for
research
and
accountability
purposes,
a
20
government
agency
shall
weigh
the
goals
of
the
research
against
21
the
risk
to
networks
and
data.
22
b.
A
government
agency
using
an
otherwise
prohibited
23
drone
under
paragraph
“a”
shall
provide
written
notice
to
24
the
department
of
such
use
no
later
than
thirty
days
prior
25
to
utilizing
the
exception,
stating
the
intended
purpose,
26
participants,
and
ultimate
beneficiaries
of
the
research.
27
c.
To
the
extent
allowed
by
law
and
existing
agreement
28
between
the
parties
to
the
research,
the
government
agency
29
conducting
research
under
paragraph
“a”
shall,
upon
the
30
request
of
the
department,
provide
the
department
access
to
the
31
research
findings.
32
Sec.
3.
NEW
SECTION
.
29D.3
Countries
of
concern.
33
A
government
agency
shall
not
purchase,
acquire,
or
34
use
a
drone
or
related
service
or
equipment
produced
by
35
-3-
LSB
6258YC
(3)
90
sc/ns
3/
9
H.F.
_____
a
manufacturer
domiciled
in
a
country
of
concern
or
a
1
manufacturer
the
government
agency
reasonably
believes
to
be
2
owned
or
controlled,
in
whole
or
in
part,
by
a
country
of
3
concern
or
a
company
domiciled
in
a
country
of
concern.
4
Sec.
4.
NEW
SECTION
.
29D.4
Tier
one
prohibitions.
5
1.
This
section
applies
to
tier
one
drones.
6
2.
A
government
agency
shall
not
connect
a
drone
or
a
7
drone’s
software
to
the
internet
unless
it
is
for
purposes
8
of
command
and
control,
coordination,
or
other
communication
9
to
ground
control
stations
or
systems
related
to
the
drone’s
10
mission.
When
connecting
to
the
internet,
a
government
agency
11
shall
require
the
command
and
control,
coordination,
or
other
12
ground
control
stations
or
systems
to
be
one
of
the
following:
13
a.
Secured
and
monitored.
14
b.
Isolated
from
networks
where
the
data
of
a
government
15
agency
is
held.
16
3.
a.
A
government
agency
shall
not
connect
a
drone
or
a
17
drone’s
software
to
a
computer
or
the
network
of
a
government
18
agency
unless
any
of
the
following
conditions
are
met:
19
(1)
The
drone
or
the
drone’s
software
is
isolated
in
a
way
20
that
prevents
access
to
the
internet
and
any
network
where
the
21
data
of
a
government
agency
is
held.
22
(2)
The
drone
or
the
drone’s
software
uses
removable
memory
23
to
connect
to
a
computer
or
network
that
is
isolated
in
a
24
way
that
prevents
access
to
a
network
where
the
data
of
a
25
government
agency
is
held.
26
b.
When
a
government
agency
transfers
data
between
an
27
isolated
network
described
in
paragraph
“a”
,
subparagraph
(1)
28
or
(2),
and
a
network
where
the
data
of
a
government
agency
is
29
held,
the
government
agency
shall
do
all
of
the
following:
30
(1)
Conduct
an
initial
scan
using
antivirus
or
antimalware
31
software
for
malicious
code
on
the
computer
that
connected
32
directly
or
indirectly
to
the
drone.
33
(2)
Use
antivirus
and
antimalware
software
during
the
data
34
transfer.
35
-4-
LSB
6258YC
(3)
90
sc/ns
4/
9
H.F.
_____
(3)
Scan
the
destination
of
the
transferred
data
for
1
malicious
code
using
antivirus
and
antimalware
software.
2
4.
A
government
agency
shall
not
connect
a
drone
or
a
3
drone’s
software
with
a
telephone,
tablet,
or
other
mobile
4
device
that
was
issued
by
a
government
agency
or
that
connects
5
to
a
government
agency
network.
Government
agency
devices
that
6
are
solely
used
for
the
command
and
control,
coordination,
7
or
other
communication
to
ground
control
stations
or
systems
8
related
to
the
mission
of
the
drone
that
do
not
connect
to
the
9
government
agency’s
network
may
be
used.
10
5.
A
government
agency
shall
use
a
drone
and
a
drone’s
11
software
in
compliance
with
all
other
applicable
data
standards
12
as
required
by
law
and
the
government
agency’s
own
policy
and
13
procedure.
14
Sec.
5.
NEW
SECTION
.
29D.5
Tier
two
prohibitions.
15
1.
This
section
applies
to
tier
two
drones.
16
2.
A
government
agency
using
a
drone
or
any
related
services
17
or
equipment
shall,
in
addition
to
the
requirements
in
sections
18
29D.3
and
29D.4,
do
all
of
the
following:
19
a.
Utilize
an
encryption
algorithm
that
complies
with
20
federal
information
processing
standard
140-2
for
all
21
communication
to
and
from
a
drone.
22
b.
Refrain
from
purchasing
critical
drone
components,
23
including
components
related
to
flight
controllers,
radio,
data
24
transmission
devices,
cameras,
gimbals,
ground
control
systems,
25
operating
software
including
cellular
telephone
or
tablet
26
applications
but
not
operating
systems,
network
connectivity,
27
or
data
storage,
that
were
produced
by
a
manufacturer
domiciled
28
in,
or
produced
by
a
manufacturer
the
government
agency
29
believes
to
be
owned,
controlled
by,
or
otherwise
connected
30
to,
a
country
of
concern.
This
paragraph
does
not
prohibit
31
purchase
of
passive
electronics
such
as
resistors
and
nondata
32
transmitting
motors,
batteries,
and
wiring
from
a
manufacturer
33
domiciled
in,
or
produced
by
a
manufacturer
the
government
34
agency
believes
to
be
owned,
controlled
by,
or
otherwise
35
-5-
LSB
6258YC
(3)
90
sc/ns
5/
9
H.F.
_____
connected
to,
a
country
of
concern.
1
Sec.
6.
NEW
SECTION
.
29D.6
Tier
three
prohibitions.
2
1.
This
section
applies
to
tier
three
drones.
3
2.
A
government
agency,
when
using
a
drone
or
any
related
4
services
or
equipment,
shall,
in
addition
to
the
requirements
5
of
sections
29D.3,
29D.4,
and
29D.5,
do
all
of
the
following:
6
a.
Restrict
data
storage
to
the
geographic
location
of
the
7
United
States.
8
b.
Remotely
access
data
other
than
open
data
from
outside
9
the
United
States
only
with
written
approval
from
the
10
government
agency’s
top
official
or
the
official’s
designee.
11
Sec.
7.
NEW
SECTION
.
29D.7
Sensitive
location
restrictions
12
——
geofencing
——
penalties.
13
1.
The
department,
in
consultation
with
other
state,
14
local,
and
federal
authorities,
shall
identify
the
geographic
15
coordinates
of
sensitive
installations
within
the
state
for
16
the
purpose
of
designating
the
installations
as
sensitive
17
locations.
18
2.
a.
The
user
of
a
drone
shall
not
fly
the
drone
over
a
19
sensitive
location
unless
the
user
is
a
law
enforcement
officer
20
or
the
user
is
authorized
by
the
authority
in
charge
of
the
21
sensitive
location.
22
b.
A
provider
of
flight-mapping
software
shall
geofence
the
23
state’s
sensitive
locations
to
prevent
the
flight
of
a
drone
24
over
the
sensitive
locations
unless
the
user
is
not
prohibited
25
under
paragraph
“a”
.
26
3.
A
person
who
violates
subsection
2
is
guilty
of
a
serious
27
misdemeanor.
28
Sec.
8.
TRANSITION
PROVISIONS.
29
1.
A
government
agency
possessing
a
drone
that
does
not
30
meet
the
minimum
requirements
for
the
drone’s
usage
tier
under
31
this
Act
shall
make
every
effort,
subject
to
available
funding,
32
to
replace
the
noncompliant
drone
with
a
drone
that
meets
the
33
minimum
requirements
for
that
drone’s
usage
tier
or
promptly
34
cease
to
use
the
noncompliant
drone.
A
government
agency
shall
35
-6-
LSB
6258YC
(3)
90
sc/ns
6/
9
H.F.
_____
not
continue
to
possess
or
use
a
noncompliant
drone
after
July
1
1,
2029.
2
2.
A
government
agency
continuing
to
use
a
drone
that
does
3
not
meet
the
minimum
requirements
for
that
drone’s
usage
tier
4
under
this
Act
shall
provide
written
notice
to
the
department
5
of
homeland
security
and
emergency
management
of
such
use
no
6
later
than
thirty
days
following
the
effective
date
of
this
Act
7
and
every
six
months
thereafter
until
the
government
agency
no
8
longer
possesses
or
utilizes
a
noncompliant
drone.
9
EXPLANATION
10
The
inclusion
of
this
explanation
does
not
constitute
agreement
with
11
the
explanation’s
substance
by
the
members
of
the
general
assembly.
12
This
bill
requires
that
government
agencies
only
use
a
drone
13
that
meets
minimum
security
requirements
unless
the
government
14
agency
uses
the
drone
for
research
and
accountability
purposes
15
and
notifies
the
department
of
homeland
security
and
emergency
16
management
(HSEMD)
in
writing.
17
The
bill
prohibits
a
government
agency
from
purchasing,
18
acquiring,
or
using
a
drone
produced
by
a
manufacturer
19
domiciled
in
a
country
of
concern,
defined
in
the
bill,
or
20
that
a
government
agency
reasonably
believes
to
be
owned
or
21
controlled
by
a
country
of
concern
or
a
company
domiciled
in
a
22
country
of
concern.
23
The
bill
requires
a
government
agency
using
a
tier
one
drone
24
to
follow
certain
precautions
when
connecting
the
drone
to
25
the
internet,
a
computer,
or
a
network.
A
government
agency
26
is
prohibited
from
connecting
a
tier
one
drone
or
the
drone’s
27
software
to
the
internet
unless
it
is
for
purposes
of
command
28
and
control,
coordination,
or
other
communication
to
ground
29
control
stations.
The
command
and
control,
coordination,
or
30
other
ground
control
systems
to
which
a
drone
is
connected
must
31
be
secured
and
monitored
or
isolated
from
networks
where
the
32
data
of
a
government
agency
is
held.
When
connecting
a
drone
33
to
a
computer
or
network,
the
government
agency
must
ensure
34
that
the
drone
is
isolated
in
a
way
that
prevents
access
to
the
35
-7-
LSB
6258YC
(3)
90
sc/ns
7/
9
H.F.
_____
internet
or
a
network
where
a
government
agency’s
data
is
held
1
or
that
the
computer
or
network
to
which
the
drone
connects
2
is
isolated
to
prevent
such
access.
When
a
government
agency
3
transfers
data
to
a
network
where
government
data
is
held,
4
the
government
agency
must
conduct
scans
for
malicious
code
5
and
use
antivirus
and
antimalware
software
during
the
data
6
transfer.
The
bill
also
prohibits
a
government
agency
from
7
connecting
a
tier
one
drone
or
the
drone’s
software
with
a
8
telephone,
tablet,
or
other
mobile
device
that
was
issued
by
9
a
government
agency
or
that
connects
to
a
government
agency
10
network
unless
the
device
is
used
solely
for
command
and
11
control,
coordination,
or
other
communication
to
ground
control
12
stations
and
does
not
connect
to
a
government
agency
network.
13
A
government
agency
using
a
tier
two
drone
must
comply
14
with
all
security
requirements
for
a
tier
one
drone,
use
an
15
encryption
algorithm
that
complies
with
federal
standards
16
for
all
communication
to
and
from
a
drone,
and
refrain
from
17
purchasing
critical
drone
components
from
a
manufacturer
owned,
18
controlled
by,
or
connected
to
a
country
of
concern.
19
A
government
agency
using
a
tier
three
drone
must
comply
20
with
all
security
requirements
for
tier
one
and
two
drones
and
21
store
all
data
in
the
United
States.
A
government
agency
must
22
not
use
a
tier
three
drone
to
remotely
access
data
from
outside
23
the
United
States
without
written
approval
from
the
agency’s
24
top
official.
25
The
bill
restricts
drone
usage
over
sensitive
locations,
26
defined
in
the
bill.
The
bill
prohibits
a
user
of
a
drone
27
from
flying
the
drone
over
a
sensitive
location
unless
the
28
user
is
a
law
enforcement
officer
or
the
user
is
authorized
29
by
the
authority
in
charge
of
the
sensitive
location.
A
30
provider
of
flight-mapping
software
must
geofence
the
state’s
31
sensitive
locations.
A
violation
of
these
provisions
is
a
32
serious
misdemeanor.
A
serious
misdemeanor
is
punishable
by
33
confinement
for
no
more
than
one
year
and
a
fine
of
at
least
34
$430
but
not
more
than
$2,560.
35
-8-
LSB
6258YC
(3)
90
sc/ns
8/
9
