Fla. Stat. 112.22
Use of applications from foreign countries of concern prohibited

(1)

As used in this section, the term:“Department” means the Department of Management Services.“Employee or officer” means a person who performs labor or services for a public employer in exchange for salary, wages, or other remuneration.“Foreign country of concern” means the People’s Republic of China, the Russian Federation, the Islamic Republic of Iran, the Democratic People’s Republic of Korea, the Republic of Cuba, the Venezuelan regime of Nicolás Maduro, or the Syrian Arab Republic, including any agency of or any other entity under significant control of such foreign country of concern.“Foreign principal” means:
The government or an official of the government of a foreign country of concern;
A political party or a member of a political party or any subdivision of a political party in a foreign country of concern;
A partnership, an association, a corporation, an organization, or another combination of persons organized under the laws of or having its principal place of business in a foreign country of concern, or an affiliate or a subsidiary thereof; or
Any person who is domiciled in a foreign country of concern and is not a citizen or a lawful permanent resident of the United States.
“Government-issued device” means a cellular telephone, desktop computer, laptop computer, computer tablet, or other electronic device capable of connecting to the Internet which is owned or leased by a public employer and issued to an employee or officer for work-related purposes.“Prohibited application” means an application that meets the following criteria:
Any Internet application that is created, maintained, or owned by a foreign principal and that participates in activities that include, but are not limited to:
Collecting keystrokes or sensitive personal, financial, proprietary, or other business data;
Compromising e-mail and acting as a vector for ransomware deployment;
Conducting cyber-espionage against a public employer;
Conducting surveillance and tracking of individual users; or
Using algorithmic modifications to conduct disinformation or misinformation campaigns; or
Any Internet application the department deems to present a security risk in the form of unauthorized access to or temporary unavailability of the public employer’s records, digital assets, systems, networks, servers, or information.
“Public employer” means the state or any agency, authority, branch, bureau, commission, department, division, special district, institution, university, institution of higher education, or board thereof; or any county, district school board, charter school governing board, or municipality, or any agency, branch, department, board, or metropolitan planning organization thereof.

(a)

“Department” means the Department of Management Services.

(b)

“Employee or officer” means a person who performs labor or services for a public employer in exchange for salary, wages, or other remuneration.

(c)

“Foreign country of concern” means the People’s Republic of China, the Russian Federation, the Islamic Republic of Iran, the Democratic People’s Republic of Korea, the Republic of Cuba, the Venezuelan regime of Nicolás Maduro, or the Syrian Arab Republic, including any agency of or any other entity under significant control of such foreign country of concern.

(d)

“Foreign principal” means:The government or an official of the government of a foreign country of concern;A political party or a member of a political party or any subdivision of a political party in a foreign country of concern;A partnership, an association, a corporation, an organization, or another combination of persons organized under the laws of or having its principal place of business in a foreign country of concern, or an affiliate or a subsidiary thereof; orAny person who is domiciled in a foreign country of concern and is not a citizen or a lawful permanent resident of the United States.
1. The government or an official of the government of a foreign country of concern;
2. A political party or a member of a political party or any subdivision of a political party in a foreign country of concern;
3. A partnership, an association, a corporation, an organization, or another combination of persons organized under the laws of or having its principal place of business in a foreign country of concern, or an affiliate or a subsidiary thereof; or
4. Any person who is domiciled in a foreign country of concern and is not a citizen or a lawful permanent resident of the United States.

(e)

“Government-issued device” means a cellular telephone, desktop computer, laptop computer, computer tablet, or other electronic device capable of connecting to the Internet which is owned or leased by a public employer and issued to an employee or officer for work-related purposes.

(f)

“Prohibited application” means an application that meets the following criteria:Any Internet application that is created, maintained, or owned by a foreign principal and that participates in activities that include, but are not limited to:
Collecting keystrokes or sensitive personal, financial, proprietary, or other business data;
Compromising e-mail and acting as a vector for ransomware deployment;
Conducting cyber-espionage against a public employer;
Conducting surveillance and tracking of individual users; or
Using algorithmic modifications to conduct disinformation or misinformation campaigns; or
Any Internet application the department deems to present a security risk in the form of unauthorized access to or temporary unavailability of the public employer’s records, digital assets, systems, networks, servers, or information.
1. Any Internet application that is created, maintained, or owned by a foreign principal and that participates in activities that include, but are not limited to:a. Collecting keystrokes or sensitive personal, financial, proprietary, or other business data;b. Compromising e-mail and acting as a vector for ransomware deployment;c. Conducting cyber-espionage against a public employer;d. Conducting surveillance and tracking of individual users; ore. Using algorithmic modifications to conduct disinformation or misinformation campaigns; or
a. Collecting keystrokes or sensitive personal, financial, proprietary, or other business data;
b. Compromising e-mail and acting as a vector for ransomware deployment;
c. Conducting cyber-espionage against a public employer;
d. Conducting surveillance and tracking of individual users; or
e. Using algorithmic modifications to conduct disinformation or misinformation campaigns; or
2. Any Internet application the department deems to present a security risk in the form of unauthorized access to or temporary unavailability of the public employer’s records, digital assets, systems, networks, servers, or information.

(g)

“Public employer” means the state or any agency, authority, branch, bureau, commission, department, division, special district, institution, university, institution of higher education, or board thereof; or any county, district school board, charter school governing board, or municipality, or any agency, branch, department, board, or metropolitan planning organization thereof.

(2)(a)

A public employer shall do all of the following:
Block all prohibited applications from public access on any network and virtual private network that it owns, operates, or maintains.
Restrict access to any prohibited application on a government-issued device.
Retain the ability to remotely wipe and uninstall any prohibited application from a government-issued device that is believed to have been adversely impacted, either intentionally or unintentionally, by a prohibited application.
A person, including an employee or officer of a public employer, may not download or access any prohibited application on any government-issued device.
This paragraph does not apply to a law enforcement officer as defined in s. 943.10(1) if the use of the prohibited application is necessary to protect the public safety or conduct an investigation within the scope of his or her employment.
A public employer may request a waiver from the department to allow designated employees or officers to download or access a prohibited application on a government-issued device.
Within 15 calendar days after the department issues or updates its list of prohibited applications pursuant to paragraph (3)(a), an employee or officer of a public employer who uses a government-issued device must remove, delete, or uninstall any prohibited applications from his or her government-issued device.

(2)(a)

A public employer shall do all of the following:Block all prohibited applications from public access on any network and virtual private network that it owns, operates, or maintains.Restrict access to any prohibited application on a government-issued device.Retain the ability to remotely wipe and uninstall any prohibited application from a government-issued device that is believed to have been adversely impacted, either intentionally or unintentionally, by a prohibited application.
1. Block all prohibited applications from public access on any network and virtual private network that it owns, operates, or maintains.
2. Restrict access to any prohibited application on a government-issued device.
3. Retain the ability to remotely wipe and uninstall any prohibited application from a government-issued device that is believed to have been adversely impacted, either intentionally or unintentionally, by a prohibited application.

(b)

A person, including an employee or officer of a public employer, may not download or access any prohibited application on any government-issued device.This paragraph does not apply to a law enforcement officer as defined in s. 943.10(1) if the use of the prohibited application is necessary to protect the public safety or conduct an investigation within the scope of his or her employment.A public employer may request a waiver from the department to allow designated employees or officers to download or access a prohibited application on a government-issued device.
1. This paragraph does not apply to a law enforcement officer as defined in s. 943.10(1) if the use of the prohibited application is necessary to protect the public safety or conduct an investigation within the scope of his or her employment.
2. A public employer may request a waiver from the department to allow designated employees or officers to download or access a prohibited application on a government-issued device.

(c)

Within 15 calendar days after the department issues or updates its list of prohibited applications pursuant to paragraph (3)(a), an employee or officer of a public employer who uses a government-issued device must remove, delete, or uninstall any prohibited applications from his or her government-issued device.

(3)

The department shall do all of the following:Compile and maintain a list of prohibited applications and publish the list on its website. The department shall update this list quarterly and shall provide notice of any update to public employers.Establish procedures for granting or denying requests for waivers pursuant to subparagraph (2)(b)2. The request for a waiver must include all of the following:
A description of the activity to be conducted and the state interest furthered by the activity.
The maximum number of government-issued devices and employees or officers to which the waiver will apply.
The length of time necessary for the waiver. Any waiver granted pursuant to subparagraph (2)(b)2. must be limited to a timeframe of no more than 1 year, but the department may approve an extension.
Risk mitigation actions that will be taken to prevent access to sensitive data, including methods to ensure that the activity does not connect to a state system, network, or server.
A description of the circumstances under which the waiver applies.

(a)

Compile and maintain a list of prohibited applications and publish the list on its website. The department shall update this list quarterly and shall provide notice of any update to public employers.

(b)

Establish procedures for granting or denying requests for waivers pursuant to subparagraph (2)(b)2. The request for a waiver must include all of the following:A description of the activity to be conducted and the state interest furthered by the activity.The maximum number of government-issued devices and employees or officers to which the waiver will apply.The length of time necessary for the waiver. Any waiver granted pursuant to subparagraph (2)(b)2. must be limited to a timeframe of no more than 1 year, but the department may approve an extension.Risk mitigation actions that will be taken to prevent access to sensitive data, including methods to ensure that the activity does not connect to a state system, network, or server.A description of the circumstances under which the waiver applies.
1. A description of the activity to be conducted and the state interest furthered by the activity.
2. The maximum number of government-issued devices and employees or officers to which the waiver will apply.
3. The length of time necessary for the waiver. Any waiver granted pursuant to subparagraph (2)(b)2. must be limited to a timeframe of no more than 1 year, but the department may approve an extension.
4. Risk mitigation actions that will be taken to prevent access to sensitive data, including methods to ensure that the activity does not connect to a state system, network, or server.
5. A description of the circumstances under which the waiver applies.

(4)(a)

Notwithstanding s. 120.74(4) and (5), the department is authorized, and all conditions are deemed met, to adopt emergency rules pursuant to s. 120.54(4) and to implement paragraph (3)(a). Such rulemaking must occur initially by filing emergency rules within 30 days after July 1, 2023.The department shall adopt rules necessary to administer this section.

(4)(a)

Notwithstanding s. 120.74(4) and (5), the department is authorized, and all conditions are deemed met, to adopt emergency rules pursuant to s. 120.54(4) and to implement paragraph (3)(a). Such rulemaking must occur initially by filing emergency rules within 30 days after July 1, 2023.

(b)

The department shall adopt rules necessary to administer this section.

Source: Section 112.22 — Use of applications from foreign countries of concern prohibited, https://www.­flsenate.­gov/Laws/Statutes/2024/0112.­22 (accessed Aug. 7, 2025).

112.05
Retirement 112.08
Group insurance for public officers, employees, and certain volunteers 112.09
Evidence of election to provide insurance 112.10
Deduction and payment of premiums 112.11
Participation voluntary 112.011
Disqualification from licensing and public employment based on criminal conviction 112.13
Insurance additional to workers’ compensation 112.14
Purpose and intent of law 112.18
Firefighters and law enforcement or correctional officers 112.19
Law enforcement, correctional, and correctional probation officers 112.21
Tax-sheltered annuities or custodial accounts for employees of governmental agencies 112.021
Florida residence unnecessary 112.22
Use of applications from foreign countries of concern prohibited 112.23
Government-directed content moderation of social media platforms prohibited 112.042
Discrimination in county and municipal employment 112.043
Age discrimination 112.044
Public employers, employment agencies, labor organizations 112.046
Political party committee membership allowed 112.048
Voluntary retirement with half pay authorized for elective officers of cities or towns 112.061
Per diem and travel expenses of public officers, employees, and authorized persons 112.062
Cabinet members 112.063
Reimbursement of county employees for educational expenses 112.081
Circuit judges, participation 112.0111
Restrictions on the employment of ex-offenders 112.151
Group hospitalization insurance for county officers and employees 112.153
Local governmental group insurance plans 112.161
Change in position or reclassification 112.171
Employee wage deductions 112.175
Employee wages 112.181
Firefighters, paramedics, emergency medical technicians, law enforcement officers, correctional officers 112.182
“Firefighter rule” abolished 112.191
Firefighters 112.193
Law enforcement, correctional, and correctional probation officers’ commemorative service awards 112.194
Law enforcement and correctional officers’ Medal of Valor 112.215
Government employees 112.217
Department of Highway Safety and Motor Vehicles 112.218
Department of Highway Safety and Motor Vehicles personnel files 112.219
Substitution of work experience for postsecondary educational requirements 112.0455
Drug-Free Workplace Act 112.0501
Ratification of certain dual retirements 112.0515
Retirement or pension rights unaffected by consolidation or merger of governmental agencies 112.0801
Group insurance 112.0804
Health insurance for retirees under the Florida Retirement System 112.0805
Employer notice of insurance eligibility to employees who retire 112.1815
Firefighters, paramedics, emergency medical technicians, and law enforcement officers 112.1816
Firefighters 112.1911
Emergency medical technicians and paramedics 112.1912
First responders 112.1913
Effect of ch. 2003-412 112.1915
Teachers and school administrators 112.1921
Administrative leave for law enforcement officers 112.18155
Correctional officers

Current through Fall 2025

§ 112.22. Use of applications from foreign countries of concern prohibited's source at flsenate​.gov