Michigan House Bill 6011 was introduced last Thursday, and it would require operators of solar energy facilities to create and implement cybersecurity measures.
According to the bill, operators of qualifying solar facilities would be required to maintain "reasonable security measures" to protect "safety-critical systems" from cyber attacks that could impair safe operations. The bill requires operators to implement a risk-based cybersecurity and resilience program aligned with recognized standards such as guidance from either the National Institute of Standards and Technology or the Cybersecurity and Infrastructure Security Agency.
The cybersecurity program may include cyber risk identification, access controls, network/system segmentation, supply-chain risk management and periodic review and testing.
Operators would also have to maintain an incident response plan that coordinates with emergency responders. However, the bill states that these notifications do not impose new duties or liabilities on emergency responders.
If a cybersecurity incident were to happen, for a "material cybersecurity incident," operators must notify the Michigan State Police and the local emergency management coordinator within 24 hours of discovery, when practicable.
Within 72 hours, operators must provide a written high-level summary that avoids disclosing sensitive security details.
The Attorney General may request documentation only when tied to a specific incident or complaint. It explicitly forbids routine or programmatic audits.
The bill said that knowingly or recklessly violating the section could result in civil fines up to $25,000 per day per violation. The Attorney General would have to provide notice and up to 30 days to cure violations before seeking penalties.
The bill was introduced by Representative Reggie Miller (D-District 31) and was cosponsored by four other Democrats. The bill was referred to Committee on Communications and Technology.
©2026 the Midland Daily News, Distributed by Tribune Content Agency, LLC.
