AN ACT TO enact the Data infrastructure, governance, innovation, technology, accountability, and Leadership for North Carolina act (the digital nc act) by ESTABLISHing THE BOARD OF GOVERNORS OF THE NORTH CAROLINA DIGITAL SOVEREIGNTY AUTHORITY AND DIRECTing THE BOARD TO DEVELOP AND PRESENT TO THE GENERAL ASSEMBLY A COMPREHENSIVE PLAN FOR THE MODERNIZATION, CONSOLIDATION, AND CYBER DEFENSE OF THE STATE'S INFORMATION TECHNOLOGY ENTERPRISE.

The General Assembly of North Carolina enacts:

SECTION 1.  Legislative Findings and Purpose. – The General Assembly finds that the continued technological competitiveness, operational efficiency, and cybersecurity posture of the State of North Carolina require a coordinated, long‑range strategy for information technology that transcends individual administrations and agency silos. To that end, the General Assembly further finds that a qualified, independent Board of Governors, composed of individuals with demonstrated expertise in technology leadership, cybersecurity, and large‑scale digital transformation, should be established to develop a comprehensive plan for the modernization and unification of the State's information technology enterprise and to present that plan to the General Assembly for its consideration and enactment.

SECTION 2.  Establishment of the Board of Governors of the North Carolina Digital Sovereignty Authority. – There is hereby established the Board of Governors of the North Carolina Digital Sovereignty Authority (the Board). The Board shall be administratively housed within the Department of Information Technology for budgeting and logistical support but shall exercise the powers granted under this act independently.

SECTION 3.  Composition and Qualifications. – The Board shall consist of nine members, appointed to staggered four‑year terms, as follows:

(1)        Gubernatorial appointees. – Three members appointed by the Governor, each of whom must be a current or former chief executive officer of a technology company with a market capitalization exceeding one billion dollars ($1,000,000,000).

(2)        House appointees. – Three members appointed by the Speaker of the House of Representatives, each of whom must be a recognized expert in cybersecurity, artificial intelligence, or quantum computing.

(3)        Senate appointees. – Three members appointed by the President Pro Tempore of the Senate, each of whom must have extensive experience in large‑scale digital transformation or infrastructure management.

(4)        Initial terms. – Of the initial appointments, three shall serve two‑year terms, three shall serve three‑year terms, and three shall serve four‑year terms, as designated by the respective appointing authority, so as to establish staggered terms. Thereafter, all terms shall be for four years.

(5)        Vacancies. – An appointed member whose term has expired but whose qualified successor has not been appointed shall continue to serve on the Board until a qualified successor is duly appointed. Any vacancy in a position held by an appointive member shall be filled by a new appointment made by the applicable appointing authority for the vacant seat.

(6)        Removal. – A duly appointed member may be removed by the applicable appointing authority for misfeasance, malfeasance, or nonfeasance.

(7)        Reappointment. – Any member of the Board is eligible for reappointment, except that no appointed member may serve for more than two consecutive, full, four‑year terms without at least a one‑year break in membership on the Board.

(8)        Chair; meetings; quorum. – The Board shall elect a chair from among its members. The Board shall meet at least quarterly and at such other times as called by the chair. Five members shall constitute a quorum.

(9)        Compensation. – Members of the Board shall serve without compensation but shall be reimbursed for necessary travel and subsistence expenses in accordance with G.S. 138‑5 or G.S. 138‑6, as appropriate.

(10)      Disqualifications. – An individual is not eligible to serve on the Board if that individual has been indicted or charged with, been convicted of, pleaded guilty or nolo contendere to, or forfeited bail concerning a felony, or a misdemeanor involving fraud, theft, or dishonesty under the laws of any jurisdiction in the United States.

SECTION 4.  Duty to Develop Comprehensive Plan. – The Board is hereby authorized and directed to develop a comprehensive plan (the Plan) for the modernization, consolidation, and cyber defense of the State's information technology enterprise. The Plan shall, at a minimum, address and make specific legislative and administrative recommendations on each of the following:

(1)        Twenty‑year vision. – A twenty‑year strategic vision for State information technology covering the period 2026 through 2046, including objectives for digital sovereignty of citizen‑facing services, transition of the State from a hardware‑owner to a service‑consumer posture, and modernization of the information technology workforce classification system.

(2)        Infrastructure modernization and asset liquidation. – A plan for the orderly divestment of State‑owned data center properties, migration of remaining physical State servers to Tier III or Tier IV co‑location facilities or secure cloud environments, and the establishment of a cloud‑first procurement posture, together with a recommended structure for a nonreverting Technology Modernization Fund to capture proceeds.

(3)        Workforce consolidation. – A plan for the consolidation of information technology positions currently residing within Cabinet‑level agencies under a unified information technology enterprise, including recommendations regarding career pathways, standardized pay scales, and a shared organizational culture.

(4)        Innovation Center of Excellence. – A plan for the establishment of a centralized Innovation Center of Excellence to serve Cabinet agencies, including a secure environment for prototyping emerging technologies, Master Service Agreements to expedite procurement of pre‑vetted technologies, and an internal strategy‑consulting function.

(5)        Cybersecurity and the Digital Guard. – A plan for aligning the operational defense of the State's network with the North Carolina National Guard's Cyber Protection Teams, establishing a volunteer cyber reserve of private‑sector experts, providing continuous vulnerability assessments and incident response to local governments and school systems, and housing the State Chief Information Security Officer and supporting staff within the National Guard pursuant to a unified, multiyear statewide cyber plan.

(6)        Reorganization as a principal department. – Recommendations regarding the reconstitution of the Department of Information Technology as the North Carolina Digital Sovereignty Authority, including the Authority's status, powers, duties, and relationship to other principal departments, the Governor's Cabinet, and the General Assembly.

(7)        Self‑funding and rate setting. – Recommendations regarding a fee‑for‑service rate structure for executive, legislative, and judicial agencies; the treatment of service‑fee and asset‑liquidation proceeds as nonreverting funds continuously appropriated to the Authority; and performance benchmarks against which the State Chief Information Officer shall be held accountable.

(8)        Primacy of technical standards. – Recommendations regarding the resolution of conflicts between the technical standards of the Authority and the policies of Cabinet‑level agencies and regarding dollar thresholds at which the State Chief Information Officer's signature should be required for the release of technology‑project funds.

(9)        Executive leadership. – Recommendations regarding the Board's authority to conduct a national search for, and to appoint, supervise, compensate, and remove, the State Chief Information Officer, including supermajority voting thresholds, performance‑based compensation tied to verifiable key performance indicators, and the extent to which the Chief Information Officer shall serve at the pleasure of the Board.

(10)      Strategic oversight. – Recommendations regarding the Board's fiduciary responsibilities for State digital assets, a periodic State of the Silicon report to the General Assembly, and the dollar threshold above which major architectural shifts or multiyear contracts shall require a formal vote of the Board.

SECTION 5.  Consultation. – In developing the Plan, the Board shall consult with the State Chief Information Officer, the Department of Information Technology, the Office of the State Auditor, the North Carolina National Guard, the Office of State Human Resources, the Office of State Budget and Management, affected Cabinet‑level agencies, local governments, public school units, institutions of higher education, and such private‑sector subject‑matter experts as the Board deems appropriate. State agencies shall cooperate with the Board and shall provide information reasonably requested by the Board in furtherance of this act.

SECTION 6.  Staff and Resources. – The Department of Information Technology shall provide the Board with such professional, clerical, and technical staff support as is reasonably necessary to carry out the Board's duties under this act. The Board may, subject to the availability of funds, contract for outside legal, technical, and consulting services.

SECTION 7.  Report to the General Assembly. – The Board shall submit the Plan, together with proposed legislation to implement the Plan, to the President Pro Tempore of the Senate, the Speaker of the House of Representatives, the chairs of the Joint Legislative Oversight Committee on Information Technology, and the Fiscal Research Division no later than March 1, 2027. The Board may submit interim reports at any time and shall appear before the Joint Legislative Oversight Committee on Information Technology upon request.

SECTION 8.  No Substantive Reorganization Without Further Enactment. – Nothing in this act shall be construed to reorganize the Department of Information Technology, transfer personnel or property, establish a fee‑for‑service structure, realign cybersecurity functions, or otherwise effect any of the substantive changes addressed by the Plan. Such changes shall take effect only upon subsequent enactment by the General Assembly.

SECTION 9.  There is appropriated from the General Fund to the Department of Information Technology the sum of one hundred thousand dollars ($100,000) in nonrecurring funds for the 2026‑2027 fiscal year to be used to support the Board of Governors of the North Carolina Digital Sovereignty Authority described in this act.

SECTION 10.(a)  Initial Appointments. – Initial appointments to the Board shall be made not later than 90 days after the effective date of this act. The Board shall hold its first meeting not later than 30 days after a quorum of members has been appointed.

SECTION 10.(b)  Effective Date. – This act becomes effective July 1, 2026.