1

Colorado Telecommunications Security Registration Program

The General Assembly enacted section 24-33.5-1624, C.R.S. via Senate Bill 24-151 to declare it is in the best interest of the state to secure Colorado's telecommunications network and protect national security by identifying and removing communications hardware and software produced by countries of concern or by other sanctioned entities from Colorado's telecommunications network and by monitoring the progress of the removal of such equipment. The statute mandates the Director of the Division of Homeland Security and Emergency Management to promulgate rules establishing registration procedures and fees. The division will notify relevant state agencies or political subdivisions of Colorado as to when telecommunication providers plan to remove, discontinue or replace any telecommunications equipment from a federally banned entity.

On January 15, 2025, the program rules were signed and approved. 

Program Overview and Information 

   DHSEM is finalizing the system for accepting the registration and initial registration fees enacted under Senate Bill 24-151 as the Colorado Telecommunications Security Registration Program.  Below is the information that may be included in the program guidance.  

  1. Authority: This regulation is adopted under the authority in section 24-33.5-1624, C.R.S., and is intended to be consistent with the requirements of the State Administrative Procedures Act, section 24-4-101 et seq. (the “APA”).
  2. Scope and Purpose: This regulation governs the implementation of the Colorado Telecommunications Security Registration Program. It includes the time frames for telecommunications providers to register with the division. The registration includes notification of the date the telecommunication providers plan to remove, discontinue or replace any critical telecommunications infrastructure equipment from a federally banned entity. The payment of registration fees and late fees.
  3. Applicability: The provisions of these rules shall apply to all eligible telecommunications providers as provided by law.
  4. Definitions
    1. Critical telecommunications infrastructure means all physical telecommunications infrastructure and equipment that supports the transmission of information, regardless of the transmission medium or technology employed. Also, anything that connects to a telecommunications network permits the user to engage in the use of telecommunications service, including telecommunications service provided directly to the public or such classes of uses as to be effectively available to the public.
    2. Critical telecommunications infrastructure does not include telecommunications equipment that is used solely for the operation of a utility. It does not include equipment not used in connection with telecommunications services offered to the public.
    3. A federally banned entity means any entity or equipment that the federal government has banned or imposed sanctions against. This includes bans or sanctions imposed by the following federal agencies and acts:
      1. The Federal Communications Commission, including:
        1. Any entity, equipment or service deemed to pose a threat to national security identified on the Covered List described in 47 CFR 1.50002; and
        2. Any entity, equipment or service identified on the covered list published by the Public Safety and Homeland Security Bureau under the federal Secure and Trusted Communications Networks Act of 2019, 47 U.S.C. Sec. 1601 et seq., as amended;
      2. The United States Department of Commerce;
      3. The United States Cybersecurity and Infrastructure Security Agency;
      4. The Federal Acquisition Security Council, established under the Federal Secure Technology Act, 41 U.S.C. Sec. 1322, as amended; and
      5. Section 889 of the Federal John S. McCain National Defense Authorization Act for Fiscal Year 2019, Pub.L. 115-232.
    4. A telecommunications provider is an entity that offers wireless telecommunications service for a fee directly to the public or to such classes of uses as to be effectively available to the public.
    5. A telecommunications provider does not include a municipality or a municipally owned utility.
  5. Program Requirements: DHSEM is developing and finalizing program requirements. Requirements will include the information below, as included in the House Bill.
    1. Registration and Initial Registration Fee
      1. Telecommunication providers will register with the division on or before January 15, 2025, and pay a $50 registration fee.
      2. Telecommunication providers will provide the division with the name, address, telephone number and email address of the primary point of contact oversees the operation of telecommunications service in Colorado.
    2. Certification and Notification
      1. Telecommunication providers will report on or by January 15 each year on their progress in removing all federally banned equipment.
      2. Once a telecommunications provider can certify compliance they are no longer required to continue annual reporting.
    3. Program Guidance
      1. The DHSEM Office of Grants Management is responsible for the implementation of this program and will develop and publish guidance including the following requirements:
        1. Where and how to register
        2. Where and how to continue to report/certify compliance or progress
        3. How and when late fees will be assessed 

Point of Contact

The DHSEM point of contact is Austin Geddis.