Skip to main content

ESSB 5014

Signed

Senate

Election security

Concerning election security.

How does a bill become law?
  1. Introduced: The bill is filed and assigned a number.
  2. Committee: A subject-matter committee holds hearings, takes public testimony, and decides whether to advance the bill.
  3. Floor Vote: The full chamber (House or Senate) debates and votes on the bill.
  4. Opposite Chamber: The bill repeats the committee and floor vote process in the other chamber.
  5. Governor: The Governor reviews the bill and decides whether to sign or veto it.
  6. Signed: The bill has been signed into law.
Introduced: February 6, 2025
Last Action: May 17, 2025
Status: C 329 L 25

AI Analysis

This analysis was generated by AI and may contain errors. It is not legal advice. Always refer to the official bill text for authoritative information.
People & CommunitiesPeople-leaningCorporate & Wealthy Interests

This bill strengthens election security by requiring counties to isolate voting equipment, use secure .gov domains, and report cyber incidents immediately. It also expands breach notification rules to vendors and mandates ongoing network monitoring and isolation of election infrastructure.

  • Requires counties to adopt the .gov domain for election-related websites and email by July 1, 2027, to reduce phishing and cyber threats.
  • Mandates electronic and physical partitioning of election and voting infrastructure from other county IT systems to limit attack exposure.
  • Requires isolation of ballot counting equipment from all networks—including internal networks, Wi-Fi, internet, and telephones—to prevent remote access or tampering.
  • Adds strict security breach reporting rules: manufacturers, vendors, counties, and auditors must notify the Secretary of State and Attorney General immediately upon discovering a breach affecting election systems or personal data.
  • Requires counties to deploy 24/7 intrusion detection systems staffed by trained security teams with access to cyber incident response personnel.
  • Requires voting system vendors to provide documentation on security configurations and best practices, and prohibits connecting voting systems to external networks or devices.

Who is affected

  • County election offices (led by county auditors)Must adopt new cybersecurity measures—including using .gov domains, partitioning networks, and isolating voting equipment—by July 1, 2027.
  • County auditors and county IT directorsMust report security breaches or malicious activity immediately to the Secretary of State and Attorney General, and ensure intrusion detection systems are operational 24/7.
  • Voting system manufacturers, distributors, and support vendorsMust disclose security breaches of their voting systems or election-related software/hardware to state officials immediately upon discovery.
  • Organizations supporting the state’s voter registration systemMust disclose breaches affecting the state’s voter registration database or related systems to state officials immediately.
Effective: July 1, 2027Fiscal impact: The bill does not specify a direct cost or savings, but counties may incur costs for implementing network partitioning, intrusion detection systems, and purchasing certified voting equipment with enhanced security features. The Secretary of State may need to provide guidance, training, or single-use media devices to support compliance.
Model: Intel/Qwen3-Coder-Next-int4-AutoRoundGenerated: Mar 20, 2026 at 3:02 AM

Pro/Con Analysis

Stronger case for benefits

Potential Benefits (4)
  • Mandating .gov domains for election websites/email significantly reduces phishing and impersonation attacks, protecting voters from fraud and increasing trust in election integrity—especially benefiting rural, elderly, and low-income voters who are most vulnerable to online deception.

    Public SafetyPeopleRef: Sec. 4(1); Sec. 1(1)(a)
  • Isolating ballot counting equipment from all networks—including internal, Wi-Fi, and telephonic—substantially reduces the risk of remote tampering or cyberattack, directly safeguarding the integrity of vote tallies and ensuring accurate election outcomes for all Washingtonians.

    Public SafetyPeopleRef: Sec. 4(3); Sec. 3(2)
  • Immediate breach reporting to the Secretary of State and Attorney General by counties, vendors, and registration system operators enables rapid state-level response to threats, minimizing potential damage to voter data and election systems—protecting all residents’ privacy and electoral rights.

    Public SafetyPeopleRef: Sec. 3(1)-(4)
  • Requiring vendors to provide security configuration documentation and mandating 24/7 intrusion detection with trained staff improves threat visibility and incident response capacity across counties, strengthening election resilience—especially in jurisdictions without robust IT departments.

    Public SafetyPeopleRef: Sec. 4(5); Sec. 3(2)
Potential Concerns (3)
  • Counties must invest in costly network partitioning, 24/7 intrusion detection systems, and certified voting equipment with enhanced security—costs that fall disproportionately on cash-strapped county budgets, especially in rural or low-revenue jurisdictions.

    Local GovernmentPeopleRef: Sec. 4(2), (3); Sec. 3(2)
  • Mandates for single-use media and strict data transfer protocols increase administrative burden on county election staff, many of whom are already overworked and lack dedicated cybersecurity personnel.

    Local GovernmentPeopleRef: Sec. 4(6); Sec. 3(2)
  • Vendors and manufacturers must comply with new breach reporting and documentation requirements, which may increase compliance costs—particularly for small- to mid-sized election technology firms that lack legal or security teams.

    Business & EmploymentPeopleRef: Sec. 4(1); Sec. 2(1)(a)-(c)

Who Is Most Affected

County election offices (led by county auditors)Mixed Impact

County election offices face significant new costs and operational changes but gain stronger tools to protect election integrity; small counties with limited IT staff are most strained, while larger counties may absorb costs more easily.

County auditors and county IT directorsMixed Impact

County IT staff and auditors gain new authority and state support but face increased workload and liability for timely breach reporting; smaller counties may lack resources to meet 24/7 monitoring requirements.

Voting system manufacturers, distributors, and support vendorsNegative Impact

Voting system vendors face new breach disclosure obligations and documentation requirements, which may increase compliance costs—especially for small- and mid-sized firms—though larger vendors are better equipped to absorb them.

Organizations supporting the state’s voter registration systemNegative Impact

Organizations managing the state voter registration database must comply with strict breach reporting, increasing legal and operational risk; this may deter smaller vendors or raise service costs passed to the state.

General electorate (especially vulnerable populations)Positive Impact

All voters benefit from increased trust in election outcomes and reduced risk of fraud or data breaches, but low-income, elderly, and rural voters gain the most from phishing prevention via .gov domains and secure systems.