§ 3301. Agency of Digital Services; created
(a) The Agency of Digital Services is created to provide information technology services
and solutions in State government. The cost of the oversight, monitoring, and control
shall be assessed to the entity requesting the activity. The Agency shall have all
the responsibilities assigned to it by law, including the following:
(1) Provide services for all activities directly related to information technology and
cybersecurity, including telecommunications services, information technology equipment,
software, accessibility, networks in State government, and the sharing of data and
information within State government.
(2) Review and approve all information technology activities within State government.
(3) Prepare and submit an annual report to the General Assembly for information technology,
as described in section 3303 of this chapter.
(4) Prepare and submit a strategic plan for information technology and cybersecurity to
the General Assembly, as described in section 3303 of this chapter.
(5) Obtain independent expert review of any new information technology projects, as required
by section 3303 of this chapter.
(6) Provide strategy, services, and solutions for information technology activities within
State government.
(7) Provide information technology project management services and business analyst services
to the Executive Branch. When project managers are not available, the Agency shall
procure those services and bill them back to the agencies using the services.
(8) Provide standards for the management, organization, and tracking of information technology
activities within State government.
(9) Create information technology procurement policy and process for State government
in collaboration with the Agency of Administration, and review all information technology
and information technology requests for proposal in accordance with Agency of Administration
policies.
(10) Perform the responsibilities of the Secretary of Administration under 30 V.S.A. § 227b.
(11) Inventory technology fixed assets within State government.
(12) Manage the training and classification of information technology employees within
State government in collaboration with the Agency of Administration.
(13) Support the statewide development of broadband telecommunications infrastructure and
services, in a manner consistent with the telecommunications plan prepared pursuant
to 30 V.S.A. § 202d and community development objectives established by the Agency of Commerce and Community
Development, by:
(A) purchasing telecommunications services or facilities at rates competitive within the
national marketplace;
(B) sharing bandwidth with service providers or other users;
(C) establishing equipment colocation arrangements with service providers; or
(D) making other reasonable arrangements.
(14) Develop information technology and cybersecurity policies for State government.
(15) Provide technical support and services to the Legislative and Judicial branches, as
needed.
(b) As used in this section:
(1) “Cybersecurity” means the protection of an information system or information stored
on such information system against any act or attempt, direct or indirect, successful
or unsuccessful, to gain unauthorized access, use, disclose, disrupt, modify, or destroy
the information system or information stored on such information system.
(2) “Information technology activities” means:
(A) the creation, collection, processing, storage, management, transmission, or conversion
of electronic data, documents, or records; and
(B) the design, construction, purchase, installation, maintenance, or operation of systems,
including hardware, software, and services that perform or are contracted under Administrative
Bulletin 3.5 to perform these activities.
(3) “State government” means the agencies of the Executive Branch of State government. (Added 2019, No. 49, § 5, eff. June 10, 2019.)
§ 3302. Appointment of Secretary; powers and duties
(a) The Governor, with the advice and consent of the Senate, shall appoint the Secretary
of Digital Services who shall be the Chief Information Officer of the State. The Secretary
shall appoint a deputy secretary who shall serve at the pleasure of the Secretary.
(b) The Secretary shall serve as the administrative head of the Agency of Digital Services
and shall have the following responsibilities:
(1) coordinate and optimize the use of technology within State government;
(2) approve, in consultation with the Agency of Administration, State government information
technology contracts and procurement activity;
(3) review and approve State government information technology and cybersecurity policies;
(4) approve State government information technology recruitment and classification of
employees; and
(5) supervise all information technology employees and contractors in State government. (Added 2019, No. 49, § 5, eff. June 10, 2019.)
§ 3303. Reporting, records, and review requirements
(a) Annual report and budget. The Secretary shall submit to the House Committee on Energy and Digital Infrastructure
and the Senate Committee on Institutions, concurrent with the Governor’s annual budget
request required under 32 V.S.A. § 306, an annual report for information technology and cybersecurity. The report shall
reflect the priorities of the Agency and shall include:
(1) performance metrics and trends, including baseline and annual measurements, for each
division of the Agency;
(2) a financial report of revenues and expenditures to date for the current fiscal year;
(3) costs avoided or saved as a result of technology optimization for the previous fiscal
year;
(4) a summary of each active information technology project managed by the Agency’s Enterprise
Project Management Office, including each project’s:
(A) scope;
(B) budget;
(C) timeline; and
(D) status, which includes:
(i) project closure details;
(ii) project changes over time; and
(iii) other indicators of the project being on time and on budget;
(5) an annual update to the strategic plan prepared pursuant to subsection (c) of this
section;
(6) a summary of independent reviews as required by subsection (d) of this section, including
any uses of the waiver authority by the Chief Information Officer pursuant to subdivision
(d)(3) of this section;
(7) the Agency budget submission;
(8) an annual update to the inventory required by section 3305 of this title; and
(9) a report on the expenditures of the Technology Modernization Special Fund, a list
of projects receiving funding from the Fund in the prior fiscal year, and a list of
prioritized recommendations for projects to be funded from the Fund in the next fiscal
year.
(b) Records. The Agency shall maintain the following records for information technology projects
managed by the Agency’s Enterprise Project Management Office:
(1) A business case, including staffing costs, when available to and provided by the State
government business partner, life-cycle costs, and sources of funds for design, development,
and implementation, as well as maintenance and operations. The business case shall
include expected benefits, including cost savings and service delivery improvements.
(2) Detailed project plans and status reports, including risk identification and risk
mitigation plans.
(c) Strategic plan. The Secretary shall prepare and submit a strategic plan for information technology
and cybersecurity, concurrent with the Governor’s annual budget request required under
32 V.S.A. § 306. The strategic plan shall include:
(1) the Agency’s vision, mission, objectives, strategies, and overarching action plans
for information technology within State government; and
(2) an update on the information technology goals for State government for the following
fiscal year.
(d) Independent expert review.
(1) The Agency shall obtain independent expert review of any new information technology
projects with a total cost of $1,000,000.00 or greater or when required by the Chief
Information Officer.
(2) The independent review shall include:
(A) an acquisition cost assessment;
(B) a technology architecture and standards review;
(C) an implementation plan assessment;
(D) a cost analysis and a model for benefit analysis;
(E) an analysis of alternatives;
(F) an impact analysis on net operating costs for the agency carrying out the activity;
and
(G) a security assessment.
(3) The requirement to obtain independent expert review described in subdivision (1) of
this subsection may be waived by the Chief Information Officer if, in the Chief Information
Officer’s judgment, such a review would be duplicative of one or more reviews that
have been, or will be, conducted under a separate federal or State requirement. If
waived, such waiver shall be in writing and in accordance with procedures established
by the Chief Information Officer.
(e) Current projects inventory. The Agency shall maintain a project inventory on its publicly accessible website that
displays the status of all current information technology projects managed by the
Agency’s Enterprise Project Management Office. The inventory shall be updated at least
monthly and include the:
(1) State government business partner for each project;
(2) name of each project;
(3) start date of each project;
(4) estimated date of completion at the start of the implementation phase of each project
along with an indicator as to whether the project is on time;
(5) estimated project cost at the start of the implementation phase of each project along
with an indicator as to whether the project is on budget;
(6) current estimated date of completion of each project; and
(7) current estimated cost of each project. (Added 2019, No. 49, § 5, eff. June 10, 2019; amended 2019, No. 131 (Adj. Sess.), § 5; 2021, No. 74, § E.105; 2021, No. 132 (Adj. Sess.), § 2, eff. July 1, 2022; 2021, No. 185 (Adj. Sess.), § E.105, eff. July 1, 2022; 2025, No. 48, § 2, eff. July 1, 2025.)
§ 3304. Information Technology Internal Service Fund
(a) An Information Technology Internal Service Fund is created to support activities of
the Agency of Digital Services.
(b) An agency, department, or division or other State or nonstate entity that receives
services of the Agency of Digital Services shall be charged for those services on
a basis established by the Secretary of Digital Services with the approval of the
Secretary of Administration. (Added 2019, No. 49, § 5, eff. June 10, 2019.)
§ 3305. Automated decision system; State procurement; inventory
(a) Definitions. As used in this section:
(1) “Algorithm” means a computerized procedure consisting of a set of steps used to accomplish
a determined task.
(2) “Automated decision system” means any algorithm, including one incorporating machine
learning or other artificial intelligence techniques, that uses data-based analytics
to make or support government decisions, judgments, or conclusions.
(3) “Automated final decision system” means an automated decision system that makes final
decisions, judgments, or conclusions without human intervention.
(4) “Automated support decision system” means an automated decision system that provides
information to inform the final decision, judgment, or conclusion of a human decision
maker.
(5) “State government” has the same meaning as in section 3301 of this chapter.
(b) Inventory. The Agency of Digital Services shall conduct a review and make an inventory of all
automated decision systems that are being developed, employed, or procured by State
government. The inventory shall include the following for each automated decision
system:
(1) the automated decision system’s name and vendor;
(2) a description of the automated decision system’s general capabilities, including:
(A) reasonably foreseeable capabilities outside the scope of the agency’s proposed use;
and
(B) whether the automated decision system is used or may be used for independent decision-making
powers and the impact of those decisions on Vermont residents;
(3) the type or types of data inputs that the technology uses; how that data is generated,
collected, and processed; and the type or types of data the automated decision system
is reasonably likely to generate;
(4) whether the automated decision system has been tested for bias by an independent third
party, has a known bias, or is untested for bias;
(5) a description of the purpose and proposed use of the automated decision system, including:
(A) what decision or decisions it will be used to make or support;
(B) whether it is an automated final decision system or automated support decision system;
and
(C) its intended benefits, including any data or research relevant to the outcome of those
results;
(6) how automated decision system data is securely stored and processed and whether an
agency intends to share access to the automated decision system or the data from that
automated decision system with any other entity, which entity, and why; and
(7) a description of the IT fiscal impacts of the automated decision system, including:
(A) initial acquisition costs and ongoing operating costs, such as maintenance, licensing,
personnel, legal compliance, use auditing, data retention, and security costs;
(B) any cost savings that would be achieved through the use of the technology; and
(C) any current or potential sources of funding, including any subsidies or free products
being offered by vendors or governmental entities. (Added 2021, No. 132 (Adj. Sess.), § 3, eff. July 1, 2022.)
§ 3306. Technology Modernization Special Fund
(a) Creation. There is created the Technology Modernization Special Fund, to be administered by
the Agency of Digital Services. Monies in the Fund shall be used to fund business
process transformation and to purchase, implement, and upgrade technology platforms,
systems, and cybersecurity services used by State agencies and departments to carry
out their statutory functions.
(b) Funds. The Fund shall consist of:
(1) any amounts transferred to it by the General Assembly; and
(2) any interest earned by the Fund.
(c) Fund balance. Any balance remaining at the end of the fiscal year shall remain in the Fund.
(d) Receipts. The Commissioner of Finance and Management may anticipate receipts to this Fund and
issue warrants based thereon.
(e) Priorities. The General Assembly shall prioritize projects to receive monies from the Fund based
on recommendations from the Chief Information Officer submitted pursuant to subsection 3303(a) of this title. Expenditures shall only be made from the fund through appropriation and project
authorization by the General Assembly. Plans for use shall be submitted as part of
the budget adjustment or budget process. (Added 2021, No. 185 (Adj. Sess.), § E.105.1, eff. June 9, 2022; amended 2023, No. 87 (Adj. Sess.), § 58, eff. March 13, 2024; 2025, No. 27, § F.163, eff. May 21, 2025.)