Governor Newsom has signed a bill that will require all California cities and counties to use a government-designated domain, his office announced on Sunday (Oct. 8). AB 1637 by Assemblymember Jacqui Irwin (D-Thousand Oaks) seeks to address cybersecurity and enhance public trust in government websites in California by requiring cities and counties in the state to transition their public internet websites and employee email addresses to utilize a “.gov” or “.ca.gov” domain by January 1, 2029.
The rationale behind this requirement is to align government websites with secure domain naming conventions. The “.gov” domain, managed by the Cybersecurity and Infrastructure Security Agency (CISA), is exclusively reserved for U.S. government entities and publicly controlled organizations. It is designed to enhance security through multi-factor authentication, enforce HTTPS connections, and provide a dedicated security contact for domains. Using a “.gov” domain adds credibility to government websites, assuring the public of their authenticity.
Similarly, the “.ca.gov” domain is overseen by the California Department of Technology (CDT) and is available to any state entity, county, city, tribal government, joint powers authority, or independent local district in California. There is no annual fee associated with either “.gov” or “.ca.gov” domain names in California.
AB 1637 extends these domain requirements to local government entities, ensuring that they also adhere to the secure domain standards established for government websites. The bill allows local agencies that are not in compliance with the domain requirements by January 1, 2029, to redirect their websites to domains that conform to these standards.
The bill’s author emphasizes the importance of safeguarding public trust in government institutions, particularly in an era marked by rising misinformation and online fraud. Assemblymember Irwin states, “California’s cities and counties should take every effort to safeguard the public’s trust in our institutions, especially when they are recommended and offered free of charge by federal and state authorities. AB 1637 requires cities and counties to transition their websites and e-mails to the .gov or ca.gov domain, so when Californians look for government information or services, they can know with confidence they are receiving official information.”
Supporters of AB 1637, like the City of Agoura Hills, argue that the bill enhances cybersecurity by ensuring that government websites are hosted on secure domains. They believe that “.gov” and “.ca.gov” domains provide greater security and make it significantly more challenging for malicious actors to impersonate government websites. This transition is seen as a step toward safer and more accurate website access for communities in California.
However, the bill faced opposition from various local agency associations. They contend that AB 1637 represents a costly state mandate without clear cybersecurity benefits. While the bill imposes no fees for obtaining “.gov” domains, it does entail significant costs for local agencies, including IT expenses, updates to email systems, changes to web applications, and revising website URLs, among others. These costs could disproportionately affect smaller cities and counties, which may lack the necessary IT resources and could be forced to contract out services. For instance, Sacramento County reported that transitioning to a “.gov” domain took 15 full-time employees 14 months to complete, involving changes to websites, web applications, emails, and active directory accounts for over 12,000 employees and contractors.