NSITSP Update: Taxes, Repair, Safe Harbor (EP 1030)
Regulations are shifting fast, and this NSITSP update walks through the new cyber laws, safe harbor protections, right to repair battles, and tax trends that are already reshaping how we run MSPs and IT service businesses. I break down what’s happening, why it matters, and where NSITSP is stepping in so you’re not blindsided by policy changes at the state level.
Statehouses have been busy, and the Center for Long-Term Cybersecurity at UC Berkeley found that in 2025 alone, state governments passed 99 cybersecurity-related bills, creating 393 new statutory requirements. Most of these new laws hit public schools, state agencies, cyber insurance policyholders, and critical infrastructure, which means your client base is becoming more regulated even if MSPs aren’t named directly in the statutes. I walk through how this shows up in your day-to-day work as new documentation, governance, and compliance expectations that land on your plate, and how to use the referenced database as a cheat sheet for scoping projects and updating your service catalog.
We also unpack cybersecurity safe harbor laws, now on the books in states like Ohio, Connecticut, Iowa, Nebraska, Oklahoma (for hospitals), Tennessee, and Texas, where a written, framework-aligned security program can give you an affirmative legal defense after a breach. From there we head into Colorado’s digital right to repair fight, California’s proposal to tax downloaded software, the broader trend of states taxing software in more than 30 jurisdictions, and NSITSP’s work building a legislative toolkit, outreach guides, and model IT provider legislation that’s ready to use if regulators decide to come back for our industry.
=== Chapters
- 00:25 NSITSP Update Intro
- 02:07 State Cyber Laws Surge
- 05:14 Safe Harbor Protections
- 08:52 Right to Repair Battle
- 12:27 Software Tax Debate
- 14:53 Policy Toolkit Launch
=== Companies / Vendors / Products / Books
- National Society of IT Service Providers (NSITSP): https://nsitsp.org
- Center for Long-Term Cybersecurity (UC Berkeley): https://cltc.berkeley.edu
- NIST (National Institute of Standards and Technology): https://www.nist.gov
- FedRAMP (Federal Risk and Authorization Management Program): https://www.fedramp.gov
- Center for Internet Security (CIS): https://www.cisecurity.org
- ISO 27000 (ISO/IEC 27000 family): https://www.iso.org/isoiec-27001-information-security.html
- HIPAA (Health Insurance Portability and Accountability Act): https://www.hhs.gov/hipaa
- Ohio Revised Code (Sections 1354.01 and 1354.05): https://codes.ohio.gov/ohio-revised-code/chapter-1354
- Colorado Consumer Right To Repair Digital Electronic Equipment Law: https://leg.colorado.gov
- California State Government (sales tax on downloaded software context): https://www.cdtfa.ca.gov
- Maryland Tax on IT Services (Maryland State Government): https://www.marylandtaxes.gov
=== SPONSORS:
- Livestream Partner, ThreatLocker: https://www.itbusinesspodcast.com/threatlocker
- Technology Partner, NetAlly: https://www.itbusinesspodcast.com/netally/
- Technology Partner: Bvoip: https://www.itbusinesspodcast.com/bvoip
- Travel Partner: TruGrid: https://www.itbusinesspodcast.com/trugrid
- Digital Partner, Designer Ready: http://itbusinesspodcast.com/designerready
=== SHOW MUSIC:
- Item Title: Upbeat & Fun Sports Rock Logo
- Item URL: https://elements.envato.com/upbeat-fun-sports-rock-logo-CSR3UET
- Author Username: AlexanderRufire
- Item License Code: 7X9F52DNML
=== Connect with Uncle Marv
🌐 Website: https://www.itbusinesspodcast.com/
🎙 Host: Marvin Bee
🛒 Uncle Marv’s Amazon Store (gear & tools I recommend): https://amzn.to/3EiyKoZ
☕ Support the show: https://ko-fi.com/itbusinesspodcast
If you found value in this episode, share it with another MSP, IT provider, or tech entrepreneur. Your support helps keep practical, no-nonsense IT business conversations coming every week.
