Md. Code, Tax-Gen. § 10-733.1

Current with changes from the 2024 Legislative Session
Section 10-733.1 - Purchase of cybersecurity technology and cybersecurity service
(a)
(1) In this section the following words have the meanings indicated.
(2) "Cybersecurity business" means an entity organized for profit that is engaged primarily in the development of innovative and proprietary cybersecurity technology or the provision of cybersecurity service.
(3) "Cybersecurity service" means an activity that is associated with a category or subcategory identified under the Framework Core established by the National Institute of Standards and Technology's Cybersecurity Framework.
(4) "Cybersecurity technology" means products or goods intended to detect or prevent activity intended to result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system.
(5) "Department" means the Department of Commerce.
(6) "Panel" means the panel that the Department may establish under subsection (c) of this section composed of experts in the areas of cybersecurity technology and cybersecurity service.
(7) "Qualified buyer" means any entity that has fewer than 50 employees in the State and that is required to file an income tax return in the State.
(8) "Qualified seller" means a cybersecurity business that:
(i) has its headquarters and base of operations in the State;
(ii)
1. has less than $5,000,000 in annual revenue;
2. is a minority-owned, woman-owned, veteran-owned, or service-disabled-veteran-owned business; or
3. is located in a historically underutilized business zone designated by the United States Small Business Administration;
(iii)
1. owns or has properly licensed any proprietary cybersecurity technology; or
2. provides a cybersecurity service;
(iv) is in good standing;
(v) is current in the payment of all tax obligations to the State or any unit or subdivision of the State; and
(vi) is not in default under the terms of any contract with, indebtedness to, or grant from the State or any unit or subdivision of the State.
(b)
(1) Subject to paragraphs (2) and (3) of this subsection, a qualified buyer may claim a credit against the State income tax in an amount equal to 50% of the cost incurred during the taxable year to purchase cybersecurity technology or a cybersecurity service from one or more qualified sellers.
(2) For any taxable year, the credit allowed under this section may not exceed $50,000 for each qualified buyer.
(3) For any taxable year, the aggregate credits claimed for cybersecurity technology or cybersecurity service purchased from a single qualified seller may not exceed $200,000.
(c)
(1) The Department, in consultation with the Maryland Technology Development Corporation, may establish a panel composed of experts in the areas of cybersecurity technology and cybersecurity service.
(2) The Department may establish the panel under service contracts with independent reviewers.
(3) The panel shall assist the Department in its determination as to whether a company is a qualified seller.
(4) A member of the panel is not eligible to receive any benefit, direct or indirect, from the tax credit under this section.
(5)
(i) Except as provided in subparagraph (ii) of this paragraph, Division II of the State Finance and Procurement Article does not apply to a service that the Department obtains under this section.
(ii) The Department is subject to Title 12, Subtitle 4 of the State Finance and Procurement Article for services the Department obtains under this section.
(d)
(1)
(i) A qualified buyer eligible for the credit under this section may apply to the Department for a credit certificate that states the amount of the credit the qualified buyer may claim under subsection (b) of this section.
(ii) A qualified buyer shall attach the credit certificate to the income tax return on which the qualified buyer claims the credit under subsection (b) of this section.
(2) Subject to paragraph (3) of this subsection, the Secretary of Commerce shall approve each application under paragraph (1) of this subsection that qualifies for a credit certificate.
(3)
(i) The total amount of the credit certificates approved by the Secretary of Commerce under this subsection may not exceed:
1. for taxable year 2018, $2,000,000; and
2. for taxable year 2019 and each taxable year thereafter, $4,000,000.
(ii) For each taxable year, the Secretary of Commerce shall award 25% of the amount of tax credits authorized under subparagraph (i) of this paragraph to qualified buyers that purchase cybersecurity services.
(e)
(1) The Department may revoke its certification of a credit under this section if any representation made in connection with the application for the certification is determined by the Department to have been false.
(2) The revocation may be in full or in part as the Department may determine and, subject to paragraph (3) of this subsection, shall be communicated to the qualified buyer and the Comptroller.
(3) The qualified buyer shall have an opportunity to appeal any revocation to the Department before notification of the Comptroller.
(4) The Comptroller may make an assessment against the qualified buyer to recapture any amount of tax credit that the qualified buyer has already claimed.
(f) In accordance with § 2.5-109 of the Economic Development Article, the Department shall submit a report on the credit certificates awarded under this section for the calendar year.
(g) The Department and the Comptroller jointly shall adopt regulations to carry out this section and to specify criteria and procedures for application for, approval of, and monitoring continuing eligibility for the tax credit under this section.

Md. Code, TG § 10-733.1

Added by 2018 Md. Laws, Ch. 578, Sec. 1, eff. 6/1/2018.