Montana Just Passed the First Right to Compute Act in America — And It Could Reshape How You Think About Digital Privacy

I was three sips into a lukewarm americano at my desk last Thursday — the $4.75 kind from the place on Elm that never gets my order right — when Derek sent me a link in our Signal chat with exactly zero context. Just a URL and a shrug emoji. Classic Derek.

The link pointed to Montana Senate Bill 212, also known as the Montana Right to Compute Act. And after spending the next 47 minutes reading through the text, cross-referencing with California's failed restrictive proposals, and arguing with Sandra about whether this was actually enforceable, I came to a conclusion that surprised me: Montana might have just done something genuinely important.

What the Montana Right to Compute Act Actually Protects

Governor Greg Gianforte signed SB 212 into law in April 2025, making Montana the first state in America to formally codify a citizen's right to own, access, and operate computational resources — including AI tools — without unreasonable government interference. The law emerged from advocacy by State Senator Daniel Zolnikov and the Frontier Institute, and it has been picking up renewed attention in 2026 as other states weigh similar legislation.

The core protections are straightforward but significant. Citizens have the explicit right to own and use computing hardware and software, including artificial intelligence systems. Any government restriction on that right must meet a strict scrutiny standard — meaning regulators have to prove that a restriction is both necessary and narrowly tailored to a compelling public safety or health interest. That is an enormously high bar, borrowed directly from First Amendment jurisprudence.

Why This Matters for Cybersecurity Professionals

Sandra — who spent 11 years doing compliance work at a Fortune 500 before burning out and becoming a freelance security consultant — made an interesting point when I called her at 9:42 PM to talk about this. (She was watching reruns of The Bear and was not thrilled about the interruption.)

"The right to compute is also the right to encrypt," she said. "If a state cannot unreasonably restrict your use of computational tools, that creates a legal framework for pushing back against backdoor mandates."

She has a point. The MRTCA does not explicitly mention encryption, but the broad language around computational tool usage could serve as a shield against state-level attempts to weaken cryptographic protections. Consider that several states have floated proposals requiring backdoors in encrypted messaging or mandating that AI tools include government-accessible logging. Montana's law would make those proposals extraordinarily difficult to implement within its borders.

The AI Safety Provision Nobody Is Talking About

Buried in the legislation is a requirement that AI systems controlling critical infrastructure must include a mandatory shutdown mechanism and undergo annual risk management reviews. Tom — our infrastructure guy who once debugged a SCADA system at 3 AM while his newborn screamed in the background — immediately flagged this as the sleeper clause of the whole bill.

"Every other state is trying to regulate AI by restricting who can use it," Tom said during our team standup on Friday. "Montana flipped the script. They are saying use whatever you want, but if you plug it into a power grid or a water system, you better have a kill switch and an annual audit. That is actually smart policy."

The annual review requirement aligns with frameworks already used by NIST and the Cybersecurity and Infrastructure Security Agency (CISA), which have been pushing for mandatory risk assessments in critical infrastructure since the Colonial Pipeline incident. Montana just made it law at the state level, with teeth.

How This Contrasts with Restrictive Approaches in California and Virginia

The contrast with other states is striking. California's proposed AI regulation bill, SB 1047, attempted to impose broad liability on AI developers and would have required safety evaluations before deployment. Critics — including many in the open-source community — argued it would have effectively killed independent AI development in the state. Governor Newsom vetoed it in September 2024.

Virginia's approach has been more fragmented, with multiple bills targeting specific AI use cases (hiring, healthcare, criminal justice) rather than establishing overarching rights. The result is a patchwork of regulations that Rachel — who manages compliance for a multi-state healthcare provider — described as "a nightmare of contradictions that costs us about $340,000 a year in legal fees just to figure out what we are allowed to do."

Montana took the opposite approach: protect the individual's rights first, then require safety measures only where they demonstrably matter. It is the difference between starting with restriction and starting with freedom.

The Ripple Effect Across State Legislatures

New Hampshire Representative Keith Ammon has already praised Montana's initiative and indicated that similar legislation is moving forward in his state. The Right to Compute campaign, backed by organizations like Haltia.AI and the ASIMOV Protocol, is actively lobbying in at least seven other states.

Greg — our policy wonk who keeps a 1,847-row spreadsheet tracking state-level tech legislation — estimates that by the end of 2026, at least three more states will have introduced Right to Compute bills. "The momentum is real," he told me over a $6.50 cold brew last Tuesday. "Montana gave everyone a template. Now the question is whether the template survives first contact with lobbyists from the big tech companies who prefer a world where they control the compute and you just rent it."

What You Should Do Right Now

If you work in cybersecurity, security policy, or IT governance, Montana's Right to Compute Act deserves your attention for several practical reasons:

First, if your organization operates in Montana or serves Montana residents, you need to understand that any computational restrictions you impose — including on employee use of AI tools — may now face legal scrutiny under strict standards. Have your legal team review your acceptable use policies.

Second, if you manage critical infrastructure, the mandatory shutdown mechanism and annual review requirements are not optional. Build them into your compliance calendar now.

Third, watch the other states. The regulatory picture for computation and AI is about to get a lot more interesting, and the direction it takes will determine whether security professionals have the tools they need — or whether those tools get regulated into uselessness before they ever reach production.

Derek texted me again at 11:30 PM that night. "So is Montana actually cool now?" I did not have a good answer. But I know their legislature just did something that most technology policy experts have been arguing about for years without accomplishing. Sometimes the best policy comes from the places you least expect.

Protecting your digital infrastructure starts with the right partner. Wardigi offers full-spectrum cybersecurity and IT solutions for businesses.