Full Text of HB4229

  1. Home
  2. Legislation
  3. Full Text

HB4229 - 104th General Assembly

Introduced Printer Friendly Version
Introduced
Open PDF 
 

 
104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026
HB4229
 
Introduced 1/14/2026, by Rep. Katie Stuart
 
SYNOPSIS AS INTRODUCED:
 
New Act
    Creates the Higher Education Enrollment Fraud Act. Requires the Board of Higher Education to convene a working group to develop policies and procedures for institutions of higher education to prevent fraudulent enrollment in online courses for the purpose of gaining access to financial aid, campus information technology systems, and student support services. Requires each institution of higher education to complete an annual cybersecurity self-assessment of its information technology infrastructure to determine its Information Technology Laboratory score and annually report local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts to the Board. Requires the self-assessment and report to be submitted to the Board by December 15, 2026 and each December 15 thereafter and the Board to compile a report of these submissions and submit that report to the General Assembly by January 15, 2027 and each January 15 thereafter. Includes other information an institution of higher education must submit related to enrollment fraud. Effective immediately.


LRB104 16470 LNS 29865 b

STATE MANDATES ACT MAY REQUIRE REIMBURSEMENT
MAY APPLY
					
 
 
A BILL FOR
 
HB4229LRB104 16470 LNS 29865 b

1    AN ACT concerning education.
 
2    Be it enacted by the People of the State of Illinois, 
3represented in the General Assembly:
 
4    Section 1. Short title. This Act may be cited as the Higher 
5Education Enrollment Fraud Act.
 
6    Section 5. Definition. As used in this Act, "institution 
7of higher education" means any public or private college or 
8university located in this State, including a public community 
9college.
 
10    Section 10. Enrollment fraud working group. 
11    (a) The Board of Higher Education shall convene a working 
12group, consisting of representatives the Board deems 
13necessary, to develop policies and procedures for institutions 
14of higher education to prevent fraudulent enrollment in online 
15courses for the purpose of gaining access to financial aid, 
16campus information technology systems, and student support 
17services. The Board shall submit a report of its findings to 
18the General Assembly by January 15, 2027.
19    (b) This Section is repealed on January 15, 2028.
 
20    Section 15. Required self-assessment.
21    (a) Each institution of higher education shall complete an 
 
 
HB4229- 2 -LRB104 16470 LNS 29865 b

1annual cybersecurity self-assessment of its information 
2technology infrastructure to determine its Information 
3Technology Laboratory score and annually report local and 
4systemwide technology and data security measures that support 
5improved oversight of fraud mitigation, online learning 
6quality, and cybersecurity efforts to the Board of Higher 
7Education. The self-assessment shall include, but not be 
8limited to, the following information:
9        (1) the amount of fraudulent student enrollments 
10    reported since the COVID-19 pandemic that began in March 
11    2020 or since the previous self-assessment;
12        (2) the percentage of fraudulent enrollments among 
13    total enrollments;
14        (3) any trends or patterns that can be identified in 
15    fraudulent enrollments, including preferred course types, 
16    such as online, in-person, or hybrid;
17        (4) the amount of financial aid that has been 
18    disbursed to fraudulent students annually since the 
19    COVID-19 pandemic that began in March 2020 or since the 
20    previous self-assessment;
21        (5) the estimated financial loss due to fraudulent 
22    enrollments;
23        (6) the specific costs associated with fraud 
24    prevention, including systemwide expenditures on 
25    cybersecurity, admissions verification, and 
26    administrative oversight;
 
 
HB4229- 3 -LRB104 16470 LNS 29865 b

1        (7) how fraudulent enrollments have impacted the 
2    distribution of State funding to the institution of higher 
3    education;
4        (8) any strategies the institution of higher education 
5    has implemented to detect and prevent fraudulent 
6    enrollments;
7        (9) any barriers that prevent the institution of 
8    higher education from effectively addressing fraudulent 
9    enrollments;
10        (10) if any classes have been canceled due to 
11    fraudulent enrollments failing to meet minimum student 
12    thresholds;
13        (11) if fraudulent enrollments contribute to 
14    inefficient resource allocation, including offering 
15    unnecessary course sections;
16        (12) the effectiveness of any systemwide fraud 
17    mitigation strategies used to reduce fraudulent 
18    enrollments;
19        (13) if the Board of Higher Education or the 
20    institution of higher education's governing body has 
21    provided sufficient guidance and support to combat fraud;
22        (14) any additional policies or resources needed to 
23    address the ongoing threat of fraudulent enrollments; and
24        (15) the impact on real students, including whether 
25    real students are prevented from getting classes due to 
26    fraudulent students.
 
 
HB4229- 4 -LRB104 16470 LNS 29865 b

1    The self-assessment and report shall be submitted to the 
2Board of Higher Education by December 15, 2026 and each 
3December 15 thereafter, and the Board shall compile a report 
4of these submissions and submit that report to the General 
5Assembly by January 15, 2027 and each January 15 thereafter.
6    (b) In addition to the self-assessment in subsection (a), 
7each institution of higher education shall submit to the Board 
8of Higher Education:
9        (1) a remediation update twice per year, for the fall 
10    and spring semesters, on vulnerability and other issues 
11    identified in the most recent self-assessment;
12        (2) a detailed after-action report of all 
13    cybersecurity incidents that either led to a breach of 
14    personally identifiable information or led to the 
15    disruption of services, including, but not limited to, a 
16    breach of student identification numbers, distributed 
17    denial-of-service attacks, and ransomware;
18        (3) a report of the total number of admission 
19    applications received that are determined to be 
20    fraudulent, including applications considered to be likely 
21    fraudulent, on an annual basis; and
22        (4) information that was requested on suspected 
23    fraudulent enrollments and the fraudulent receipt of 
24    financial aid, on an annual basis.
25    The Board of Higher Education shall compile an annual 
26report of these submissions and submit the report to the 
 
 
HB4229- 5 -LRB104 16470 LNS 29865 b

1General Assembly.
2    (c) If the self-assessment and reporting required under 
3subsection (a) or the submissions required under subsection 
4(b) are duplicative of other information provided by an 
5institution of higher education to the Board of Higher 
6Education, the institution of higher education may submit that 
7information in lieu of the self-assessment and reporting 
8required under subsection (a) or the submissions required 
9under subsection (b).
 
10    Section 99. Effective date. This Act takes effect upon 
11becoming law.