Process for Cybersecurity-Related "Buy Maryland Tax Credit (BMC)" Revealed
Baltimore, Maryland ∙ September 10, 2018
Cybersecurity buyers and sellers with a Maryland presence stand to gain from a new "Buy Maryland Cybersecurity (BMC)" program benefitting sales of cybersecurity goods and services. In its 2018 session in the spring, the Maryland General Assembly (MGA) created a new tax credit against the State income tax for qualified buyers who purchase cybersecurity technology or service from a cybersecurity business, to be administered by the Maryland Department of Commerce (MDOC).
A qualified buyer ("Qualified Maryland Company") purchasing cybersecurity technology and/or services from one or more qualified sellers ("Qualified Maryland Cybersecurity Sellers") may claim up to $50,000 in tax credits annually. The aggregate credits claimed for cybersecurity technology or cybersecurity service purchased from a single qualified seller may not exceed $200,000 per annum. To implement the new law, MDOC recently published an online description of the credit and forms that it developed for applicants, one for buyers and one for sellers.
Under the new law, a “Qualified buyer” is “any entity that has fewer than 50 employees in the State and that is required to file an income tax return in the State”: in other words, a small business operating in Maryland. A “Qualified seller” means a cybersecurity business that: (1) has its headquarters and base of operations in the State; (2) has less than $5,000,000 in annual revenue; and (3) owns or has properly licensed any proprietary cybersecurity technology; or provides a cybersecurity service. A qualified buyer may claim a credit against the State income tax in an amount equal to 50% of the cost incurred during the taxable year to purchase cybersecurity technology or a cybersecurity service from one or more qualified sellers.” Sellers are qualified by MDOC in consultation with a special panel of cybersecurity experts convened under the guidance of the Maryland Technology Development Corporation (TEDCO).
Key definitions for prospective sellers to qualify under the law include:
“Cybersecurity business” is defined to include companies “engaged primarily in the development of innovative and proprietary cybersecurity technology or the provision of cybersecurity service.”
“Cybersecurity technology” is defined as “products or goods intended to detect or prevent activity intended to result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system.”
“Cybersecurity service” means an activity that is associated with a category or subcategory identified under the Framework Core established by the National Institute of Standards and Technology's Cybersecurity Framework.”
According to MDOC’s website, "[t]he Buy Maryland Cybersecurity Tax Credit is designed to promote the cybersecurity industry in Maryland by helping small businesses purchase cybersecurity technologies and services from Maryland cybersecurity companies to protect business information."
If you need assistance with evaluating this tax credit opportunity, or completing your application as a cybersecurity buyer (QMC) or seller (QMCS), call me on (410) 622-3878 or email firstname.lastname@example.org.
 S.B. 228, 2018 Sess. (Md. 2018).
 Md. TAX-GENERAL Code Ann. § 10-733.1(b)(2).
 Md. TAX-GENERAL Code Ann. § 10-733.1(b)(3).
 Md. TAX-GENERAL Code Ann. § 10-733.1(a)(7).
 Md. TAX-GENERAL Code Ann. § 10-733.1(a)(8).
 Md. TAX-GENERAL Code Ann. § 10-733.1(b)(1).
 Md. TAX-GENERAL Code Ann. § 10-733.1(c).
 Md. TAX-GENERAL Code Ann. § 10-733.1(a)(2).
 Md. TAX-GENERAL Code Ann. § 10-733.1(a)(4).
 Md. TAX-GENERAL Code Ann. § 10-733.1(a)(3).