Cybersecurity Investment Incentive Tax Credit (CIITC)

​​​​​​​CIITC provides a refundable income tax credit to Qualified Maryland Cybersecurity Companies (QMCCs) that secure investment from investors. The purpose of this new program is to incentivize and attract cybersecurity companies to startup in or move to Maryland; and to attract investment to cybersecurity companies in order to help them grow, create jobs and retain intellectual property in Maryland.

​​BENEFIT

QMCCs receive a credit equal to 33% of an eligible investment in the QMCC. A QMCC is limited to $250,000 for each investor, each fiscal year. A single QMCC may not receive total credits exceeding 15% of the total program appropriation for each fiscal year. QMCCs are limited to participating in the program for two years. Total credits issued during the fiscal year cannot exceed the budget amount and are, therefore, issued on a first come basis. The credit is refundable if the QMCC has no Maryland income tax liability.

Montgomery County passed legislation to offer a local supplement to the Maryland Cybersecurity Investment Incentive Tax Credit to QMCCs that receive a final Maryland tax credit certificate and have their headquarters and base of operations in Montgomery County. The program is subject to appropriation of funds. For more details, please contact the Montgomery County Department of Economic Development's Gene Smith at (240) 777-2011 or Bernadette Goovaerts at (240) 777-2045.

ELIGIBILITY

A qualified investor is an individual or any entity that invests at least $25,000 in a QMCC and is required to file an income tax return in any jurisdiction.

QMCC is a company that meets following requirements:

  • Has its headquarters and base of operations in Maryland;
  • Is organized for profit and engaged primarily in the development of innovative and proprietary cybersecurity technology;
  • Has fewer than 50 employees;
  • Is in active business no longer than 5 years and once certified as a QMCC a QMCC may remain eligible for a qualified investment for up to 2 years;
  • Has no publicly traded securities on any exchange; and
  • Is certified as a QMCC by DBED

Note: Cybersecurity technology means products or goods intended to detect or prevent activity intended to result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system.

APPLY

Beginning June 2, 2014, the Maryland Department of Business and Economic Development (DBED) has been accepting applications to enable participation in the electronic filing process that started July 2, 2014.  Please submit your application plus attachments via courier or by mail to the Department of Business and Economic Development (ATTN: Tax Incentives); World Trade Center, 401 E. Pratt Street, 17th Floor, Baltimore, Maryland 21202).

To qualify for the credit complete and submit the CIITC application forms to DBED. Include Investor Form (Form A1, A2 or A3) and the QMCC Form (Form B).

Qualified Investor Forms:

  •  Form A1​ – Qualified Investor, Individual 
  •  Form A2 – Qualified Investor, Corporation (all kinds including Sub-Chapter S)
  •  Form A3 – Non Sub-Chapter S Corporation Pass-Through Entities

Qualified Maryland Cybersecurity Company Form B for FY2014 (choose to submit electronically or via hard copy):

  • Form B - Submit online electronically (NEW!) 
  • Form B​​​ – Print out and submit via hard copy.

    Note: Multiple Attachment 11 (Form B) –not required for investor applications if prospective QMCC has a current Form B on file with DBED and is less than 30 days old.

Electronic filing process started July 1, 2014.

Certification Process

  1. Users must have Javascript and Adobe Flash plugins to view official clock and Recaptcha verification.
  2. June 2, 2014: Completed applications with all attachments will be accepted at the DBED (ATTN: Tax Incentives) offices located at World Trade Center, 401 East Pratt Street, 17th Floor, Baltimore, MD 21202. A User Name and Reference Number will be issued within 48 hours, except applications received after June 27, 2014 will have a User Name and Reference Number issued after July 1, 2014.
  3. The second step of the application process will require that the User Name and Reference Number be used to complete the submission electronically beginning at 9:00 am EDT on July 1, 2014 through the cybertaxcredit.choosemaryland.org website.
  4. Submission order of the applications will be determined by "first come, first served" based ONLY on the electronic submission of the User Name and Reference Number. No physical application can be filed for purposes of the ordering of first come first served.
  5. Multiple submissions by an applicant using the same user name and reference number will be considered filed at the date and time of the LAST submission. This rule is to maintain that the application procedure is as fair and equitable as possible.
  6. Any decision made by DBED during the application process is considered final.

Applications are reviewed and approved based on the order received. At least 30 calendar days but no more than 60 calendar days prior to making a qualifying investment, the qualified investor submits a completed application to DBED. Within 30 calendar days of receiving the application, DBED will issue an initial tax credit certificate certifying the amount of any approved tax credits to a QMCC or offer rejection. A qualified investor has 30 days after the date DBED issues the initial tax credit to make an investment in the QMCC. Within 10 days of making the investment, the QMCC shall provide written notice with supporting documentation to DBED. If the QMCC fails to provide notice of investment to DBED within 40 days after the issuance of the initial tax credit certificate DBED shall rescind the certificate. Based on the actual investment, DBED shall issue a final tax credit certificate.

Note: If a login window opens prompting you to input a user name/password, close the login window to continue opening the form. Once the form is open, please remember to save it to your computer before changing or completing the form.

RESOURCES

​CONTACT

For more information about CIITC contact:

Mark A. Vulcan, Director, Tax Incentives
DBED, Office of Finance Programs
(410) 767-6438
(877) 821-0099

Elaine McCubbin, Tax Specialist
DBED, Office of Finance Programs
(410) 767-7234
(877) 821-0099 

FREQUENTLY ASKED QUESTIONS

  • What is active business for a cybersecurity company?
    • ​“Active business” means that the Department can reasonably determine and establish the nature of the Company’s commercial cybersecurity research, development or production operations. The mere legal organization, appointment or election of officers or managers, initial capitalization, and establishment of business offices of a company, alone or in combination, are not sufficient to establish that the company is engaged in active business for the purposes of this tax credit.

  • How does the 2013 legislation affect the program?
    • ​The 2013 legislation created the program for Qualified Maryland Cybersecurity Companies (QMCCs) effective July 1, 2013, and shall be applicable to all taxable years beginning after December 31, 2013, but before January 1, 2019. A QMCC must first meet the definitions:

      A cybersecurity company means a company:

      (i) Has its headquarters and base of operations in Maryland;
      (ii) Is organized for profit and is engaged primarily in the development of innovative and proprietary cybersecurity technology;
      (iii) Has fewer than 50 full-time employees;
      (iv) Has been in active business not longer than 5 years;
      (v) Whose securities are not publicly traded on any exchange; and
      (vi) Has been certified as a qualified Maryland cybersecurity company by Maryland Department of Business and Economic Development.

      Cybersecurity technology means products or goods intended to detect or prevent activity intended to result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system.

  • Who are the essential employees in order for a cybersecurity company to be certified?
    • ​The company (1) must have at least one full-time employee engaged in the development of innovative and proprietary cybersecurity technology in Maryland.

  • Who should I contact with more questions?
    • ​Please contact Mark A. Vulcan, Program Manager at (410) 767-6438.