BILL ANALYSIS
|
Senate Research Center |
C.S.H.B. 5331 |
|
89R31487 SCF-D |
By: Dean (King) |
|
|
Business & Commerce |
|
|
5/22/2025 |
|
|
Committee Report (Substituted) |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Current state law requires state agency and local government cyberattacks to be reported to the Texas Department of Information Resources within 48 hours of discovery. However, some cybersecurity insurance policies contain clauses that restrict the disclosure of cybersecurity incidents, conflicting with state law. H.B. 5331 would ensure that public entities are not restricted from their legal obligations by clarifying that any language in a cybersecurity insurance contract that would hinder state agencies or local governments is void and unenforceable.
(Original Author's/Sponsor's Statement of Intent)
C.S.H.B. 5331 amends current law relating to the enforceability of certain state agency and local government contract language regarding required security incident notifications.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Section 2054.603, Government Code, by adding Subsection (e) to provide that contract language in a cybersecurity insurance contract or other contract for goods or services prohibiting or restricting a state agency's or local government's compliance with this section or otherwise circumventing the requirements of this section is void and unenforceable.
SECTION 2. Provides that Section 2054.603(e), Government Code, as added by this Act, is intended to clarify rather than change existing law.
SECTION 3. Effective date: upon passage or September 1, 2025.