Texas § 2063.302 CYBERSECURITY INCIDENT NOTIFICATION BY STATE AGENCY OR LOCAL GOVERNMENT.

Texas Statutes

§ 2063.302 — CYBERSECURITY INCIDENT NOTIFICATION BY STATE AGENCY OR LOCAL GOVERNMENT.

Texas § 2063.302

Code GVGovernment Code

This text of Texas § 2063.302 (CYBERSECURITY INCIDENT NOTIFICATION BY STATE AGENCY OR LOCAL GOVERNMENT.) is published on Counsel Stack Legal Research, covering Texas primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Tex. Government Code Code Ann. § 2063.302 (2026).

Text

Sec. 2063.302. CYBERSECURITY INCIDENT NOTIFICATION BY STATE AGENCY OR LOCAL GOVERNMENT.

(a)A state agency or local government that owns, licenses, or maintains computerized data that includes sensitive personal information, confidential information, or information the disclosure of which is regulated by law shall, in the event of a cybersecurity incident:

(1)comply with the notification requirements of Section 521.053 , Business & Commerce Code, to the same extent as a person who conducts business in this state;

(2)not later than 48 hours after the discovery of the cybersecurity incident, notify:

(A)the command, including the chief; or

(B)if the cybersecurity incident involves election data, the secretary of state; and

(3)comply with all command rules relating to reporting cybersecur

Free access — add to your briefcase to read the full text and ask questions with AI

Sec. 2063.302. CYBERSECURITY INCIDENT NOTIFICATION BY STATE AGENCY OR LOCAL GOVERNMENT. (a) A state agency or local government that owns, licenses, or maintains computerized data that includes sensitive personal information, confidential information, or information the disclosure of which is regulated by law shall, in the event of a cybersecurity incident:
(1) comply with the notification requirements of Section 521.053 , Business & Commerce Code, to the same extent as a person who conducts business in this state;
(2) not later than 48 hours after the discovery of the cybersecurity incident, notify:
(A) the command, including the chief; or
(B) if the cybersecurity incident involves election data, the secretary of state; and
(3) comply with all command rules relating to reporting cybersecurity incidents as required by this section.
(b) Not later than the 10th business day after the date of the eradication, closure, and recovery from a cybersecurity incident, a state agency or local government shall notify the command, including the chief, of the details of the cybersecurity incident and include in the notification an analysis of the cause of the cybersecurity incident.
(c) This section does not apply to a cybersecurity incident that a local government is required to report to an independent organization certified by the Public Utility Commission of Texas under Section 39.151 , Utilities Code.
(e) Contract language in a cybersecurity insurance contract or other contract for goods or services prohibiting or restricting a state agency's or local government's compliance with this section or otherwise circumventing the requirements of this section is void and unenforceable.
Transferred, redesignated and amended from Government Code, Section 2054.1125 by Acts 2023, 88th Leg., R.S., Ch. 67 (S.B. 271 ), Sec. 1, eff. September 1, 2023.
Transferred, redesignated and amended from Government Code, Section 2054.603 by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150 ), Sec. 9, eff. September 1, 2025.

Legislative History

Added by Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004 ), Sec. 4, eff. September 1, 2009. Amended by: Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8 ), Sec. 8, eff. September 1, 2017. Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64 ), Sec. 14, eff. September 1, 2019. Amended by: Acts 2025, 89th Leg., R.S., Ch. 683 (H.B. 5331 ), Sec. 1, eff. September 1, 2025.