TX HB5331

Amends Section 2054.603 of the Texas Government Code to declare void and unenforceable any contract language in cybersecurity insurance contracts or other goods/services contracts that prohibits or restricts state agencies or local governments from complying with security incident notification requirements

Applies to contract provisions that attempt to circumvent mandatory security incident reporting obligations under existing state law

Legislature explicitly states the amendment is intended to clarify existing law rather than create new legal requirements

Takes effect immediately upon receiving two-thirds vote in both legislative chambers; otherwise takes effect September 1, 2025

Passed the House 145-0 on May 8, 2025, and the Senate 31-0 on May 25, 2025 (House concurred in Senate amendments 115-19 on May 28, 2025)