TX SB1625

Requires public water supply and wastewater systems to immediately notify the Texas Commission on Environmental Quality (TCEQ) of security incidents including unauthorized disclosure of sensitive personal information, ransomware attacks, unauthorized attempts to access proprietary information, and computer system problems that disrupt operations

Maintains existing reporting requirements for physical security events such as unauthorized entry, terrorism, property theft, natural disasters, accidents, and unplanned conditions causing water outages or boil water notices

Removes the previous standalone requirement to report unauthorized attempts to probe for or access proprietary information, but reincorporates it as part of the new cybersecurity incident reporting category

Mandates TCEQ to establish and maintain procedures for reporting cybersecurity incidents to the Texas Department of Information Resources

Takes effect September 1, 2025