🟩Relating to the enforceability of certain state agency and local government contract language regarding required security incident notifications.

HB 5331

✅ HB 5331: Protecting Cybersecurity Transparency in Texas

What it says it does:
HB 5331 ensures that state agencies and local governments can report cyberattacks without being blocked by insurance or vendor contracts. It confirms that mandatory 48-hour reporting to the Texas Department of Information Resources cannot be restricted by “gag clauses.”

What it actually changes:
The bill voids any contract language that prevents or limits cyber incident reporting. This gives governments the clear legal right to disclose breaches quickly and comply with state law, reducing risk of cover-ups or delays that could harm public systems.

Who is pushing for it:
Authored by Rep. Jay Dean (R–HD07) with Senate sponsorship from Sen. King. Supported in committee by local governments including Harris County, the City of San Antonio, the City of Austin, and the City of Houston.

Who benefits:
Texans gain stronger transparency and protection when public networks are attacked. Local governments benefit from clarity in contract law and freedom from insurer pressure. The Texas Department of Information Resources gains better data on cyber incidents statewide.

Who gets left out or exposed:
The Senate removed unrelated provisions that could have created unequal rules for higher education contracts.

Why this matters long term:
Cyberattacks on public systems are increasing, and timely reporting protects both government data and taxpayer trust. HB 5331 ensures that private insurers cannot silence public agencies, keeping the focus on rapid response and public accountability.

What to watch next:
The state still needs a public-facing tracking or audit system to confirm that agencies are following the 48-hour rule. Future sessions may address funding and technical support for smaller local governments to meet cybersecurity standards.

Bottom line:
HB 5331 is a straightforward win for Texans. It strengthens cybersecurity transparency, keeps private vendors from silencing public reporting, and shows that the legislative process can still work when lawmakers stay focused on the public interest.