The bill, S.B. No. 1034, aims to enhance cybersecurity measures for retail public utilities that provide water or sewer services in Texas. It amends existing laws to include retail public utilities as eligible customers for cybersecurity services provided by the Department of Information Resources. Specifically, it adds retail public utilities to the list of entities that can receive network security services and establishes new cybersecurity requirements for these utilities. The bill prohibits the connection of a retail public utility's supervisory control and data acquisition system to the Internet, while allowing for intranet or site-to-site virtual private network operations.

Additionally, the bill mandates that retail public utilities implement cybersecurity training for employees with access to their computer systems, conduct regular security assessments and compliance audits, and notify relevant authorities of any security incidents involving sensitive personal information. The Texas Commission on Environmental Quality and the Department of Information Resources are tasked with adopting necessary rules by September 1, 2026, and retail public utilities must comply with the new cybersecurity requirements by September 1, 2027. The act is set to take effect on September 1, 2025.

Statutes affected:
Introduced: Government Code 2054.0525, Government Code 2059.058 (Government Code 2054, Government Code 2059)