H.B. No. 5331 amends Section 2054.603 of the Government Code to enhance the enforceability of contract language related to cybersecurity incident notifications for state agencies and local governments. The bill introduces a new subsection (e), which states that any contract language within cybersecurity insurance contracts or other agreements that prohibits or restricts a state agency's or local government's compliance with the notification requirements is deemed void and unenforceable. This provision aims to ensure that agencies can fulfill their obligations regarding security incident notifications without being hindered by contractual limitations.

Additionally, the bill clarifies that the intent of the new subsection is to clarify existing law rather than to change it. The act is set to take effect immediately upon receiving a two-thirds vote from both houses of the legislature; otherwise, it will take effect on September 1, 2025.

Statutes affected:
Introduced: Government Code 2054.603 (Government Code 2054)
House Committee Report: Government Code 2054.603 (Government Code 2054)
Engrossed: Government Code 2054.603 (Government Code 2054)
Senate Committee Report: Government Code 2054.603 (Government Code 2054)
Enrolled: Government Code 2054.603 (Government Code 2054)