Relating to the confidentiality of information used to prevent, detect, respond to, or investigate a hostile act of a foreign adversary of the United States.
LowStandard timeline
Low Cost
Effective:2025-06-20
Enforcing Agencies
Office of the Attorney General (Texas) • Texas Division of Emergency Management • Department of Public Safety • All state and local governmental entities subject to the Public Information Act
01
Compliance Analysis
Key implementation requirements and action items for compliance with this legislation
Implementation Timeline
Effective Date: June 20, 2025 (Immediate).
Compliance Deadline:Immediate. You must update document labeling protocols now to ensure future submissions are protected.
Agency Rulemaking: No formal rulemaking is mandated; however, the Office of the Attorney General (OAG) will define the practical scope of "foreign adversary" and "hostile act" through the Open Records Letter Ruling process over the next 6-12 months.
Immediate Action Plan
1.Audit Pending Requests: Immediately check if any Public Information Act requests involving your data are currently pending before the Attorney General. If so, file a supplemental brief asserting HB132 protections immediately.
2.Update Stamps: Change your physical and digital document watermarks for all government submissions to cite HB132.
3.Notify Agencies: Send a proactive letter to your primary government clients (e.g., TxDOT, ERCOT, Municipalities) asserting that your standing data is confidential under this new statute.
4.Revise Cyber-Incident Plans: Ensure your incident response plan includes a step to invoke this statute if you are required to report a breach to state authorities.
Operational Changes Required
Contracts
Government MSAs: Immediate review required for all Master Service Agreements with Texas state or local entities. Amend "Confidentiality" and "Public Information" clauses to explicitly cite Tex. Gov't Code § 418.176–418.182 (as amended by HB132) as a basis for withholding data.
Subcontractors: Flow-down requirements must mandate that subcontractors label their deliverables with these specific statutory citations before submission to the prime contractor or the government.
Hiring/Training
Legal & Compliance Staff: Brief in-house counsel and records managers on the new exemption. They must be prepared to argue this specific exception in "Third Party Briefs" to the Attorney General if a public records request targets your proprietary data.
Reporting & Record-Keeping
Document Labeling: Update all document templates submitted to government agencies (blueprints, security audits, IT schematics). Stamp them: "CONFIDENTIAL – EXEMPT UNDER TEX. GOV'T CODE CH. 418 (HB132)."
Retroactive Protection: For high-sensitivity data already in government possession, file a formal notice with the agency's Public Information Officer asserting that the previously submitted material is now exempt under HB132.
Fees & Costs
No New Fees: There are no filing fees associated with this legislation.
Cost Savings: Proper application of this law prevents the economic loss associated with the exposure of trade secrets or security vulnerabilities to competitors or bad actors.
Strategic Ambiguities & Considerations
Definition of "Foreign Adversary": The statute does not list specific nations. We must anticipate the OAG will align with federal definitions (e.g., 15 C.F.R. § 7.4), likely including China, Cuba, Iran, North Korea, Russia, and Venezuela.
The "Nexus" Requirement: It is currently unclear how direct the link must be between the data and the potential hostile act. A broad claim that "all IT data prevents foreign attacks" may be rejected by the OAG. You must be prepared to articulate specific risks.
Need Help Understanding Implementation?
Our government affairs experts can walk you through this bill's specific impact on your operations.
Information presented is for general knowledge only and is provided without warranty, express or implied. Consult qualified government affairs professionals and legal counsel before making compliance decisions.
Homeland Security, Public Safety & Veterans' Affairs
Committee Report (Unamended)
BACKGROUND AND PURPOSE
Current state law makes certain information relating to acts of terrorism or related criminal activities confidential, but it does not explicitly make confidential information relating to hostile acts of foreign adversaries of the United States. The bill author has informed the committee that, as foreign threats evolve, ensuring that sensitive security information remains protected is critical to both state and national security efforts. H.B. 132 seeks to update current law to reflect modern security challenges by strengthening confidentiality protections for certain information used to prevent, detect, respond to, or investigate hostile acts of foreign adversaries of the United States, thus ensuring that the state can effectively counter foreign threats without compromising classified or operationally sensitive information.
CRIMINAL JUSTICE IMPACT
It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.
RULEMAKING AUTHORITY
It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
ANALYSIS
H.B. 132 amends the Government Code to make the following provisions establishing the confidentiality of information collected, assembled, or maintained by or for a governmental entity for the purpose of preventing, detecting, responding to, or investigating, as applicable, an act of terrorism or related criminal activity applicable also with respect to a hostile act by a foreign adversary of the United States:
·provisions making certain qualified information relating to emergency response providers confidential;
·provisions making certain information relating to an assessment of the risk or vulnerability of persons or property, including critical infrastructure, to such an act or activity confidential; and
·provisions making information relating to the details of the encryption codes or security keys for a public communications system confidential.
H.B. 132 also makes confidential the following information that is in the possession of a governmental entity with respect to a hostile act by a foreign adversary of the United States:
·certain information relating to such an act, other than financial information, that is part of a report to a U.S. agency and required to be kept confidential for specified reasons;
·documents or portions of documents that identify the technical details of particular vulnerabilities of critical infrastructure to such an act; and
·information, including access codes and passwords, relating to the specifications, operating procedures, or location of a security system used to protect public or private property from such an act.
EFFECTIVE DATE
On passage, or, if the bill does not receive the necessary vote, September 1, 2025.
Honorable Cole Hefner, Chair, House Committee on Homeland Security, Public Safety & Veterans' Affairs
FROM:
Jerry McGinty, Director, Legislative Budget Board
IN RE:
HB132 by Lopez, Ray (Relating to the confidentiality of information used to prevent, detect, respond to, or investigate a hostile act of a foreign adversary of the United States.), As Introduced
No significant fiscal implication to the State is anticipated.
It is assumed that any costs associated with the bill could be absorbed using existing resources.
Local Government Impact
No significant fiscal implication to units of local government is anticipated.
Source Agencies:
302 Office of the Attorney General, 405 Department of Public Safety, 575 Texas Division of Emergency Management, 710 Texas A&M University System Administrative and General Offices
LBB Staff:
JMc, MGol, CSh, KVEL
Related Legislation
Explore more bills from this author and on related topics
Effective immediately, HB132 expands the Texas Public Information Act (PIA) exemptions to shield sensitive data related to "hostile acts of a foreign adversary. " This legislation provides a critical defensive mechanism for government contractors, utilities, and critical infrastructure owners to prevent the public release of security plans, encryption keys, and staffing rosters held by state or local agencies. Implementation Timeline Effective Date: June 20, 2025 (Immediate).
Q
Who authored HB132?
HB132 was authored by Texas Representative Ray Lopez during the Regular Session.
Q
When was HB132 signed into law?
HB132 was signed into law by Governor Greg Abbott on June 20, 2025.
Q
Which agencies enforce HB132?
HB132 is enforced by Office of the Attorney General (Texas), Texas Division of Emergency Management, Department of Public Safety and All state and local governmental entities subject to the Public Information Act.
Q
How urgent is compliance with HB132?
The compliance urgency for HB132 is rated as "low". Businesses and organizations should review the requirements and timeline to ensure timely compliance.
Q
What is the cost impact of HB132?
The cost impact of HB132 is estimated as "low". This may vary based on industry and implementation requirements.
Q
What topics does HB132 address?
HB132 addresses topics including intergovernmental relations, open records, international relations and terrorism & internal security.
Legislative data provided by LegiScanLast updated: November 25, 2025
Need Strategic Guidance on This Bill?
Need help with Government Relations, Lobbying, or compliance? JD Key Consulting has the expertise you're looking for.
