JD Key Consulting Logo
Signed Into Law
Signed June 20, 2025Effective 2025-06-20
HB3112

Regular Session

Relating to the application of the open meetings law and public information law to government information related to certain cybersecurity measures.

Government Affairs & Regulatory Compliance Analysis

HB3112: Government Affairs Overview

HB3112 immediately amends the Texas Open Meetings Act and Public Information Act to shield critical infrastructure and cybersecurity data from public disclosure. This law protects vendors and operators by exempting insurance coverage limits, incident reports, and security-specific contracts from open records requests, provided the information is properly categorized and labeled by the business owner.

Rep. Carl Tepper·House Bill·Regular Session

Moderate
Low Cost
Effective:2025-06-20
Business Impact

Who HB3112 Affects

This legislation has regulatory implications for the following Texas businesses and organizations:

Regulatory Priority: moderate

Notable regulatory updates (effective 2025-06-20). Consider how these changes may affect your operations.

🏦

Banking & Finance

Affected business types:

  • Banks
  • Credit unions
  • Financial services firms
  • Insurance companies
View all banking & finance legislation

Key Operational Considerations

  • 1Sales Teams: Train sales staff to request Closed Sessions (under Sec. 551.0761) for any portion of a pitch or negotiation involving security specifications or network schematics.
  • 2Project Managers: Staff handling government accounts must be trained to watermark all deliverables (maps, configs, reports) as confidential under this specific statute before submission.

Estimated Cost Impact

lowMinimal cost impact anticipated.

Need Government Relations Support?

JD Key Consulting provides government affairs and regulatory strategy services. We help businesses navigate Texas agencies, understand legislative impacts, and advocate for their interests.

Need Help Navigating This Legislation?

JD Key Consulting provides strategic guidance on Texas regulatory compliance and legislative impact for your business.

HB3112
Relating to the application of the open meetings law and public information law to government information related to certain cybersecurity measures.
Moderate Urgency
Unanimous Passage
House Vote148 - 0
YEA
100% in favor148 voting
Senate Vote31 - 0
YEA
100% in favor31 voting
Cost Impact
Low
Effective
2025-06-20
Primary Author: Rep. Carl Tepper
89th Texas Legislature
jdkey.com
01

Compliance Analysis

Key implementation requirements and action items for compliance with this legislation

Implementation Timeline

  • Effective Date: June 20, 2025 (Law is currently in effect).
  • Compliance Deadline: Immediate. You must apply these protections to all current bids, active contracts, and pending open records requests immediately.
  • Agency Rulemaking: No formal rulemaking is mandated; however, the Texas Attorney General’s Open Records Division (ORD) will set binding precedents through individual ruling letters over the next 6-12 months.

Immediate Action Plan

  • 1. Audit Active Bids: Immediately review all pending proposals. If "Critical Infrastructure" is involved, formally request that negotiations regarding security be held in Closed Session.
  • 2. Update Document Templates: Add a watermark/footer to all government deliverables: *"CONFIDENTIAL: Exempt from disclosure per Texas Gov't Code Sec. 552.1391."*
  • 3. Establish Notice Protocol: Create a dedicated email alias for statutory notices and embed this address into all Government Master Services Agreements (MSAs).
  • 4. Challenge Pending Requests: If you have data currently subject to an AG Open Records ruling request, submit a supplemental brief immediately citing HB3112.

Operational Changes Required

Contracts

You must restructure how you draft agreements with government entities to trigger the "solely intended" exemption in Sec. 552.1391(b)(1).

  • Segregate SOWs: Do not bundle cybersecurity services with general operational maintenance. Create a standalone Statement of Work (SOW) or contract *solely* for cybersecurity/critical infrastructure protection. Bundled contracts risk losing the exemption.
  • Mandatory Notice Clause: Insert a provision requiring the government client to send the statutory 5-day notice of potential disclosure to a specific, monitored email address (e.g., `legal@yourfirm.com`).

Hiring/Training

  • Sales Teams: Train sales staff to request Closed Sessions (under Sec. 551.0761) for any portion of a pitch or negotiation involving security specifications or network schematics.
  • Project Managers: Staff handling government accounts must be trained to watermark all deliverables (maps, configs, reports) as confidential under this specific statute before submission.

Reporting & Record-Keeping

  • Insurance Disclosures: When providing Certificates of Insurance (COI) or policy documents to government clients, you may now submit full policy details. However, you must explicitly label the coverage limits and deductible amounts as confidential under Sec. 552.1391(b)(2) to prevent them from becoming a "menu" for ransomware actors.
  • Incident Reporting: Any breach notification or incident report submitted to a government client must be stamped confidential under Sec. 552.1391(b)(3).

Fees & Costs

  • No New Fees: The state imposes no new filing fees.
  • Cost Impact: Minimal administrative costs related to contract redrafting and document management system updates.

Strategic Ambiguities & Considerations

  • "Solely Intended" Standard: The exemption applies to contracts "solely intended" for protection. If a software platform provides both operational efficiency (e.g., water flow management) *and* security, the AG may rule the contract is not "solely" for protection. Strategy: Isolate security components into separate legal agreements.
  • "Facilitate Unauthorized Access": Sec. 552.1391(b)(4) protects network schematics only if disclosure would "facilitate unauthorized access." This is subjective. Strategy: Attach a memo to sensitive diagrams explaining specifically *how* a bad actor would exploit the information (e.g., "reveals unpatched legacy IP addresses").

Need Compliance Guidance on This Legislation?

JD Key Consulting specializes in Texas regulatory compliance strategy. Work directly with James Dickey—former Chairman of the Republican Party of Texas—to understand this bill's impact on your operations and develop an actionable compliance plan.

Schedule a Consultation

Information presented is for general knowledge only and is provided without warranty, express or implied. Consult qualified government affairs professionals and legal counsel before making compliance decisions.

02

Legislative Timeline

This bill's path through the Texas Legislature

Filed
Feb 20, 2025
Passed House
May 6, 2025
Passed Senate
May 28, 2025
Signed
Jun 20, 2025
Effective
Jun 20, 2025
TopicsCity GovernmentCity Government--generalCounty GovernmentCounty Government--generalElectronic Information SystemsInsuranceInsurance--generalOpen MeetingsOpen RecordsPolitical SubdivisionsState Agencies, Boards & Commissions
03

House Authors

Rep. Carl TepperRepublican · Primary Author
Joint Authors

Senate Sponsor

Sen. Charles PerryRepublican · Primary Sponsor

Bill Text(with markup)

View bill text in multiple formats on Texas Legislature website

Fiscal NoteView Original

Related Legislation

Explore more bills from this author and on related topics

More from Rep. Carl Tepper

View all bills by Rep. Carl Tepper

Related by Topic

View more City Government legislation
Quick Reference

Frequently Asked Questions

Common questions about HB3112

Q

What does Texas HB3112 do?

HB3112 immediately amends the Texas Open Meetings Act and Public Information Act to shield critical infrastructure and cybersecurity data from public disclosure. This law protects vendors and operators by exempting insurance coverage limits, incident reports, and security-specific contracts from open records requests, provided the information is properly categorized and labeled by the business owner.

Q

Who authored HB3112?

HB3112 was authored by Texas Representative Carl Tepper during the Regular Session.

Q

When was HB3112 signed into law?

HB3112 was signed into law by Governor Greg Abbott on June 20, 2025.

Q

How significant are the changes in HB3112?

The regulatory priority for HB3112 is rated as "moderate". Businesses and organizations should review the legislation to understand potential impacts.

Q

What is the cost impact of HB3112?

The cost impact of HB3112 is estimated as "low". This may vary based on industry and implementation requirements.

Q

What topics does HB3112 address?

HB3112 addresses topics including city government, city government--general, county government, county government--general and electronic information systems.

Q

What are the key dates for HB3112?

Key dates for HB3112: Effective date is 2025-06-20. Consult with legal counsel regarding applicability.

Q

Which Texas businesses are affected by HB3112?

HB3112 primarily affects insurance companies and financial institutions. These businesses should review the legislation with their legal and compliance teams to understand potential impacts.

Need Strategic Guidance on This Legislation?

JD Key Consulting is an Austin, Texas-based government affairs firm led by James Dickey, former Chairman of the Republican Party of Texas. We specialize in Texas regulatory compliance and legislative strategy for data centers, energy, banking, and manufacturing.

Legislative data provided by LegiScanLast updated: January 11, 2026