JD Key Consulting Logo
Signed Into Law
Signed June 20, 2025Effective 2025-06-20
HB3185

Regular Session

Relating to investigations of certain cybercrimes.

Government Affairs & Regulatory Compliance Analysis

HB3185: Government Affairs Overview

HB3185 grants Texas prosecuting attorneys immediate administrative subpoena power to demand subscriber identity, connection logs, and payment source data from digital service providers without a prior judge's approval. This legislation fundamentally shifts the burden of privacy protection onto Electronic Communication Service (ECS) and Remote Computing Service (RCS) providers, who must now operationally distinguish between disclosable metadata and protected content to avoid civil liability.

Rep. William Metcalf·House Bill·Regular Session

Critical
Low Cost
Effective:2025-06-20
Enforcing Agencies

Office of the Prosecuting Attorney (District Attorneys, County Attorneys)Texas Civil Courts (for motions to quash)

Business Impact

Who HB3185 Affects

This legislation has regulatory implications for the following Texas businesses and organizations:

Regulatory Priority: critical

Significant regulatory changes (effective 2025-06-20). Review with your legal and compliance teams to understand implications.

💻

Technology

Affected business types:

  • Data centers
  • Technology companies
  • Software developers
  • Telecommunications providers
View all technology legislation

Key Operational Considerations

  • 1Privacy Policies: Update disclosure clauses immediately. Replace "pursuant to court order" with "pursuant to lawful process, including administrative subpoenas."
  • 2Legal Response Teams (LRT): Train intake staff to distinguish between an Administrative Subpoena (Metadata/Logs only) and a Search Warrant (Content/Emails).
  • 3IT/Database Administrators: Configure query tools to extract specific fields (Name, IP, Session Time, Payment Source) without pulling "full user dumps" that include message content or search history.

Estimated Cost Impact

lowMinimal cost impact anticipated.

Enforcing Agencies

Need Government Relations Support?

JD Key Consulting provides government affairs and regulatory strategy services. We help businesses navigate Texas agencies, understand legislative impacts, and advocate for their interests.

Need Help Navigating This Legislation?

JD Key Consulting provides strategic guidance on Texas regulatory compliance and legislative impact for your business.

HB3185
Relating to investigations of certain cybercrimes.
Critical Urgency
Passed with Opposition
House Vote131 - 8
YEA
94% in favor139 voting
Senate Vote31 - 0
YEA
100% in favor31 voting
8
Total Opposition Votes
Cost Impact
Low
Effective
2025-06-20
Enforcing Agencies
Office of the Prosecuting AttorneyTexas Civil Courts
Primary Author: Rep. William Metcalf
89th Texas Legislature
jdkey.com
01

Compliance Analysis

Key implementation requirements and action items for compliance with this legislation

Implementation Timeline

  • Effective Date: June 20, 2025 (Immediate effect due to supermajority vote).
  • Compliance Deadline: Immediate. Protocols must be active now; prosecutors may issue subpoenas for active investigations immediately.
  • Agency Rulemaking: None. This is a statute governing criminal procedure, not a regulatory framework. Clarification will come through judicial rulings on Motions to Quash, not agency guidance.

Immediate Action Plan

  • 1. Segregate Data Queries: Immediately configure IT systems to separate Subscriber/Transactional Data (Disclosable) from Content Data (Protected).
  • 2. Update Intake Checklists: Distribute a new legal review checklist to verify that incoming subpoenas do *not* request passwords or message content.
  • 3. Review Insurance: Confirm your Cyber/D&O insurance covers defense costs for regulatory investigations where you are a third-party witness.
  • 4. Establish Standard Objections: Draft template responses for subpoenas that demand data in under 48 hours or request protected content.

Operational Changes Required

Contracts

  • Privacy Policies: Update disclosure clauses immediately. Replace "pursuant to court order" with "pursuant to lawful process, including administrative subpoenas."
  • Vendor/MSP Agreements: If you utilize third-party data hosting, amend contracts to define who is the "custodian of records" responsible for answering subpoenas. Ensure vendors do not release data without notifying your legal counsel first.

Hiring/Training

  • Legal Response Teams (LRT): Train intake staff to distinguish between an Administrative Subpoena (Metadata/Logs only) and a Search Warrant (Content/Emails).
  • IT/Database Administrators: Configure query tools to extract specific fields (Name, IP, Session Time, Payment Source) without pulling "full user dumps" that include message content or search history.

Reporting & Record-Keeping

  • Subpoena Logging: Maintain a privileged log of all requests, recording the "Return Date" (deadline) and the specific issuing prosecutor.
  • Production Inventory: Keep an exact duplicate or hash of the data provided to the state to defend against claims of non-compliance or over-disclosure.
  • Secure Transmission: Establish an encrypted portal for data delivery. Do not transmit confidential subscriber data via standard unencrypted email.

Fees & Costs

  • Cost Absorption: The bill does not provide a statutory mechanism for cost reimbursement. Budget for the internal labor required to process these requests.
  • Litigation Budget: Allocate funds for potential Motions to Quash if prosecutors set unreasonable return dates (e.g., 24-hour turnaround).

Strategic Ambiguities & Considerations

  • "Reasonable Return Date": The statute requires a "reasonable" deadline but fails to define it. Businesses should establish a standard internal policy (e.g., "5 business days") to use as a baseline for objections against "immediate" demands.
  • Civil Immunity Gap: The law does not explicitly grant civil immunity to companies that comply. If you inadvertently release "content" (emails/DMs) in response to an administrative subpoena, you risk violating federal privacy laws (Stored Communications Act).
  • "In-Transit" vs. "Stored": The prohibition on disclosing "in-transit" communications is technically vague in cloud environments. Your technical team must define this boundary clearly to prevent accidental interception.

Need Compliance Guidance on This Legislation?

JD Key Consulting specializes in Texas regulatory compliance strategy. Work directly with James Dickey—former Chairman of the Republican Party of Texas—to understand this bill's impact on your operations and develop an actionable compliance plan.

Schedule a Consultation

Information presented is for general knowledge only and is provided without warranty, express or implied. Consult qualified government affairs professionals and legal counsel before making compliance decisions.

02

Legislative Timeline

This bill's path through the Texas Legislature

Filed
Feb 21, 2025
Passed House
May 12, 2025
Passed Senate
May 28, 2025
Signed
Jun 20, 2025
Effective
Jun 20, 2025
TopicsCrimesCrimes--miscellaneousCriminal ProcedureCriminal Procedure--generalElectronic Information SystemsEmail & Electronic CommunicationsInternetSubpoenas
03

House Authors

Rep. William MetcalfRepublican · Primary Author
Joint Authors

Senate Sponsors

Sen. Charles CreightonRepublican · Primary Sponsor
Cosponsors (1)

Bill Text(with markup)

View bill text in multiple formats on Texas Legislature website

Fiscal NoteView Original

Related Legislation

Explore more bills from this author and on related topics

More from Rep. William Metcalf

View all bills by Rep. William Metcalf

Related by Topic

View more Crimes legislation
Quick Reference

Frequently Asked Questions

Common questions about HB3185

Q

What does Texas HB3185 do?

HB3185 grants Texas prosecuting attorneys immediate administrative subpoena power to demand subscriber identity, connection logs, and payment source data from digital service providers without a prior judge's approval. This legislation fundamentally shifts the burden of privacy protection onto Electronic Communication Service (ECS) and Remote Computing Service (RCS) providers, who must now operationally distinguish between disclosable metadata and protected content to avoid civil liability.

Q

Who authored HB3185?

HB3185 was authored by Texas Representative William Metcalf during the Regular Session.

Q

When was HB3185 signed into law?

HB3185 was signed into law by Governor Greg Abbott on June 20, 2025.

Q

Which agencies enforce HB3185?

HB3185 is enforced by Office of the Prosecuting Attorney (District Attorneys, County Attorneys) and Texas Civil Courts (for motions to quash).

Q

How significant are the changes in HB3185?

The regulatory priority for HB3185 is rated as "critical". Businesses and organizations should review the legislation to understand potential impacts.

Q

What is the cost impact of HB3185?

The cost impact of HB3185 is estimated as "low". This may vary based on industry and implementation requirements.

Q

What topics does HB3185 address?

HB3185 addresses topics including crimes, crimes--miscellaneous, criminal procedure, criminal procedure--general and electronic information systems.

Q

What are the key dates for HB3185?

Key dates for HB3185: Effective date is 2025-06-20. Consult with legal counsel regarding applicability.

Need Strategic Guidance on This Legislation?

JD Key Consulting is an Austin, Texas-based government affairs firm led by James Dickey, former Chairman of the Republican Party of Texas. We specialize in Texas regulatory compliance and legislative strategy for data centers, energy, banking, and manufacturing.

Legislative data provided by LegiScanLast updated: January 11, 2026