JD Key Consulting Logo
Signed Into Law
Signed June 20, 2025Effective 2025-09-01
SB2368

Regular Session

Relating to critical infrastructure and utilities, including affiliation with certain foreign entities of certain persons working or participating in the electricity market; authorizing and increasing administrative penalties.

Government Affairs & Regulatory Compliance Analysis

SB2368: Government Affairs Overview

SB2368 fundamentally alters the risk profile for all Texas electric market participants (IOUs, MOUs, Co-ops, REPs, and Generators) by raising administrative penalties to $1,000,000 per violation for prohibited foreign affiliations or supply chain breaches. The law empowers ERCOT to immediately suspend market registration based merely on "reasonable suspicion" of ties to China, Russia, Iran, or North Korea, effectively granting the agency a "kill switch" for your business operations.

Sen. Donna Campbell·Senate Bill·Regular Session

Critical
High Cost
Effective:2025-09-01
Enforcing Agencies

Independent Organization (ERCOT)Office of the Attorney General (OAG)Public Utility Commission of Texas (PUC)

Business Impact

Who SB2368 Affects

This legislation has regulatory implications for the following Texas businesses and organizations:

Regulatory Priority: critical

Significant regulatory changes (effective 2025-09-01). Review with your legal and compliance teams to understand implications.

🏭

Manufacturing & Business

Affected business types:

  • Manufacturers
  • Industrial facilities
  • Supply chain companies
  • Logistics providers
View all manufacturing & business legislation

Energy

Affected business types:

  • Power generators
  • Electric utilities
  • Renewable energy developers
  • Battery storage operators
View all energy legislation

Key Operational Considerations

  • 1Indemnification: Insert clauses requiring vendors to indemnify your entity for the full $1,000,000 penalty if their attestation regarding foreign ownership proves false.
  • 2Termination Rights: Include an immediate "for cause" termination right triggered by an ERCOT flag or OAG investigation, bypassing standard cure periods.
  • 3Warranties: Vendors must explicitly warrant they are not a restricted entity under Business & Commerce Code Chapter 117.
  • 4Procurement Training: Purchasing agents must be trained to screen all vendors against the Chapter 117 prohibited jurisdiction list before issuing Purchase Orders.

Estimated Cost Impact

highSignificant operational investment may be required.

Enforcing Agencies

Need Government Relations Support?

JD Key Consulting provides government affairs and regulatory strategy services. We help businesses navigate Texas agencies, understand legislative impacts, and advocate for their interests.

Need Help Navigating This Legislation?

JD Key Consulting provides strategic guidance on Texas regulatory compliance and legislative impact for your business.

SB2368
Critical
Relating to critical infrastructure and utilities, including affiliation with certain foreign entities of certain persons working or participating in ...
Critical Compliance Urgency
Requires immediate attention
Cost Impact
High
Effective
2025-09-01
Enforcing Agencies
ERCOTOAGPUC
Primary Author: Sen. Donna Campbell
89th Texas Legislature
jdkey.com
01

Compliance Analysis

Key implementation requirements and action items for compliance with this legislation

Implementation Timeline

  • Effective Date: September 1, 2025.
  • Compliance Deadline: Immediate for Procurement. While penalties begin in September, any contract signed *now* that extends past the effective date must contain the new protective clauses to avoid future liability.
  • Agency Rulemaking: The PUC and ERCOT must develop the specific attestation forms and define the procedural mechanics for "reasonable suspicion" suspensions. Expect a volatile regulatory period between May 2025 and August 2025 as these definitions are finalized.

Immediate Action Plan

  • 1. Audit Vendor List: Immediately run your current critical infrastructure suppliers against the Chapter 117 prohibited country list.
  • 2. Freeze Non-Compliant Contracts: Halt any pending negotiations with foreign-affiliated vendors until "No Access" technical protocols are verified.
  • 3. Update Legal Templates: Distribute revised MSAs with the $1M indemnification clause to your procurement department by next week.
  • 4. Segregate Systems: Identify any existing equipment from restricted vendors and physically or logically isolate it from the wider grid network to prevent "control" allegations.

Operational Changes Required

Contracts

You must immediately revise all Master Service Agreements (MSAs) and vendor contracts for critical grid equipment.

  • Indemnification: Insert clauses requiring vendors to indemnify your entity for the full $1,000,000 penalty if their attestation regarding foreign ownership proves false.
  • Termination Rights: Include an immediate "for cause" termination right triggered by an ERCOT flag or OAG investigation, bypassing standard cure periods.
  • Warranties: Vendors must explicitly warrant they are not a restricted entity under Business & Commerce Code Chapter 117.

Hiring/Training

  • Procurement Training: Purchasing agents must be trained to screen all vendors against the Chapter 117 prohibited jurisdiction list before issuing Purchase Orders.
  • HR Screening: For positions deemed "critical to grid security," HR must implement pre-employment screening regarding travel to or relationships with prohibited nations (China, Russia, Iran, North Korea).

Reporting & Record-Keeping

  • The "No-Access" Log: If you purchase equipment from a restricted entity (where legal), you must maintain a technical log proving the vendor has no remote access or control capabilities.
  • Attestation Files: You must collect and store sworn affidavits from all critical vendors confirming their ownership structure.
  • ERCOT Filings: Prepare for new mandatory attestations during your annual or periodic ERCOT registration renewal.

Fees & Costs

  • Penalty Exposure: The statutory cap has increased 40x, from $25,000 to $1,000,000 per violation.
  • Insurance Impact: Review D&O and Regulatory Liability policies; insurers may classify these penalties as uninsurable "national security" exclusions.

Strategic Ambiguities & Considerations

  • "Reasonable Suspicion": The law allows ERCOT to suspend operations based on suspicion rather than proof. The standard for what constitutes "suspicion" is currently undefined, creating significant due process risk.
  • Definition of "Access": It remains unclear if passive software updates, warranty support, or cloud-based monitoring dashboards constitute prohibited "access/control." Until the PUC clarifies, assume the strictest interpretation: air-gap these systems.
  • Scope of "Critical" Positions: The PUC has not yet defined which employee roles are "critical to grid security," leaving HR departments in a gray zone regarding which applicants require enhanced vetting.

Need Compliance Guidance on This Legislation?

JD Key Consulting specializes in Texas regulatory compliance strategy. Work directly with James Dickey—former Chairman of the Republican Party of Texas—to understand this bill's impact on your operations and develop an actionable compliance plan.

Schedule a Consultation

Information presented is for general knowledge only and is provided without warranty, express or implied. Consult qualified government affairs professionals and legal counsel before making compliance decisions.

02

Legislative Timeline

This bill's path through the Texas Legislature

Filed
Mar 12, 2025
Passed Senate
Apr 22, 2025
Passed House
May 28, 2025
Signed
Jun 20, 2025
Effective
Sep 1, 2025
TopicsBusiness & CommerceBusiness & Commerce--generalPurchasingPurchasing--generalUtilitiesUtilities--electricInternational RelationsAttorney GeneralPublic Utility Commission
03

Senate Authors

Sen. Donna CampbellRepublican · Primary Author
Joint Authors
Coauthors (1)

House Sponsors

Rep. Phil KingRepublican · Primary Sponsor
Joint Sponsors

Bill Text(with markup)

View bill text in multiple formats on Texas Legislature website

Fiscal NoteView Original

Related Legislation

Explore more bills from this author and on related topics

More from Sen. Donna Campbell

View all bills by Sen. Donna Campbell

Related by Topic

View more Business & Commerce legislation
Quick Reference

Frequently Asked Questions

Common questions about SB2368

Q

What does Texas SB2368 do?

SB2368 fundamentally alters the risk profile for all Texas electric market participants (IOUs, MOUs, Co-ops, REPs, and Generators) by raising administrative penalties to $1,000,000 per violation for prohibited foreign affiliations or supply chain breaches. The law empowers ERCOT to immediately suspend market registration based merely on "reasonable suspicion" of ties to China, Russia, Iran, or North Korea, effectively granting the agency a "kill switch" for your business operations.

Q

Who authored SB2368?

SB2368 was authored by Texas Senator Donna Campbell during the Regular Session.

Q

When was SB2368 signed into law?

SB2368 was signed into law by Governor Greg Abbott on June 20, 2025.

Q

Which agencies enforce SB2368?

SB2368 is enforced by Independent Organization (ERCOT), Office of the Attorney General (OAG) and Public Utility Commission of Texas (PUC).

Q

How significant are the changes in SB2368?

The regulatory priority for SB2368 is rated as "critical". Businesses and organizations should review the legislation to understand potential impacts.

Q

What is the cost impact of SB2368?

The cost impact of SB2368 is estimated as "high". This may vary based on industry and implementation requirements.

Q

What topics does SB2368 address?

SB2368 addresses topics including business & commerce, business & commerce--general, purchasing, purchasing--general and utilities.

Q

What are the key dates for SB2368?

Key dates for SB2368: Effective date is 2025-09-01. Consult with legal counsel regarding applicability.

Q

What are the penalties under SB2368?

SB2368 establishes the following penalties: administrative penalty of Up to $1,000,000 per violation for Entering into an agreement granting a restricted foreign company access to or control of critical electric grid equipment or infrastructure (enforced by PUC).; administrative penalty of Up to $1,000,000 per violation for Failing to submit required information or knowingly submitting false information to the Independent Organization (ERCOT) regarding foreign affiliations (enforced by PUC).; operational sanction penalty of Immediate suspension or termination of market registration for Independent Organization (ERCOT) has 'reasonable suspicion' that the business entity is a restricted foreign-affiliated company.. Consult with legal counsel for specific applicability to your situation.

Q

Which Texas businesses are affected by SB2368?

SB2368 primarily affects Texas businesses and commercial enterprises, utility companies and energy providers. These businesses should review the legislation with their legal and compliance teams to understand potential impacts.

Need Strategic Guidance on This Legislation?

JD Key Consulting is an Austin, Texas-based government affairs firm led by James Dickey, former Chairman of the Republican Party of Texas. We specialize in Texas regulatory compliance and legislative strategy for data centers, energy, banking, and manufacturing.

Legislative data provided by LegiScanLast updated: January 11, 2026