Relating to critical infrastructure and utilities, including affiliation with certain foreign entities of certain persons working or participating in the electricity market; authorizing and increasing administrative penalties.

BILL ANALYSIS

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

The Lonestar Infrastructure Protection Act (LISPA) was first created in the 87th Legislature through passage of S.B. 2116. It was subsequently strengthened by the 88th Legislature through S.B. 2013. LISPA prevents certain foreign-owned companies from entering into contracts or agreements that would give them access to critical infrastructure in the state. Additionally, it prohibits critical grid equipment from being accessed or controlled by a company with ties to China, Russia, North Korea, or Iran, also known as a LISPA nation company. This bill seeks to strengthen LISPA by creating a penalty for providing false or inaccurate information to ERCOT, ensures ERCOT has the authority to verify a business entity's compliance and mitigation strategies, and allow the Office of the Texas Attorney General to conduct investigations into LISPA compliance violations. Finally, this bill would enhance ERCOT's employment screening practices for prospective employees applying to position critical to operations. 

As proposed, S.B. 2368 amends current law relating to affiliation with certain foreign entities of certain persons working or participating in the electricity market and increases an administrative penalty.

RULEMAKING AUTHORITY

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

SECTION BY SECTION ANALYSIS

SECTION 1. Amends Section 15.023, Utilities Code, by adding Subsection (b-2) to authorize the penalty for a violation of Section 39.360 (Transactions With Certain Foreign-Owned Companies in Connection With Critical Infrastructure) in which a business entity submitted false or incomplete information to the independent organization certified under Section 39.151 (Essential Organizations) for the ERCOT power region, notwithstanding Subsection (b) (relating to the amount authorized to be levied under a violation of the Public Utility Regulatory Act), to be in an amount not to exceed $1,000,000 for each violation.

SECTION 2. Redesignates Section 39.151(g-7), Utilities Code, as added by Chapter 464 (S.B. 2013), Acts of the 88th Legislature, Regular Session, 2023, as Section 39.151(g-8), Utilities Code, and amends it as follows:

(g-8) Redesignates existing Subsection (g-7) as (g-8). Requires an organization, to maintain certification as an independent organization under this section, to:

(1) makes no changes to this subdivision; and

(2) before hiring a person for a position described by Subdivision (1) (relating to requiring an organization to identify all employee positions in the organization that are critical to the security of the electric grid), obtain:

(A) creates this paragraph from existing text and makes no further changes;

(B) from the prospective employee an attestation regarding any former travel by the prospective employee to a country described by Section 117.003 (Designation of Country as Threat to Critical Infrastructure), Business & Commerce Code, and any relationship between the prospective employee and a foreign governmental entity or foreign political organization.

SECTION 3. Amends Section 39.360, Utilities Code, as added by Chapter 464 (S.B. 2013), Acts of the 88th Legislature, Regular Session, 2023, by amending Subsections (a), (b), (c), (d), and (e) and adding Subsections (d-1) and (j), as follows:

(a) Redefines "company" and "critical infrastructure."

(b) Prohibits an independent organization certified under Section 39.151 from registering a business entity as a market participant or maintaining the registration of a business entity to operate as a market participant in the power region for which the independent organization is certified unless the business identity attests that the entity complies with Chapter 117 (Prohibition on Agreements With Certain Foreign-Owned Companies in Connection With Critical Infrastructure), Business & Commerce Code. Makes a nonsubstantive change.

(c)-(d) Makes conforming changes to these subsections.

(d-1) Authorizes an independent organization certified under Section 39.151 to:

(1) require as a condition of market participant registration that a business entity provide the independent organization with additional information to confirm the accuracy of an attestation or report required under Subsection (b), (c) (relating to requiring a certain business entity to report certain critical electric grid purchases to an independent organization), or (d) (relating to requiring a certain business entity to submit a certain attestation to an independent organization); and

(2) disclose information received under Subdivision (1) to the attorney general or the Public Utility Commission of Texas (PUC).

(e) Authorizes an independent organization certified under Section 39.151, notwithstanding any other law, to immediately suspend or terminate a business entity's registration as a market participant or access to any of the independent organization's systems if the independent organization has a reasonable suspicion that the business entity is a company described by Section 2275.0102(a)(2) (relating to prohibiting a government entity from entering into certain contracts with a company if the company has certain affiliations), Government Code.

(j) Authorizes the attorney general to investigate the accuracy or sufficiency of information provided under this section to an independent organization certified under Section 39.151 and disclose any new information obtained in relation to the investigation to the independent organization or the PUC.

SECTION 4. Provides that, to the extent of any conflict, this Act prevails over another Act of the 89th Legislature, Regular Session, 2025, relating to nonsubstantive additions to and corrections in enacted codes.

SECTION 5. Effective date: September 1, 2025.