By: Tepper, Capriglione, Orr, Bumgarner H.B. No. 3112 A BILL TO BE ENTITLED AN ACT relating to the application of the open meetings law and public information law to government information related to certain cybersecurity measures. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: SECTION 1. Subchapter D, Chapter 551, Government Code, is amended by adding Section 551.0761 to read as follows: Sec. 551.0761. DELIBERATION REGARDING CRITICAL INFRASTRUCTURE FACILITY; CLOSED MEETING. (a) In this section: (1) "Critical infrastructure facility" means a communication infrastructure system, cybersecurity system, electric grid, electrical power generating facility, substation, switching station, electrical control center, dam, natural gas and natural gas liquids gathering, processing, and storage transmission and distribution system, hazardous waste treatment system, water treatment facility, water intake structure, wastewater treatment plant, pump station, or water pipeline and related support facility, equipment, and property. (2) "Cybersecurity" means the measures taken to protect a computer, a computer network, a computer system, or other technology infrastructure against unauthorized use or access. (b) This chapter does not require a governmental body to conduct an open meeting to deliberate a cybersecurity measure, policy, or contract solely intended to protect a critical infrastructure facility located in the jurisdiction of the governmental body. SECTION 2. Subchapter C, Chapter 552, Government Code, is amended by adding Section 552.1391 to read as follows: Sec. 552.1391. EXCEPTION: CONFIDENTIALITY OF CYBERSECURITY MEASURES. (a) In this section: (1) "Critical infrastructure facility" has the meaning assigned by Section 551.0761. (2) "Cybersecurity" has the meaning assigned by Section 551.0761. (b) Information is excepted from the requirements of Section 552.021 if it is information that relates to: (1) a cybersecurity measure, policy, or contract solely intended to protect a critical infrastructure facility located in the jurisdiction of the governmental body; (2) coverage limits and deductible amounts for insurance or other risk mitigation coverages acquired for the protection of information technology systems, critical infrastructure, operational technology systems, or data of a governmental body or the amount of money set aside by a governmental body to self-insure against those risks; (3) cybersecurity incident information reported pursuant to state law; and (4) network schematics, hardware and software configurations, or encryption information or information that identifies the detection, investigation, or response practices for suspected or confirmed cybersecurity incidents if the disclosure of such information would facilitate unauthorized access to: (A) data or information, whether physical or virtual; or (B) information technology resources, including a governmental body's existing or proposed information technology system. (c) A governmental body may disclose information made confidential by this section to comply with applicable state or federal law or a court order. A governmental body that is required to disclose information described by Subsection (b) shall: (1) not later than the fifth business day before the date the information is required to be disclosed, provide notice of the required disclosure to the person or third party who owns the critical infrastructure facility or, in the event immediate disclosure is required, notify in writing the person or third party as soon as practicable but not later than the fifth business day after the information is disclosed; and (2) retain all existing labeling on the information being disclosed describing such information as confidential or privileged. SECTION 3. This Act takes effect immediately if it receives a vote of two-thirds of all the members elected to each house, as provided by Section 39, Article III, Texas Constitution. If this Act does not receive the vote necessary for immediate effect, this Act takes effect September 1, 2025.