S.B. No. 2116
AN ACT
relating to prohibiting contracts or other agreements with certain
foreign-owned companies in connection with critical infrastructure
in this state.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. This Act may be cited as the Lone Star
Infrastructure Protection Act.
SECTION 2. Subtitle C, Title 5, Business & Commerce Code, is
amended by adding Chapter 113 to read as follows:
CHAPTER 113. PROHIBITION ON AGREEMENTS WITH CERTAIN FOREIGN-OWNED
COMPANIES IN CONNECTION WITH CRITICAL INFRASTRUCTURE
Sec. 113.001. DEFINITIONS. In this chapter:
(1) "Company" means a sole proprietorship,
organization, association, corporation, partnership, joint
venture, limited partnership, limited liability partnership, or
limited liability company, including a wholly owned subsidiary,
majority-owned subsidiary, parent company, or affiliate of those
entities or business associations, that exists to make a profit.
(2) "Critical infrastructure" means a communication
infrastructure system, cybersecurity system, electric grid,
hazardous waste treatment system, or water treatment facility.
(3) "Cybersecurity" means the measures taken to
protect a computer, computer network, computer system, or other
technology infrastructure against unauthorized use or access.
(4) "Designated country" means a country designated by
the governor as a threat to critical infrastructure under Section
113.003.
Sec. 113.002. PROHIBITED ACCESS TO CRITICAL
INFRASTRUCTURE. (a) A business entity may not enter into an
agreement relating to critical infrastructure in this state with a
company:
(1) if, under the agreement, the company would be
granted direct or remote access to or control of critical
infrastructure in this state, excluding access specifically
allowed by the business entity for product warranty and support
purposes; and
(2) if the business entity knows that the company is:
(A) owned by or the majority of stock or other
ownership interest of the company is held or controlled by:
(i) individuals who are citizens of China,
Iran, North Korea, Russia, or a designated country; or
(ii) a company or other entity, including a
governmental entity, that is owned or controlled by citizens of or
is directly controlled by the government of China, Iran, North
Korea, Russia, or a designated country; or
(B) headquartered in China, Iran, North Korea,
Russia, or a designated country.
(b) The prohibition described by Subsection (a) applies
regardless of whether:
(1) the company's or its parent company's securities
are publicly traded; or
(2) the company or its parent company is listed on a
public stock exchange as:
(A) a Chinese, Iranian, North Korean, or Russian
company; or
(B) a company of a designated country.
Sec. 113.003. DESIGNATION OF COUNTRY AS THREAT TO CRITICAL
INFRASTRUCTURE. (a) The governor, after consultation with the
public safety director of the Department of Public Safety, may
designate a country as a threat to critical infrastructure for
purposes of this chapter.
(b) The governor shall consult the Homeland Security
Council, established under Subchapter B, Chapter 421, Government
Code, to assess a threat to critical infrastructure for purposes of
making a designation under this section.
SECTION 3. Subtitle F, Title 10, Government Code, is
amended by adding Chapter 2274 to read as follows:
CHAPTER 2274. PROHIBITION ON CONTRACTS WITH CERTAIN FOREIGN-OWNED
COMPANIES IN CONNECTION WITH CRITICAL INFRASTRUCTURE
Sec. 2274.0101. DEFINITIONS. In this chapter:
(1) "Company" means a sole proprietorship,
organization, association, corporation, partnership, joint
venture, limited partnership, limited liability partnership, or
limited liability company, including a wholly owned subsidiary,
majority-owned subsidiary, parent company, or affiliate of those
entities or business associations, that exists to make a profit.
(2) "Critical infrastructure" means a communication
infrastructure system, cybersecurity system, electric grid,
hazardous waste treatment system, or water treatment facility.
(3) "Cybersecurity" means the measures taken to
protect a computer, computer network, computer system, or other
technology infrastructure against unauthorized use or access.
(4) "Designated country" means a country designated by
the governor as a threat to critical infrastructure under Section
2274.0103.
(5) "Governmental entity" means a state agency or
political subdivision of this state.
Sec. 2274.0102. PROHIBITED CONTRACTS. (a) A governmental
entity may not enter into a contract or other agreement relating to
critical infrastructure in this state with a company:
(1) if, under the contract or other agreement, the
company would be granted direct or remote access to or control of
critical infrastructure in this state, excluding access
specifically allowed by the governmental entity for product
warranty and support purposes; and
(2) if the governmental entity knows that the company
is:
(A) owned by or the majority of stock or other
ownership interest of the company is held or controlled by:
(i) individuals who are citizens of China,
Iran, North Korea, Russia, or a designated country; or
(ii) a company or other entity, including a
governmental entity, that is owned or controlled by citizens of or
is directly controlled by the government of China, Iran, North
Korea, Russia, or a designated country; or
(B) headquartered in China, Iran, North Korea,
Russia, or a designated country.
(b) The prohibition described by Subsection (a) applies
regardless of whether:
(1) the company's or its parent company's securities
are publicly traded; or
(2) the company or its parent company is listed on a
public stock exchange as:
(A) a Chinese, Iranian, North Korean, or Russian
company; or
(B) a company of a designated country.
Sec. 2274.0103. DESIGNATION OF COUNTRY AS THREAT TO
CRITICAL INFRASTRUCTURE. (a) The governor, after consultation
with the public safety director of the Department of Public Safety,
may designate a country as a threat to critical infrastructure for
purposes of this chapter.
(b) The governor shall consult the Homeland Security
Council, established under Subchapter B, Chapter 421, to assess a
threat to critical infrastructure for purposes of making a
designation under this section.
SECTION 4. Chapter 113, Business & Commerce Code, as added
by this Act, and Chapter 2274, Government Code, as added by this
Act, apply to a contract or agreement entered into on or after the
effective date of this Act.
SECTION 5. This Act takes effect immediately if it receives
a vote of two-thirds of all the members elected to each house, as
provided by Section 39, Article III, Texas Constitution. If this
Act does not receive the vote necessary for immediate effect, this
Act takes effect September 1, 2021.
______________________________ ______________________________
President of the Senate Speaker of the House
I hereby certify that S.B. No. 2116 passed the Senate on
April 26, 2021, by the following vote: Yeas 31, Nays 0; and that
the Senate concurred in House amendments on May 29, 2021, by the
following vote: Yeas 31, Nays 0.
______________________________
Secretary of the Senate
I hereby certify that S.B. No. 2116 passed the House, with
amendments, on May 24, 2021, by the following vote: Yeas 141,
Nays 0, one present not voting.
______________________________
Chief Clerk of the House
Approved:
______________________________
Date
______________________________
Governor