BILL ANALYSIS Senate Research Center H.B. 130 By: Bonnen; Orr (Hughes) State Affairs 5/1/2025 Engrossed AUTHOR'S / SPONSOR'S STATEMENT OF INTENT C.S.H.B. 130 aims to protect Texans' genomic data from foreign adversaries. Motivated by concerns over China's pursuit of biotechnology dominance and military-civil fusion strategy, as well as the potential commercial and military advantages of controlling large gene banks, the bill addresses risks of foreign adversaries accessing U.S. intellectual property and genetic data. Prohibitions: The bill bans medical facilities, research facilities, companies, or nonprofits in Texas from using genome sequencers or software produced by or on behalf of foreign adversaries, their state-owned enterprises, or entities domiciled in or controlled by such adversaries. Data Storage and Security: Genomic data of Texas residents must be stored in the U.S., secured with encryption and cybersecurity best practices, and kept inaccessible to individuals in foreign adversary countries (except for open data). Compliance and Enforcement: Entities must certify compliance to the Texas Attorney General annually by December 31. The attorney general can investigate violations and impose a $10,000 civil penalty per violation, recoverable in court, with penalties deposited into the state's general revenue fund. Texas residents harmed by violations can sue for actual or statutory damages (up to $5,000 per violation), plus court costs and attorney's fees. H.B. 130 amends current law relating to genetic information security for residents of this state, provides a civil penalty, and provides a private cause of action. RULEMAKING AUTHORITY This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency. SECTION BY SECTION ANALYSIS SECTION 1. Amends Subtitle H, Title 2, Health and Safety Code, by adding Chapter 174, as follows: CHAPTER 174. SECURITY OF GENETIC INFORMATION Sec. 174.001. SHORT TITLE. Authorizes this chapter to be cited as the Texas Genomic Act of 2025. Sec. 174.002. DEFINITIONS. Defines "company," "domicile," "foreign adversary," "genome sequencer," "genome sequencing," "human genome," "medical facility," and "software." Sec. 174.003. APPLICABILITY. Provides that this chapter applies to a medical facility, research facility, company, or nonprofit organization that conducts research on or testing of genome sequencing or the human genome in this state. Sec. 174.004. PURPOSE AND LEGISLATIVE POLICY. (a) Provides that the purpose of this chapter is to ensure that a medical facility, research facility, company, or nonprofit organization subject to this chapter does not provide a foreign adversary access to the genetic information of residents of this state. (b) Provides that the policy of this state is to oppose the collection and analysis of genomic information by a foreign adversary or for use by a foreign adversary and to support sanctions the United States Department of Commerce or the United States Department of Defense imposes on a medical facility, research facility, company, or nonprofit organization engaged in the collection and analysis of genomic information for use by a foreign adversary. Sec. 174.005. PROHIBITED USE OF CERTAIN GENOME SEQUENCERS AND GENOME SEQUENCING TECHNOLOGIES. Prohibits a medical facility, research facility, company, or nonprofit organization subject to this chapter from using a genome sequencer or software produced by or on behalf of certain entities with certain relationships to a foreign adversary. Sec. 174.006. REQUIREMENTS FOR GENOMIC INFORMATION STORAGE. (a) Prohibits a medical facility, research facility, company, or nonprofit organization subject to this chapter from storing any genome sequencing data of a resident of this state at a location within the borders of a country that is a foreign adversary. (b) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter that stores genome sequencing data of residents of this state, including storage of genome sequencing data through a contract with a third-party data storage company, to ensure the security of the genome sequencing data using reasonable encryption methods, restriction on access, and other cybersecurity best practices. (c) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter to ensure genome sequencing data of residents of this state, other than open data, is inaccessible to any person located within the borders of a country that is a foreign adversary. Sec. 174.007. REQUIRED ANNUAL CERTIFICATION OF COMPLIANCE. (a) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter, not later than December 31 of each year, to certify to the attorney general that the facility, company, or organization is in compliance with this chapter. (b) Requires an attorney representing a medical facility, research facility, company, or nonprofit organization subject to this chapter to submit the certification required under Subsection (a). Sec. 174.008. INVESTIGATIVE AUTHORITY OF ATTORNEY GENERAL. (a) Authorizes the attorney general to investigate an allegation of a violation of this chapter. (b) Authorizes any person to notify the attorney general of a violation or potential violation of this chapter. Sec. 174.009. CIVIL PENALTY. (a) Provides that a medical facility, research facility, company, or nonprofit organization that violates this chapter is liable to this state for a civil penalty of $10,000 for each violation. (b) Authorizes the attorney general to bring an action to recover the civil penalty imposed under this section. (c) Authorizes an action under this section to be brought in a district court in Travis County or in a county in which any part of the violation occurs. (d) Requires the attorney general to deposit a civil penalty collected under this section in the state treasury to the credit of the general revenue fund. (e) Authorizes the attorney general to recover reasonable expenses incurred in obtaining a civil penalty under this section, including court costs, reasonable attorney's fees, investigative costs, witness fees, and deposition expenses. Sec. 174.010. PRIVATE CAUSE OF ACTION. (a) Authorizes a resident of this state who is a patient or research subject of a medical facility, research facility, company, or nonprofit organization subject to this chapter and who is harmed by the storage or use of the patient's or subject's genome sequencing data in violation of this chapter to bring an action against the facility, company, or organization that violated this chapter and is entitled to obtain the greater of actual damages or statutory damages in an amount not to exceed $5,000 for each violation and court costs and reasonable attorney's fees. (b) Authorizes an action under this section to be brought in the county in which the plaintiff resides. (c) Provides that Sections 41.003 (Standards for Recovery of Exemplary Damages) and 41.004 (Factors Precluding Recovery), Civil Practice and Remedies Code, do not apply to an action brought under this section. SECTION 2. Makes application of this Act prospective. SECTION 3. Effective date: September 1, 2025.
BILL ANALYSIS
Senate Research Center H.B. 130
By: Bonnen; Orr (Hughes)
State Affairs
5/1/2025
Engrossed
Senate Research Center
H.B. 130
By: Bonnen; Orr (Hughes)
State Affairs
5/1/2025
Engrossed
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
C.S.H.B. 130 aims to protect Texans' genomic data from foreign adversaries. Motivated by concerns over China's pursuit of biotechnology dominance and military-civil fusion strategy, as well as the potential commercial and military advantages of controlling large gene banks, the bill addresses risks of foreign adversaries accessing U.S. intellectual property and genetic data.
1. Prohibitions: The bill bans medical facilities, research facilities, companies, or nonprofits in Texas from using genome sequencers or software produced by or on behalf of foreign adversaries, their state-owned enterprises, or entities domiciled in or controlled by such adversaries.
1. Data Storage and Security: Genomic data of Texas residents must be stored in the U.S., secured with encryption and cybersecurity best practices, and kept inaccessible to individuals in foreign adversary countries (except for open data).
1. Compliance and Enforcement:
1. Entities must certify compliance to the Texas Attorney General annually by December 31.
2. The attorney general can investigate violations and impose a $10,000 civil penalty per violation, recoverable in court, with penalties deposited into the state's general revenue fund.
3. Texas residents harmed by violations can sue for actual or statutory damages (up to $5,000 per violation), plus court costs and attorney's fees.
H.B. 130 amends current law relating to genetic information security for residents of this state, provides a civil penalty, and provides a private cause of action.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Subtitle H, Title 2, Health and Safety Code, by adding Chapter 174, as follows:
CHAPTER 174. SECURITY OF GENETIC INFORMATION
Sec. 174.001. SHORT TITLE. Authorizes this chapter to be cited as the Texas Genomic Act of 2025.
Sec. 174.002. DEFINITIONS. Defines "company," "domicile," "foreign adversary," "genome sequencer," "genome sequencing," "human genome," "medical facility," and "software."
Sec. 174.003. APPLICABILITY. Provides that this chapter applies to a medical facility, research facility, company, or nonprofit organization that conducts research on or testing of genome sequencing or the human genome in this state.
Sec. 174.004. PURPOSE AND LEGISLATIVE POLICY. (a) Provides that the purpose of this chapter is to ensure that a medical facility, research facility, company, or nonprofit organization subject to this chapter does not provide a foreign adversary access to the genetic information of residents of this state.
(b) Provides that the policy of this state is to oppose the collection and analysis of genomic information by a foreign adversary or for use by a foreign adversary and to support sanctions the United States Department of Commerce or the United States Department of Defense imposes on a medical facility, research facility, company, or nonprofit organization engaged in the collection and analysis of genomic information for use by a foreign adversary.
Sec. 174.005. PROHIBITED USE OF CERTAIN GENOME SEQUENCERS AND GENOME SEQUENCING TECHNOLOGIES. Prohibits a medical facility, research facility, company, or nonprofit organization subject to this chapter from using a genome sequencer or software produced by or on behalf of certain entities with certain relationships to a foreign adversary.
Sec. 174.006. REQUIREMENTS FOR GENOMIC INFORMATION STORAGE. (a) Prohibits a medical facility, research facility, company, or nonprofit organization subject to this chapter from storing any genome sequencing data of a resident of this state at a location within the borders of a country that is a foreign adversary.
(b) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter that stores genome sequencing data of residents of this state, including storage of genome sequencing data through a contract with a third-party data storage company, to ensure the security of the genome sequencing data using reasonable encryption methods, restriction on access, and other cybersecurity best practices.
(c) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter to ensure genome sequencing data of residents of this state, other than open data, is inaccessible to any person located within the borders of a country that is a foreign adversary.
Sec. 174.007. REQUIRED ANNUAL CERTIFICATION OF COMPLIANCE. (a) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter, not later than December 31 of each year, to certify to the attorney general that the facility, company, or organization is in compliance with this chapter.
(b) Requires an attorney representing a medical facility, research facility, company, or nonprofit organization subject to this chapter to submit the certification required under Subsection (a).
Sec. 174.008. INVESTIGATIVE AUTHORITY OF ATTORNEY GENERAL. (a) Authorizes the attorney general to investigate an allegation of a violation of this chapter.
(b) Authorizes any person to notify the attorney general of a violation or potential violation of this chapter.
Sec. 174.009. CIVIL PENALTY. (a) Provides that a medical facility, research facility, company, or nonprofit organization that violates this chapter is liable to this state for a civil penalty of $10,000 for each violation.
(b) Authorizes the attorney general to bring an action to recover the civil penalty imposed under this section.
(c) Authorizes an action under this section to be brought in a district court in Travis County or in a county in which any part of the violation occurs.
(d) Requires the attorney general to deposit a civil penalty collected under this section in the state treasury to the credit of the general revenue fund.
(e) Authorizes the attorney general to recover reasonable expenses incurred in obtaining a civil penalty under this section, including court costs, reasonable attorney's fees, investigative costs, witness fees, and deposition expenses.
Sec. 174.010. PRIVATE CAUSE OF ACTION. (a) Authorizes a resident of this state who is a patient or research subject of a medical facility, research facility, company, or nonprofit organization subject to this chapter and who is harmed by the storage or use of the patient's or subject's genome sequencing data in violation of this chapter to bring an action against the facility, company, or organization that violated this chapter and is entitled to obtain the greater of actual damages or statutory damages in an amount not to exceed $5,000 for each violation and court costs and reasonable attorney's fees.
(b) Authorizes an action under this section to be brought in the county in which the plaintiff resides.
(c) Provides that Sections 41.003 (Standards for Recovery of Exemplary Damages) and 41.004 (Factors Precluding Recovery), Civil Practice and Remedies Code, do not apply to an action brought under this section.
SECTION 2. Makes application of this Act prospective.
SECTION 3. Effective date: September 1, 2025.