By: Hughes, Parker S.B. No. 1585
(In the Senate - Filed February 24, 2025; March 10, 2025,
read first time and referred to Committee on State Affairs;
March 26, 2025, reported adversely, with favorable Committee
Substitute by the following vote: Yeas 10, Nays 0; March 26, 2025,
sent to printer.)
Click here to see the committee vote
COMMITTEE SUBSTITUTE FOR S.B. No. 1585 By: Paxton
A BILL TO BE ENTITLED
AN ACT
relating to a prohibition on governmental contracts with companies
of foreign adversaries for certain information and communications
technology; authorizing a civil penalty; creating a criminal
offense.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. The heading to Chapter 2275, Government Code, is
amended to read as follows:
CHAPTER 2275. PROHIBITION ON CONTRACTS WITH CERTAIN FOREIGN-OWNED
COMPANIES IN CONNECTION WITH CRITICAL INFRASTRUCTURE AND
INFORMATION AND COMMUNICATIONS TECHNOLOGY
SECTION 2. Chapter 2275, Government Code, is amended by
designating Sections 2275.0101 through 2275.0103 as Subchapter A
and adding a subchapter heading to read as follows:
SUBCHAPTER A. PROHIBITION ON CERTAIN CONTRACTS IN CONNECTION WITH
CRITICAL INFRASTRUCTURE
SECTION 3. Section 2275.0101, Government Code, is amended
to read as follows:
Sec. 2275.0101. DEFINITIONS. In this subchapter [chapter]:
(1) "Company" means a sole proprietorship,
organization, association, corporation, partnership, joint
venture, limited partnership, limited liability partnership, or
limited liability company, including a wholly owned subsidiary,
majority-owned subsidiary, parent company, or affiliate of those
entities or business associations, that exists to make a profit.
(2) "Critical infrastructure" means a communication
infrastructure system, cybersecurity system, electric grid,
hazardous waste treatment system, or water treatment facility.
(3) "Cybersecurity" means the measures taken to
protect a computer, computer network, computer system, or other
technology infrastructure against unauthorized use or access.
(4) "Designated country" means a country designated by
the governor as a threat to critical infrastructure under Section
2275.0103.
(5) "Governmental entity" means a state agency, a
political subdivision, or an independent organization certified
under Section 39.151, Utilities Code, to perform a function
described by Section 39.151(a), Utilities Code.
(6) "Affiliate," with respect to a company entering
into an agreement in which the critical infrastructure is electric
grid equipment, has the meaning assigned by the protocols of the
independent organization certified under Section 39.151, Utilities
Code, for the ERCOT power region.
SECTION 4. Section 2275.0103(a), Government Code, is
amended to read as follows:
(a) The governor, after consultation with the public safety
director of the Department of Public Safety, may designate a
country as a threat to critical infrastructure for purposes of this
subchapter [chapter].
SECTION 5. Chapter 2275, Government Code, is amended by
adding Subchapter B to read as follows:
SUBCHAPTER B. PROHIBITION ON CERTAIN CONTRACTS IN CONNECTION WITH
INFORMATION AND COMMUNICATIONS TECHNOLOGY
Sec. 2275.0201. DEFINITIONS. In this subchapter:
(1) "Company" has the meaning assigned by Section
2275.0101.
(2) "Control" means the direct or indirect power,
whether or not exercised, to determine, direct, or decide important
matters affecting a company through the ownership of a majority or a
dominant minority of the total outstanding voting interest in the
company, board representation, proxy voting, special share,
contractual arrangement, formal or informal arrangement to act in
concert, or other means of exercising power.
(3) "Foreign adversary" means:
(A) the People's Republic of China; or
(B) any country listed on the entity list under
Supplement No. 4 to 15 C.F.R. Part 744 because there is reasonable
cause to believe the country is involved, has been involved, or
poses a significant risk of being or becoming involved in
activities contrary to the national security or foreign policy
interests of the United States of America.
(4) "Governmental entity" has the meaning assigned by
Section 2251.001.
(5) "Information or communications technology or
service" means a hardware, software, or other product or service
and its components that is:
(A) designed to facilitate by electronic means
the processing, storage, retrieval, communication, transmission,
or display of information or data; and
(B) capable of storing data, communicating
independently, controlling systems, or engaging in two-way
communication with a foreign adversary.
(6) "Scrutinized company" means a company or a wholly
owned subsidiary or majority-owned subsidiary of a company that is:
(A) organized in or under the laws of a foreign
adversary or has its principal place of business in a foreign
adversary;
(B) identified on the covered list under 47
C.F.R. Section 1.50002 as producing or providing communications
equipment or a service that poses an unacceptable risk to the
national security of the United States or the security and safety of
United States persons; or
(C) as provided by 15 C.F.R. Part 791, not a
United States person and has been subject to a determination by the
United States secretary of commerce, or the secretary's designee,
as involved in a transaction related to an information or
communications technology or service that posed an undue or
unacceptable risk.
(7) "Two-way communication" means, with respect to an
information or communications technology or service, systems or
components that facilitate the bidirectional exchange of
information which may include remote or unauthorized access.
Sec. 2275.0202. CONTRACTS WITH SCRUTINIZED COMPANIES
PROHIBITED; EXCEPTION. (a) Except as provided by Subsection (b), a
scrutinized company may not submit a bid for a contract or enter
into a contract with a governmental entity relating to an
information or communications technology or service.
(b) A governmental entity may enter into a contract relating
to an information or communications technology or service with a
scrutinized company if the governmental entity, with the approval
of the governor, determines:
(1) the only vendors available to provide the
information or communications technology or service are
scrutinized companies;
(2) the cost to this state of finding and contracting
with a vendor that is not a scrutinized company would be so
disproportionately high that the use of a vendor that is a
scrutinized company would be overwhelmingly in the best interest of
this state; or
(3) any goods or services that originate with a
scrutinized company and may be used in the performance of the
contract constitute a de minimis amount of the total value of the
goods and services provided under the contract and pose no risk to
the security of this state.
Sec. 2275.0203. VERIFICATION REQUIRED. (a) A vendor
submitting a bid for a contract relating to an information or
communications technology or service shall include in the bid a
written verification that the vendor:
(1) is not a scrutinized company;
(2) will not contract with a scrutinized company for
any aspect of its performance under the contract; and
(3) will not procure products or services from or that
originate with a scrutinized company for use in the performance of
the contract.
(b) A governmental entity may not enter into a contract
relating to an information or communications technology or service
with a vendor that fails to provide the verification required by
Subsection (a).
Sec. 2275.0204. FALSE VERIFICATION; VIOLATION. (a) A
governmental entity that determines that a vendor holding a
contract with the entity was ineligible to have the contract
awarded under Section 2275.0202 because the vendor's written
verification was false shall notify the vendor that the vendor is in
violation of this subchapter. The notice must include the basis for
the entity's determination that the vendor is in violation of this
subchapter.
(b) Not later than the 60th day after the date a vendor
receives a notice under Subsection (a), the vendor may provide a
written response to the governmental entity with evidence that the
vendor's verification was not false and that the vendor is not in
violation of this subchapter. If a vendor does not provide a
response in the manner provided by this subsection, the entity's
determination under Subsection (a) becomes a final determination.
(c) Not later than the 60th day after the date the
governmental entity receives a vendor's response as provided under
Subsection (b), the governmental entity shall review the response
and notify the vendor of the entity's final determination based on
the evidence provided by the vendor.
(d) A governmental entity, on making a final determination
that a vendor violated this subchapter, shall:
(1) refer the matter to the attorney general, a
district attorney, or a county attorney, as applicable, for
enforcement under Sections 2275.0207 and 2275.0208; and
(2) notify the comptroller of the final determination
for purposes of Section 2275.0206.
Sec. 2275.0205. CONTRACT TERMINATION FOR FALSE
VERIFICATION; BARRING FROM STATE CONTRACTS. (a) A governmental
entity, on making a final determination that a vendor violated this
subchapter, shall immediately terminate the contract without
further obligation to the vendor.
(b) A vendor that violates this subchapter may not respond
to a solicitation for or be awarded a contract for goods or services
by any governmental entity until the fifth anniversary of the date
the vendor receives a final determination under Section 2275.0204.
Sec. 2275.0206. DEBARMENT BY COMPTROLLER. On receiving
notice of a final determination under Section 2275.0204 that a
vendor violated this subchapter, the comptroller shall bar the
vendor from participating in state contracts until the fifth
anniversary of the date the vendor receives the final determination
under Section 2275.0204.
Sec. 2275.0207. CIVIL PENALTY. (a) A vendor that violates
this subchapter is liable to the state for a civil penalty in an
amount equal to the greater of:
(1) twice the amount of the contract terminated under
Section 2275.0205; or
(2) the amount of loss suffered by the state from
terminating the contract.
(b) The attorney general may bring an action to recover a
civil penalty imposed under this section.
(c) The attorney general may recover reasonable attorney's
fees and court costs in bringing an action under this section.
Sec. 2275.0208. CRIMINAL PENALTY. (a) A vendor that
violates this subchapter commits an offense.
(b) An offense under this section is a state jail felony.
SECTION 6. Subchapter B, Chapter 2275, Government Code, as
added by this Act, applies only to a contract for which the request
for bids or proposals or other applicable expression of interest is
made public on or after the effective date of this Act. A contract
for which the request for bids or proposals or other applicable
expression of interest is made public before that date is governed
by the law in effect on the date the request or other expression of
interest is made public, and the former law is continued in effect
for that purpose.
SECTION 7. This Act takes effect September 1, 2025.
* * * * *