Compliant by September: Get Ready for Texas Senate Bill 2610

As of September 1, 2025, Texas SB 2610 will provide the opportunity for safe harbor protections for small businesses against cyber attacks. A business has to meet certain cybersecurity qualifications ahead of any incident or attack in order to take advantage of the protections provided. HCS is prepared to provide a full evaluation of your company's current security needs and can assist with filling in the gaps to ensure you are compliant.

What is SB 2610?

SB 2610 offers Texas businesses a legal "safe harbor" if they adopt and maintain a cybersecurity program aligned with an industry-recognized framework (like CIS or NIST).

To qualify, your program must match the scale and complexity of your business—and be updated within 12 months of any changes to the framework.

What's Required?

Based on Employee Count

Under 20 Employees

Password Policy

MFA

Employee Training

Antivirus

Firewall Protection

Written Cybersecurity Policies

20 - 99 Employees

All of the above plus

CIS Controls (IG1)

Asset Inventory

Incident Response

Email Filtering

Backups

100 - 249 Employees

All of the above plus

Full Framework Alignment (CIS, NIST, or ISO)

Encryption

IAM

SIEM/logging

vCSO support

Are You SB 2610-Ready?

Know Where You Stand

Take our free 3-minute quiz to assess your cybersecurity readiness and find the right action plan for your business size.

Take the Readiness Quiz

Ready to Be Protected?

Whether you're just starting or need a quick policy refresh, we’ll guide you step-by-step.

Take the Quiz. Download the Checklist. Book a Free Compliance Consult.

Book A Free Call

Let's Work Together! Contact us.

Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. While adopting and maintaining a cybersecurity program aligned with recognized frameworks may help your business potentially qualify for the safe-harbor protection under Texas SB 2610—effective September 1, 2025—HCS makes no guarantees of legal immunity. Requirements may change, and applicability depends on your specific facts and documentation. Please consult qualified counsel to tailor your cybersecurity measures and ensure full compliance.