Menu
89th Legislature

HB 130

Relating to genetic information security for residents of this state; providing a civil penalty; providing a private cause of action.
Overall Vote Recommendation
Yes
Principle Criteria
Free Enterprise
Property Rights
Personal Responsibility
Limited Government
Individual Liberty
Digest
HB 130, known as the Texas Genomic Act of 2025, seeks to establish new protections for the genetic information of Texas residents. It creates Chapter 174 within the Health and Safety Code to regulate the collection, storage, and use of genome sequencing data. The bill specifically prohibits Texas-based medical facilities, research institutions, companies, and nonprofits from using genome sequencing devices or related software produced by or associated with "foreign adversaries" as defined by federal law. This prohibition extends to entities domiciled in, owned by, or controlled by foreign adversaries.

To safeguard sensitive genetic information, the bill mandates that all genome sequencing data generated from Texas residents must be stored within the United States. Organizations handling this data must employ reasonable encryption and cybersecurity practices and must ensure that this data is inaccessible to anyone located within a foreign adversary country. HB 130 also requires entities subject to the law to annually certify compliance to the Texas Attorney General and provides the Attorney General with investigative authority to enforce these provisions.

In addition to civil penalties for violations, the bill creates a private cause of action allowing individuals whose genetic data is improperly used or accessed to sue for damages. The legislation reflects a growing concern about cybersecurity, national security, and personal privacy in an era of rapidly advancing genomic technologies, aiming to ensure Texans' genetic information is shielded from foreign exploitation.

The originally filed version of HB 130 focused on securing the genetic information of Texas residents by prohibiting medical and research facilities from using genome sequencers or software linked to foreign adversaries. It required that all genome sequencing data be stored exclusively within the United States and implemented cybersecurity protections. However, the original bill allowed remote access to this data from outside the U.S. only after approval by the Attorney General through a formal application process.

In contrast, the Committee Substitute tightens these restrictions. It removes the Attorney General’s ability to authorize remote access by persons located outside the U.S. entirely. Under the committee substitute, genomic data must not be accessible to anyone located in a foreign adversary country, and no exception or approval process exists for remote access. Additionally, the substitute shifts the standard from data being "inaccessible outside the U.S." to being "inaccessible specifically within the borders of a foreign adversary," which focuses protection more narrowly and strategically.

Another notable change is that the substitute version expands the definition of prohibited entities, clarifying that any company or nonprofit organization that is an affiliate, subsidiary, or parent of an adversary-domiciled entity is included, tightening who can supply genome sequencing technology to Texas facilities.

Finally, minor structural edits were made for clarity, including reorganization of the purpose statement, tightening language around cybersecurity practices, and simplifying compliance certification rules. The enforcement mechanisms (civil penalties and private cause of action) remain largely the same between the two versions.
Author
Greg Bonnen
Angelia Orr
Cole Hefner
Co-Author
Jeffrey Barry
Ben Bumgarner
Giovanni Capriglione
David Cook
Pat Curry
Paul Dyson
Cody Harris
Caroline Harris Davila
Hillary Hickland
Janis Holt
Carrie Isaac
Terri Leo-Wilson
Janie Lopez
John McQueeney
William Metcalf
Katrina Pierson
Ellen Troxclair
Terry Wilson
Sponsor
Bryan Hughes
Co-Sponsor
Lois Kolkhorst
Royce West

Contact the Author

Rep. Greg Bonnen

Capitol Phone:
(512) 463-0729
Capitol Office:
EXT E2.502
E-Mail:
[email protected]
Visit Official Website
Fiscal Notes

According to the Legislative Budget Board (LBB), HB 130 will have no significant fiscal implications for the State of Texas. The bill's requirements—such as requiring annual compliance certifications from medical facilities, companies, research organizations, and nonprofits, and granting enforcement authority to the Attorney General—are expected to generate only minor administrative costs, which agencies can absorb within existing resources.

Additionally, any new revenue generated from civil penalties for violations (up to $10,000 per violation) is projected to be insignificant. The fiscal note assumes that the number of violations detected and successfully prosecuted would be limited, thus not resulting in a substantial fiscal impact either on the state treasury or through increased litigation costs.

For local governments, no significant fiscal impact is anticipated either. The bill's obligations primarily affect private and nonprofit entities operating in the genome sequencing field, not local governmental bodies. Moreover, the courts’ potential workload from private causes of action under the bill is expected to be minimal and manageable without additional resources.

Vote Recommendation Notes

HB 130 represents a focused, proactive effort to protect Texans' most sensitive personal information — their genetic data — from access, use, or exploitation by foreign adversaries. While the bill imposes a regulatory requirement on a narrow class of organizations (those handling genome sequencing), the burden is modest and justified by compelling national security, privacy, and sovereignty concerns.

The bill does not increase the size of government in a significant way, nor does it impose a cost on taxpayers. The enhanced oversight by the Attorney General’s Office is targeted and enforceable through civil penalties and private causes of action, not new agencies or funding. Concerns about state overreach are valid, but well mitigated by the bill’s scope and structure.

Although individuals do choose to share their genetic data, HB 130 addresses a unique and modern challenge: even voluntarily shared data can be exploited at scale by foreign powers with no obligation to uphold U.S. laws, ethics, or transparency. In this case, limited, defensive regulation supports liberty rather than undermining it.

This bill affirms the state's duty to safeguard its citizens from hostile actors while respecting the free market, individual responsibility, and due process. As such, Texas Policy Research recommends that lawmakers vote YES on HB 130.

  • Individual Liberty: The bill enhances individual liberty by protecting the genetic information of Texans from access, analysis, or exploitation by foreign adversaries. It recognizes that genetic data is intensely personal, and securing it defends a citizen's right to privacy and bodily autonomy. Although individuals voluntarily share their data, the bill acts to ensure that their most sensitive information cannot be weaponized without their knowledge or consent, thereby strengthening liberty protections in a modern digital context.
  • Personal Responsibility: The bill maintains the idea that individuals choose to submit their genetic information, but it acknowledges that once shared, individuals realistically lack the tools to protect that information from sophisticated foreign exploitation. Therefore, the bill shifts some responsibility to companies and research institutions, requiring them to secure data and certify compliance annually. This introduces a slight move away from pure personal responsibility in favor of structural safeguards, reflecting a belief that collective action is needed to defend individuals from risks they cannot meaningfully manage alone.
  • Free Enterprise: The bill restricts free enterprise by banning the use of genome sequencers and software developed by foreign adversaries and requiring U.S.-based data storage for genomic information. While this limits market choices for businesses in biotech, medical, and research sectors, the restrictions are narrowly focused on protecting national security and individual privacy. This is a minor and targeted limitation, justified by the extraordinary sensitivity of genetic data, rather than a broad encroachment on market freedom.
  • Private Property Rights: The bill reinforces the principle that individuals have ownership over their genetic information, even after sharing it with medical or research institutions. By requiring that genetic data stay secured within the United States and be protected from adversary countries, the legislation treats genetic data as a form of personal property deserving legal protection. In doing so, it aligns closely with the view that private property — including intangible property like personal data — must be shielded from unauthorized seizure, misuse, or exploitation.
  • Limited Government: The bill does slightly expand the role of the Attorney General by authorizing investigation and enforcement actions against violators. However, it does not create any new government agencies, new permanent bureaucracies, or new taxes. The expansion is tightly tied to the enforcement of the narrowly defined genetic information protections. Thus, while there is a modest growth of government authority, it is carefully limited to areas where private actors alone may be unable to prevent significant harm from foreign threats.
Related Legislation
View Bill Text and Status
Home
© Copyright 2026 - Texas Policy Research
Texas Policy Research Action (TRPA) is a 501c4 organization

Texas Policy Research Initiative (TRPI) is a 501c3 organization

P.O. Box 2408, Weatherford, TX 76086