As of September 1, 2025, Texas SB 2610 gives businesses that maintain a recognized cybersecurity program an affirmative defense against certain data-breach claims. It is a genuine incentive to do security well. But the defense only holds if the program is real and documented — not a binder you bought and never implemented.
Sized to your headcount
SB 2610 scales expectations by company size (under 20, 20–99, and 100–249 employees), anchored on recognized frameworks like the NIST Cybersecurity Framework. We build the program to the tier you fall into.
One program, three Texas laws
A single well-built program also addresses the TDPSA (Texas Data Privacy & Security Act) and the new TRAIGA AI obligations. We implement the controls, write the documentation, and keep the evidence current — your attorney confirms how the safe harbor applies to you.