EncryptedTechnology: Texas Cyber Command (TXCC) FY 2026-27 Certification Pending Learn more →

ComplianceApril 20, 2026· 8 min read

August 31 Is Your Deadline: What Texas Municipalities Must Complete

The Texas training year runs September 1 through August 31. Every covered employee, official, and contractor must complete certified cybersecurity training within it — and your organization certifies compliance at the end. This is your step-by-step action plan.

Important: August 31 is the end of the state fiscal year and the point at which your organization certifies training compliance. Training an entire workforce takes weeks, not days — organizations that have not started enrollment by early summer routinely struggle to reach 100% completion in time.

Who Must Comply

Under Texas Government Code Chapter 2063 (as reorganized by HB 150, 89th Legislature), the annual cybersecurity training requirement covers:

  • Texas state agencies
  • Cities, counties, and municipalities of any size
  • Independent school districts
  • Water districts and other special purpose districts
  • Regional planning commissions and councils of government
  • Any other political subdivision of the state

Within those organizations, the requirement applies to employees, elected and appointed officials, and contractors who have access to the entity's information resources — not just full-time staff. If your organization receives state funding, handles state data, or operates under state oversight, assume you are covered unless you have a written determination otherwise.

The 2026 Compliance Checklist

This is your complete action plan broken down by phase, targeting the August 31, 2026 end of the current training year.

Now — May

  • Confirm your training provider holds a current certification and has committed to the FY 2026-27 criteria (BEC warning signs, foreign adversary awareness, § 572.070 restrictions)
  • Audit your covered-personnel roster — include elected and appointed officials, plus contractors and third-party vendors with system access
  • Confirm your LMS or provider can produce per-person completion records on demand
  • Designate the administrator responsible for your organization's annual compliance certification

June 1–15

  • Begin mass enrollment for all covered employees, officials, and contractors
  • Send mandatory enrollment notifications with a clear internal completion deadline
  • Verify new hires since your last training cycle are included
  • Confirm department heads know completion is being tracked

June 16 — July 31

  • Monitor completion dashboards weekly
  • Send reminder notices to employees not started by July 1
  • Escalate non-completions to department heads by July 15
  • Target 100% completion by July 31 (buffer for stragglers)

August 1–31

  • Chase down and complete any remaining non-completions
  • Export and archive final completion records for every covered person
  • Certify your organization's compliance through the state reporting process by August 31
  • Retain completion records long-term (at least five years) for audit

Consequences of Missing the Deadline

Failure to complete and certify training under Texas Government Code Chapter 2063 can result in:

  • Formal non-compliance designation in state security reporting
  • Loss of eligibility for state cybersecurity grants, or required repayment of awarded funds
  • Findings in state or internal audits requiring a remediation plan
  • Increased scrutiny of your organization's broader security posture

Beyond regulatory consequences, non-compliant organizations typically have employees with measurably lower threat awareness — which directly correlates with higher rates of successful phishing attacks and ransomware incidents.

The Fastest Path to Compliance

If you are reading this in May 2026 and have not yet started, you are not out of time — but you need to act this week, not this month. The critical path is:

  1. Choose a certified training provider (the Texas Cyber Command now maintains the certified program list, a role that transferred from DIR under HB 150)
  2. Upload your covered-personnel roster and launch enrollment immediately
  3. Set a July 31 internal completion deadline for all staff
  4. Certify compliance and archive your completion records in August

Organizations that start this week can realistically reach full completion with a month of buffer to spare.

Start now

We handle the entire compliance process

Enrollment, training delivery, completion tracking, exportable records, and dedicated compliance support — everything your team needs to meet the August 31 deadline without the scramble.