Key dates: Training providers submit programs for FY 2026-27 certification between June 1 and July 31, 2026. The Texas Cyber Command publishes the certified program list on August 31, 2026, and the FY 2026-27 training year begins September 1, 2026.
A New Certification Authority
House Bill 150 (89th Legislature, 2025) transferred responsibility for certifying cybersecurity training programs from the Texas Department of Information Resources (DIR) to the newly created Texas Cyber Command (TXCC). The annual training requirement itself now lives in Texas Government Code Chapter 2063: covered employees, elected and appointed officials, and contractors with access to government information resources must complete a certified training program each year.
Practically, this means the certified provider list your organization relies on is now published and maintained by the Texas Cyber Command, not DIR. DIR still handles other cybersecurity functions — such as security incident reporting and the state Security Control Standards — but training certification has moved.
What Actually Changed in the Content Requirements
The FY 2026-27 certification standards add several required topic areas that were not part of earlier cycles:
- Business email compromise (BEC) — including the specific warning signs of forced urgency, unnatural text, repetitive writing, and unverifiable details.
- Foreign adversary influence operations — including United Front Work Department (UFWD) tactics and methods, resources on UFWD activity in Texas, and how to report concerns to the Texas Ethics Commission.
- Foreign adversary restrictions — the Texas Government Code § 572.070 prohibitions on accepting travel, gifts, or lodging from foreign adversaries, the 30-day reporting requirement, and the consequences for violations.
Training programs certified for FY 2026-27 must cover these areas. If your current provider's curriculum has not been updated for the new criteria, it will not carry a FY 2026-27 certification.
Critical Dates
Note the distinction: June 1 – July 31 is the window for training providers to submit their programs for certification. Your organization's obligation is to make sure covered personnel complete certified training each year and to certify compliance through the state reporting process by August 31.
What Your Organization Should Do Now
- Ask your current training provider whether they have submitted for FY 2026-27 certification with the Texas Cyber Command and whether their curriculum covers the new BEC, foreign adversary, and § 572.070 content areas.
- Update your covered-personnel roster to include contractors and third-party vendors with access to government systems — they are covered by the training requirement.
- Check the Texas Cyber Command's certified program list when it is published on August 31, 2026, and confirm your provider is on it before the new training year.
- Plan enrollment early in the FY 2026-27 year so completions are not compressed against next year's August 31 compliance certification.
- Keep proof-of-completion records for every covered person, available for audit.
Planning for FY 2026-27?
Our platform handles it automatically
Curriculum built to the FY 2026-27 TXCC criteria, automated enrollment, completion tracking, and dedicated compliance support — designed specifically for Texas government entities.
