PolicySoupstir the potALPHA

H.R. 2594 (119th)Bill Overview
Full Analysis

To establish a Water Risk and Resilience Organization to develop risk and resilience requirements for the water sector.

Environmental Protection|Environmental Protection
Sponsor
Eric A. "Rick" CrawfordR
Cosponsors
Support
Lean Republican
Introduced
Apr 2, 2025
Discussions
0
Bill Text
View ↗
Committee
Transportation, Housing and Urban Development, and Related Agencies Subcommittee
Current stageCommittee

Referred to the Committee on Transportation and Infrastructure, and in addition to the Committee on Energy and Commerce, for a period to be subsequently determined by the Speaker,…

Introduced
Committee
Floor
President
Law
Congressional Activities
01 · The brief

Creates a Water Risk and Resilience Organization (WRRO), certified by the EPA Administrator, to develop cybersecurity risk and resilience requirements for covered water systems serving 3,300+ people.

The WRRO proposes requirements and implementation plans to the Administrator for approval, monitors compliance, and may impose penalties (up to $25,000/day) subject to Administrator review.

The WRRO must be independent, protect sensitive security information, and report aggregated findings; $10 million is authorized to support the WRRO.

Passage45/100

Narrow, technical infrastructure bill with limited cost exposure increases chances, but novel private‑regulator enforcement and fines create legal and political friction.

CredibilityPartially aligned

Relative to its intended legislative type, this bill sets up a substantive regulatory framework creating and certifying a non‑federal Water Risk and Resilience Organization to develop cybersecurity risk and resilience requirements for covered water systems, and it supplies substantial procedural mechanics for proposal, approval, monitoring, and enforcement while leaving technical standard-setting and many details to rulemaking and the certified organization.

Contention72/100

Support split over public safeguards versus private enforcement role

02 · What it does
Full Analysis

Who stands to gain, and who may push back.

Who this appears to help vs burden50% / 50%
Targeted stakeholdersFederal agencies · States
Likely helped
  • Targeted stakeholdersImproves cybersecurity resilience, potentially reducing service disruptions and contamination risks.
  • Targeted stakeholdersCreates standardized technical requirements for large water systems, increasing regulatory predictability.
  • Targeted stakeholdersGenerates demand for cybersecurity professionals and third-party assessors to meet monitoring and compliance needs.
Likely burdened
  • Targeted stakeholdersImposes compliance costs, dues, fees, and assessment expenses on covered water systems and their customers.
  • Federal agenciesAuthorizes a nonfederal entity to set requirements and levy penalties up to $25,000 per day.
  • StatesMay create duplication or conflict with existing state regulations, increasing regulatory complexity.
03 · Why people split
Full Analysis

Why the argument around this bill splits.

Support split over public safeguards versus private enforcement role
Progressive80%

Likely supportive because the bill addresses cybersecurity threats to public water systems and creates technical standards and monitoring.

Cautions would focus on ensuring equitable compliance support for smaller systems, transparency, and public accountability of the WRRO.

Leans supportive
Centrist65%

Cautiously favorable if safeguards on costs, transparency, and Administrator oversight are strong.

The structure balances technical expertise with federal review, but the single-organization model and penalty regime merit careful guardrails.

Split reaction
Conservative20%

Skeptical or opposed due to new de facto federal regulatory regime, delegated authority to a non-federal organization, and substantial penalties and fees.

Prefers state primacy and less federal-driven compliance cost.

Likely resistant
04 · Can it pass?
Full Analysis

The path through Congress.

Introduced

Reached or meaningfully advanced

Committee

Reached or meaningfully advanced

Floor

Still ahead

President

Still ahead

Law

Still ahead

Passage likelihood45/100

Narrow, technical infrastructure bill with limited cost exposure increases chances, but novel private‑regulator enforcement and fines create legal and political friction.

Scope and complexity
52%
Scopemoderate
52%
Complexitymedium
Why this could stall
  • No cost estimate or CBO score included
  • Potential legal challenges to private enforcement delegation
05 · Recent votes

Recent votes on the bill.

No vote history yet

The bill has not accumulated any surfaced votes yet.

06 · Go deeper

Go deeper than the headline read.

Included on this page

Support split over public safeguards versus private enforcement role

Narrow, technical infrastructure bill with limited cost exposure increases chances, but novel private‑regulator enforcement and fines creat…

Unlocked analysis

Relative to its intended legislative type, this bill sets up a substantive regulatory framework creating and certifying a non‑federal Water Risk and Resilience Organization to develop cybersecurity risk and resilience r…

Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.

Perspective breakdownsPassage barriersLegislative design reviewStakeholder impact map
Open full analysis