LegisTrack
Back to all bills
HR 5079119th CongressIntroduced

Widespread Information Management for the Welfare of Infrastructure and Government Act

Introduced: Sep 2, 2025
InfrastructureTechnology & Innovation
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

H.R. 5079 would reauthorize and expand the Cybersecurity Act of 2015, updating its scope to address newer cyber risks and technologies. The bill adds definitions for artificial intelligence, critical infrastructure, and a new category called Sector Risk Management Agencies, and it broadens how the federal government shares cyber threat indicators and defensive measures with non-federal entities, including private owners and operators of critical infrastructure. It also imposes new requirements around outreach, information sharing, and oversight, while introducing restrictions and guardrails around the use of artificial intelligence in cybersecurity activities. Additionally, the bill extends the act’s effective period and requires more frequent congressional reporting on cyber threats, including ransomware and prepositioning efforts. Overall, it aims to improve real-time information sharing, broaden protection of critical infrastructure, and strengthen cyber defense coordination across federal and non-federal actors. Potential impacts include greater collaboration between federal agencies and private sector entities that run critical infrastructure, more formalized oversight of cyber threat information sharing, and new privacy protections related to removing personal information before sharing indicators. Some provisions would increase compliance obligations on private sector operators and could shift certain activities toward AI-enabled approaches, subject to new restrictions.

Key Points

  • 1Expanded definitions and scope, including artificial intelligence, critical infrastructure, and Sector Risk Management Agencies, broadening who and what is covered by the act.
  • 2Strengthened information sharing between the Federal Government and non-Federal entities, with updated sharing procedures, policies, and the introduction of one-time read-ins for select owners/operators of critical infrastructure.
  • 3New safeguards and usage rules for artificial intelligence in cybersecurity activities, including explicit authority to preclude certain AI use while allowing AI tools that are developed or deployed for cybersecurity under defined conditions.
  • 4Mandatory outreach and privacy protections, including a plan to educate small or rural critical infrastructure operators on how to share threat indicators and defensive measures, and requirements to remove certain personal information before sharing data.
  • 5Expanded reporting and oversight, including biennial cybersecurity threat reports that cover prepositioning activities and ransomware, and an extension of the act’s effective period to 2035, along with annual briefings to congressional committees on outreach and implementation.

Impact Areas

Primary group/area affected- Federal and non-Federal owners/operators of critical infrastructure (e.g., energy, water, transportation, communications, financial services) and Sector Risk Management Agencies; state/local/tribal governments that participate in information sharing and response.Secondary group/area affected- Federal agencies involved in cybersecurity (e.g., Department of Homeland Security, Department of Justice) and private sector cybersecurity providers that support critical infrastructure operations.Additional impacts- Privacy and civil liberties considerations due to information sharing, with explicit safeguards to remove personal information prior to sharing.- Potential regulatory and compliance burdens for organizations participating in information sharing, including adoption of updated policies, procedures, and outreach requirements.- Strategic shift toward AI-enabled cybersecurity capabilities, balanced by explicit prohibitions or limitations on AI use in certain activities.
Generated by gpt-5-nano on Oct 8, 2025