Data Infrastructure Risk Reduction Act
- Bill Number
- H.R. 8711
- Origin Chamber
- House
- Congress
- 119th Congress, Session 2
- Policy Area
- Government Operations and Politics
- Status
- Introduced
- Latest Action
- 2026-05-08: Referred to the Subcommittee on Cybersecurity and Infrastructure Protection.
- Last Updated
- 2026-07-01T08:09:11Z
AI-Generated Summary
Data Infrastructure Risk Reduction Act (H.R. 8711)
Purpose
This bill aims to strengthen the security of data centers—large facilities that store and process data—by requiring a federal strategy to protect them from external cyber or physical attacks by bad actors (malefactors) and to safeguard nearby communities.
Key Provisions
- Timeline and Responsibilities: Within 180 days of enactment, the Secretary of Homeland Security, through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), must collaborate with the Secretary of Defense (as needed) to:
- Identify specific data centers that qualify as critical infrastructure (essential systems whose disruption could harm national security, economy, or public health/safety).
- Assess vulnerabilities in connected power and water supplies, especially above-ground electric power lines and substations.
- Evaluate risks from data centers located near residential areas or communities.
- Required Deliverable: Submit a comprehensive strategy to Congress, including recommendations to:
- Defend identified data centers from external breaches.
- Protect surrounding communities and residential areas.
- Definitions:
- Critical infrastructure: As defined in the USA PATRIOT Act (systems vital to the U.S.).
- Data center: As defined in the Energy Independence and Security Act of 2007 (facilities housing computer systems for data storage/processing).
Significant Changes to Existing Law
- Introduces a new mandate for DHS/CISA to formally designate certain data centers as critical infrastructure and develop a tailored defense strategy.
- No direct amendments to prior laws, but builds on existing definitions from the PATRIOT Act and energy legislation.
Potential Impacts
- Government Agencies: DHS/CISA gains responsibilities for assessment and strategy development; may increase coordination with Defense Department and lead to new funding/program needs.
- Citizens and Communities: Enhanced protections for areas near data centers, potentially reducing risks from attacks or infrastructure failures (e.g., power outages).
- Data Center Operators: Could face heightened scrutiny, regulations, or security requirements if designated critical.
- No direct international relations impact noted, though stronger defenses may indirectly bolster U.S. cybersecurity posture globally.
Main Stakeholders Affected
- Federal Agencies: DHS (CISA), Department of Defense.
- Private Sector: Data center owners/operators (e.g., tech companies like those running cloud services).
- Local Governments/Communities: Residential areas near data centers.
- Congress: Receives the strategy for oversight and potential further action.
Notable Legal, Constitutional, or Political Implications
- Legal: Establishes a clear federal role in protecting private data infrastructure without mandating immediate regulations—focuses on planning/recommendations, preserving flexibility.
- Constitutional: Aligns with Congress's authority over national security and commerce; no apparent conflicts with states' rights or property protections.
- Political: Referred to House Committees on Homeland Security and Energy/Commerce, signaling bipartisan interest in cybersecurity; emphasizes emerging risks from data center growth without partisan framing.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Subramanyam, Suhas [D-VA-10]
Cosponsors (1)
Rep. Ross, Deborah K. [D-NC-2]
Recent Actions
- 2026-05-08: Referred to the Subcommittee on Cybersecurity and Infrastructure Protection.
- 2026-05-07: Referred to the Committee on Homeland Security, and in addition to the Committee on Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2026-05-07: Referred to the Committee on Homeland Security, and in addition to the Committee on Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2026-05-07: Introduced in House
- 2026-05-07: Introduced in House
Bill Versions
- Data Infrastructure Risk Reduction Act — issued 2026-05-07 — PDF (3 pages)