PolicySoupstir the potALPHA

H.R. 5079 (119th)Bill Overview
Full Analysis

Widespread Information Management for the Welfare of Infrastructure and Government Act

Science, Technology, Communications|Advanced technology and technological innovationsComputers and information technology
Sponsor
Andrew R. GarbarinoR
Cosponsors
Support
Republican
Introduced
Sep 2, 2025
Discussions
0
Bill Text
View ↗
Current stageCommittee

Ordered to be Reported (Amended) by the Yeas and Nays: 25 - 0.

Introduced
Committee
Floor
President
Law
Congressional Activities
01 · The brief
Plain-English summaryWhat this bill actually does

This bill reauthorizes and amends the Cybersecurity Act of 2015 through 2035. It updates definitions (adding references to artificial intelligence, critical infrastructure, and Sector Risk Management Agencies), requires Federal development, issuance, and periodic updating of procedures for sharing cyber threat indicators and defensive measures, and directs targeted outreach (especially to small or rural critical infrastructure owners/operators).

Why people may split

AI use: liberals favor enabling defensive AI with safeguards; conservatives are wary of federal AI deployment and want tighter limits; centrists want clearer, reconciled language.

Watch point

Relative to its intended legislative type, this bill is a clearly structured substantive amendment and reauthorization of the Cybersecurity Act of 2015 that includes specific definitional updates, operational requirements (outreach, briefings, read-ins), and reporting mandates, with detailed textual integration into existing law.

This bill reauthorizes and amends the Cybersecurity Act of 2015 through 2035.

It updates definitions (adding references to artificial intelligence, critical infrastructure, and Sector Risk Management Agencies), requires Federal development, issuance, and periodic updating of procedures for sharing cyber threat indicators and defensive measures, and directs targeted outreach (especially to small or rural critical infrastructure owners/operators).

The bill adds requirements for briefings to congressional committees, expands reporting topics to include ransomware and prepositioning activities, creates limited one-time "read-ins" for certain non‑Federal critical infrastructure individuals, adjusts how Sector Risk Management Agencies are engaged, and includes multiple provisions addressing the use, sharing, and technical use of artificial intelligence in cybersecurity activities.

Passage65/100

On content alone the bill modernizes an existing statute in ways that are largely technical, operational, and supportive of improved cybersecurity — features that historically make passage more likely. Modest implementation costs, emphasis on outreach, and lack of high-profile partisan policy changes all increase viability. Ambiguities around the scope and treatment of artificial intelligence in authorized activities and potential stakeholder pushback introduce some risk, particularly in the Senate.

CredibilityPartially aligned

Relative to its intended legislative type, this bill is a clearly structured substantive amendment and reauthorization of the Cybersecurity Act of 2015 that includes specific definitional updates, operational requirements (outreach, briefings, read-ins), and reporting mandates, with detailed textual integration into existing law.

Contention55/100

AI use: liberals favor enabling defensive AI with safeguards; conservatives are wary of federal AI deployment and want tighter limits; centrists want clearer, reconciled language.

02 · What it does
Full Analysis

Who stands to gain, and who may push back.

Likely benefits vs burdens50% / 50%
Federal agencies · CitiesFederal agencies

These are examples from the analysis, not a ranked list of the most-affected groups.

Likely helped
  • Federal agenciesImproved and more rapid cyber threat information sharing among Federal agencies and between Federal and non‑Federal cri…
  • Potential benefitExpanded definitions to explicitly cover AI, operational technology, edge devices, and IoT, and inclusion of Sector Ris…
  • CitiesRequired outreach, technical assistance, and briefings could increase awareness and capacity among smaller or resource‑…
Likely burdened
  • Federal agenciesExpanded federal information sharing and new read‑ins for certain non‑Federal critical infrastructure individuals raise…
  • Potential burdenNew outreach, reporting, technical capabilities, and compliance procedures could impose additional administrative and f…
  • Potential burdenAmbiguities and mixed instructions on use vs. preclusion of artificial intelligence in authorized activities could crea…
03 · Why people split
Full Analysis

Why the argument around this bill splits.

AI use: liberals favor enabling defensive AI with safeguards; conservatives are wary of federal AI deployment and want tighter limits; centrists want clearer, reconciled language.
Progressive70%

A mainstream liberal would likely view the bill mostly positively because it reauthorizes an existing cybersecurity framework, broadens protections to include operational technology and IoT, and requires outreach to small and rural critical infrastructure owners who are often underserved.

They would welcome the emphasis on rapid dissemination of actionable indicators to State/local/Tribal/territorial governments and private operators.

At the same time, they would have concerns about civil liberties and privacy protections in expanded information-sharing, and be wary of any language that unduly restricts use of defensive artificial intelligence tools.

Leans supportive
Centrist70%

A mainstream centrist would generally see this bill as a sensible, incremental reauthorization and modernization of existing cybersecurity sharing authorities, with practical updates to include AI, OT/IoT, and ransomware.

They would appreciate outreach to underresourced critical infrastructure operators and the requirement for regular reporting to Congress.

However, they would be concerned about ambiguous or internally inconsistent language (particularly on AI use and preemption/limitation of state authorities), potential unfunded mandates, and the need for clarity on privacy, liability, and interagency roles.

Leans supportive
Conservative40%

A mainstream conservative would approach the bill with caution.

They would welcome stronger protection of critical infrastructure and federal coordination against cyber threats, but would be concerned about expanded federal authority to engage with, share information about, or read in private sector personnel—especially if that creates regulatory burdens or weakens state control.

The ambiguous treatment of AI might be seen both positively (some clauses appear to preclude certain AI uses) and negatively (other clauses permit AI in processing), increasing concern about unclear executive‑branch discretion.

Split reaction
04 · Can it pass?
Full Analysis

The path through Congress.

Introduced

Reached or meaningfully advanced

Committee

Reached or meaningfully advanced

Floor

Still ahead

President

Still ahead

Law

Still ahead

Passage likelihood65/100

On content alone the bill modernizes an existing statute in ways that are largely technical, operational, and supportive of improved cybersecurity — features that historically make passage more likely. Modest implementation costs, emphasis on outreach, and lack of high-profile partisan policy changes all increase viability. Ambiguities around the scope and treatment of artificial intelligence in authorized activities and potential stakeholder pushback introduce some risk, particularly in the Senate.

Scope and complexity
52%
Scopemoderate
52%
Complexitymedium
Why this could stall
  • No cost estimate or explicit appropriation language is included in the text provided — the magnitude of administrative costs for outreach, briefings, and updates is unknown and could affect congressional support.
  • The bill contains seemingly conflicting language about permitting AI in some technical capabilities while also 'precluding the use of artificial intelligence that is developed or strictly deployed for cybersecurity purposes' in certain authorized activities; interpretation and implementation of this language could be disputed by agencies and stakeholders.
05 · Recent votes

Recent votes on the bill.

No vote history yet

The bill has not accumulated any surfaced votes yet.

06 · Go deeper

Go deeper than the headline read.

Included on this page

AI use: liberals favor enabling defensive AI with safeguards; conservatives are wary of federal AI deployment and want tighter limits; cent…

On content alone the bill modernizes an existing statute in ways that are largely technical, operational, and supportive of improved cybers…

Unlocked analysis

Relative to its intended legislative type, this bill is a clearly structured substantive amendment and reauthorization of the Cybersecurity Act of 2015 that includes specific definitional updates, operational requiremen…

Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.

Perspective breakdownsPassage barriersLegislative design reviewStakeholder impact map
Open full analysis