The SECURE Grid Act amends section 366 of the Energy Policy and Conservation Act to force States to incorporate the physical security, cybersecurity, and resilience of local electric distribution systems into their State energy security plans. It defines "local distribution system" as utility-owned infrastructure at 100 kilovolts or less, requires plans to address weather, physical attacks, supply-chain risks, and cyber threats, and to include suppliers of equipment in the consultation/coverage universe.
Practically, the bill broadens what States must analyze and respond to in energy-security planning, extends the statutory deadline for plans from 2025 to 2030, and makes submission of plans a standing requirement without making Federal approval a prerequisite. That combination shifts more planning responsibility to States and their local utilities while bringing suppliers and distribution-level vulnerabilities explicitly into federally referenced planning processes.
At a Glance
What It Does
The bill amends 42 U.S.C. 6326 to (1) define a 'local distribution system' as utility assets at 100 kV or less; (2) require State energy security plans to analyze and plan for physical threats, supply-chain vulnerabilities, and cybersecurity risks to distribution systems; (3) add equipment suppliers to the list of stakeholders; and (4) require plan submission while clarifying submissions need not be approved by the Secretary. It also extends the statutory timeline from 2025 to 2030.
Who It Affects
Electric utilities that own or operate distribution assets at or below 100 kV, manufacturers and suppliers of generation/transmission/distribution equipment, State energy offices and regulators who prepare plans, and local communities and critical infrastructure served by distribution systems. Transmission operators and bulk‑power entities are affected to the extent distribution vulnerabilities can cascade to the bulk system.
Why It Matters
This is a planning-level change that pulls distribution-level security — historically a local utility concern — into federally referenced State energy security plans and attaches supply-chain and cybersecurity assessments to that duty. For compliance officers, utilities, and suppliers, the bill expands who must be consulted and what vulnerabilities must be analyzed, shifting more preparatory burdens onto States and private actors while limiting federal approval authority.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The SECURE Grid Act revises the current federal framework for State energy security plans by explicitly requiring those plans to consider the security and resilience of local distribution systems. The bill inserts a new definition of 'local distribution system' (utility-owned infrastructure at voltages of 100 kilovolts or less), which brings primary distribution feeders, many subtransmission lines, and most equipment serving communities squarely into the planning universe.
That definition matters because it sets the technical boundary for what States must analyze.
The bill broadens the parties named in the statute: in addition to "owners and operators," State plans must recognize suppliers of equipment for generation, transmission, and distribution. States must therefore incorporate supply-chain risk assessment into their hazard analyses and consult or account for manufacturers and vendors when developing mitigation strategies.
The statutory hazards list is expanded to require plans to address weather-related vulnerabilities, physical attacks on both distribution and bulk-power systems, supply-chain risks for equipment, and cybersecurity threats that could originate at the distribution level yet affect the broader grid.On mitigation, the Act requires plans to include a "risk mitigation approach" that enhances reliability and end-user resilience, specifying methods for responding to, mitigating, and recovering from the hazards described. That pulls resilience measures — such as distributed resources, hardening, microgrids, restoration prioritization, and supply-chain contingencies — into the plans as expected deliverables rather than optional considerations.
The bill also alters administrative mechanics: States must submit the updated plans to the Secretary to remain eligible for whatever programmatic benefits the statute ties to compliance, but the amendment explicitly states submissions do not require Secretary approval. Finally, the bill moves the statutory deadline for plan completion from 2025 to 2030, giving States a longer window to revise plans and to engage newly included stakeholders.
The Five Things You Need to Know
The bill defines 'local distribution system' as utility-owned infrastructure operated at a voltage of 100 kilovolts or less, making that the statutory scope for distribution-level planning.
State plans must analyze and plan for supply-chain risks for equipment used in generation, transmission, and distribution — suppliers are added to the list of relevant parties.
Plans must address both physical threats (including weather and physical attacks on distribution and bulk systems) and cybersecurity threats that originate in, or affect, local distribution systems.
States are required to submit updated plans to remain eligible under section 366, but the statute now clarifies that a submission does not need to be approved by the Secretary.
The statutory compliance deadline in section 366 is extended from 2025 to 2030, giving States five additional years to update plans and engage stakeholders.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
New definition: local distribution system
The amendment inserts a statutory definition that confines 'local distribution system' to energy infrastructure owned and operated by an electric utility at voltages of 100 kV or less. That threshold determines which equipment and lines States must evaluate under their plans. Practically, many subtransmission circuits, distribution feeders, and associated substations fall inside this boundary, which will expand planning attention beyond high-voltage transmission.
Extends stakeholders to include equipment suppliers
The bill expands the enumerated parties in the statute to include 'suppliers of equipment for the generation, transmission, and distribution of electricity.' This pulls manufacturers, vendors, and original equipment suppliers into the statutory stakeholder list, increasing the expectation that States consult or at least account for supplier-related risks (manufacturing footprints, spare parts availability, firmware provenance) when conducting assessments and developing mitigation strategies.
Requires hazard analysis and a risk‑mitigation approach focused on distribution
Paragraph (3) is rewritten to require plans to analyze specific hazards: weather, physical attacks on both local distribution and bulk‑power systems, and supply‑chain risks for equipment; and to explicitly include cybersecurity threats and vulnerabilities that originate at the distribution level yet could affect the bulk system. Paragraph (5) is reframed to require a 'risk mitigation approach' that covers response, mitigation, and recovery to enhance reliability and end‑use resilience. In short, States must move from identifying hazards to laying out concrete mitigation and recovery methods in the plans.
Adjusts the list of eligible entities referenced in the statute
The bill amends the subparagraph structure to add an explicit reference to entities 'supplying equipment for the generation and transmission of electricity,' clarifying that these suppliers are treated alongside owners and operators for certain statutory purposes. This structural change signals that suppliers are among the classes of entities that States should engage or consider when preparing plans and when the statute directs consultation or eligibility discussions.
Submission requirement and non‑approval clarification
The amendment rewords the eligibility provision to frame submission as a required act for State eligibility and then adds a new clause stating that a submission 'is not required to be approved by the Secretary.' This is a significant administrative change: States must still submit their plans under the statute, but the Secretary's approval is not a statutory gating condition. The change separates federal receipt from federal endorsement, which affects the degree of federal oversight embedded in the program.
Technical insertion and deadline extension
Section (h) adds 'local distribution system' to an existing provision that previously referenced electric utilities, ensuring the new term appears in cross-references. Section (i) replaces the year '2025' with '2030,' extending the deadline for compliance by five years. That extension alters timing expectations for States, utilities, and suppliers and may affect when planning activities and investments are scheduled.
This bill is one of many.
Codify tracks hundreds of bills on Energy across all five countries.
Explore Energy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- State energy offices and planners — The bill gives them explicit statutory cover to prioritize distribution-level security and to require supplier engagement, enabling more holistic State plans and potentially broader access to federal program benefits tied to plan submission.
- Local electric utilities (distribution owners/operators) — Inclusion of distribution systems in plans can direct more attention and potentially more resources toward hardening, restoration planning, and coordination with state emergency response, improving operational resilience.
- Communities and critical infrastructure customers — By forcing hazard analyses and mitigation planning at the distribution level, the bill raises the chance that restoration priorities, microgrid planning, and resilience investments will reflect local needs.
- Cybersecurity and supply‑chain risk services providers — The statutory requirement to assess cybersecurity and supplier risks creates market demand for audits, assessments, and mitigation tools, benefiting specialized vendors and consulting firms.
- Equipment suppliers willing to engage — Firms that cooperate in planning may gain clearer expectations about State resilience priorities and have opportunities to influence procurement and spare-part strategies.
Who Bears the Cost
- Electric utilities (particularly smaller and municipal utilities) — They face additional planning, reporting, and potential hardening costs to meet new State-led expectations, including time and expense to support State risk-mitigation approaches.
- Equipment manufacturers and suppliers — Added scrutiny of supply chains and requirements to participate in planning may increase compliance costs, require disclosure of supplier networks or firmware provenance, and expose them to liability or procurement exclusion risks.
- State energy offices — The bill expands their workload (technical analyses, stakeholder outreach, plan drafting) without attaching funding in the text, creating an unfunded-mandate risk for already-stretched offices.
- Ratepayers and local governments — If utilities recover costs through rates or local budgets, communities may ultimately shoulder the expense of investments prompted by the new planning requirements.
- Federal agencies and grid overseers — The shift to non‑approval submission may complicate federal coordination; agencies may need to invest time in outreach or technical assistance to achieve consistent resilience outcomes despite lacking statutory approval authority.
Key Issues
The Core Tension
The core tension is between empowering States and local actors to address distribution-level risks swiftly (including supplier engagement) and the need for consistent, enforceable national standards and funding to ensure those local measures actually reduce cascading risks to the bulk-power system; the bill prioritizes decentralized planning and speed over centralized approval and uniform minimum standards.
The Act expands planning responsibilities but leaves key implementation details unresolved. Defining distribution at a 100 kV threshold is administratively convenient but operationally blunt: utilities and regulators use different voltage cutoffs for distribution vs. transmission, and some high‑impact lines sit near that threshold.
The statute requires supply‑chain risk analysis and supplier participation without specifying what level of disclosure or standards suppliers must meet, creating potential commercial‑confidentiality, procurement, and enforcement questions. States will need to design workable protocols for assessing vendor risk while balancing proprietary concerns.
Another tension arises from the administrative change that makes plan submission mandatory but removes the Secretary's approval requirement. That increases State autonomy but reduces a federal lever for enforcing minimum standards or coordinating across State lines.
Without accompanying funding, many State energy offices and smaller utilities may struggle to complete the deeper technical analyses the law now expects; the five‑year deadline extension eases timing pressures but does not solve resource constraints. Finally, cybersecurity and physical‑security planning at the distribution level can require sensitive data-sharing; the bill does not create explicit protections for such data or clarify how NERC/FERC frameworks interact with State-level requirements, leaving potential gaps in legal authority and operational coordination.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.