Lulu’s Law mandates that the Federal Communications Commission, within 180 days of enactment, issue an order declaring that a shark attack is an event for which a Wireless Emergency Alert (WEA) — an "Alert Message" under 47 C.F.R. §10.10(a) — may be sent. The bill is extremely narrow in substance: it adds a single event category but does not change who may originate alerts, allocate funds, or prescribe operational criteria for transmitting such alerts.
The change matters because WEA is the primary nationwide cellphone alerting mechanism for imminent threats to life and safety. Labeling "shark attack" as an eligible event gives coastal authorities a clear path to notify the public via WEA, but it also forces FCC, FEMA/IPAWS, state and local emergency managers, and wireless carriers to resolve technical, procedural, and policy questions — from message coding and geotargeting thresholds to false-alarm risks and coordination protocols — within a short statutory timeframe.
At a Glance
What It Does
The bill requires the FCC to issue an order, within 180 days, providing that a shark attack qualifies as an event for which a Wireless Emergency Alert may be transmitted under the existing regulatory definition of an "Alert Message." It directs the FCC to take that administrative step but does not itself change alert originators, message content rules, or technical standards.
Who It Affects
Directly affected parties include the FCC (which must act), FEMA and the IPAWS infrastructure (which interoperate with WEA), state and local emergency management agencies and lifeguard organizations that would consider using WEA for coastal incidents, and wireless service providers that transmit WEA traffic and map event codes to carrier systems.
Why It Matters
The bill sets a precedent for Congress to specify discrete event types eligible for WEA rather than leaving taxonomy to administrative processes; it raises immediate implementation work for regulators and carriers and practical trade-offs for local officials weighing life-safety benefits against risks of alert fatigue and public disruption.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
Lulu’s Law is a compact, focused statutory instruction: it tells the FCC to declare that a "shark attack" is an event type for which a Wireless Emergency Alert can be sent. To make that declaration the bill points to the existing regulatory concept of an "Alert Message" in 47 C.F.R. §10.10(a), and gives the Commission a 180-day deadline to issue an order.
The statute does not itself change who is authorized to create or approve WEA messages, nor does it provide funding, define operational thresholds, or prescribe the wording or geographic scope of any future shark-attack alerts.
Because the bill is terse, the operational work falls to agencies and private parties that run the alerting ecosystem. Practical implementation will likely require the FCC to coordinate with FEMA (which runs IPAWS and maintains the interfaces to WEA), with state and local emergency management agencies (the typical alert originators), and with wireless carriers that must recognize and propagate any new event code or taxonomy change.
That coordination touches mapping of CAP (Common Alerting Protocol) event codes to WEA/CMAS event types, template language, geotargeting granularity for beaches and coastal waters, and procedures for verifying an incident before issuing a message.The bill’s language is deliberately permissive: it authorizes alerts for "shark attack" but does not compel local officials to use WEA in any particular circumstance. That permissive framing preserves discretion — an alert could be appropriate for an immediate, credible, ongoing threat to people on a specific beach — but it also leaves unanswered how to distinguish between single, isolated incidents and situations that genuinely justify a wireless emergency alert.
Finally, the 180-day clock and absence of implementation funding create a compressed timeframe for the FCC and its partners to define event codes, issue guidance, and perform any necessary technical updates on carrier and IPAWS systems.
The Five Things You Need to Know
The bill gives the FCC 180 days to issue an order declaring that a "shark attack" is an event for which a Wireless Emergency Alert may be sent.
It defines "Alert Message" by reference to 47 C.F.R. §10.10(a), relying on existing regulatory definitions rather than creating a new statutory definition.
The statutory text authorizes WEA as an available tool for shark attacks — it does not require any particular jurisdiction to send an alert or direct carriers to originate messages.
Lulu’s Law contains no funding, no technical standards, and no procedural requirements; implementation will depend on FCC coordination with FEMA/IPAWS, state/local originators, and wireless providers.
The change will likely require mapping or adding an event code in CAP/WEA taxonomies and updating carrier software or alert templates so that WEA messages referencing shark attacks are routed and displayed correctly.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title (Lulu’s Law)
This is the act’s caption only. It has no substantive effect but signals congressional intent to codify a discrete change to the WEA eligibility scheme. Practically, the short title can be used in subsequent administrative or legislative references, but it does not alter regulatory duties or timelines.
Cross-reference to existing WEA definition
Section 2(a) adopts the term "Alert Message" by reference to the existing regulatory definition in 47 C.F.R. §10.10(a) (or any successor regulation). That cross-reference anchors the statutory change in the current WEA regulatory framework instead of creating a parallel statutory regime, which means implementation will occur through the administrative processes already governing WEA messages (FEMA/IPAWS, CAP formatting, carrier technical interfaces).
Mandatory FCC order to permit WEA for shark attacks (180-day deadline)
This is the operative provision. It requires the FCC, within 180 days, to issue an order providing that a shark attack is an event for which an Alert Message may be transmitted. The provision imposes a timing obligation but leaves the form of the order unspecified: the Commission could issue a declaratory ruling, amend regulations, or publish guidance. The provision does not address who may originate such a message, how severity or geographic scope will be assessed, or how event coding will be implemented — all practical matters that the FCC, FEMA, local authorities, and carriers will need to resolve.
This bill is one of many.
Codify tracks hundreds of bills on Government across all five countries.
Explore Government in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Coastal residents and beachgoers: They gain an explicit, recognized pathway for receiving cellphone alerts about imminent shark-related threats that could speed lifesaving warnings when a credible, localized hazard exists.
- Local emergency management and lifeguard agencies: The designation gives these authorities clearer legal cover to push WEA notifications in high-risk incidents, expanding tools available for public-safety communications.
- Tourism-dependent local governments and businesses: While alerts may be disruptive, having a standardized mechanism reduces ambiguity about when to warn the public and can limit liability concerns by documenting use of an established federal alert channel.
- FEMA/IPAWS and public-safety planners: The change clarifies event taxonomy and may strengthen multiagency playbooks for coastal incidents, improving interoperability across jurisdictions if agencies invest in standard procedures.
Who Bears the Cost
- Federal Communications Commission: The FCC must meet the 180-day statutory deadline, perform interagency coordination, and potentially undertake a rulemaking or order without dedicated appropriations.
- Wireless service providers: Carriers may need to update software, event-code mappings, and internal procedures to recognize and transmit "shark attack" alerts correctly, incurring development and testing costs.
- State and local emergency management agencies and lifeguard operations: These entities must develop policies, training, and verification procedures to determine when a shark-attack WEA is appropriate, imposing operational burdens on often resource-constrained offices.
- Tourism businesses and local economies: Even accurately targeted alerts can depress beach attendance and trigger reputational impacts; repeated or poorly targeted messages risk economic costs from lost visitors.
Key Issues
The Core Tension
The bill pits two legitimate goals against one another: the desire to give coastal communities a clear, life-saving warning tool for rare but immediate threats versus the risk that adding narrowly defined alert categories — without clear operational rules or funding — creates administrative burden, increases false alarms, and diminishes public trust in the WEA system.
Two implementation issues dominate. First, the bill creates a statutory eligibility category but leaves the operational and technical mechanics to existing administrative systems.
That invites a sequence of near-term questions: will the FCC amend 47 C.F.R. §10.10 or issue a declaratory order; how will FEMA/IPAWS and state/local originators incorporate a new event code into CAP; and what geotargeting resolutions are acceptable for coastal waters and narrow beach corridors? Those questions matter because WEA systems have size and character limits (message length, geographic polygons) that affect whether an alert can be both timely and accurate.
Second, the policy trade-offs are real and unresolved. Adding narrowly defined event types by statute risks a precedent where Congress incrementally expands WEA categories, shifting what should be technical or operational determinations into law.
That can fragment alert taxonomy and raise alert-fatigue risks: overuse or poorly targeted shark-attack alerts could erode public trust in WEA, reducing responsiveness to real imminent threats. The bill also leaves unanswered definitional thresholds (what constitutes a "shark attack" for WEA purposes), verification standards before sending emergency messages, and liability concerns for false or premature alerts, all of which will require practical guidance from agencies or might be litigated post-implementation.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.