Skip to content
Back to Blog
House Passes Legislation to Strengthen Grid and Cybersecurity for Commercial Facilities
RegulationsJuly 3, 202612 min readMy Electrical TechMy Electrical Tech

House Passes Legislation to Strengthen Grid and Cybersecurity for Commercial Facilities

Quick Answers for Property & Facility Managers

How does the new grid cybersecurity legislation affect commercial buildings and data centers?

The House passed four energy security bills that will strengthen state energy planning, clarify U.S. Department of Energy emergency leadership, and enhance cybersecurity support for utilities.[5] For large commercial buildings and data centers, this means tighter reliability expectations, more robust utility cyber controls, and evolving design and compliance requirements for critical electrical infrastructure.

Will these grid cybersecurity bills change what facility managers must do for electrical compliance?

The legislation focuses on utilities and federal coordination, not direct building mandates.[5] However, as utilities update standards and emergency procedures, facility managers should expect downstream impacts on interconnection requirements, backup power strategies, and cybersecurity expectations for onsite systems, all layered on top of NEC, NFPA 70E, OSHA, and local AHJ compliance.

What immediate steps should property managers take in response to this new grid security legislation?

Near term, use the new legislation as a trigger to review business continuity, backup power, and cyber policies with your utility and your electrical/IT teams.[5] Confirm contact protocols for energy emergencies, assess critical loads, and ensure your switchgear, generators, UPS, and controls are documented, tested, and aligned with current NEC and NFPA 70E best practices.

New grid and cybersecurity legislation: why commercial facilities should pay attention

The U.S. House of Representatives has passed a package of four energy and cybersecurity bills designed to harden the electric grid, improve emergency coordination, and strengthen cybersecurity support for utilities.[5] While the legislation targets state energy planning and utility operations, it will shape the environment in which commercial and industrial facilities operate—especially mission-critical buildings such as data centers, hospitals, campuses, and large office or industrial properties.

The bills include the Securing Community Upgrades for a Resilient Grid (SECURE Grid) Act, the Energy Emergency Leadership Act, the Rural and Municipal Utility Cybersecurity Act, and the Energy Threat Analysis Center Act of 2026.[5] Together, they strengthen state energy security planning, establish clear Department of Energy (DOE) leadership during energy emergencies, reauthorize cybersecurity grants and technical assistance for smaller utilities, and codify a threat analysis center to improve intelligence sharing between the federal government and energy producers.[1][5]

For building owners and facility managers, the key takeaway is that grid-side resilience and cybersecurity expectations are rising. This will not only affect reliability and outage response, but also the standards and practices that propagate down into commercial electrical design, interconnection requirements, and risk management.

What the four energy security bills do—and why it matters downstream

According to the House Committee on Energy and Commerce, each bill targets a specific dimension of grid security:[5]

  • SECURE Grid Act (H.R. 7257) – Improves visibility into evolving cyber, physical, and supply chain risks and pushes states to adopt more durable distribution planning that reflects those risks.[5] This supports more resilient grid planning and encourages utilities and state agencies to consider complex engineering operations as they modernize infrastructure.[1][5]
  • Energy Emergency Leadership Act (H.R. 7258) – Clarifies and strengthens DOE’s leadership role during energy emergencies, ensuring the agency has focused and accountable leadership to protect the public from natural and man‑made hazards, including emerging foreign adversary threats.[5]
  • Rural and Municipal Utility Cybersecurity Act (H.R. 7266) – Reauthorizes the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance program for five years to equip small utilities with resources to secure their systems and keep the lights on.[1][5] This is significant for facilities served by co‑ops and municipal utilities.
  • Energy Threat Analysis Center Act of 2026 (H.R. 7305) – Reauthorizes and codifies the Energy Threat Analysis Center for five years, clarifying authorities to enhance collaboration between grid operators, utilities, and the government, including the intelligence community.[1][5] The center convenes energy sector stakeholders and federal experts to identify and address threats to critical infrastructure, especially from nation‑state adversaries.[5]

Individually, these bills do not rewrite the National Electrical Code (NEC) or directly change building‑level design rules. Instead, they raise the bar on how states and utilities plan for, detect, and respond to threats. Over time, that can translate into new utility requirements, revised interconnection standards, and stricter expectations for any facility whose operations are tightly coupled to grid reliability.

a close-up of a labeled three-phase 200-amp electrical panel with breakers — commercial electrical

Implications for reliability, risk, and business continuity in commercial buildings

From a property and facility management perspective, the biggest practical impact is on reliability planning and business continuity. The SECURE Grid Act’s focus on durable distribution planning and evolving cyber and physical threats means utilities and states will be under pressure to incorporate more sophisticated risk assessments into grid planning.[5] That may lead to:

  • Updated utility reliability standards and outage response protocols affecting how and when large customers are notified and restored.
  • Stronger expectations around critical infrastructure customers (e.g., hospitals, data centers, industrial plants) and their coordination with utilities during planned and unplanned events.
  • Greater emphasis on contingency planning, mutual aid, and prioritization schemes that can impact multi‑tenant commercial properties and large campuses.

For building owners, this reinforces the need for a documented business continuity and electrical resilience strategy. Even as utilities strengthen their own cybersecurity and emergency processes, commercial facilities remain responsible for:

  • Identifying critical loads across three‑phase distribution, HVAC, life safety systems, data rooms, process equipment, and vertical transportation.
  • Ensuring that backup generators, automatic transfer switches, UPS systems, and power distribution units (PDUs) are properly sized, maintained, and tested in alignment with NEC (NFPA 70), NFPA 70E, and manufacturer recommendations.
  • Coordinating outage and restoration procedures with utilities, particularly where sensitive processes or patient/tenant safety is involved.

The Energy Emergency Leadership Act’s emphasis on DOE leadership during emergencies means clearer federal coordination when events do occur.[5] Facility managers should expect more structured communication flows and guidance during large‑scale incidents, but they still need internal response plans that integrate those external resources.

Cybersecurity expectations for commercial electrical and control systems

The most visible change for many facility leaders will be in the cybersecurity posture of utilities and, increasingly, of customer‑side systems. Cyberattacks on critical infrastructure have become more sophisticated and frequent, and the Rural and Municipal Utility Cybersecurity Act explicitly aims to support utilities with grants and technical assistance to secure their systems.[1][6]

While the legislation is utility‑focused, cyber risk is highly interconnected. As utilities harden their networks, they will place greater scrutiny on how large customers connect to, monitor, and control their energy usage. For commercial facilities, this can translate into elevated expectations around:

  • Secure integration between building management systems (BMS), lighting controls, EV charging infrastructure (EVSE), and utility‑provided metering or demand response platforms.
  • Network segmentation and secure protocols for SCADA, microgrid controllers, and power monitoring systems that interact with grid‑side services.
  • Vendor risk management for cloud‑based energy management, supervisory control, and analytics platforms that touch electrical infrastructure.

From a compliance lens, NEC does not yet prescribe detailed cyber requirements, but facility managers must still align with broader frameworks such as NFPA 70E for electrical safety, OSHA obligations for worker safety, and any sector‑specific regulations (e.g., healthcare, financial services, or data privacy rules) that apply. Ensuring that cyber measures do not compromise electrical safety—such as proper coordination of protective relays, breakers, and emergency egress lighting—is critical.

Practical steps for building owners and facility managers include:

  • Conducting joint reviews between electrical engineers, IT security teams, and operations to map all networked electrical assets (switchgear, smart breakers, meters, controls).
  • Confirming that firmware updates and remote access to devices are managed under formal cybersecurity policies, with strong authentication and logging.
  • Ensuring that any remote monitoring or control services provided by utilities or third‑party vendors meet internal security standards and contractual requirements.
a technician servicing a rooftop electrical disconnect and conduit on a commercial building — commercial electrical

Design, compliance, and project planning impacts for large facilities and data centers

As these bills drive more advanced threat analysis and planning at the federal and utility level, large facility projects will increasingly be evaluated through a resilience and cybersecurity lens. For data centers, healthcare facilities, manufacturing plants, and high‑density office towers, this likely means:

  • More robust utility interconnection reviews for large feeders, medium‑voltage services, and on‑site generation or storage (e.g., solar, batteries, microgrids). Utility engineering teams may scrutinize protective schemes and control integrations more closely.
  • Higher expectations for redundancy and failure‑mode analysis in critical power system design, in line with industry standards and internal owner requirements, even where codes set the minimum.
  • Closer alignment with energy codes such as state building energy standards or Title 24 in California for lighting, controls, and demand response capabilities, which may tie into utility programs influenced by state energy security planning.[5]

Code compliance remains anchored in established frameworks:

  • NEC (NFPA 70) for electrical safety, wiring methods, overcurrent protection, grounding and bonding, and emergency systems.
  • NFPA 70E for electrical safety programs, arc‑flash assessments, and safe work practices.
  • OSHA for worker safety requirements in electrical work and maintenance.
  • UL and other listing standards for equipment approval, ensuring that switchgear, panelboards, luminaires, EVSE, and control devices are properly listed and installed per manufacturer instructions.
  • Local AHJ permitting and inspections, which will remain the primary enforcement mechanism for building‑level compliance.

The new federal legislation does not override these codes, but it complements them by shaping the risk environment. Facility managers leading capital projects—whether service upgrades, lighting retrofits, EV charging deployments, or data center expansions—should incorporate resilience and cyber considerations early in design. This includes documenting critical loads, defining uptime targets, and ensuring contract scopes address both electrical safety and cyber controls.

Action plan for property and facility managers in light of the new legislation

Given the federal focus on grid resilience and cybersecurity, building owners and facility managers can take several practical steps to align their facilities with this evolving landscape:

  • Engage with your utility – Request a briefing or account review focusing on reliability, emergency communication protocols, and any upcoming changes related to the SECURE Grid Act, cyber grant programs, or threat analysis initiatives.[5]
  • Update risk and continuity assessments – Reassess critical loads, backup power capacity, and runtime in light of potential cyber or physical disruptions. Confirm that generators, ATS, UPS, and distribution are tested and documented.
  • Integrate cybersecurity with electrical asset management – Build or refine a register of networked electrical assets and controls. Ensure that procurement and maintenance of smart equipment consider cybersecurity and manufacturer warranties.
  • Coordinate with AHJs and design teams – For upcoming projects, verify that designs not only meet NEC and energy code minimums but also reflect your organization’s resilience and cyber risk appetite. Discuss how utility‑side changes may affect interconnection or demand response participation.
  • Train operations staff and update procedures – Even though field crews will follow their own safety and cyber policies, facility managers should ensure that site procedures for outages, emergency operations, and remote access are current and aligned with NFPA 70E and OSHA requirements.

By monitoring how states and utilities implement these new federal directives and proactively aligning their own electrical and cybersecurity strategies, commercial building owners and facility managers can better protect occupants, preserve operations, and position their properties for compliance and resilience in a more complex threat environment.

Frequently Asked Questions

Will the new grid cybersecurity legislation increase costs for commercial building owners?

The bills primarily direct states, DOE, and utilities to strengthen planning and cybersecurity.[5] Direct cost impacts on building owners will be indirect—through potential changes in utility programs, interconnection requirements, or reliability standards. Costs and ROI will depend on how facilities choose to invest in backup power, controls, and cyber safeguards to match their risk tolerance.

Do these bills change NEC or NFPA 70E electrical safety requirements for facilities?

No. The legislation focuses on grid‑level security, state planning, and utility cyber support.[5] NEC (NFPA 70), NFPA 70E, OSHA, UL standards, and local AHJ requirements remain the governing frameworks for building‑level electrical safety and installations. However, utilities may evolve their interconnection and reliability expectations, indirectly influencing project design standards.

How should data center operators respond to the Energy Threat Analysis Center Act?

The Act codifies and reauthorizes an Energy Threat Analysis Center that enhances collaboration between grid operators, utilities, and the government.[1][5] Data centers should engage with utilities and industry groups to stay informed about emerging threats, review critical power architectures, and align cyber and electrical resilience strategies with updated threat intelligence.

Are rural and municipal utilities now required to upgrade cybersecurity for serving commercial customers?

The Rural and Municipal Utility Cybersecurity Act reauthorizes a grant and technical assistance program to help small utilities secure their systems.[1][5] While it does not mandate specific upgrades, it incentivizes stronger cyber defenses. Commercial customers served by these utilities may benefit from improved reliability and should coordinate on any changes affecting metering, controls, or demand response interfaces.

What buyer criteria should facility managers use when procuring electrical equipment in this new risk environment?

Facility managers should prioritize UL‑listed and code‑compliant equipment, robust manufacturer support, and secure, updateable firmware for networked devices. Align procurement with NEC, NFPA 70E, OSHA, and energy codes, and evaluate vendors on cybersecurity practices, remote support policies, and integration with utility programs and building management systems.

Related Reading on My Electrical Tech

Find a Qualified Commercial Electrical Contractor

Need help acting on this? Browse commercial electricians in your area, or explore commercial electrical services like preventative maintenance, inspections, and emergency response. Are you a contractor? List your business on My Electrical Tech to reach property and facility managers actively searching for help.

Sources

  1. tedmag.com
  2. floridapolitics.com
  3. utilitydive.com
  4. insidecybersecurity.com
  5. energycommerce.house.gov
  6. facebook.com
grid cybersecuritycommercial electrical infrastructuredata center resiliencefacility management