AWIA Overview

On October 23, 2018, America's Water Infrastructure Act (AWIA) was signed into law.  Congress passed this amendment to the Safe Drinking Water Act (SDWA) in response to the extensive damage to drinking water utilities from Hurricanes Maria and Harvey.  As Senator Tom Carper (D-DE), one of the co-authors of the bill noted:

“Extreme weather events are becoming more powerful, and much of the infrastructure on American coasts is either too vulnerable to these storms or unable to sufficiently protect communities.  This is placing families, homes, businesses and livelihoods in jeopardy. As Americans fight through yet another active hurricane season, this essential bill will help bolster communities and ecosystems across our country from the worst impacts of these storms. It will also allow communities to recover more quickly when disaster does strike and rebuild in a manner more resilient to future storms.”

In recent years, Hurricanes Sandy, Maria, Harvey, and Florence caused extensive damage to water utilities along the East Coast resulting in prolonged water utility outages, while flooding along the Missouri and Mississippi Rivers in recent years have had the same effect.  In California, wildfires and earthquakes have disrupted the operation of water systems.

AWIA Compliance Requirements

AWIA Section 2013 amended SDWA Section 1433 and requires that community water systems (CWSs) serving more than 3,300 persons must complete five ongoing actions to achieve compliance:

• Conduct a Risk and Resilience Assessment (RRA)

• Prepare or revise an Emergency Response Plan (ERP)

• Submit a Certification Letter to the U.S. Environmental Protection Agency (USEPA) for each completed RRA and ERP

• Review and update the RRA and ERP at least once every 5 years thereafter

• Maintain copies of RRAs and ERPs and any updates for 5 years after certification submittal

AWIA vs. The Bioterrorism Act of 2002

Like AWIA, the 2002 amendments to the Safe Drinking Water Act (H.R. 3448, Title IV – Drinking Water Security and Safety, also referred to as the Bioterrorism Act), passed in response to the attacks of September 11, 2001, required all CWSs serving more than 3,300 people to conduct a Water System Vulnerability Assessment (WSVA) and develop an ERP.  However, there are some significant differences between the two Acts:

• Under the Bioterrorism Act, the threat focus was on malevolent acts of terrorism or other intentional threats such as vandalism or sabotage.  The AWIA requires an all-hazards approach, considering cyber and natural hazards as well as malevolent threats.

• WSVAs are now called RRAs and include increased emphasis on cybersecurity and natural hazards.

• Previously, utilities had to submit an actual WSVA to USEPA.  Under AWIA, utilities will now submit a letter certifying that they have conducted RRAs and updated their ERP.

Risk and Resilience Assessments

Most utilities prepared an initial WSVA and ERP but have not kept them up to date.  RRAs differ from WSVAs in that the utility must evaluate risks to the water system from both malevolent acts and natural hazards and consider all potentially critical components of the water system, including

• Pipes and constructed conveyances

• Physical barriers

• Source water

• Water collection and intake

• Pretreatment, treatment, storage, and distribution facilities

• Electronic, computer, or other automated systems

In addition to assessing the physical parts of the system, the utility must also assess:

• Any monitoring practices for physical security and water quality

• Financial infrastructure such as accounting, billing, and ability to complete payroll when facing a threat, including cyber-attack or destruction of administration buildings housing these systems

• Use, storage, or handling of various chemicals by the water system

• Operation and maintenance of the system

• Capital and operational needs for risk and resilience management

Required Emergency Response Plan Considerations

When updating existing ERPs or preparing new ERPs, utilities must consider the following:

• Strategies and resources to improve the resilience of the system, including the physical security and cybersecurity of the system

• Plans and procedures that can be implemented and identification of equipment that can be used in the event of a malevolent act or natural hazard that threatens the ability of the CWS to deliver safe drinking water

• Actions, procedures, and equipment which can obviate or significantly lessen the impact of a malevolent act or natural hazard on the public health and the safety and supply of drinking water provided to communities and individuals, including the development of alternative source water options, relocation of water intakes, and construction of flood protection barriers

• Strategies that can be used to aid in the detection of malevolent acts or natural hazards that threaten the security or resilience of the system

AWIA Deadlines for Compliance

There can be consequences if a utility does not certify that they have complied with the AWIA.  USEPA can initiate enforcement action and assess a penalty of up to $25,000 per day for non-compliance.  AWIA compliance deadlines for CWSs vary depending on the population served, as summarized in the table below.

Systems are required to review and update the RRA and ERP at least once every 5 years after the applicable deadline for submission of its certification.