Abstract
The transition of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rulemaking process to the Trump administration combined with Trump executive orders on eliminating regulations and refocusing emergency preparedness on a risk-management approach opened potential new avenues of support for the EDUCAUSE position that colleges and universities should not fall under CIRCIA requirements. With this in mind, EDUCAUSE sent a letter to the acting director of CISA in June 2025 that highlights the concerns that we raised about the proposed CIRCIA regulations in 2024 and discusses how Trump administration directives reinforce our conclusion that higher education institutions should not be considered covered entities under the final rules, whenever they are released.