EPA's eDisclosure

On December 9, 2015, the Environmental Protection Agency (EPA) announced the launch of eDisclosure in the Federal Register, Notice of eDisclosure Portal Launch: Modernizing Implementation of EPA’s Self-Policing Incentive Policies(6 pp, 267K, About PDF).  The EPA is modernizing implementation of self-disclosure policies by creating a centralized web-based “eDisclosure” portal to receive and automatically process self-disclosed civil violations of environmental law. Under the automated eDisclosure system, large and small businesses will quickly be able to resolve certain routine types of disclosures. EPA is launching the eDisclosure system to continue the benefits of self-disclosure policies and provide penalty mitigation and other incentives for companies that self-police, disclose, correct and prevent violations. The implementation changes announced today will make the processing of disclosures faster and more efficient, and will save time and resources for regulated entities and EPA.  See eDisclosure Information Sheet.

eDisclosure uses EPA's Central Data Exchange (CDX) to allow entities to promptly disclose violations and submit timely compliance certifications under EPA’s Audit Policy and Small Business Compliance Policy, which will be processed automatically by EPA. Find out more about EPA's Central Data Exchange (CDX).

On this page:

What implementation changes are being made

All self-disclosed civil violations, with the exception of new owner disclosures, must be made through the eDisclosure portal. Although EPA is not modifying the substantive conditions in its Audit Policy or Small Business Compliance Policy, the eDisclosure portal streamlines and modernizes EPA’s approach to handling disclosures under these two policies. The changes will result in faster and more efficient resolution of self-disclosures, while saving considerable time and resources for regulated entities and EPA.

Entities that disclose potential violations through the new eDisclosure portal may qualify for one of two types of automated treatment, Category 1 or Category 2.

Category 1 disclosures include: (1) violations of Emergency Planning and Community Right-to-Know Act (EPCRA) that meet all Audit Policy conditions; and (2) EPCRA violations that meet all Small Business Compliance Policy conditions.

Category 1 disclosures do not include:

  • Chemical release reporting violations under section 304 of EPCRA or section 103 of Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA); or
  • Violations of EPCRA with significant economic benefit as defined by EPA.

For disclosures that qualify for Category 1 treatment, the eDisclosure system will automatically issue an electronic Notice of Determination (eNOD) confirming that the violations are resolved with no assessment of civil penalties, conditioned on the accuracy and completeness of the submitter’s disclosure. EPA will spot check Category 1 disclosures to ensure compliance with EPCRA, and that disclosures meet the conditions of the Audit Policy, the Small Business Compliance Policy, and eDisclosure.

Category 2 disclosures include: (1) all non-EPCRA violations; (2) EPCRA violations where the discloser can only certify compliance with Audit Policy Conditions 2-9 (i.e., discovery was not systematic); and (3) EPCRA and CERCLA violations excluded from Category 1 above.

For disclosures that qualify for Category 2 treatment, the eDisclosure system automatically will issue an Acknowledgement Letter (AL) noting EPA’s receipt of the disclosure and notifying the entity that EPA will make a determination as to eligibility for penalty mitigation if and when it considers taking enforcement action for environmental violations. EPA will screen Category 2 disclosures for significant concerns such as criminal conduct and potential imminent hazards.

Top of Page

Caveat for electronic self-disclosure

No confidential business information (CBI) can be submitted via eDisclosure

A business confidentiality claim may not be asserted with respect to any information submitted through eDisclosure. eDisclosure is not designed to receive or process any information claimed as confidential business information (CBI).  Entities must submit sanitized (non-CBI) information through the online system. Any follow-up CBI must be submitted manually according to EPA procedures and the requirements of 40 C.F.R. Part 2. If your disclosure requires the submission of information claimed to be CBI, you must contact the eDisclosure Help Desk to arrange for secure transmittal of any such information.   

Top of Page

How to submit an electronic self-disclosure (eDisclosure)

  • Step 1: Register in EPA’s Central Data Exchange (CDX)

This step requires entities to register with EPA’s Central Data Exchange (CDX) system.  Existing CDX registrants who are already identity-proofed under the Cross Media Electronic Reporting and Recordkeeping Rule (CROMERR) will not be required to re-register with CDX. Also, paper identity-proofing is available if electronic identity-proofing fails.

  • Step 2: Submit a Voluntary Disclosure

Log in to CDX and select eDisclosure: Voluntary Disclosure System Program Service and Disclose/Certify role. To begin your disclosure, select the New Disclosure button. In order to be considered “prompt” under both the Audit Policy and Small Business Compliance Policy, potential violations must be disclosed online within 21 calendar days of the regulated entity’s discovery that such potential violations may have occurred. If the 21st day after discovery falls on a weekend or federal holiday, the eDisclosure system will treat the disclosure as prompt if it is submitted on the next business day. Regulated entities may submit disclosures of potential (but not confirmed) violations to give them time to determine whether a violation actually occurred and to more specifically identify the particular violation(s).

  • Step 3: Certify Compliance

Within 60 days of submitting an Audit Policy disclosure (or within 90 days of submitting a Small Business Compliance Policy disclosure), the discloser must submit a Compliance Certification in the eDisclosure system. Such Compliance Certifications must identify the specific violations, and certify that the violations have been corrected and that the Audit Policy or Small Business Compliance Policy conditions have been met. The 60-day and 90-day Compliance Certification deadlines are subject to limited extensions, as discussed in the FR Notice.  Note that the deadline for correcting violations runs from the date of discovery, not the date of disclosure.

Top of Page

For more information on:

Top of Page