An official website of the United States government.

We've made some changes to EPA.gov. If the information you are looking for is not here, you may be able to find it on the EPA Web Archive or the January 19, 2017 Web Snapshot.

Cross-Media Electronic Reporting Rule

Frequently Asked Questions about CROMERR

On this page:


CROMERR Overview

  • What is CROMERR?

    CROMERR stands for the Cross-Media Electronic Reporting Rule. It provides the legal framework for electronic reporting under Title 40 of the Code of Federal Regulations to EPA and state, tribal and local governments that are authorized to administer federal programs. The regulation authorizes and facilitates electronic reporting for environmental programs while maintaining the level of corporate and individual responsibility and accountability that exists for paper submissions.

    For more, see: Learn About the Cross-Media Electronic Reporting Rule

  • Does CROMERR require electronic reporting?

    No. CROMERR does not mandate that authorized programs institute electronic reporting or accept documents electronically. It also does not require that regulated entities use electronic reporting for reporting directly to EPA.

    However, CROMERR does not prohibit authorized programs from requiring electronic reporting if they otherwise possess the authority to mandate electronic reporting.

  • Does CROMERR apply to all reporting that uses electronic media or related technology?

    No. CROMERR does not affect the submission of any electronic document via magnetic or optical media (e.g., diskette, compact disk or tape) or via fax.

    This exemption does not mean that faxes, CDs, etc. received can be discarded. They should be kept as the record copy. EPA would also advise that physical media be submitted with a wet-ink-on-paper signature document that is retained together with the submitted materials.;

    Please also note that CROMERR places no limitations on programs taking regulatory data submitted by any means and typing, loading, scanning, etc. it into another system as a “working” copy of the data or allowing otherwise non-CROMERR compliant submissions to be maintained as “working” or “courtesy” copies of data so long as paper-based, CROMERR-compliant or exempted records of this data are separately retained as the official copies of record.

    For more information, see: Does CROMERR Apply to Your E-Reporting System?

  • What regulatory programs are affected by CROMERR?

    CROMERR affects all regulatory programs that EPA implements under Title 40 of the Code of Federal Regulations (CFR), and all state, tribal and local government programs authorized by EPA under Title 40 of the CFR.

  • How does CROMERR affect authorized programs?

    CROMERR affects authorized programs in a number of ways. It requires authorized programs to seek EPA approval of program modifications or revisions if they implement or wish to implement electronic reporting under their authorized programs.

    • CROMERR sets requirements for electronic reporting under authorized programs, including standards for the systems that authorized programs use to receive electronic reports.
    • It establishes a special, streamlined approval process for revisions or modifications to authorized programs related to electronic reporting.
  • Does CROMERR affect data transfers from authorized programs to/from EPA?

    No. CROMERR does not apply to data transfers between EPA and authorized programs or administrative arrangements between authorized programs and EPA to share data. For example, if an authorized program is collecting data in a CROMERR-compliant or CROMERR-exempt way, the act of that authorized program sharing that data electronically with other authorized programs or EPA is not subject to CROMERR.  Similarly, if EPA is collecting data in a CROMERR-compliant or CROMERR-exempt way, the act of EPA sharing that data electronically with authorized programs is not subject to CROMERR.

    For more information, see: Does CROMERR Apply to Your E-Reporting System?

  • Does the rule cover electronic record-keeping?

    No, with the exception of the requirement to maintain a "copy of record" for those reports filed electronically. Although the proposed rule included provisions for electronic record-keeping, EPA is not issuing final record-keeping rules at this time.

  • When do authorized program electronic reporting systems need EPA approval?

    Authorized programs need EPA approval for electronic reporting systems when those systems collect regulatory data under 40 CFR, and when those systems maintain the official copy of record electronically in lieu of on paper.

  • Are there other data or information management requirements that CROMERR does not address?
    CROMERR does not:
    • Change any substantive regulatory requirements that appear in Title 40 of the Code of Federal Regulations,
    • Change any substantive regulatory requirements under authorized state programs,
    • Confer any right or privilege to submit data electronically,
    • Require any state program to accept electronic documents, nor
    • Require signatures on electronic documents if Title 40 does not require signatures on the corresponding paper documents. 
  • What are CROMERR priority reports?

    Priority Reports are regulatory reporting requirements codified under 40 CFR that EPA has identified as likely to be material to potential enforcement litigation. Priority reports are listed in Appendix 1 of the CROMERR rule at 40 CFR part 3. Not all CROMERR priority reports are delegable; many priority reports are directly reported to EPA. If a report does not appear in Appendix C, it is a non-priority report. The CROMERR rule did not separately list non-priority reports. Regulatory reporting requirements codified under 40 CFR but not listed in Appendix C are still subject to CROMERR requirements if the information will be collected electronically in lieu of paper as the copy of record.

    The primary difference between a system that collects priority reports and a system that collects non-priority reports is that the former system must determine identity before the electronic signature is received, and the process for doing so must satisfy prescribed requirements in CROMERR. Identity proofing for a system that collects non-priority reports can occur after the electronic signature is received.

    Some CROMERR applicants have successfully applied two different identity-proofing standards in one system, but most opt for the higher standard if it is required for some of the reports being collected by the system. In certain cases, too, the CROMERR program has determined that the use of past, signed paper documents on file from regulated entities sufficiently meets identity-proofing requirements.

    For a list of priority reports, see: CROMERR Rule, Appendix 1
    For information about identity proofing requirements for both priority and non-priority reports, see: CROMERR 101 Lesson 5: Priority vs. non-priority reports

  • Are Permit Applications and Notifications Subject to CROMERR?

    Yes. Permit applications and notifications submitted pursuant to Title 40 are subject to CROMERR requirements. EPA uses permit applications and notifications to administer programs, help ensure protection of human health and the environment, and for enforcement. CROMERR standards ensure their integrity and enforceability. Some examples of how EPA might use them include using permit applications to set the terms of a permit or using notifications to identify facilities for inspection.

    EPA specifically identified some permit applications and notifications in the CROMERR rule as “priority reports.” These are documents likely to be important for litigation. Some examples of permit applications and notifications that are priority reports are provided below.

    Example Permit Applications

    Example Notifications

    State Implementation Plans (SIP)

    Underground Storage Tank Notifications

    Title V Permits

    Notifications of Land Disposal Restrictions Under RCRA

    National Pollutant Discharge Elimination System (NPDES) Permits

    Resource Conservation and Recovery Act Permit Applications and Modifications

  • Does receiving report submissions via email meet CROMERR requirements?

    Attaching reports to emails is not considered to be a CROMERR-compliant system as it fails meet numerous CROMERR requirements, namely:

    • The document is not alterable without detection
    • Alterations to the document are recorded by the system
    • The document can only be submitted intentionally
    • Submitters and signatories are provided with an opportunity to review and repudiate the COR

    In addition, scanned signatures are not considered to be valid e-signatures. A valid electronic signature refers to an electronic document that has been signed using an electronic signature device. The identified signatory is uniquely entitled to use the signature device for signing that document provided that this device has not been compromised, and the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and his or her relationship to the regulated entity on whose behalf the signature is executed.

    Please note that CROMERR places no limitations on programs taking regulatory data submitted by any means and typing, loading, scanning, etc. it into another system as a “working” copy of the data or allowing otherwise non-CROMERR compliant submissions to be maintained as “working” or “courtesy” copies of data so long as paper-based, CROMERR-compliant or exempted records of this data are separately retained as the official copies of record. But email alone would not suffice as a CROMERR-compliant copy of record.

    For an overview of the CROMERR requirements, please visit: CROMERR 101 Lesson 5

  • Does receiving report submissions via a file upload process meet CROMERR requirements?

    Receiving report submissions via a file upload process could be a CROMERR-compliant solution or submission via file upload can be part of a CROMERR-compliant solution. CROMERR was specifically designed as a set of performance-based standards to allow for the evolution of technology and business process approaches continuing to suggest new ways of meeting CROMERR requirements.

    An electronic reporting system that receives submissions via a file upload process is likely to face the following challenges in terms of CROMERR compliance:

    • If signature is required, is the signature one that complies with CROMERR?
    • If signature is required, how is the signature bound to the document?
    • If signature is required, what is the second authenticating factor?
    • What evidence is there that the document hasn’t been modified since the time it was signed / submitted?
    • How does the system demonstrate an intent by the registrant to submit a particular document?
    • How does the system acknowledge receipt of the document?
    • What opportunity is there to review and repudiate a posted document?
    • How does the system guard against errors in transmission?

    Note that scanned signatures are not considered to be valid e-signatures. A valid electronic signature refers to an electronic document that has been signed using an electronic signature device. The identified signatory is uniquely entitled to use the signature device for signing that document provided that this device has not been compromised, and the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and his or her relationship to the regulated entity on whose behalf the signature is executed.

    Please note, too, that CROMERR places no limitations on programs taking regulatory data submitted by any means and typing, loading, scanning, etc. it into another system as a “working” copy of the data or allowing otherwise non-CROMERR compliant submissions to be maintained as “working” or “courtesy” copies of data so long as paper-based, CROMERR-compliant or exempted records of this data are separately retained as the official copies of record.

    For an overview of the CROMERR requirements, please visit: CROMERR 101 Lesson 5

  • Are fax-to-email or email-to-fax submissions exempt from CROMERR?

    Fax-to-email and email-to-fax in lieu of paper-based submissions do not fall under the fax exemption from CROMERR, which is intended only for fax-to-fax submissions.

    Fax-to-email and email-to-fax in lieu of paper-based submissions are not CROMERR compliant means of electronic reporting. Without a CROMERR-compliant means for collecting electronically, these submission methods are only acceptable for courtesy copies. A paper-based copy with an ink-on-paper signature must separately be received by mail and maintained as the official copy of record.

Top of Page


Technical Requirements

  • What are the CROMERR requirements for electronic reporting systems?

    Authorized programs seeking to meet the requirements should consult the actual language of section VI.E of the Preamble and §3.2000(b) of the rule for more detail. The subject areas addressed by the requirements include:

    • Timeliness of data generation,
    • Copy of record,
    • Integrity of the electronic document,
    • Submission knowingly with intent and not by accident,
    • Opportunity to review and repudiate copy of record,
    • Validity of the electronic signature,
    • Binding the electronic signature to the document,
    • Understanding the act of signing,
    • Electronic signature or subscriber agreement,
    • Acknowledgement of receipt, and
    • Determining the identity of the individual uniquely entitled to use a signature device.

    For more detail, see: CROMERR 101 Lesson 5: System Requirements

  • Does CROMERR require specific technical or business process approaches?

    No. CROMERR was specifically designed as a set of performance-based standards to allow for the evolution of technology and business process approaches continuing to suggest new and novel ways of meeting CROMERR requirements. New and novel approaches often involve additional review, but the program welcomes their consideration.

  • What CROMERR requirements apply if a system has no signature capability or no electronic signature?

    Some systems do not have a signature capability because they are designed only to collect reports which are not required to be signed. Typically, these are drinking water electronic reporting systems.

    Other systems have chosen only to implement a paper-based signature document which is mailed in after the report is submitted electronically. In these situations, not all CROMERR requirements must be addressed.

    For more information about documenting signature approaches on CROMERR applications, click on the following diagram for additional detail:

    Diagram for completing the CROMERR checklist by signature approach for priority and non-priority reportsDiagram for completing the CROMERR checklist by signature approach for priority and non-priority reports

  • What are the CROMERR requirements around who needs to sign reports?

    CROMERR does not dictate who signs or whether a particular report needs to be signed. Authorized program regulations as well as state and local statutes specify this. § 3.2000(b)(5)(vii) of CROMERR requires that applicants document a business or system process for determining that users who will sign reports are authorized to do so on behalf of the specified regulated entities.

    Questions regarding how to set this process so that it complies with authorized-program regulations should be directed to staff coordinating that program in the EPA Regions or at headquarters.

    Off-the-shelf solutions designed for specific authorized-program reporting needs typically address most if not all of both the CROMERR and the program requirements around this element.

  • Why does CROMERR require a paper-based subscriber agreement?

    CROMERR does not require that the subscriber agreement / signature agreement be paper-based. This is a system design choice that typically results from the identity-proofing process being done manually.

    CROMERR requires that systems collecting priority reports listed in Appendix 1 of the CROMERR rule determine identity before the electronic signature is received, and one means of accomplishing this is through a subscriber agreement / signature agreement. Electronic identity-proofing is another option, and systems using electronic identity proofing typically employ a paperless subscriber agreement / signature agreement.

    For more information about electronic signature agreements, see: CROMERR Electronic Signature Agreement

    CDX Shared CROMERR Services offers electronic identity proofing, or authorized programs can pursue their own means of electronic identity proofing.

    For more information, see: CROMERR 101 Lesson 5 Priority vs non-priority reports
    To learn more about Shared CROMERR Services, see: Shared CROMERR Services and Components IPTExit

  • Does CROMERR require systems to use a challenge question "second-factor" authentication approach for e-signatures?

    No, but CROMERR does require an approach that demonstrates that e-signatures are valid as defined by the rule. Among other things, a valid PIN/password-based e-signature needs to demonstrate that the PIN (or password) has not been compromised. The CROMERR Preamble suggests that where an e-signature is executed with a PIN (or password), preventing device compromise requires a second "factor" that is not easy to share by accident or one the owner is likely not to wish to share.

    For more information, see: User Identification, Verification, and Authentication: Challenge Question Second-Factor Approach

  • Is the challenge question approach the only “second factor” available to strengthen a PIN/password-based e-signature?

    No, candidate second-factors include private knowledge (such as a "challenge question"), biometrics and hardware devices (e.g., smart cards, USBs, PIN/Password Generators, RSA tokens, cell phones).

    EPA recommends PIN-based e-signatures use a "challenge question" as a "second factor" because compared with the alternatives, the challenge-question approach provides significant added protection against signature repudiation at a relatively low cost. The approach is relatively inexpensive, easy to implement and is widely used for commercial applications such as banking.

    States are welcome to propose other options that demonstrate that the PIN/password has not been compromised.

    For more information, see: User Identification, Verification, and Authentication: Challenge Question Second-Factor Approach

  • When a system uses a challenge question as a "second factor" to strengthen a PIN/password-based e-signature, how many challenge-questions need to be presented to users each time they enter their PIN or password to execute a signature?

    A single challenge-question is usually sufficient. It should be randomly selected from the set of questions for which the user has provided pre-arranged answers, so that the user cannot predict which question will be presented in any particular case.

  • To set up a challenge-question "second factor" approach, how many questions does the user need to provide with prearranged answers?

    Five pre-arranged question-answer pairs are usually sufficient to allow the system to present a single question in a truly unpredictable way to a user who is executing an e-signature. Any less than five prearranged question-answer pairs are too few to allow meaningful unpredictability.

  • When asking users to select questions to provide with prearranged answers, how long should the list of candidate questions be from which users get to choose?

    The answer depends on the nature of prearranged question-answer pairs and on how many questions there will be. Where there will be five prearranged question-answer pairs, then a list of ten candidate questions may be sufficient, although EPA recommends twenty candidate questions, to give users the best chance of finding five questions they can answer with certainty from memory. If there will be more than five question-answer pairs, then a longer list may be needed.

    Typically, the list of candidate questions needs to be significantly longer than the number of questions to be given prearranged answers, because questions that address the private knowledge of some users may not be a suitable question for all users. It is possible that a relatively short list of candidate questions that consist entirely of questions suitable to all users may meet the requirements of a challenge-question implementation.

Top of Page


Application Requirements

  • What information do CROMERR applications need to contain?

    Under§3.1000(b)(1), to obtain EPA approval of program revisions or modifications to incorporate electronic reporting, a state, tribe, or local government must submit an application to the EPA that includes four elements:

    1. Attorney General (AG)/Legal Certification. Verifies that the authorized program has sufficient legal authority to enforce the program using electronic reports, as described in §3.2000(c).

    2. System Descriptions. Systems used to receive e-reports must meet the CROMERR standards listed in§3.2000(b), and provide for e-signatures (or follow-on paper signatures) that meet the requirements of§3.2000(a).

    3. System Upgrades. System changes that may affect CROMERR compliance.

    4. Other Information. Additional information that should be considered by EPA during evaluation of the application.

    To learn more about states with broadly applicable legal certifications and systems that do not require checklists, see: Application tools and templates
    For a detailed overview of what to include in an application, see: CROMERR 101 Lesson 3: Application Requirements

  • How should electronic reporting systems be described in the CROMERR application?

    For each electronic reporting system, the application should explain how both system functions and business processes work together to address the applicable CROMERR requirements. In some cases, applicants have used diagrams to describe how the system meets particular requirements. Applications should provide sufficient information to allow EPA make a determination about the system's compliance with CROMERR requirements.

    Many off-the-shelf electronic reporting solutions have CROMERR system checklist templates which already address most CROMERR requirements; some solutions do not require extensive system documentation.

    Please also note that, because of the requirements of the CROMERR formal review process, EPA recommends that authorized programs submit applications for unrelated systems separately and not together under one application.

    For more information, see: Application tools and templates

  • Who needs to sign the certification of legal authority to implement electronic reporting under CROMERR?

    For states, the AG (or designee) must sign the certification letter. For tribes and local governments, the Chief Administrative Official or Officer (CAO) (or designee) must sign the certification letter. Letters signed by a designee must explicitly document that this individual has delegated authority from the AG or CAO to sign the certification letter.

    For additional information, see: Legal Certification Guide for State Attorney General or Local Government or Tribe Certifying Official Statement 

    Some states have approved generic AG Certifications on file. To determine if an AG Certification may be required for your application, see: Program Announcements and Initiatives

  • Where do I send my CROMERR application?

    Applications submitted using the 40 CFR Part 3 approval process must be sent to the attention of EPA’s Office of Environmental Information.

    The majority of application materials can be submitted electronically by e-mailing these materials to the CROMERR Program (cromerr@epa.gov) and Devon Martin (martin.devon@epa.gov).

    Hard-copy application file submissions are no longer required. If attempting to send application files larger than 8 MB, please contact EPA to arrange for transfer. The Attorney General certification is the only application document that still must be sent in hard copy. When this document is required, this document can be sent directly to the attention of Karen Seeh at one of the addresses below:

    U.S. Postal Service Deliveries
    U.S. Environmental Protection Agency
    Office of Environmental Information
    Office of Information Collection
    1200 Pennsylvania Avenue, N. W. Mail Code: 2823T
    Washington, DC 20460

    Overnight Courier/Mail Deliveries
    U.S. Environmental Protection Agency
    Office of Environmental Information
    Office of Information Collection
    1301 Constitution Avenue, N.W., 6th Floor, #6408F
    Washington, DC 20004
    Phone: (202) 566-1175

Top of Page


Application Review and Approval Process

Review Process

  • What is the application review and approval process?

    EPA's CROMERR application review processOverview of EPA's CROMERR application review and approval processWithin 75 days of receipt of the application, EPA typically notifies an applicant whether an application is complete. EPA then determines whether to approve or disapprove the revisions or modifications addressed by the application. In most cases, the Agency has 180 days from notification of completeness to act on the application, unless the authorized program requests that the deadline be extended; in certain circumstances the deadline is 360 days. If EPA does not meet the applicable deadline, then the revisions or modifications in the application are automatically approved (see §3.1000(c)(4) of the rule).

    For more information, see: CROMERR 101 Lesson 4: Technical Review Committee (TRC)

    NOTE: The above are timeframes outlined under 40 CFR part 3.  Currently, 80-90 percent of CROMERR applications are for systems using pre-vetted commercial off-the-shelf solutions or all Shared CROMERR Services components. EPA typically approves these applications within 6 to 12 weeks and conducts the action of both completeness and approval at the same time. 

  • When should applicants engage EPA on their electronic reporting system plans?

    Authorized-program applicants pursuing largely or exclusively custom-developed systems should engage EPA during the system design phase to minimize the potential of rework needed to comply with CROMERR requirements. These applicants should also submit a draft CROMERR system checklist so that EPA can better understand the applicant’s plans for CROMERR compliance, identify gaps and potential compliance concerns, and provide proactive assistance in revising the application.

    Applicants pursuing off-the-shelf solutions typically do not need to go through this process, and may submit applications for EPA review and action whenever they are ready.

    For more information, see: Application tools and templates

  • Who reviews the CROMERR applications?

    The CROMERR Technical Review Committee (TRC) evaluates applications submitted under CROMERR for authorized programs. The TRC reflects an Agency-wide perspective, with representatives from each of the EPA regions and program offices.

    The TRC reviews applications from authorized programs that are submitted under the CROMERR Part 3 process. The TRC also can be called upon to work with EPA program and regional offices that review CROMERR-required applications submitted under other Title 40 processes for program revision or modification.

    For more information, see: CROMERR 101 Lesson 4: Technical Review Committee

    NOTE:  Reviews are generally not conducted for approaches using all Shared CROMERR Services components as well as certain commercial off-the-shelf solutions that have common CROMERR functionality regardless of implementation.  These solutions typically proceed directly to CROMERR approval.

  • What is the time frame for the review process?

    The time frame for authorized-program CROMERR application review and approval largely depends on whether the application is for a custom-developed system or for an off-the-shelf solution.

    Currently, 80-90 percent of CROMERR applications are for systems using pre-vetted commercial off-the-shelf solutions or all Shared CROMERR Services components. EPA typically approves these applications within 6 to 12 weeks and conducts the action of both completeness and approval at the same time.   

    Applicants pursuing custom-developed systems should typically plan for an in-depth, iterative review process and may not achieve approval for a year or more. These applicants are encouraged to engage EPA during the system design phase, allowing the best chance for approval in advance of the desired system launch date. These applicants are also encouraged to familiarize themselves with the CROMERR Application Reviewer Guide.

    For more information, see: CROMERR 101 Lesson 4: The EPA Review and Approval Process under Part 3
    To learn more about detailed system requirements, see: CROMERR Application Reviewer Guide (DOC)(43 pp, 96 K, April 2014)

  • Can applications cover multiple programs under the same application review and approval process?

    The CROMERR approval process allows authorized programs to submit a single application for a system that collects under more than one authorized program. CROMERR provides a single EPA review and program modification process for multi-program electronic reporting systems. Because of the requirements of the CROMERR formal review process, however, EPA recommends that authorized programs submit applications for unrelated systems separately and not together under one application.

  • In applications that cover multiple programs, must EPA take the same action on all programs?

    No. For example, EPA can approve some of the program revisions or modifications in the consolidated application and disapprove others. However, such situations are rare.

  • Can the approval review period be extended?

    The 180-day or 360-day formal approval review period may be extended but only at the request of the authorized program submitting the application (see §3.1000(c)(4) of the rule). Typically this is done when substantially new information comes to light during the approval process that impacts CROMERR.

    NOTE:  The above is the approval review process outlined under 40 CFR part 3.  However, currently, 80-90 percent of CROMERR applications are for systems using pre-vetted commercial off-the-shelf solutions or all Shared CROMERR Services components. EPA typically approves these applications within 6 to 12 weeks and conducts the action of both completeness and approval at the same time.   

Approval Process

  • How will EPA assess authorized program electronic reporting systems as part of the CROMERR approval process?

    EPA’s traditional, formal assessment of CROMERR applications is a two-step process.

    This process first includes a “completeness review” to determine whether the application supplies enough information to determine compliance with the CROMERR performance-based requirements provided under §3.2000(b) of 40 CFR Part 3.

    The second step is “approval review”, which assesses actual compliance with these requirements.The entire process is designed to assure the authenticity and integrity of electronic documents so that they will meet the Agency’s legal and business needs to the same extent as their paper counterparts.

    For many commercial off-the-shelf and Shared CROMERR Services solutions, this two-step process is conducted simultaneously if a technical review is required at all.

    For more information, see CROMERR 101 Lesson 4: The EPA Review and Approval Process under Part 3

  • What happens if EPA determines that an application is incomplete?

    For applications that EPA deems incomplete, the Agency will notify to the applicant about the application’s deficiencies. Authorized programs can then either withdraw their application and re-submit a new application, or they may submit an amended application.

    EPA has 75 calendar days to respond to the resubmitted new application with a completeness determination and 30 calendar days to respond to an amended application with a completeness determination.

    NOTE:  The above is the completeness review process outlined under 40 CFR part 3.  However, currently, 80-90 percent of CROMERR applications are for systems using pre-vetted commercial off-the-shelf solutions or all Shared CROMERR Services components. EPA typically approves these applications within 6 to 12 weeks and conducts the action of both completeness and approval at the same time.   

  • When does the approval become effective?

    The approval becomes effective as soon as EPA publishes a notice of the approval in the Federal Register. Drinking water program approvals are typically effective 30 days after the publication date.

  • When can an authorized program begin using its electronic reporting system?

    If ready for use, the authorized program can begin having regulated entities register to system and submit reports the same day that EPA publishes a notice of the approval in the Federal Register. Drinking water systems or drinking water reporting, though, cannot collect reports until typically 30 days after the publication date.

Special Provisions

  • Are there special provisions for public water system programs?

    Yes. When applying to report electronically for a public water system program under 40 CFR Part 142, EPA must provide the opportunity for a public hearing.

    Once EPA makes a preliminary determination for the application, EPA will publish a notice in the Federal Register. Requests for hearings must be submitted to EPA within 30 days after publication.

    If a hearing is requested, EPA will conduct a hearing and issue an order either affirming or rescinding its preliminary determination, and will publish a Final Notice in the Federal Register. If no hearing is requested, EPA's preliminary determination will be effective 30 days after the first notice was published.

    For more information, see: CROMERR 101 Lesson 4: Technical Review Committee

  • What are the application requirements and review process for CROMERR applicants using off-the-shelf solutions?

    Authorized-program applicants using off-the-shelf solutions and all Shared CROMERR Services components benefit from significantly reduced application requirements and fast-tracked approval typically within 6-12 weeks. The CROMERR program is able to offer streamlined review and approval for these solutions because it has worked with EPA programs and commercial vendors to assess the core CROMERR aspects of these solutions, which typically do not vary among implementations. As a result, very little or sometimes even nothing is left for the authorized-program to document in terms of the solution.

    CROMERR is a rule and not a software certification program. So, authorized-programs pursuing these solutions must still submit CROMERR applications requesting EPA to take action under 40 CFR part 3. Depending upon the solution, this application may simply be a notification of the intent to implement the solution.

    For more information, see: Application tools and templates

  • How are publicly-owned pretreatment works (POTW) pretreatment program applications for electronic reporting handled?

    EPA developed a special review and approval process for POTWs pursuing electronic reporting under their authorized NPDES pretreatment program. CROMERR checklist templates are also available for POTW applicants using commercially-developed solutions. 
    See: CROMERR Compliance for the Publicly Owned Treatment Works Pretreatment Program

    Questions about this process should be addressed to the CROMERR Program(cromerr@epa.gov) or EPA’s Office of Water Pretreatment Team (CromerrPOTWrequest@epa.gov)

    If necessary, the CROMERR program conducts a courtesy review of the POTWs CROMERR technical documentation and works with the applicant as necessary to address any possible CROMERR compliance concerns. Once the system is determined to be CROMERR compliant, the CROMERR program advises the applicant and the approval authority that CROMERR system requirements have been met. The POTW pretreatment program’s approval authority approves the program modification request once it determines that the electronic reporting requirements under 40 CFR part 403 have been met.  Separate electronic reporting requirements, unrelated to CROMERR, are outlined in pretreatment program regulations.

    However, POTW pretreatment programs implementing the full suite of Shared CROMERR Services and LinkoExchange generally do not need to provide CROMERR technical documentation.  These approaches are - by definition - CROMERR compliant unless special customizations are made to CROMERR-related functionality.  POTWs likely still need to provide documentation to their pretreatment program approval authority related to electronic reporting requirements outlined by pretreatment program regulations.  They should also still prepare legal certifications following CROMERR guidance for this document.

    Find your state or EPA Regional Permitting Authority contact.  See:
    National Pretreatment Program EPA Regional contacts
    National Pretreatment Program state contacts

    For POTWs pretreatment programs pursuing custom-developed approaches for electronic reporting subject to CROMERR, they should prepare complete technical and legal documentation using materials such as the CROMERR system checklists and the guidance document for preparing CROMERR legal certifications.  Again, in addition to addressing CROMERR requirements, their applications must also address separate electronic reporting requirements outlined under 40 CFR part 403.

    The POTW pretreatment program should send the application to EPA by emailing it to both CromerrPOTWrequest@epa.gov and cromerr@epa.gov.  Hard-copy application file submissions are generally not necessary; though, the POTW pretreatment program approval authority may request a hard-copy of the legal certification. If attempting to send application files larger than 8 MB, please contact cromerr@epa.gov to arrange for transfer. The POTW pretreatment program also notifies its pretreatment approval authority (state or EPA) of the intent to modify its program legal authority and procedures in order to receive reports electronically.

    POTW pretreatment programs should contact the CROMERR program with questions regarding CROMERR requirements, assistance in preparing applications, and technical assistance with system design choices to meet CROMERR requirements. Questions regarding 40 CFR part 403 electronic reporting requirements should be addressed to the EPA pretreatment program.

Top of Page


Modifications to Approved Applications

EPA-Authorized Programs

  • Can applications be amended once EPA has determined them complete?

    Yes. An authorized program may amend its application after EPA has determined the application package to be complete. However, the application will be considered to have been withdrawn and resubmitted as a new package, and a new 75-day completeness determination process will begin, according to §3.1000(e) of the rule.

  • Once approved electronic reporting systems are operational, what happens if the system needs to be changed?

    Once approved authorized-program applicants begin operating their electronic reporting systems, they must notify EPA in writing of system changes that have the potential to affect compliance with CROMERR, according to §3.1000(a)(4) of the rule. If there are “significant” changes to approved systems, EPA may ask that the authorized program submit a new application for EPA approval. However, most changes do not trigger submission of a new application and formal action by EPA.

    To notify EPA of changes that may affect CROMERR compliance, start by using the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.

  • What are examples of "significant" changes to CROMERR functionality and/or business processes?

    “Significant” changes are those that affect system functionality described in the approved application.

    Examples of significant changes could include changes to the types of file formats that affect how the copy of record (COR) is maintained, as well as changes to the technologies that may be used for file transfer or for creating electronic signatures on transmitted reports. Generally, changes in the steps involved in transmitting electronic reports, changes to the registration or credentialing process, and changes to the COR, including its maintenance and accessibility, will amount to significant changes.

  • Are there system changes that approved authorized-program applicants do not need to notify EPA about?

    Yes. Typically, authorized programs do not need to notify EPA:

    • when implementing any planned system upgrade(s) outlined in their approved applications.
    • when they begin to flow reports which are covered by their application approval.

    Exception: if there are changes to the planned upgrade(s) and/or changes related to new reports beginning to flow that may affect CROMERR compliance.

    Additionally, authorized programs do not need to notify EPA about bug fixes, even if those fixes relate to functionality described in the approved application. Such changes may range from fixing a typo on a data entry screen to re-engineering the system’s archiving routines.

    To notify EPA of changes that may affect CROMERR compliance, start by using the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.

  • What is EPA's process for reviewing changes to approved electronic reporting systems?

    EPA’s process is described in the document Notification and Approval of Changes to Approved CROMERR Applications: For States, Tribes, and Local Governments.

    For more information, see: Notification and Approval of Changes to Approved CROMERR Applications: For States, Tribes, and Local Governments

  • How quickly does EPA evaluate changes to approved electronic reporting systems?

    EPA makes determinations on a case-by-case basis, and the time-frame for such determinations varies depending on the extent and complexity of the changes. Most changes are evaluated and a determination made within 3-6 weeks. However, “significant” changes which trigger a new application and/or interpretation by EPA legal counsel will take longer.

  • Can authorized programs implement the proposed change(s) while awaiting EPA's determination?

    Authorized programs can implement elements of the proposed change(s) which are unrelated to approved CROMERR functionality and/or business processes. They may also proceed to design and develop elements of the proposed change(s) that have already been evaluated by EPA. To avoid potential rework, authorized programs should not proceed to design and develop elements of the proposed change(s) that are still being evaluated by EPA.

    Authorized programs must obtain an EPA approval determination before putting the proposed change(s) into production. This approval determination is typically an email from EPA, but may be a letter and/or Federal Register notice in the case of “significant” changes or certain new reporting. EPA recognizes that there may be instances where an authorized program may need to change its approved system to make ‘‘emergency’’ changes (e.g., upgrading system firewall protection), and EPA will strive to expedite the determination process in these cases.

  • Must authorized-program applicants notify EPA if they plan to flow their approved reporting into a new system?

    Yes. Prior approval of a system for reporting under one or more authorized programs does not permit some or all of this reporting to be transferred to a different system. Typically, a new CROMERR application and EPA approval action is required. A possible exception would be if the new system in question is not providing any CROMERR functionality; the CROMERR functionality is still provided, without changes, by the system previously approved.

    To notify EPA of changes that may affect CROMERR compliance, start by using the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.

  • Must approved authorized-program applicants notify EPA of plans for additional reporting into their approved systems?

    Generally, approved applicants do not need to notify EPA if all of the following is true:

    • there are no changes to approved CROMERR functionality and/or business processes of the system(s) as a result of the additional reporting;
    • the additional reporting falls under an EPA-authorized program already modified/revised for electronic reporting under the system's previous approval(s); and
    • the approved system(s) provides functionality required for the proposed additional reporting (e.g., an applicant cannot simply add a report that requires signature to a system that does not provide for signatures nor add a CROMERR priority report to a system that was only designed for non-priority reports).

    Further, if a particular report was not included authorized-program applicant's prior system approval, there is no need to correct the approval action unless the report omitted is under an EPA-authorized program also not included in EPA approval action.

    Approved authorized-program applicants planning to add additional regulatory report(s) under EPA-authorized program(s) NOT previously modified/revised for electronic reporting with their system’s previous approval(s) DO need to notify EPA because, while typically no review is required, EPA must approve this additional program via a Federal Register notice.

    To notify EPA of changes that may affect CROMERR compliance, start by using the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.

  • Must authorized-program applicants notify EPA of changes to EPA or commercial off-the-shelf (OTS) software products that are used for their approved system?

    The CROMERR program works directly with many EPA programs and commercial off-the-shelf (OTS) software vendors to evaluate and document changes to the software products’ core CROMERR functionality and/or business processes.

    For products used by several authorized programs where an identical change is proposed to core CROMERR functionality for several or all of the vendors customers, approved applicants are typically not required to notify EPA of such changes.  EPA or the vendor would then notify customers if such changes then may trigger related changes to CROMERR functionality and/or business processes managed by the approved applicant and work through those changes with each applicant.

    Approved applicants using a software product exclusively must notify EPA of any system changes that have the potential to affect compliance with CROMERR.

    To notify EPA of changes that may affect CROMERR compliance, start by using the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.

  • Must authorized-program applicants notify EPA of plans to implement Central Data Exchange (CDX) Shared CROMERR Services for their approved system?

    Approved authorized-program applicants implementing CDX’s Lexis Nexis identity proofing component do not need to notify the CROMERR program of this change, nor does the CROMERR program need to approve this change. Authorized programs should contact the Shared CROMERR Services help desk to begin their implementation.
    Email Shared CROMERR services (sharedcromerrservices@epacdx.net)

    Approved authorized-program applicants implementing other CDX Shared CROMERR Services components should contact the CROMERR program regarding their plans. Use the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.

EPA Programs

  • Are EPA programs required to notify the CROMERR program of changes to their approved electronic reporting system(s) which may affect CROMERR compliance?

    Not typically. While EPA programs are not subject to the formal review and approval processes for authorized-program applications, they are required to maintain the CROMERR compliance of their systems. However, most EPA programs rely almost entirely on Central Data Exchange (CDX) components to meet CROMERR functionality and business process requirements. The CROMERR program works directly with CDX and to evaluate and document changes to its core CROMERR functionality and/or business processes. Further, EPA programs may freely switch from one approved CDX CROMERR component to another for their approved system without notifying the CROMERR program.

    On occasion an EPA program requests special customizations to CDX functionality and/or business processes; typically these customizations will need to be reviewed and approved by the CROMERR program.

    To notify the CROMERR program of changes that may affect CROMERR compliance, start by using the Contact Us link at the bottom of this page or contact the CROMERR Help Desk.