President Trump Approves Short-Term Renewal of CISA 2015

David Aaron, Ariel Glickman
Perkins Coie
Contact
LinkedIn
Facebook
X
Send
Embed

Perkins Coie

Congress included in the appropriations bill of November 12, 2025, an extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), 6 U.S.C. §§ 1501–10, through January 30, 2026.

The law does not amend any of the provisions of CISA 2015, which expired on October 1 of this year, but rather restores legal protections and clarifies the legal landscape for companies sharing “cyber threat indicators” and “defensive measures” with the federal government. In turn, the law resolves ambiguities regarding such companies’ participation in information sharing and analysis centers.

CISA 2015 remains a subject of legislative interest, so modifications to the law may be forthcoming. For now, the certainty and clarity that CISA 2015 provided have been restored.

* * *

In December 2015, Congress enacted CISA 2015 to enable the sharing of cybersecurity information among private, federal, state, local, territorial, and tribal entities. In doing so, Congress took several steps, including:

  1. Exempting entities engaging in such sharing from antitrust liability for disclosing cybersecurity information among private entities; liability for monitoring internal systems for cybersecurity purposes; liability for disclosing personal information related to a cybersecurity threat; and disclosure under federal, state, tribal, or local freedom of information laws, open government laws, open meetings laws, open records laws, or sunshine laws related to shared information;
  2. Preventing entities from waiving privilege and trade secret protection for shared information; and
  3. Limiting federal agencies’ use of shared information to cybersecurity purposes.

The extension of CISA 2015 restores certainty that entities sharing cyber threat information will be protected and that their designations of disclosed information as commercial, financial, and proprietary will be honored. But that extension may be short-lived; the renewal is part of legislation that reopened the U.S. federal government, and that renewal extends CISA 2015 only until January 30 of next year. Unless Congress reauthorizes CISA 2015 for a longer term before then, entities engaged in this type of sharing will again face uncertainty about their potential liability.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Perkins Coie

Written by:

Perkins Coie
Perkins Coie
Contact
more
less

What do you want from legal thought leadership?

Please take our short survey – your perspective helps to shape how firms create relevant, useful content that addresses your needs:

Perkins Coie on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide