United States of America: Applicability of Cybersecurity Information Sharing Act of 2015 including data protection regulation extended until 30 January 2026
Description
Applicability of Cybersecurity Information Sharing Act of 2015 including data protection regulation extended until 30 January 2026
On 12 November 2025, the Cybersecurity Information Sharing Act of 2015 (CISA), which was scheduled to expire unless reauthorised by Congress, was extended until 30 January 2026 by the implementation of the Continuing Appropriations, Agriculture, Legislative Branch, Military Construction and Veterans Affairs, and Extensions Act, 2026. Its expiration would also terminate the Law’s data protection provisions, including the requirement for private entities to remove personal information not directly related to cybersecurity threats before sharing, as well as federal obligations for privacy review, oversight, and audit.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2015-03-17
under deliberation
2015-12-18
in force
2025-11-12
to be revoked