United States of America: Applicability of Cybersecurity Information Sharing Act of 2015 including data protection regulation ends

Applicability of Cybersecurity Information Sharing Act of 2015 including data protection regulation ends

On 30 January 2026, the Cybersecurity Information Sharing Act of 2015 (CISA) is scheduled to expire unless reauthorised by Congress. Its expiration would also terminate the Law’s data protection provisions, including the requirement for private entities to remove personal information not directly related to cybersecurity threats before sharing, as well as federal obligations for privacy review, oversight, and audit.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

legislature

Government Body

parliament

Complete timeline of this policy change

Hide details

2015-03-17

under deliberation

On 17 March 2015, the Cybersecurity Information Sharing Act of 2015 (SB 754), introducing provision…

2015-12-18

in force

On 18 December 2015, the Cybersecurity Information Sharing Act of 2015 (SB 754) as Division N of th…

2025-11-12

to be revoked

On 12 November 2025, the Cybersecurity Information Sharing Act of 2015 (CISA), which was scheduled …

2026-01-30

revoked

On 30 January 2026, the Cybersecurity Information Sharing Act of 2015 (CISA) is scheduled to expire…

Description

Applicability of Cybersecurity Information Sharing Act of 2015 including data protection regulation ends

Scope

Complete timeline of this policy change