United States of America: Applicability of Cybersecurity Information Sharing Act of 2015 including cybersecurity regulation ends

On 30 January 2026, the Cybersecurity Information Sharing Act of 2015 (CISA) is scheduled to expire unless reauthorised by Congress. Enacted as part of the Consolidated Appropriations Act, 2016, the Law establishes a voluntary framework for the sharing of cyber threat indicators and defensive measures between private entities and the federal government. It authorises entities to monitor their own and others’ information systems (with consent) for cybersecurity purposes and to deploy defensive measures under defined conditions. The Law provides liability protection for entities that share information in accordance with its provisions and requires the removal of personal information not directly related to cybersecurity threats. The Department of Homeland Security manages the real-time sharing process and is responsible for implementing privacy and civil liberties safeguards.