United States of America: Applicability of Cybersecurity Information Sharing Act of 2015 including government access to data provisions extended until 30 January 2026

On 12 November 2025, the Cybersecurity Information Sharing Act of 2015 (S.754) which was scheduled to expire unless reauthorised by Congress, was extended until 30 January 2026 by the implementation of the Continuing Appropriations, Agriculture, Legislative Branch, Military Construction and Veterans Affairs, and Extensions Act, 2026. The expiration ends the Law’s provisions on government access to data, including the authorisation for private entities to share cyber threat indicators with the federal government and the requirement for automatic distribution to designated agencies. It also terminates associated data protection obligations, such as the removal of personal information not directly related to cybersecurity threats and the federal duties for privacy review, oversight, and audit.