Extending Expired Cybersecurity Authorities Act
This bill extends the expired authorities of the Cybersecurity Information Sharing Act of 2015 (CISA 2015). Specifically, it lengthens the sunset for Section 111(a) of CISA 2015 from September 30, 2025, to September 30, 2035, with retroactive effect as of October 1, 2025. In addition, the bill renames the act for purposes of the U.S. Code and related references, changing the short title from the Cybersecurity Information Sharing Act of 2015 to the Protecting America from Cyber Threats Act. In short, the bill keeps the existing information-sharing framework intact for another decade and updates the naming used in federal law. The measure does not add new substantive authorities beyond extending the existing information-sharing framework. It simply preserves the current structure that enables private-sector and government entities to share cyber threat information and defensive measures, and it updates the act’s title references accordingly.
Key Points
- 1Extends the sunset date for Section 111(a) of the Cybersecurity Information Sharing Act of 2015 from September 30, 2025, to September 30, 2035.
- 2The amendment has retroactive effect, taking effect as if enacted on October 1, 2025.
- 3Renames the act’s short title in Section 101 from “Cybersecurity Information Sharing Act of 2015” to “Protecting America from Cyber Threats Act.”
- 4Conforming changes are made in Title XXII of the Homeland Security Act of 2002 to reflect the new short title.
- 5The bill preserves the existing information-sharing framework between the private sector and the federal government (no new authorities or major policy changes are introduced beyond the extension and renaming).