September Deadline Set for Delayed Cyber Incident Reporting Rules

0
23

The Cybersecurity and Infrastructure Security Agency (CISA) set a new deadline of September to publish long-delayed rules to implement a cyber incident reporting law. Rules to implement the 2022 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) were due by October 4, 2025, but were delayed in part due to significant stakeholder criticism regarding scope and compliance burdens. CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding cyber incidents and ransom payments. 

Share Button