arrow_back Back to App

Mandatory Cyberattack Reporting: New Rules for Businesses and Government Agencies

This act introduces new rules for reporting cyberattacks, including ransomware, by government agencies and selected companies. The goal is to enable faster response to digital threats and protect critical systems. Citizens may experience increased data security as companies will be required to report breaches more quickly, allowing for faster remediation.
Key points
Companies and government agencies must report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of confirmation.
These reports are confidential and cannot be used against attack victims in court, unless the federal government brings a case.
Failure to report cyberattacks or violations of rules may result in financial penalties, and for government contractors, even removal from the federal contracting schedule.
CISA will analyze reports to better protect the nation from cyber threats and share threat information publicly (in an anonymized form).
article Official text account_balance Process page
Expired
Citizen Poll
No votes cast
Additional Information
Print number: 117_S_2407
Sponsor: Sen. Warner, Mark R. [D-VA]
Process start date: 2021-07-21
Lustra uses Artificial Intelligence. Verify details in source documents.
Summarized by: gemini-2.5-flash-preview-05-20
Source data: api.congress.gov
AI work logs for this document launch

OFFICIAL LEGAL TITLE

Cyber Incident Notification Act of 2021

FREQUENTLY ASKED QUESTIONS

What is the official ID of this bill?

The official print number for this legislation is 117_S_2407.

Which chamber initiated this legislation?

This legislation was initiated in the Senate.

When did the legislative process begin?

The process officially started on 2021-07-21.

What are the main provisions?

Key points include:

  • Companies and government agencies must report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of confirmation.
  • These reports are confidential and cannot be used against attack victims in court, unless the federal government brings a case.
  • Failure to report cyberattacks or violations of rules may result in financial penalties, and for government contractors, even removal from the federal contracting schedule.
  • CISA will analyze reports to better protect the nation from cyber threats and share threat information publicly (in an anonymized form).
What is the specific legal status?

The current status is Expired.

Where can I read the full text of this legislation?

The full official text is available at: View full text

Who is the primary sponsor?

The primary sponsor is Sen. Warner, Mark R. [D-VA].

What is the latest detailed status?

The latest detailed status is: Introduced in Senate

Is this summary verified?

Yes. This content was analyzed by AI and verified by the Lustra Judge System on 2025-12-29.

CATEGORIES

Security Informatization Courts and Law