arrow_back Trending Legislation
Share share

Mandatory Ransom Payment Disclosure for Cyberattacks

New rules require businesses and local governments to report ransom payments after cyberattacks. This aims to combat digital crime and enhance data security, though it does not apply to individuals. Information on payments will be collected and analyzed to better protect IT systems.
Key points
Businesses and local governments must report ransom payments for cyberattacks within 48 hours to the Department of Homeland Security.
Disclosures must include the date, amount of ransom, currency type (including cryptocurrency), and any known information about the attacker.
The Department of Homeland Security will publish aggregated data on ransom payments, without revealing the identity of the affected entities.
The regulations aim to better understand and combat cybercrime, as well as protect information systems.
Individuals can voluntarily report ransom payments on a dedicated website.
article Official text account_balance Process page notifications_active Track this Bill
gavel
Status:
Expired
Record your position for audit.
Why does your vote on bills matter?
It creates raw, undeniable proof. Civic Will provides the permanent data to verify the Government's loyalty towards its citizens (explained here). Start recording it now.
Additional Information
Ransom Disclosure Act
Print number: S 2943
Sponsor: Sen. Warren, Elizabeth [D-MA]
Process start date: 2021-10-06
System Note: Lustra is free, publicly auditable civic infrastructure, with full source code available on GitHub. You are reading sterilized legislative data, processed by our radical neutrality engine to strip political spin and retain factual mechanics. We process only official government data. Original documents remain the authoritative source, always verify them if you can.
Summarized by: gemini-2.5-flash-preview-05-20
Source data: api.congress.gov
AI work logs for this document launch
Summary & Status

Key Questions about Mandatory Ransom Payment Disclosure for Cyberattacks

A structured overview of the legislative process, official sources, status and civic context.

What is the official ID of this bill?

The official print number for this legislation is S 2943.

Which chamber initiated this legislation?

This legislation was initiated in the Senate.

When did the legislative process begin?

The process officially started on 2021-10-06.

What are the main provisions?

Key points include:

  • Businesses and local governments must report ransom payments for cyberattacks within 48 hours to the Department of Homeland Security.
  • Disclosures must include the date, amount of ransom, currency type (including cryptocurrency), and any known information about the attacker.
  • The Department of Homeland Security will publish aggregated data on ransom payments, without revealing the identity of the affected entities.
  • The regulations aim to better understand and combat cybercrime, as well as protect information systems.
  • Individuals can voluntarily report ransom payments on a dedicated website.

What is the specific legal status?

The current status is Expired.

Where can I read the full text of this legislation?

The full official text is available at: View full text

Who is the primary sponsor?

The primary sponsor is Sen. Warren, Elizabeth [D-MA].

What is the latest detailed status?

The latest detailed status is: Introduced in Senate

Is this summary verified?

Yes. This content was analyzed by AI and verified by the Lustra Judge System on 2025-12-29.

Analysis and Potential Impact of S 2943

We don't know, that is up to you to decide. Summarizing raw data with AI is fundamentally different from predicting socio-economic outcomes. As of 2026, we believe impact assessment strictly requires a human in the loop to verify and judge. Review our public AI processing logs for full transparency, and use Lustra to track active legislation for instant status push notifications.

CATEGORIES

Security Informatization