9–8–8 Lifeline Cybersecurity Responsibility Act

This bill, called the “9-8-8 Lifeline Cybersecurity Responsibility Act,” aims to keep the 9-8-8 suicide prevention lifeline safe from cyberattacks. It requires the program to take steps to protect the hotline and fix known security problems.

It also sets clear reporting rules. The network administrator for the lifeline must quickly report any security weaknesses or incidents to the Assistant Secretary, while local and regional crisis centers must report to the network administrator. Reports must protect people’s privacy and follow federal and state privacy laws. The bill clarifies that crisis centers usually oversee their own technology unless their agreement says the network administrator will do it, and these reporting rules add to—rather than replace—other federal reporting requirements. A federal study of the lifeline’s cyber risks is required within 180 days after the bill becomes law.

Key points

• Who is affected: The 9-8-8 lifeline’s network administrator and local/regional crisis centers; callers benefit from stronger protection.
• What changes: Secure the hotline against cyber threats; require quick reporting of security issues; clarify who oversees technology; add a 180‑day federal study.
• When: The study must be completed within 180 days of enactment; other duties take effect upon enactment.