Sponsors (16)
The bill preserves and extends federal-private cybersecurity information-sharing through 2035 (with retroactive effect to avoid a gap), strengthening national cyber defenses while increasing risks to privacy, extending company liability protections, and creating some legal uncertainty about past disclosures.
Federal agencies and private-sector organizations (including tech companies, utilities/energy firms, and financial institutions) keep authority to share cybersecurity threat indicators through 2035, and the bill's retroactive effective date (Oct 1, 2025) prevents any gap in those information-sharing capabilities.
Renaming the statute to the 'Protecting America from Cyber Threats Act' clarifies legislative branding and may improve public and stakeholder recognition of the program.
Private-sector users and consumers face reduced privacy protections and greater risk of personal or proprietary data being disclosed to the government as information-sharing authorities remain in place or expand.
Extending authorities for a decade prolongs liability shields for companies and can limit individuals' legal recourse and accountability for improper data handling or disclosures.
The retroactive effective date may create legal and compliance uncertainty about actions and disclosures made between Oct 1, 2025 and enactment, complicating oversight and potential challenges to past disclosures.
Based on analysis of 2 sections of legislative text.
Extends CISA authorities through Sept 30, 2035 (effective retroactive to Oct 1, 2025) and renames the statute throughout Title XXII to "Protecting America from Cyber Threats Act."
Introduced October 7, 2025 by Gary C. Peters · Last progress October 7, 2025
Extends authorities in the Cybersecurity Information Sharing Act of 2015 from September 30, 2025 to September 30, 2035 and makes that extension effective retroactively as of October 1, 2025, preserving the existing information-sharing authorities and related statutory provisions. It also renames the statute throughout Title XXII of the Homeland Security Act to "Protecting America from Cyber Threats Act" and updates cross-references accordingly.