Sponsors (16)
Ask me to break this bill down.
This is not an official government website.
Copyright © 2026 PLEJ LC. All rights reserved.
Introduced in Senate
Introduced October 7, 2025 by Gary C. Peters · Last progress October 7, 2025
Amends subsection (a) to replace the previous statutory expiration date with a new expiration date; preserves the subsection (b) exception for actions occurring before cessation.
Amends the short title provision (Section 101) by replacing the existing short title text with a new short title.
Makes conforming amendments in Title XXII of the Homeland Security Act of 2002 by replacing each occurrence of the former Act name with the new short title.
Amends Section 111(a) of the Cybersecurity Information Sharing Act of 2015 by replacing the expiration date "September 30, 2025" with "September 30, 2035."
States that the amendment made by subsection (a) shall take effect as if enacted on October 1, 2025 (a retroactive effective date).
Amends Section 101 of the Cybersecurity Information Sharing Act of 2015 by replacing the short title "Cybersecurity Information Sharing Act of 2015" with "Protecting America from Cyber Threats Act."
Makes conforming amendments by striking each place the phrase appears in Title XXII of the Homeland Security Act of 2002 and inserting "Protecting America from Cyber Threats Act."
Extends the existing cybersecurity information‑sharing law through September 30, 2035, and changes its short title to the "Protecting America from Cyber Threats Act." The change is made retroactive to October 1, 2025, and includes conforming edits to existing Homeland Security Act text so the authority continues without a lapse.
Who is affected and how:
Technology companies and private sector cybersecurity firms: They remain able to participate in statutory information‑sharing mechanisms and rely on the existing legal framework for exchanging cyber threat indicators with federal partners. The extension provides multi‑year certainty for industry participants that depend on those authorities.
Federal agencies and program operators: Agencies that receive, analyze, and act on cyber threat information retain the legal authority to operate sharing programs and coordinate with non‑federal entities through at least 2035. The retroactive effective date prevents interruptions to existing programs.
Critical infrastructure owners/operators and other businesses: Entities in sectors that rely on threat intelligence (energy, finance, communications, etc.) continue to have access to statutory sharing pathways and any protections tied to participation in those programs.
Privacy advocates, civil liberties groups, and members of the public: The continuation of the statute preserves existing debates about privacy safeguards, transparency, and oversight tied to information sharing; extending the law means those debates are likely to continue rather than be resolved by expiration.
Oversight bodies and Congress: Extended authorization gives Congress and oversight entities more time to evaluate program performance and consider legislative adjustments before the next expiration.
Overall effect: This is primarily a continuity/authorization change that keeps existing information‑sharing structures in force and reduces the risk of operational gaps; it does not, by itself, change substantive rules, funding levels, or new mandates based on the text provided.
Expand sections to see detailed analysis
Read the second time. Placed on Senate Legislative Calendar under General Orders. Calendar No. 182.
Introduced in the Senate. Read the first time. Placed on Senate Legislative Calendar under Read the First Time.
Introduced in Senate