Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), Reporting Requirements, Cyber Attacks

The Coast Guard’s Maritime Cybersecurity Rule Takes Effect

Husch Blackwell LLP on 7/31/2025

Key point: The US Coast Guard’s new cybersecurity rule will transform the security standards and reporting requirements for vessels and marine facilities nationwide over the next three years. On July 16, 2025, the US Coast...more

Privacy Briefs: April 2024

Health Care Compliance Association (HCCA) on 4/22/2024

The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

Jones Day on 4/11/2024

CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more

Navigating Profound Change: CISA Announces Proposed Rule for Mandated Cyber Incident Reporting

Hinckley Allen on 4/10/2024

In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more

Comments Sought on Proposed Requirements of the Cyber Incident Reporting for Critical ‎Infrastructure Act

Schwabe, Williamson & Wyatt PC on 4/10/2024

On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more

CIRCIA: Cyber Incident Reporting for Practically Everyone?

Venable LLP on 4/8/2024

A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more

CISA Proposes Sweeping Cybersecurity Incident Reporting for U.S. Companies

Paul Hastings LLP on 4/2/2024

On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more

Cyber Incident Reporting for Critical Infrastructure Act: Significant Changes to Incident Reporting Are on the Horizon

Polsinelli on 3/7/2023

In May 2021, Colonial Pipeline, a privately held oil pipeline responsible for nearly half of the oil supply for the U.S. East Coast, was crippled by a DarkSide ransomware attack. DarkSide is widely believed to be a...more

Cyber Incident Reporting for Critical Infrastructure Act - What Companies Need to Know Now

BCLP on 7/1/2022

The Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA” or “the Act”) is a new federal law, adopted in March 2022, which requires critical infrastructure entities to report certain cybersecurity incidents and...more

The Cyber Incident Reporting for Critical Infrastructure Act of 2022: An Overview

Davis Wright Tremaine LLP on 5/20/2022

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in...more

President Biden Signs Cyber Incident Reporting for Critical Infrastructure Act

Jones Day on 3/18/2022

On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more

Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) › Reporting Requirements › Cyber Attacks

"My best business intelligence, in one easy email…"