This bill extends the authority for government and private sector cybersecurity information sharing for ten years, renaming the underlying act to the "Protecting America from Cyber Threats Act."
Gary Peters
Senator
MI
The Extending Expired Cybersecurity Authorities Act ensures the continuation of vital cybersecurity information sharing between the government and private industry. This bill extends the authority for sharing cyber threat information for an additional ten years, pushing the expiration date from 2025 to 2035. Furthermore, it retroactively applies this extension to prevent any lapse in coverage and officially renames the program to the "Protecting America from Cyber Threats Act."
Cyber Threat Information Sharing Extended Until 2035: Existing Authority Gets 10-Year Renewal
If you’re running a small business, working in IT, or just worried about the security of your data (which is everyone, right?), this bill is about keeping a key defense mechanism running. The Extending Expired Cybersecurity Authorities Act is less about creating new policy and more about making sure the lights stay on for an existing information-sharing program.
The Cybersecurity Program Gets a Decade Extension
The core of the bill is simple administrative maintenance, but with big implications. Back in 2015, Congress set up a system—originally called the Cybersecurity Information Sharing Act—that lets the government and private companies swap notes on cyber threats. Think of it as a neighborhood watch program for the internet, where if one company spots a specific type of digital burglar, they can immediately warn everyone else. This authority was set to expire on September 30, 2025. This new bill pushes that expiration date way out to September 30, 2035 (Sec. 2). That’s another ten years of mandated cooperation, which means the systems currently in place for tracking and responding to threats will continue without interruption.
No Gaps in Coverage: The Retroactive Fix
To prevent any administrative fumbles, the bill includes a technical fix. Even though this extension is being passed now, the law states it should be treated as if it took effect back on October 1, 2025 (Sec. 2). This ensures there’s no gap in the legal authority for sharing information, even if the legislative process drags on past the original deadline. For the companies involved—from banks to software developers—this means continuous legal coverage and confidence that the threat data they share won’t suddenly become unauthorized.
A New Name for the Old Law
Beyond the date change, the bill gives the program a facelift. The original “Cybersecurity Information Sharing Act of 2015” is being officially renamed the “Protecting America from Cyber Threats Act” (Sec. 2). This change updates the title across all related parts of the Homeland Security Act. While this doesn't change the actual mechanics of how threat data is shared, it simplifies the nomenclature and gives the program a more current-sounding title. Essentially, this bill is a procedural move to sustain the status quo in national cyber defense for another decade, ensuring that the critical flow of threat intelligence between the public and private sectors continues uninterrupted.