A partial government shutdown threatens to derail a key federal cybersecurity agency’s incident reporting rule and delay answers that companies need to comply with, according to DataBreaches[.]Net. The Department of Homeland Security shutdown may push back the finish line for a Biden-era rule that would create stringent disclosure requirements for critical infrastructure entities after cybersecurity incidents like ransomware attacks.
The lapse in funding came just days after an announcement from the Cybersecurity and Infrastructure Security Agency in February that it wanted additional feedback on the Cyber Incident Reporting for Critical Infrastructure Act rule, which marked the first substantial update on the rule since companies submitted comments in June 2024; at the time, they had largely pushed back against the scope of the regulation, according to Bloomberg Law.
The rulemaking’s hazy timeline puts companies in a difficult spot, having to prepare to both try and shape the Trump administration’s approach to the rule’s requirements and enforcement plans, as well as address the regulation’s unique compliance demands. According to Bloomberg Law, the situation creates uncertainty for affected entities as the process stalls.