Congress Passes Broad Legislation Requiring Critical Infrastructure Sectors To Report Substantial Cyber Incidents And Ransomware Payments

March 29, 2022

On March 15, 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act") as part of the Consolidated Appropriations Act of 2022. The Act requires critical infrastructure providers to report substantial cyber incidents within 72 hours, report ransomware attack payments within 24 hours, and submit periodic updates on ongoing cyber incidents. This statute is the first federal law to require reporting of cyber incidents across a wide range of industries. These requirements will take effect upon the finalization of implementing regulations by the Cybersecurity and Infrastructure Security Agency.

Download PDF

Clifford Chance

Briefings

Congress Passes Broad Legislation Requiring Critical Infrastructure Sectors To Report Substantial Cyber Incidents And Ransomware Payments

March 29, 2022

Daniel Silver (He/Him)

Partner

New York

Megan Gordon

Office Managing Partner, Washington, DC

Washington D.C.

Brian Yin

Associate

Washington D.C.

Office Managing Partner, Washington, DC

Washington D.C.

Associate

Washington D.C.

Toolkits & Client Log-in